Storage Account Name from VolumeAttributes secret not used

[margreiext]

What happened:
After upgrade AKS to 1.35 we observed issue with azurefile csi driver when using volume definition inline in deployment definition.
It was working as expected in previous version of AKS used on our side 1.32.7
We haven't found any AKS release notes which will directly point that change.

What you expected to happen:
We expected that driver not need any additional parameter like server or storageAccount under volumeAttributes and it will grab it from secret

How to reproduce it:
Deploy pod or deployment resource with inline csi usage

  volumes:
  - name: data
    csi:
      driver: file.csi.azure.com
      readOnly: false
      volumeAttributes: 
        shareName: <my-share-name>
        secretName: azure-storage-account

secret should looks like below:

apiVersion: v1
data:
  azurestorageaccountkey: xxx
  azurestorageaccountname: xxx
kind: Secret
metadata:
  name: azure-storage-account
  namespace: <namespace>

Anything else we need to know?:
Example Log:

  Mounting command: mount Mounting arguments: -t cifs -o ,nosharesock,file_mode=0777,dir_mode=0777,actimeo=30,mfsymlinks,<masked> //<storage-account>.file.core.windows.net/<share-name> /var/lib/kubelet/pods/xxx/volumes/kubernetes.io~csi/datadisk/mount Output: mount error(13): Permission denied

Environment:

• CSI Driver version: v1.35.0 (sha256:0805ec9c53443555f63f150ea34809906484b97c4924cea7c274634fc7452be2
• Kubernetes version (use kubectl version): 1.35.0
• OS (e.g. from /etc/os-release): AKSUbuntu-2404gen2containerd-202603.12.1
• Kernel (e.g. uname -a):
• Install tools:
• Others:

[andyzhangx]

it said mount error(13): Permission denied , is the account key rotated?

[margreiext]

Hi, nope key was not rotated, as i mentioned it was not able to read storage account name from secret.
The secret was created in correct namespace, key was up2date.

[andyzhangx]

@margreiext do you have the full csi driver logs on the node?