Is your feature request related to a problem? Please describe.
Yes. We have an upcoming deadline that requires us to enable FIPS as well as set allowSharedKeyAccess to false on our storage accounts. The allowSharedKeyAccess parameter was introduced to the azurefile-csi-driver in v1.30.4. We need this version added to AKS K8S version 1.28.9+.
To comply with FIPS, which requires NFS instead of SMB, setting the allowSharedKeyAccess parameter to false in the CSI file driver parameters (default is true) will greatly improve the security of the storage account.
Describe the solution you'd like
Please upgrade azurefile-csi-driver to v1.30.4 for Kubernetes versions 1.28.9+, OR add an option to specify the version of the CSI driver you'd like to deploy.
Describe alternatives you've considered
Disabling the csi file driver deployed with AKS and deploy it from a helm chart instead. This would very likely break all workloads that are already using the driver.
Is your feature request related to a problem? Please describe.
Yes. We have an upcoming deadline that requires us to enable FIPS as well as set
allowSharedKeyAccess
to false on our storage accounts. TheallowSharedKeyAccess
parameter was introduced to the azurefile-csi-driver in v1.30.4. We need this version added to AKS K8S version 1.28.9+.To comply with FIPS, which requires NFS instead of SMB, setting the
allowSharedKeyAccess
parameter tofalse
in the CSI file driver parameters (default is true) will greatly improve the security of the storage account.Describe the solution you'd like
Please upgrade azurefile-csi-driver to v1.30.4 for Kubernetes versions 1.28.9+, OR add an option to specify the version of the CSI driver you'd like to deploy.
Describe alternatives you've considered
Disabling the csi file driver deployed with AKS and deploy it from a helm chart instead. This would very likely break all workloads that are already using the driver.
Additional context