AzureFile CSI Driver Creating a New Storage Account Everytime When Creating a New PV/PVC

Root Cause

Disclaimer: Links contained herein to external website(s) are provided for convenience only. Red Hat has not reviewed the links and is not responsible for the content or its availability. The inclusion of any link to an external website does not imply endorsement by Red Hat of the website or their entities, products or services. You agree that Red Hat is not responsible or liable for any loss or expenses that may result due to your use of (or reliance on) the external site or content.

GitHub issue: https://github.com/kubernetes-sigs/azurefile-csi-driver/issues/1010
GitHub Pull Request: https://github.com/kubernetes-sigs/azurefile-csi-driver/pull/980

From azure file csi driver v1.13.0, there is tags matching, unfortunately there is a bug in tags matching which would lead to creating a new account every time when creating a new file share, this PR fixes the issue by disabling match tags by default in account search when creating file share. Tag matching is only enabled when it's specified explicitly: set matchTags: "true" in storage class.

The Bug fix has been included in the azurefile-csi-driver v1.15

OpenShift v4.11 is still using the Azure File CSI driver v1.14 but OpenShift v4.12 has upgraded the Azure File CSI driver version to v1.21.

From Document Dynamically create Azure Files PVs by using the built-in storage classes

• When you use the built-in storage classes azurefile-csi and azurefile-csi-premium, a storage account is automatically created in the node resource group to hold the Azure Files shares. Each PVC provisioned using the storage class will create an Azure Files share within the storage account.

• The reclaim policy on both storage classes ensures that the underlying Azure Files share is deleted when the respective PV is deleted.

When a PVC is created using the azurefile-csi StorageClass, it creates an Azure Files share within a storage account in the resource group. This works as expected. When you delete the PVC, the corresponding Azure Files share is eventually deleted according to the reclaim policy.

However, the storage account itself is not deleted automatically when the PVC is deleted, even if there are no more Azure Files shares within it. The reason for this behavior is that the storage account might still be in use by other components or resources in your infrastructure. The CSI driver does not automatically delete the storage account to prevent unintended data loss or disruption of services.