Add Support for configuring Storage Account's Firewall Rules through dynamic Provisioning Parameters

[Taha-cmd]

By creating a storage class that uses the file.csi.azure.com provisioner, any PVCs using the storage class will dynamically provision a storage account and a file share to that the persistent volume will be mounted into. By using parameters, we can influence the creation of the underlying storage account, like its location, resource group or sku. Using these parameters, I would like to configure the firewall rules of the storage account as well. This is currently not possible.

Sample:

apiVersion: storage.k8s.io/v1
kind: StorageClass
allowVolumeExpansion: true
provisioner: file.csi.azure.com
reclaimPolicy: Retain
volumeBindingMode: Immediate
metadata:
  name: azurefile-csi-retain
mountOptions:
  - mfsymlinks
  - actimeo=30
  - nosharesock
parameters:
  skuName: Standard_LRS
  location: westeurope
  allowedVnet: myVnet # <- something like this
  allowedIpRange: ... # <- something like this

[andyzhangx]

could you use bring your own account by specifying storageAccount: accountname parameter, and you could configure those settings in your account. @Taha-cmd

[Taha-cmd]

@andyzhangx Thank you for the quick response. I am aware that I can create my own storage account and configure it as I want. But it would be cool if I can leverage the dynamic provisioning feature that takes care of creating the storage account for me. It is already customize-able to a certain extent through parameters. Configuring the firewall rules seems like a missing feature to me.

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[davidkarlsen]

/remove-lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[Taha-cmd]

/remove-lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[Taha-cmd]

/remove-lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle rotten
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten