I have created a storage class with with storage account credentials as described here: https://video2.skills-academy.com/en-us/azure/aks/azure-csi-blob-storage-provision?tabs=mount-nfs%2Csecret
allowVolumeExpansion: true
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: azureblob-fuse-premium-creds
annotations:
storageclass.kubernetes.io/is-default-class: "true"
mountOptions:
- -o allow_other
- --file-cache-timeout-in-seconds=120
- --use-attr-cache=true
- --cancel-list-on-mount-seconds=10
- -o attr_timeout=120
- -o entry_timeout=120
- -o negative_timeout=120
- --log-level=LOG_WARNING
- --cache-size-mb=1000
parameters:
skuName: Premium_LRS
location: eastus
resourceGroup: ***
storageAccount: ***
networkEndpointType: privateEndpoint
protocol: fuse
containerName: ***
server: ***.blob.core.windows.net
subscriptionID:
storeAccountKey: ***
provisioner: blob.csi.azure.com
reclaimPolicy: Retain
volumeBindingMode: Immediate
But when I create a PVC with that storageclass, the following warning is thrown and pvc is in pending state:
Warning ProvisioningFailed 17s (x5 over 32s) blob.csi.azure.com_csi-blob-controller-56b4b745b9-csdzp_e4444625-f2ad-4012-9382-3308a60d3037 failed to provision volume with StorageClass "azureblob-fuse-premium-creds": rpc error: code = Internal desc = failed to create container(minio-test-custom-sc) on account(minioazureblob) type(Premium_LRS) rg(RG-QpiPro) location(eastus) size(1), error: Retriable: false, RetryAfter: 0s, HTTPStatusCode: 403, RawError: {"error":{"code":"AuthorizationFailed","message":"The client '' with object id 'b37bf055-eedb-42cc-a5c3-47a21e607363' does not have authorization to perform action 'Microsoft.Storage/storageAccounts/blobServices/containers/write' over scope '/subscriptions/---/resourceGroups/---/providers/Microsoft.Storage/storageAccounts/minioazureblob/blobServices/default/containers/test-custom-sc' or the scope is invalid. If access was recently granted, please refresh your credentials."}}
I'm able to create blobs on Azure console, using same Resource Group, Subscription ID.