Description
Is your feature request related to a problem?/Why is this needed
We are trying to use a statically provisioned volume with a managed identity and a storage account.
The current limitation is that the CSI driver cannot use the workload identity of the pod – it can only use the agent pool’s managed identity.
However, when using the agent pool identity, the CSI driver only searches for the storage account in the subscription where that identity is deployed.
There is no option to access a storage account in a different subscription.
Describe the solution you'd like in detail
We would like to have either:
- a flag to specify a different subscription where the storage account resides, or
- support for workload identity in the CSI driver.
Ideally, both options would be supported.
Describe alternatives you've considered
Using a StorageClass with dynamically provisioned volumes is possible, but in our case, we are required to use a specific pre-created storage account and volume. Also due to security risk we wanted to swith from access keys to managed identity
Additional context