From af5bda25aa547a51c4608dacb1bc10f5fe00e826 Mon Sep 17 00:00:00 2001
From: Simon Lindblad <silindbl@microsoft.com>
Date: Thu, 21 Dec 2023 09:21:28 -0500
Subject: [PATCH] fall back to azure config from env

---
 charts/index.yaml                             |  13 +-
 charts/v4.6.0/blob-csi-driver-v4.5.0.tgz      | Bin 0 -> 5910 bytes
 charts/v4.6.0/blob-csi-driver-v4.6.0.tgz      | Bin 0 -> 5916 bytes
 charts/v4.6.0/blob-csi-driver/Chart.yaml      |   5 +
 .../blob-csi-driver/templates/NOTES.txt       |   5 +
 .../blob-csi-driver/templates/_helpers.tpl    |  49 +++
 .../templates/csi-blob-controller.yaml        | 229 +++++++++++++
 .../templates/csi-blob-driver.yaml            |  14 +
 .../templates/csi-blob-node.yaml              | 300 ++++++++++++++++++
 .../templates/rbac-csi-blob-controller.yaml   | 121 +++++++
 .../templates/rbac-csi-blob-node.yaml         |  44 +++
 .../serviceaccount-csi-blob-controller.yaml   |  17 +
 .../serviceaccount-csi-blob-node.yaml         |  17 +
 charts/v4.6.0/blob-csi-driver/values.yaml     | 173 ++++++++++
 pkg/blob/azure.go                             |  42 ++-
 pkg/blob/blob.go                              |   4 +-
 pkg/blobplugin/main.go                        |   2 +
 17 files changed, 1032 insertions(+), 3 deletions(-)
 create mode 100644 charts/v4.6.0/blob-csi-driver-v4.5.0.tgz
 create mode 100644 charts/v4.6.0/blob-csi-driver-v4.6.0.tgz
 create mode 100644 charts/v4.6.0/blob-csi-driver/Chart.yaml
 create mode 100644 charts/v4.6.0/blob-csi-driver/templates/NOTES.txt
 create mode 100644 charts/v4.6.0/blob-csi-driver/templates/_helpers.tpl
 create mode 100644 charts/v4.6.0/blob-csi-driver/templates/csi-blob-controller.yaml
 create mode 100644 charts/v4.6.0/blob-csi-driver/templates/csi-blob-driver.yaml
 create mode 100644 charts/v4.6.0/blob-csi-driver/templates/csi-blob-node.yaml
 create mode 100644 charts/v4.6.0/blob-csi-driver/templates/rbac-csi-blob-controller.yaml
 create mode 100644 charts/v4.6.0/blob-csi-driver/templates/rbac-csi-blob-node.yaml
 create mode 100644 charts/v4.6.0/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml
 create mode 100644 charts/v4.6.0/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml
 create mode 100644 charts/v4.6.0/blob-csi-driver/values.yaml

diff --git a/charts/index.yaml b/charts/index.yaml
index ffd769628..6572225bf 100644
--- a/charts/index.yaml
+++ b/charts/index.yaml
@@ -262,13 +262,24 @@ entries:
     urls:
     - https://raw.githubusercontent.com/avoltz/blob-csi-driver/staging/charts/v4.3.0/blob-csi-driver-v4.3.0.tgz
     version: v4.3.0
+  - apiVersion: v1
+    appVersion: v4.6.0
+    created: "2023-09-01T12:33:00.254303884Z"
+    description: Azure Blob Storage CSI driver
+    digest: 7f7067b34a80922cf1d4517b1285c2a2ab8527119f39a9af8935ca6075a55b66
+    name: blob-csi-driver
+    urls:
+    - https://raw.githubusercontent.com/avoltz/blob-csi-driver/staging/charts/v4.6.0/blob-csi-driver-v4.3.0.tgz
+    version: v4.6.0
   - apiVersion: v1
     appVersion: latest
     created: "2023-06-05T13:16:16.079514405Z"
     description: Azure Blob Storage CSI driver
-    digest: fe19afaa31f86ee3902c3e85e98f2f42b205756959df68665c29e8b1845d1120
+    digest: 7047406488d23ea91107ed92ae95a571db6ff707633f93f91ce7ae3456a40bc7
     name: blob-csi-driver
     urls:
     - https://raw.githubusercontent.com/avoltz/blob-csi-driver/staging/charts/latest/blob-csi-driver-v0.0.0.tgz
     version: v0.0.0
 generated: "2023-09-01T12:33:00.254303884Z"
+
+
diff --git a/charts/v4.6.0/blob-csi-driver-v4.5.0.tgz b/charts/v4.6.0/blob-csi-driver-v4.5.0.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..9ff3fbbd70de30aff4326f78c98017f71e85a5bc
GIT binary patch
literal 5910
zcmV+x7wPC9iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PH<!bK^F$`K(`o(qt>yeM4R2BdaQZur19*H6BSN*^}LuO1U7i
zC1Fhh3;=4ZIR5Xi0FdG#QkP}TY@U!08IwSF1MCak4QS-Dk!1^FIh@RZSFfj-%gP*k
z?st1@wOXxqc5<TsU#r!!|F6~0-hEd;IX$VJot&MWpM6)WpVZIKzC*SBkx<+MAu<21
z_F`Pw$^Dl!?32&H1!1&_X7v*G{l%XymLO!w0bz6EOa1KfkAMTZa@hzCCF6Jk=z7>e
zhIvX9d(cD~mMYB_@J}kIm0Ia*Px;sqEi3;s>;@qAs{mHZf4z2gdY+a4late<{2!tb
z4^N<3LTH2q48Uhi<k`I95t}o?#<F5FPrY^7NcBR9gU<w!jL(~>`tXye+JaOgF48?D
zo-CAy`r8j&x6fQ+&zq<-?lRfuAb_fuwjh1ZW<==+;5i7G5Y>lZ1e}5dp-?D%mLCs_
zQO@3J^|A(~OJ+bph(2c{*bHMd#8*QS_!^aZZ9PKD9B66b8o-1I$?+BwRf9v(w0JZ;
zMZ!<(DX;|@fFOTtv%=gANT8~(M^&<27C51m=m#U0*w^Ywsr2Rz8o(GhP#chBh*3a{
zBad-F0&EUasK+BffdB`6nF7^l2%R9!qC$b-Fm9r$l)h+I6GT@Ct2)dURf)xesM?H<
z$t2)l`OL9wMkOW`cvZo(G%(BOWQHX~OFFNX^z(k;x<f-v6aD&I=?$`wv1#5s{CM+^
zFgIPg*n?6@0G|;XE^V6yRI2s0IbaD*BzXYn4f;h*Mg99N3i~2#It%oLxUQPB8RDQZ
z<7m!;3L1h`%Q42T07S;>A^L);ei#T)e{;mX(2ByxsN~Fbfj8Bcwu~$;9$EsUH%JkS
z*cc5%5<+^zHIMK!u9rV#+5|YwhC2W%@e#JOi=x0U90ko9*NReGc^C>brj$vn{?a^w
z9Y_Dqb&;F`@|hz_K65VPUQP7$ybQ+0BXCzixX~TVU}Rb7IuMe1nQ??lhCGni!4j8j
z-6b&)p*QH^Ct+dVUv_*HO*b$D?IvN==Y(-0=hrS48a_~=yea)L6;Vh8d`4z~I0zPS
z8<3bXE;r?Vn^7Bl84G}3ovIQ7KSXW$9Kh4QT(#sU>FMe(BIZJZXW4EbByh{-L=qdj
z3i}Z3K=s!A29FX=6s2lCneQ_$1FBw1hIl~HLg)|{h%(9<lV~(Y0;E(Tjg`=AaMuQ!
z!Z4a6c*LIX0&1$iGhLeKNx{ApcS5mxy;iHE=hAYg=Ta#l5({R_5e>zcN<Cfc^@^ps
ziLg>&mVRk$jZ@rP_}GRfQXj-J>sLaG*Vvb~=d0CSj9IY%lnL1d`GxU^g`SX8A{Ogo
zv%qzfKsiL<kqeGe0x{vpVW8GkA_sh+4q_C28g`=LC8Ri(6I=8dmrd08=h?fHeA71t
z?8<4}tx?kE!6h~pO{D({XperviXWOrAw>_b4LyAqQ;1)=Y@&GHZK6{R%W$$V=<@8n
zqRS&vM1LvbJ#Cv#Yqd`#e9GbX07SBv?FWhryrp4{XjIO8i;>k|h%EMyig7evh$Cyr
zUu)^`cubTyhbm5K{~;*V%6RxlG8cHLeKiydJ;1z)%Gy$J=0YW{p*+n&<q#wD)o2B+
z+<qiNis%K5$6(7QDtFn?o`Ms&P~HfBC>*|G##hH;y#P%~o7QEuq#l1Yg{0qhs7ok(
zW^UlYN0?vQHVE+xk<*R?RBCpJgxtfAcNEVsag}yzqWWgq<=v8g0IC37xok8J1oSz3
zOkf$M9&3n%3W;4e8nBo^+<6hcDAy||mD6(Gutv_fMm(@lsa4*Yfdb?w{Mhq>z9%kp
z11~Ys%e*N6(`^0B$WU|N`3{!Qx>}5j@Lgkj3Vkf6O;q)?n~r^@%WsJXLy0}VLv@!H
zN$6cq`C5J89udNLKDG1n^JP7IP|a7k!THL{_GL(R(t$aupfm<71FpZqSbX3t@T0xc
z0I>55ClY$p1|?|khqrSd7Gm)Mq>;v<#A-)kxS(Xb%Vx@ruGoT9w2}xn?8Z}7uF~ZM
zs8T|TEraOqVK5$($0jQGhC^!#uBYDW@gLZ*_3>sQq~$VtgBFsGOn68={*f{z%i`~E
zQLBA*_u(z-bl>;hqF*it-A?zzThty5dIRO`D33LiY)yoE5dU3r2@M|AY?Q)sK{io!
zhI!Q`qiXo1q@_u6)<h1B2&Scya-Cd;orP-B%8&q+omPnE4f>U7PZzttq0U&ls+X57
zC1%RKG1~;aPvI68f=nnl$ioy*l)DweMa1}7gzE7^?S3RswH3ocKMH+ijZmt+o=|%?
z-KEn)Ux=LQZrfoEQFL00%|cjuT6>TGWaEDlJYUCds@>jgdsvZ=^2IpT#sA-(H8SzP
z)AL&W82>v&yH!%LDyXj{U=nUi9PnK>2fdrtyVj8TE2YvcL-rKxhc&>=HdkU9h_}dh
z0Si!@iDoI3e_Oi9vS{SRTs%FY$^dk~%EGrn&(De^1I)5SsFp9v-1J-;g`S_w$g;j*
zX-|*ohg2(;|NAMpK5$Wy{tHt9YvjN2?(8HZ|7WMi{NG{P(^K^yXhyuIwp(N3f}Hzs
z;i+Y@r_e<Is6IcJO1fM7(Z|%$=8T46Ky3ka%2@Y%da{rMV?qIywOgY4m5~*{!htJM
z#blYaXjVR(jFalwn*ry<0raQxmZ^=--syi5&-g2-Y{kHUI{M$5w$il@FdAA6b&Aw5
z^{8yMjw_GmF~ug(S1IKauDis@d`_qwqw?Q`^*2#YPr&>;+&-W`b^JtWsq+7nQTe{S
z%Ve16G37}Z#U_e~j5?Trq=ANgKeK5yUgFaeiex+WZ7L{tklry-+YHPq(_)fM@U)0t
zH$kU*NvQ1xPSI=%D6^U8Gpc>sM67kWpO3k;*m&!iht8Nany2R;MZ6>0$I+L+T;$C2
z0WR|23fj_;Khf_2lc`mGel97OydtJm&4zhX2>G*;Bqx-lWRTjtMw0y-d+v%J3&g1}
zYsB6UTz8SA88aS7cLmD-&VHOnNqp>>!fdidAzn(r=s_IQ39KB47C9QVyalsKPwZ>!
z+;6EB+y9(^`Hp1)tL=ZIUOTU+?Z4W(pC9f2A=(3>P7}4XWA6c#rDQ=6_I**E)k{(S
zD~>rRS&NiO%pNo}52jZbhb(g8ODMD!CU~MVXzRctv}`uqg}L|>Q9{)g8l9-_!Uvsu
zjPn`!;G_2jMP!AVVT@1O)0+gD8xxvG>avB4Nj@_JBl!!_Cl+4Ex>A&ELCdBK_tVml
zSZilvE|n<Yk{n}VP*K-P6w#>aU~O6QU=cPq@I&offO3(gjWl@1kj3v;Od(+a(x4M5
z<akUX``pYiota^Oq9oSLgbV|!hdK<D^O2$;V*-5?c1+@4jb>@p^39}bc}6xn!==$_
z<OQEDmD0@T$V8WToI^zv4!t(Pg!hCC`3sTLpH2U;W4h3yo7F<;*9o*Ss#FMf!69j1
zjfp1G0m&kcOzMp|Gn(MI)d{dLHkn$)V)oA>OJ-a*K$*%`6<}V)oyi5uIFjo)GN-m6
z@v)ZPCcWV3bEotA3(^JHY6sBgOl?-<=Lo5dYZDCuDv1Xzv(;QVzeE5(Mx2W3Z!zQ8
zDUNBf5=p*f$y)fCr&#nk=&fM2oR+^zI#XVWOSY2QEfnY`Dkm1#jE~Cs(DU=syH&88
z>v~H(LC?=+vjDDu4e8k*&a}Zm2=j?ZvVmImvNgMCl$RcAM;AK|2O%!L|M9Zb8nlPQ
zzvpyx0Xx7g2<wT~_t+q2nFB;|DhuRAy-^c6ui;U0Y?<0AEAj;{(nfUAS?7DPPpsd4
zadBE()ngQJAusB+R41Ub>@phe4VNkP4w+0)6IH{4!HQt^LzWTxi9*43-#9KROn=^)
z&VYT=1#?;YOghx$P^0S8xEbmdT_7!o@WkslU5awNij;2{cFd5Q@Hgs>B*D?5MHyJj
z6pd~m@u{5ceg%F7=w;bUcivIl_l0p2VNZ*75ks1u`fDu2?wwfbU`iG&pK*DS@5ZF5
zjY}MIR%Rvtr{V0v{wo+<wPNYmf&Ej|uH}AR*|`DF>wU;xS$!GeGQa6QJ2Lie@Hewr
z)~tx-!gPGT5drG>j8J*;{g2nf&V9Sv>i0U`+dQ)tmIW?^rB>1ZHS^IXiU{*Do0yUM
z<VnKK(`W;lXN7h6(K0#k2~e3cI#a)p4=9FU2^~|<0hB3uD4<9eR++k4%Y-_u?6eXK
zlUsJR9pu<m*bw{*FG5#uS>X9{p2AlEKDQJs16k?6B@SJ<xTd1(CF&6^?6c|dN9LW+
znPfI|o9OnszY7^@-p$1vcG(bfZb_ACV@%wD!|jxVm@?NfrEPJWO6h+9+00@xs<~hR
z^xX2^5lSS%ZVOyIAA-%OBbw-4E!8J9aEsUV^lKkDVNU+wVmI)A?*{Gr>p{EK?%sAT
zZ|>iBZrXWH;d{=!>|FK!XiO%bu>TR}0~jxNh(1eL>d3*d)DADFpRUnVtC#aGD)~v&
z>18L<@3ro`m!GzveN4c03W(P4jFpW%bglYwQGdL<Y7e^Y+xAdXFzjDmzcLwGZRFCD
zv=#ZjeL%@$vsx|os6q=*A**!bnlDr?XXP&<;OE=h{_ws(=>6;8`S_QWc>-<*Xs(%E
zL*XU_ZcpDf<fUcnL+^gr`gniS`*45L{@lLV6zg)`UcoZJ@3E>>svnhgwa!pt`$5}+
z!lf_-w!5D@gI@PjyL+ppzkhlAbHTO{q@6gUQq?31g-0W<{6{dl{Q_Oz^zMpfH*E^^
z{MK^A#APGwniU)dqs2+*P78&Mv6WB1$bKGdCz~CdS@&E(v4-6*lL+Ci*n%j^gm9}i
zaG5o_9I(@)?mS0puNLeCu{vy9F@>V2JO+nxd{|Nwz%BnF`w_DU{0CCCu_bvRWK~Cc
zY?=8Y+b_%xJ3Ga*Yd3VsBcYo`FT;Z>dyib^!p)5!Mm=|rSiTU~X1l&kW0JWM%|pZ~
zf3T*QIxbj7fmwtG0xaO1@e5s&{=?UeB1UWft%p!zQVYb*5So)e$fZy3_w?zIr)7D~
zRq<0M%w*D=f%S&NWL8>)>r~LZ$4#}}qR&p2BVQG-rEys=7pIZ8u?~A9r`QUt1-8Z{
ztjqgma%RQJv^<v04$e)eCn)&Zg)7Ilm$pIuSGddA{Ysd1=RZ!)Gv_}VwR+=t{^KCc
zvaD3emoR5GDi1%I+SPi=RES*<JLZhv>SC~T>^D>5wL|R|mJ-|30sI~i4o-X!(q~SG
zj#-atv%c_-GY9MvgoUT@DybfZL}PYu$QbOo?ZPMKz~Vq(U#*Lf<{lOGpzTk=1CHIl
zhyvU|{wZ_dMHfP?ssB7{yvv^dIzK%<-v4xv7S?}a@E9G!4&|SkJN8-lnE|+y+6eTi
z>!IXW!X!L8uKaOAC+0wQ<bq`nvS;Z?zmF&iD~*x>cc~m*n(0@m8O@>MSS|Y1szq}r
zcG!Z>406pMIrlWAYd`y)R%nG+mxd<7Sg%z2sp#Fc=yR!B&<Mxwb&zp6Z-iO_yIgu|
zZYWSbPAlMqPQv>_2%U5$lr0{&AHfdvO`NGMWRk#J;GW24h%BRy+K)bm@aBk|98!4u
zi8OZ*EVuY}gD#UDn%gJ5ARzah!Z0IT2H3UYqx~`eWtlEn9i1c2=|1a4+C2DnD^vA+
z_EeL)wG698yk1el8s4B{Mc0>Dz8Zh5@hOh>F2yc0w=zb}W}b(svlJMvrkA>^zEDL>
zlhN5iRty<^MqHSvZBr(BP#C0bwXZst-TU{0UiY@$ZRH1R%al<<C2(v@GFvJ|HIO>p
z;qB$k&HdF)@9O>CupnVq&iWy#D}O4PYkP8H(*{|D<o<JeFzocYJ0Z(lAXJDfJF~_<
zrq)<Hx5i#3*H|~ZVf*&})8)VJd;NA-=XmeCcb|4bxpZ|>Ax?$wMX0>Z@U%L^%d4CA
z{awFxdE0JX?Sw0HuTuuu`dowZhO9uW$~34h)ohp4c#!tG@v6&KhZHgu%Q5Ifl(KG_
z|2~#e|96*DYq{FAQc%H}T{JdMzG>jQRxamXxV!<s<=ld{U#?q=V3`y0hV00JuYrAg
zZjAHeOWnc^#p0vsWVesy^y2#;TZ7K$_TYZd{%}9+U4OjqU*7(_3?a>9E9yPrG2W?1
zE!T@Pkk?$~z2AvMP(0?qMLwvEdf&04^mG${a;Kz!!eHl2Hy>7l`AnuaoH}}buKI2;
zAyiZg(-e6`yh_nPJUI15R)a`(-BkzXh~n`K#{tf87(2JG(;MjxVRGbR1Ei}}R{{ZN
z0yeg%U}+{xLTR@?w68C(e{SD@>fLp3SA)^PgbYbbQ_l}M<bYGXiF5J&k00-@+V|aF
ztF6mC^Dysv=wyQ<9-8LYINVVTc*U`fZ||7QCI?MSRBnSKCTT{RfQ;(Pgv3%@<m7Ji
zZbdC1R9~g59aAB(=Uay39m1DMExL6#AF>e|KfZ!@31Ie)-c?IU^p(re#2;X8VSVee
z^@Yf(MI2C;SuV@fX7@F}>`c#AKKgE_d5&jlj%R9)XKM0&-y&nY5!idJghVm)0*7He
z@U+1{9tqlrzFm$4r5&ODFm&d}{+2r=I9~W*Ya7rl61?M~rOom_+no~HHK%ik(?zRx
z*||Gd&U`$<=BFdCh@%V0wJFIZL66a!k=Hxqlm_IbGI8->Qx&Hi!ToaN@r2YjenKh}
zH(7BuYH?U&>s0&7T+qrh0?Do`@<Hp)8RW$?td*l)6kbbv(QA&9tWZb0leiNF1={Gv
z3w0m==-@776-EwM6ZWF>Ju7tT#><gPr7nK_Ce0p&%J+D{=y<^B*j}R**Z=bowynKf
z0=?$^&)He__g@<I^Tx6M{~#?R;p(GT%!Pyc;`Z?Hk15X`Fc(q>1axm4$SLFG4{ebW
z=Z03E8qgy{|G<Jr37ld#c}J$c&vf_mLp*Rz6{@8+z52+HXrf=s<=-@<gcJB{*<YOT
z34OY-(+v1XcbI@IzeQ!22>pNkGcxKQW}Vc(9A)D{kJ|yE?PB6>jMbcN$itOByOoDI
z>|wiDhz;kt;hbOwRPL~H;cVWbvR{O5{j_XBlzXw)3B3rQ%@}tGO^QSw4t+LeFN;>P
zEUUCEtyhFPgic;VXft=(TB8uv?nnND(SN{}q12kG3{$23rPxQ@=H};3jwC5<69&ze
zRo+YVSHu=8*1hQCy{f7WFZ1|sP_rATh&^lB7h$NHpEt`Q+Hn^7di7-r_2Ak`@%N#1
z(|#EIFQAk%3$d|6+N(ZNU!?GBEfy!Lp*WmU3V+t9fXPFi-c%hhrwGtOO0?J<+@*Ro
z0o?Ah{y%ULcH;9*MDpqBb>bqM?*CtM3BbDFe{7tdX7B$vIXm9}agerV|9?<JplhVR
zB@^(Qx&85t`N>P>05UOr<OM?NpLCulPk<xIbkF|hYyCTUi&D!dSrkGe5=}sgsP7Nz
zUz`P#Y53#^@d_UGYk1AYp@?tRK7J)*m}Kp5#SA77${)l4=E(QgG=0am(*B3sf(^I4
zBona4{?}_~S^IxdYrH$!|3kE;3}4z)jy-`)?O3kXS-C@B<AiU2anKeTbKARVHoKQ5
zb@|JxVFtWKoYaD>q+%V#5-8q;V$*Le>Lj?Qb-$l`)Wd(Bw!Qw}ekZtA|DT>`^nc^@
s?D+ft2WekT|Ht0vQS%=)|FIq0u^rp79k~5p00030|J8DX#sH=O04aLL!T<mO

literal 0
HcmV?d00001

diff --git a/charts/v4.6.0/blob-csi-driver-v4.6.0.tgz b/charts/v4.6.0/blob-csi-driver-v4.6.0.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..32ae60effef87bd951022c24cf5f962399579769
GIT binary patch
literal 5916
zcmV+%7vtz3iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PH<!bK^F$`K(`o(qt>yeM4R2BdaQZur19*H6BSN*^}LuO1U7i
zC1Fhh3;=4ZIR5Xi0FdG#QkP}TWS@`^8IwSF1MCak4QS-Dk!1^FIh@RZSFfj-%gP*k
z?st1@wOXxqc5<TsU#r!!|F6~0-hEd;IX$V@PEO9w&%UeGPwHpq-=W(6NGNWBkeGj0
zdoix;<o+TJ`{XllK^SeKS-pgPfAOb_B?wt^K-ir4Qa`)=BjA9pTsA^O$vB<>x*m3r
zVV)Aj9yC#grAo5}{FBOArB?ddQ$Dst%gX-@y8(#(DuC7UU$32=o@eF%<lWg({twZJ
zhbPc1AvD4Q2H>+M@@!u5h|QT`V_C78r{213q<SI5!DoU<#^+5`efUXKZ9%FL7wH}n
zPZr8U{p|;?+h;DZ=S|cZcbV*S5J1&STaZ3yGothZ@Ein8i0VTy0!~4KP$(2W%Z~@e
zC}-~~r<K||lrEV81tI#JjbJm3(GXt^N#JW#>b3O<DRZEug=+v4A|%IKOjHdHMbqNZ
z@DvF@t*5{iWB`KvvCRr|Ga!Mgz8+P{c3I$rR-zw_Tw-6VC#BMxH)sH3;6QCak|9O`
zF^)XO0ST}<NTD8&00jaZ^koWEqak#HG>Zxag2T9prc(N%SxpdKA*|{!TT~?$529)_
zIwq5VgXJ^FvKf__P~cSs&(gpwpOYDu5H0DvTGG$^f$I(pHBI#EZ>2ZLLdK?f^YG)%
zKf>H}>0%E`B>{X!Y`C;-7Er0y*XDpFG?C;1pf~6jH5K*mw<zq3u<0z&7vj2V&Sr>%
z#*Cvm3o2*`QZ2_Ay8;jytB2?drutzZK>f`T`$8)UAES~p*9G2GU)nOVxOiv@jNTwc
zEMj9c3`q#-4c9!v&$wRxkZBX(G#l;!sKiIu&Mt}qzi<>ZYg{WzZRKGo(3nytvHDB%
z1a=(#Ki5Ta3dm=UDEZ8}jC(cF)AKSI7mvVQ1>r__FoTh0q3b|M=4HkaDjD)XVh2lH
zvUQilK!o0)ho6LneSg{UQ8eAa478hsQJ)jWiJV`%SZMe_h4QBK$5cci5%3wA0pcK7
zz->Tc%DCK=`)x*T@MSCjdUdKw2>cMW<#PZ}`*PKipQNX&zlfL%37%!Ufsnv0n-fWF
z>?-U-umjaw^BX)$G*OhQ^<=)!xD2RzDH-AcMGK)rSRl$MXH25e90`z8i8NM1ufbg#
zXbQt<j^Gh{z6+?S{?2r1q9+CWQrro}>h)T!j-E@)ot{gjgh(uyEk`sIUn=!<t=B7-
z>L$WUfm!;cu{BO{Z{cGbnn-;R%dB4sDPCh=+McggcQIzc{!=Do7vvYl9~OE-PKj8o
zkIe$tQ3B-<fk!SlN(sb-BZq-nSBV_(fjWp$^l8|MhL@1ySWaxwXIwT><DX~mPV!CP
z6tF9&akoZEn+KQJSTvFTE1*642`heR8if=+yf*aoT}&Z<<+6$5dAEs9H7vu)!l28u
z_lho$ND=*|i1)N@I<3_{k?<*p-vbcIUbY`7F7TFyHKI{D^DRbJe<8BiLn_A6cp;9g
zA%Cr<!{aeg;vA|trTvGXR4e1*BgtIgq4w2KEc5{LCMs)7!I=w{w1)CD2bDvN%vYlo
zv~v5A2q~f$Fdl;~o2cAnLwgEN;6iyL_@Qw4iWy%Wi}eCDC2d-l)slMr)fAF`+o3L@
z@R_-R2OnX6Y1<&gFGNl|4p6DtArf*AKi*M1!^BnEsfp^FX_t3P`T?i{aOJYmI1te1
z>@k65lzOZo5-KEi-DtpK0&(X>_@Z2|oK#NBdBYkx;~Me6Mx|DHX9fz8pYUVP2l}44
z&<(uANH6oE{7<v>Gb2OIedjw^LhEWVF2Z+>?J4xJoHkL_({4KUl`g*}9t<V+{0`M!
zS|p)&J>_flfqO&<<N4Ii&(D|j>_IhO;Rfd`E8CYL*+~cHsDjcMunf5V3S;qsv%rt`
zP6NQsFPuo|Q5%$?y&vAreOQRa2arY@hZ3tDiQ$5h@h+PwH@adAQqf8x+^`!@Rk=!+
z6QD{7DYguvzlXtiOdgx4+#3$9DY%|`tH*y}!`8=}g^-rZ=nYy(Ix^uQ_4r51lq`$C
zzeTO~)!m1;sMCGldy9U#9CSO~4{uR>Fz5}Gv!guLP_i`<>OuT>$t5&+RI^bE%LUm)
z)fwhhmyD|6laiJu$ypOQFd~?iO3HO|8Fm(`Nh?DFRCZb+nm6cIrafKk{)ReZ?W$g0
zwv?DD_r`1!^ge}KSO_wq;2;lEJW=je2p19KXA!E$3$^=^K-E?Z3;ihcl{G@C_Ig6?
z-E@~u3w<GSs=IB6HAK;ADK-mX>1pjf{*#UWN$`9fyQy}2x9wp?KFSy4SQr0)ch<<n
z|4z@&8^`$HA=<5yid8{<B>|IgTjGH4vN`D8wBEIb%wH*$ZW*$tU_Yz@X12K!%RszE
zz6)4@+DtS{q5Rv@MV3V)FXrOu2~`H5`&Aac4SIf7BpG0qB|^1)QRb%S(kS%&Tt=4l
z1xtH+Oh2SrvHagp!S#WQiu7NY3Rolmjdy1!8TmguJ?8%o)1IEH|3EY1HMQLu6Bp#%
zhYL?Fi#>%V`bYKoxm42K+K)b_jy7jB3<GKls8hze-_w(Y92gS{sI1)*)vt`K_!SOZ
zi7F<`tVOf(*<_ql&)y6;Ck~)LmA6c7boNgFlX%8oL1ilj2Gr62*0hzbb%4>(VyIK3
zhN(wot94v?G><7Zfxb#9pK#qJM&@%u<rtO!Cak}Sa(V*h-{JNF{i)+8N=udhr;N(?
z<y|JjJdY_)!YDRTL}b*#1SAbK?E9HbtML+_o=_y)sc%z3xr6kMiP~mhR+$!)Y=Wmn
z^tuT;)k{KcH*kt(Q$U%`JfBhR(<WlA%l&-JrNzcu&pdR-tkFC@_bB2W(LRp8{N*BN
zo)2)5|5nhJhWv?s5134?>hp6+x#Sfwt!g&Rn?lH+l_WW#Bqf8?<~5S+-`I0k^jIKH
zeOV*+e&D)`B+Z!dIJzrP{&)7{JWAqY#}sChEei2c0!9zwm`-5jIJC&osO2q~O?qNq
zTjzdDt=RtO1k86V3s`Oc8})i4WB(hq^Yf$qKS+BZ)M=uYcI-W%vXm?c!oDx6vwA7Y
zf5kBeC2Nr~iP?jO=E3v|<B&xzd<lit!URur25lW!gqF>QyD%4jB1)**LZcJaUHG7L
zk8wUDAAI!QpopwcGmP;`dwP=~b7MmDNL{vYG0A6UU?hJb`ozNPSXYXYEoj+v;eJ{g
z5^L>j%%u_qT#{o<3@Ykci6R<R9jq-&9xTG<27aiW3s5eyw2=nS7_#{NiYX)vKpJ!+
zg&dDbWS^TkrZY3_Pn5)(nUG;X^-za_az0WNWK5us!j4JYtI;g2TE3Z7EzihiXSg&v
zjlAH~rBa&t9GU16k8`Mq!lBnDnDCx(A%7uq`m^aDc1#yqbhBD0{W^g*MwJTTE;uCZ
zt1;0;Iv`oZkx9J~XGRkow>kk9#wJsXSj_%eWXX){1}Ib6sshZbxHGw68Aoy*N9NQP
zBtF*C+oTs9eeQH#e?htcTkQb)oT<%f{2U>*ac!bOKqc{@Wwx3t=a&fJ$B0u={Vir3
zJH;_gRwBulELjUb^Aw9d2fY=nmecZANoUF{amiLvyM+SXMCHWdn(<LNA9{XXdbbL8
zb6szVC+PXPY!<*3upvGB!<jZ12w^@ENj6Z+Ubbczjq=h%?dW31;UL7t_di~?T7&j*
z`1hQSE?@_^1z|nW`W_p^EOUS;PGy0-s5fdN=QTV^jxAF=WktTgMcRliI_rEd_KEeo
zFD_1Nt9pzAF62eMmg)p_mR&}}z2P#Y-XW6-YNBdbFjx`He#kOHKT#;S?i<HNh3U^b
z(;2W&x?nC#pGk+B9BNd38aG3|q6?(u5T1A)r%O?eSCR4!!;Tqp6aGfMkt8@;v?v2>
znWE7RBtDh1-LJr}0KF`G>CQWf`@S%4BJ63gE@DX2Q-6(x*u4`=9ZboB<ufiX^4*v;
zwQ-3<&dRLh|1_Lk*nb6st5z%>JFtI>+O^!TD?2yfdA$$WE2}R<T;@03XGg}~4gO{}
z%bFFjT$ql}HzGhCpAjlAzW?!h*tu_aTm4?Adz)w0!m_}Hu+%F0zh*w#L=j;=W)m|~
zpFBypc^Yj%^Q^EAKUyXSJ^?CoMrZ05@&UyVETLoSIe;=H4+RwI!YWfYYnf1|m7P{%
zVRFl^wu2nI3LAo7;YH}`Eekwf&Qtgbz~`2NWgsj4x5S|f7uQsDy+l2tg?%<X{>Z%Z
zIg`w0ZWG;J_je&9&AYjn!!8?Q&Mm1jZH$Q<aJZdv5L4zlrnD_?Qz`uqAe&iCMl}~K
zfSz04J3@&h*lmG}=R>d=bwm@rtEKvc25#}Xo__5EC(OwoT<iw^@7<t%e?4fo+TGjE
z<<0&3&P_YdDSXeFmz}HLAC1Z66ZSvCd;sI+4$)@`OC32lmfGRv^wTw(YV~s7MI}Fp
zI=$>f`n}eD_wv&gw2uk6P65&Sow2f!hpts$F6xhWSM5Q!ecK*t3Woj5>sKa2tBqV*
zlC~n>w+|?JY*wqq9#v@JDP)yyT=Rv><*fWg1pIt^+aKQd2fcs&J0JhDGEczG0L?YC
zYbe}=!0qYVhP<?Fedyf}TOaRldLQm@+MnAun_^wA+bdWG_&rvYO7)|%uGSe!Y(HpQ
zP`DI^z;^d@XVB|@YIkq7^!G1se=gV-g0vH7RH~Xpq3~$LmH!Avw_l*^o8Dcq?50hD
zp5IDngZ8j@H@I%!>oU95;3h5`VRzvVcQoj&-2Fvj^kAFZ?BL8N$psWE-~IBB5blcI
ziK0vhw`v2IS$oU@J3Z>oa}@e&nNJX_Bf1q+LyF2{a2UsjB{c!u@*lDvF^j-|AXOV%
zk_SRobr8swnJ=>a!tAi=Q#`wNua`V6x>;Z|Jj1g0pk^-I+~8u=bN6883vq3>A>1@v
znH%gpL<sW-Yl^Akf@Kt#MQ9+v0?rw~(ADZceBA(JwD#Y6bR{OWK->(WIjMzQ`t(*%
z9~^mFme*VrKV`y9CcRHsZ#YcSrA4^T63u(u6yh!V>|{CeRq<LHm-TXShIt$7us3pw
zt-xAfYfQqrlyD}UR-9+cW7+KB++2Htg0EfEa%`Ko4eGzbUB>QL!mK<0adO_s)_>LO
z$MYWtX_jTBO1^|Svr&2Y$<(gaOQu5Xde|{%{8kr(rDMOD60aR<x3HAho(|ymfN*f)
zgOEORI&{o>RNL-_3!FJ%mmn-Wg;z=SFeDn=dPBxw&utezF$We0`ub{Jgf#c4s0VF-
z3LbFm{+DRE4dkCP2VQg`)SCLwv(sAk{<rhflVknoL0VY<iNRxZ2s@O2YVO!);b#Wm
zPHH32r>=*RV+oV+=(uva37wb&*^!@>J;<J=BmF+2D6BL}0^Fr?bZMqvrDimTiet6t
zSF0Ayo!DUuIy1;Mf8^ZLkgomgcUqwpUR@fRh*iB(>8GN1*P_p*YC$6$yVpU+<-8GU
z1?+O^skxy*`8chB6FLd+3n6sUnNYTP+<pW*&^K|W_K8UXZ-ILvn<27{I%+@q9KxF;
za&k!F?I+UQL9pE7+YP!*c4%&&@PdHccM8Lda2a6NijVfk{Fi0AWOa0oIH&up7ish0
z+pSF1^Vw5P>ee!>7V&yT32S(RiWOa7V)<(PvBsx3q`MTL%-qTtHJf=Jrp{9Ix0+t+
zs`^3|F-?YG3t2H_^citsqP9($3_)Qew$;AsTz2o@4|?6(cDEocR;G*+DuH8LlG#!z
zs)5w$4sS1SZtkycdROo7h6M?`a@G$?UHMbVT-%cqfHue?B=?`&gJGxF-3eLd0--`=
z*_k!=F}23pxi$7OxyHKL4coW(pDzD(-|M%#I>&q8z5BEi%B8E53UMlYFGA&QhNsmT
zUS8d_@9+Ap%iDJAYA0Nodz~`K)+ZE{H)I83RXRa+sb;&R#)GuijaOZ^I;4=PSdKv-
zqLg*ZB=@nL`mbG1t>tRdN<jr@cG1{4!={1nTDhEm;qnIjmU9c*ez|Tff@My~8?qw@
zz6SQ~xiL<HFLety6pN3hGul3u(~IwaYz;b}+k^W-`@{XPcm46ce|h`!GK4gbt*G~e
z$9Sh6wOlXGKwfi^_kJf5LGhRa7x|zv>V3zG($h`+$(=I$34@(8-F#RH<}>NsaO&v!
zx$3*Ygiui}OjG0$@hX)8@!-@KSq&oDbyppjBZ|i}90xeVVeH(#PH&_)gvpVM4Un!@
zT?qu73E0@4f~A=(38mfo(7wLB{<(essdv}CT@6MD6EY+%O+7#4kONNjCeFq8KYqNs
zYTtKzt+p=n%)`9vp_2`ccxakm<8VhY;1$O@zP)2In;bMTQMnC{n4}qL0x~Kh6B0{t
zk(0a4yA`#7P<@rIc1(rDo^KhBcL-l5wdmH}e8@&<{P+sqC4kvGdRHwa(N``<6MulY
zh4rn=))ykD7I8pXX1Od^o88y^vNJtf`RKcy<~g3JIi9IGo~g<AeT$6oMqux?5)#GG
z3mk^^z|#i*cqC{e`gS=Ily-#n!_b)@`&;gi;CSJKt!+TJNbrt_mi~%|mf`^~JhQZG
z^63y~omPbda<|%?`FMiOZ(LpxN0+l}o0m(19;0_nuXp4s4aiHS4CBG3d{23-`xTwz
zd982!yjCW_v*M)I;^@fMH32J=Rx3{|B)hIiT&+9xkQaEdR*rg695C(fuQ}MVLLKc+
z;!YG4XrmV|)P4Nxh`W$g7~)(_*o#gZt<b3(FGnipyZDu!G<y^(-{Wzo<8i0IR4cCk
z=Ob)ed$|O9&H10Rv+VD`H0tN|<L^Hoq-6w0ee{aCa8O^|9v=QN<+%gqLh68k?u`RE
zWt{w>6@B8|(8^N-dSqyJEqIi`DRz^0Wa|4&cRxSG1J_icT58j)kNk)x`n6pCO+!lf
zR=<}0#TlQ_RSG-JfRA*C3CQwWRCbBb|JOewqyAymN&U-FrW5qI9T3_sCf>$a&Dn-L
zT<No0d6>f<wu^<>aGo2^31&d$4l5VV<}E7wMd;Q~%N9gg?Y&OuMF4HaxI<`CB=T_R
zvoU*Fw3206rDbWoBGe&t@)|;$xzpAfg{XEv@)wN$1GWsM)=XuXD(x@DuGcm<KW}m*
zNokufXtu2KUZTGuwpg+5MIY}~Rc&}<$6rCsZlEIetYu$>p=y5KEQ@HzS>)^0mnqbP
zYbV9uht^H|VetO~rIcBSjTO>f^^y7_g<os2I8hD7;gnMNvql9>9`f|2>VP>#fEH4s
z#pd8H)vF2McAxeCfs3#cpKl_PPfxECZrF7H|B_1p*8Tot<McFp|HsMc@&1p4v^D$x
zgBk)|BmFIzfZxm&k8jLRUNQ%e35_E!5K{l7^E`P197(2o_CH_i-^p8)T1GjT5E_wa
z0#ZbMe^CG8ESOBgCqIZ+@TgzIYc38&e6#lPD;dKiYkw<dFnLh^AO<i;zQ3mFJGPbf
zKjao{xaB38fHn5NUOUU$|C3t%<Y@m7(UuZtX-_%!1TwW_xmsuC4t<RizWv2PTWHK}
z@21)8UYgY9FRO+b@D_1W3$l`mbregWcoT|EzqP27;GWj~e(q5Z|M#@*_5b!e!L|DT
y^gN^g8>gqo``-@IzMB4zz0afOKWhGCJGNsxwqrYR`@aAH0RR8x8ZV9jrT_pYN{+Jt

literal 0
HcmV?d00001

diff --git a/charts/v4.6.0/blob-csi-driver/Chart.yaml b/charts/v4.6.0/blob-csi-driver/Chart.yaml
new file mode 100644
index 000000000..8bc1d2a87
--- /dev/null
+++ b/charts/v4.6.0/blob-csi-driver/Chart.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: latest
+description: Azure Blob Storage CSI driver
+name: blob-csi-driver
+version: v4.6.0
diff --git a/charts/v4.6.0/blob-csi-driver/templates/NOTES.txt b/charts/v4.6.0/blob-csi-driver/templates/NOTES.txt
new file mode 100644
index 000000000..9ad135dd4
--- /dev/null
+++ b/charts/v4.6.0/blob-csi-driver/templates/NOTES.txt
@@ -0,0 +1,5 @@
+The Azure Blob Storage CSI driver is getting deployed to your cluster.
+
+To check Azure Blob Storage CSI driver pods status, please run:
+
+  kubectl --namespace={{ .Release.Namespace }} get pods --selector="release={{ .Release.Name }}" --watch
diff --git a/charts/v4.6.0/blob-csi-driver/templates/_helpers.tpl b/charts/v4.6.0/blob-csi-driver/templates/_helpers.tpl
new file mode 100644
index 000000000..d99392f32
--- /dev/null
+++ b/charts/v4.6.0/blob-csi-driver/templates/_helpers.tpl
@@ -0,0 +1,49 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{/* Expand the name of the chart.*/}}
+{{- define "blob.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "blob.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common selectors.
+*/}}
+{{- define "blob.selectorLabels" -}}
+app.kubernetes.io/name: {{ template "blob.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+
+{{/*
+Common labels.
+*/}}
+{{- define "blob.labels" -}}
+{{- include "blob.selectorLabels" . }}
+app.kubernetes.io/component: csi-driver
+app.kubernetes.io/part-of: {{ template "blob.name" . }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+helm.sh/chart: {{ template "blob.chart" . }}
+{{- if .Values.customLabels }}
+{{ toYaml .Values.customLabels }}
+{{- end }}
+{{- end -}}
+
+
+{{/* pull secrets for containers */}}
+{{- define "blob.pullSecrets" -}}
+{{- if .Values.imagePullSecrets }}
+imagePullSecrets:
+{{- range .Values.imagePullSecrets }}
+  - name: {{ . }}
+{{- end }}
+{{- end }}
+{{- end -}}
\ No newline at end of file
diff --git a/charts/v4.6.0/blob-csi-driver/templates/csi-blob-controller.yaml b/charts/v4.6.0/blob-csi-driver/templates/csi-blob-controller.yaml
new file mode 100644
index 000000000..5461f3a90
--- /dev/null
+++ b/charts/v4.6.0/blob-csi-driver/templates/csi-blob-controller.yaml
@@ -0,0 +1,229 @@
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  name: {{ .Values.controller.name }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Values.controller.name }}
+    {{- include "blob.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.controller.replicas }}
+  selector:
+    matchLabels:
+      app: {{ .Values.controller.name }}
+      {{- include "blob.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        app: {{ .Values.controller.name }}
+        {{- include "blob.labels" . | nindent 8 }}
+        {{- if .Values.workloadIdentity.clientID }}
+        azure.workload.identity/use: "true"
+        {{- end }}
+        {{- if .Values.podLabels }}
+{{- toYaml .Values.podLabels | nindent 8 }}
+        {{- end }}
+{{- if .Values.podAnnotations }}
+      annotations:
+{{ toYaml .Values.podAnnotations | indent 8 }}
+{{- end }}
+    spec:
+{{- with .Values.controller.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+{{- end }}
+      {{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+{{ toYaml .Values.imagePullSecrets | indent 8 }}
+      {{- end }}
+      hostNetwork: {{ .Values.controller.hostNetwork }}
+      dnsPolicy: ClusterFirstWithHostNet
+      serviceAccountName: {{ .Values.serviceAccount.controller }}
+      nodeSelector:
+        kubernetes.io/os: linux
+        {{- if .Values.controller.runOnMaster}}
+        node-role.kubernetes.io/master: ""
+        {{- end}}
+        {{- if .Values.controller.runOnControlPlane}}
+        node-role.kubernetes.io/control-plane: ""
+        {{- end}}
+{{- with .Values.controller.nodeSelector }}
+{{ toYaml . | indent 8 }}
+{{- end }}
+      priorityClassName: {{ .Values.priorityClassName | quote }}
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
+{{- with .Values.controller.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+{{- end }}
+      containers:
+        - name: csi-provisioner
+{{- if hasPrefix "/" .Values.image.csiProvisioner.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.csiProvisioner.repository }}:{{ .Values.image.csiProvisioner.tag }}"
+{{- else }}
+          image: "{{ .Values.image.csiProvisioner.repository }}:{{ .Values.image.csiProvisioner.tag }}"
+{{- end }}
+          args:
+            - "-v=2"
+            - "--csi-address=$(ADDRESS)"
+            - "--leader-election"
+            - "--leader-election-namespace={{ .Release.Namespace }}"
+            - "--timeout=120s"
+            - "--extra-create-metadata=true"
+            - "--kube-api-qps=50"
+            - "--kube-api-burst=100"
+          env:
+            - name: ADDRESS
+              value: /csi/csi.sock
+          imagePullPolicy: {{ .Values.image.csiProvisioner.pullPolicy }}
+          volumeMounts:
+            - mountPath: /csi
+              name: socket-dir
+          resources: {{- toYaml .Values.controller.resources.csiProvisioner | nindent 12 }}
+        - name: liveness-probe
+{{- if hasPrefix "/" .Values.image.livenessProbe.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
+{{- else }}
+          image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
+{{- end }}
+          args:
+            - --csi-address=/csi/csi.sock
+            - --probe-timeout=3s
+            - --health-port={{ .Values.controller.livenessProbe.healthPort }}
+          imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }}
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /csi
+          resources: {{- toYaml .Values.controller.resources.livenessProbe | nindent 12 }}
+        - name: blob
+{{- if hasPrefix "/" .Values.image.blob.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}"
+{{- else }}
+          image: "{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}"
+{{- end }}
+          args:
+            - "--v={{ .Values.controller.logLevel }}"
+            - "--endpoint=$(CSI_ENDPOINT)"
+            - "--metrics-address=0.0.0.0:{{ .Values.controller.metricsPort }}"
+            - "--drivername={{ .Values.driver.name }}"
+            - "--custom-user-agent={{ .Values.driver.customUserAgent }}"
+            - "--user-agent-suffix={{ .Values.driver.userAgentSuffix }}"
+            - "--cloud-config-secret-name={{ .Values.controller.cloudConfigSecretName }}"
+            - "--cloud-config-secret-namespace={{ .Values.controller.cloudConfigSecretNamespace }}"
+            - "--allow-empty-cloud-config={{ .Values.controller.allowEmptyCloudConfig }}"
+          ports:
+            - containerPort: {{ .Values.controller.livenessProbe.healthPort }}
+              name: healthz
+              protocol: TCP
+            - containerPort: {{ .Values.controller.metricsPort }}
+              name: metrics
+              protocol: TCP
+          livenessProbe:
+            failureThreshold: 5
+            httpGet:
+              path: /healthz
+              port: healthz
+            initialDelaySeconds: 30
+            timeoutSeconds: 10
+            periodSeconds: 30
+          env:
+            - name: AZURE_CREDENTIAL_FILE
+              valueFrom:
+                configMapKeyRef:
+                  name: azure-cred-file
+                  key: path
+                  optional: true
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: KUBERNETES_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: CSI_ENDPOINT
+              value: unix:///csi/csi.sock
+            {{- if ne .Values.driver.httpsProxy "" }}
+            - name: HTTPS_PROXY
+              value: {{ .Values.driver.httpsProxy }}
+            {{- end }}
+            {{- if ne .Values.driver.httpProxy "" }}
+            - name: HTTP_PROXY
+              value: {{ .Values.driver.httpProxy }}
+            {{- end }}
+            - name: AZURE_GO_SDK_LOG_LEVEL
+              value: {{ .Values.driver.azureGoSDKLogLevel }}
+            {{- if eq .Values.cloud "AzureStackCloud" }}
+            - name: AZURE_ENVIRONMENT_FILEPATH
+              value: /etc/kubernetes/azurestackcloud.json
+            {{- end }}
+            - name: AZURE_CLOUD_NAME
+              value: {{ .Values.cloud }}
+            - name: AZURE_RESOURCE_ID
+              value: {{ .Values.global.resourceId }}
+
+          imagePullPolicy: {{ .Values.image.blob.pullPolicy }}
+          volumeMounts:
+            - mountPath: /csi
+              name: socket-dir
+            - mountPath: /etc/kubernetes/
+              name: azure-cred
+            {{- if eq .Values.cloud "AzureStackCloud" }}
+            - name: ssl
+              mountPath: /etc/ssl/certs
+              readOnly: true
+            {{- end }}
+            {{- if eq .Values.linux.distro "fedora" }}
+            - name: ssl
+              mountPath: /etc/ssl/certs
+              readOnly: true
+            - name: ssl-pki
+              mountPath: /etc/pki/ca-trust/extracted
+              readOnly: true
+            {{- end }}
+          resources: {{- toYaml .Values.controller.resources.blob | nindent 12 }}
+        - name: csi-resizer
+{{- if hasPrefix "/" .Values.image.csiResizer.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.csiResizer.repository }}:{{ .Values.image.csiResizer.tag }}"
+{{- else }}
+          image: "{{ .Values.image.csiResizer.repository }}:{{ .Values.image.csiResizer.tag }}"
+{{- end }}
+          args:
+            - "-csi-address=$(ADDRESS)"
+            - "-v=2"
+            - "-leader-election"
+            - "--leader-election-namespace={{ .Release.Namespace }}"
+            - '-handle-volume-inuse-error=false'
+          env:
+            - name: ADDRESS
+              value: /csi/csi.sock
+          imagePullPolicy: {{ .Values.image.csiResizer.pullPolicy }}
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /csi
+          resources: {{- toYaml .Values.controller.resources.csiResizer | nindent 12 }}
+      volumes:
+        - name: socket-dir
+          emptyDir: {}
+        - name: azure-cred
+          hostPath:
+            path: /etc/kubernetes/
+            type: DirectoryOrCreate
+        {{- if eq .Values.cloud "AzureStackCloud" }}
+        - name: ssl
+          hostPath:
+            path: /etc/ssl/certs
+        {{- end }}
+        {{- if eq .Values.linux.distro "fedora" }}
+        - name: ssl
+          hostPath:
+            path: /etc/ssl/certs
+        - name: ssl-pki
+          hostPath:
+            path: /etc/pki/ca-trust/extracted
+        {{- end }}
+      {{- if .Values.securityContext }}
+      securityContext: {{- toYaml .Values.securityContext | nindent 8 }}
+      {{- end }}
diff --git a/charts/v4.6.0/blob-csi-driver/templates/csi-blob-driver.yaml b/charts/v4.6.0/blob-csi-driver/templates/csi-blob-driver.yaml
new file mode 100644
index 000000000..9a6aea64a
--- /dev/null
+++ b/charts/v4.6.0/blob-csi-driver/templates/csi-blob-driver.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: storage.k8s.io/v1
+kind: CSIDriver
+metadata:
+  name: {{ .Values.driver.name }}
+  labels:
+    {{- include "blob.labels" . | nindent 4 }}
+spec:
+  attachRequired: false
+  podInfoOnMount: true
+  fsGroupPolicy: {{ .Values.feature.fsGroupPolicy }}
+  volumeLifecycleModes:
+    - Persistent
+    - Ephemeral
diff --git a/charts/v4.6.0/blob-csi-driver/templates/csi-blob-node.yaml b/charts/v4.6.0/blob-csi-driver/templates/csi-blob-node.yaml
new file mode 100644
index 000000000..123b40528
--- /dev/null
+++ b/charts/v4.6.0/blob-csi-driver/templates/csi-blob-node.yaml
@@ -0,0 +1,300 @@
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+  name: {{ .Values.node.name }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Values.node.name }}
+    {{- include "blob.labels" . | nindent 4 }}
+spec:
+  updateStrategy:
+    rollingUpdate:
+      maxUnavailable: {{ .Values.node.maxUnavailable }}
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app: {{ .Values.node.name }}
+      {{- include "blob.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        app: {{ .Values.node.name }}
+        {{- include "blob.labels" . | nindent 8 }}
+        {{- if .Values.workloadIdentity.clientID }}
+        azure.workload.identity/use: "true"
+        {{- end }}
+        {{- if .Values.podLabels }}
+{{- toYaml .Values.podLabels | nindent 8 }}
+        {{- end }}
+{{- if .Values.podAnnotations }}
+      annotations:
+{{ toYaml .Values.podAnnotations | indent 8 }}
+{{- end }}
+    spec:
+      {{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+{{ toYaml .Values.imagePullSecrets | indent 8 }}
+      {{- end }}
+{{- if .Values.node.enableBlobfuseProxy }}
+      hostPID: true
+{{- end }}
+      hostNetwork: true
+      dnsPolicy: ClusterFirstWithHostNet
+      serviceAccountName: {{ .Values.serviceAccount.node }}
+      nodeSelector:
+        kubernetes.io/os: linux
+{{- with .Values.node.nodeSelector }}
+{{ toYaml . | indent 8 }}
+{{- end }}
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: type
+                    operator: NotIn
+                    values:
+                      - virtual-kubelet
+        {{- if .Values.node.affinity }}
+{{- toYaml .Values.node.affinity | nindent 8 }}
+        {{- end }}
+      priorityClassName: {{ .Values.priorityClassName | quote }}
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
+{{- with .Values.node.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+{{- end }}
+{{- if .Values.node.enableBlobfuseProxy }}
+      initContainers:
+        - name: install-blobfuse-proxy
+{{- if hasPrefix "/" .Values.image.blob.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}"
+{{- else }}
+          image: "{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}"
+{{- end }}
+          imagePullPolicy: IfNotPresent
+          command:
+            - "/blobfuse-proxy/init.sh"
+          securityContext:
+            privileged: true
+          env:
+            - name: DEBIAN_FRONTEND
+              value: "noninteractive"
+            - name: INSTALL_BLOBFUSE
+              value: "{{ .Values.node.blobfuseProxy.installBlobfuse }}"
+            - name: BLOBFUSE_VERSION
+              value: "{{ .Values.node.blobfuseProxy.blobfuseVersion }}"
+            - name: INSTALL_BLOBFUSE2
+              value: "{{ .Values.node.blobfuseProxy.installBlobfuse2 }}"
+            - name: BLOBFUSE2_VERSION
+              value: "{{ .Values.node.blobfuseProxy.blobfuse2Version }}"
+            - name: SET_MAX_OPEN_FILE_NUM
+              value: "{{ .Values.node.blobfuseProxy.setMaxOpenFileNum }}"
+            - name: MAX_FILE_NUM
+              value: "{{ .Values.node.blobfuseProxy.maxOpenFileNum }}"
+            - name: DISABLE_UPDATEDB
+              value: "{{ .Values.node.blobfuseProxy.disableUpdateDB }}"
+          volumeMounts:
+            - name: host-usr
+              mountPath: /host/usr
+            - name: host-etc
+              mountPath: /host/etc
+{{- end }}
+      containers:
+        - name: liveness-probe
+          imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }}
+          volumeMounts:
+            - mountPath: /csi
+              name: socket-dir
+{{- if hasPrefix "/" .Values.image.livenessProbe.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
+{{- else }}
+          image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
+{{- end }}
+          args:
+            - --csi-address=/csi/csi.sock
+            - --probe-timeout=3s
+            - --health-port={{ .Values.node.livenessProbe.healthPort }}
+            - --v=2
+          resources: {{- toYaml .Values.node.resources.livenessProbe | nindent 12 }}
+        - name: node-driver-registrar
+{{- if hasPrefix "/" .Values.image.nodeDriverRegistrar.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
+{{- else }}
+          image: "{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
+{{- end }}
+          args:
+            - --csi-address=$(ADDRESS)
+            - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
+            - --v=2
+          livenessProbe:
+            exec:
+              command:
+                - /csi-node-driver-registrar
+                - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
+                - --mode=kubelet-registration-probe
+            initialDelaySeconds: 30
+            timeoutSeconds: 15
+          env:
+            - name: ADDRESS
+              value: /csi/csi.sock
+            - name: DRIVER_REG_SOCK_PATH
+              value: {{ .Values.linux.kubelet }}/plugins/{{ .Values.driver.name }}/csi.sock
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /csi
+            - name: registration-dir
+              mountPath: /registration
+          resources: {{- toYaml .Values.node.resources.nodeDriverRegistrar | nindent 12 }}
+        - name: blob
+{{- if hasPrefix "/" .Values.image.blob.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}"
+{{- else }}
+          image: "{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}"
+{{- end }}
+          args:
+            - "--v={{ .Values.node.logLevel }}"
+            - "--endpoint=$(CSI_ENDPOINT)"
+            - "--blobfuse-proxy-endpoint=$(BLOBFUSE_PROXY_ENDPOINT)"
+            - "--edgecache-mount-endpoint=$(EDGECACHE_MOUNT_ENDPOINT)"
+            - "--enable-blobfuse-proxy={{ .Values.node.enableBlobfuseProxy }}"
+            - "--nodeid=$(KUBE_NODE_NAME)"
+            - "--drivername={{ .Values.driver.name }}"
+            - "--cloud-config-secret-name={{ .Values.node.cloudConfigSecretName }}"
+            - "--cloud-config-secret-namespace={{ .Values.node.cloudConfigSecretNamespace }}"
+            - "--custom-user-agent={{ .Values.driver.customUserAgent }}"
+            - "--user-agent-suffix={{ .Values.driver.userAgentSuffix }}"
+            - "--allow-empty-cloud-config={{ .Values.node.allowEmptyCloudConfig }}"
+            - "--enable-get-volume-stats={{ .Values.feature.enableGetVolumeStats }}"
+            - "--append-timestamp-cache-dir={{ .Values.node.appendTimeStampInCacheDir }}"
+            - "--mount-permissions={{ .Values.node.mountPermissions }}"
+            - "--allow-inline-volume-key-access-with-idenitity={{ .Values.node.allowInlineVolumeKeyAccessWithIdentity }}"
+          ports:
+            - containerPort: {{ .Values.node.livenessProbe.healthPort }}
+              name: healthz
+              protocol: TCP
+          livenessProbe:
+            failureThreshold: 5
+            httpGet:
+              path: /healthz
+              port: healthz
+            initialDelaySeconds: 30
+            timeoutSeconds: 10
+            periodSeconds: 30
+          env:
+            - name: AZURE_CREDENTIAL_FILE
+              valueFrom:
+                configMapKeyRef:
+                  name: azure-cred-file
+                  key: path
+                  optional: true
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: KUBERNETES_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: CSI_ENDPOINT
+              value: unix:///csi/csi.sock
+            - name: EDGECACHE_MOUNT_ENDPOINT
+              value: unix:///csi/csi_mounts.sock
+            - name: BLOBFUSE_PROXY_ENDPOINT
+              value: unix:///csi/blobfuse-proxy.sock
+            {{- if ne .Values.driver.httpsProxy "" }}
+            - name: HTTPS_PROXY
+              value: {{ .Values.driver.httpsProxy }}
+            {{- end }}
+            {{- if ne .Values.driver.httpProxy "" }}
+            - name: HTTP_PROXY
+              value: {{ .Values.driver.httpProxy }}
+            {{- end }}
+            - name: KUBE_NODE_NAME
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: spec.nodeName
+            - name: AZURE_GO_SDK_LOG_LEVEL
+              value: {{ .Values.driver.azureGoSDKLogLevel }}
+            {{- if eq .Values.cloud "AzureStackCloud" }}
+            - name: AZURE_ENVIRONMENT_FILEPATH
+              value: /etc/kubernetes/azurestackcloud.json
+            {{- end }}
+            - name: AZURE_CLOUD_NAME
+              value: {{ .Values.cloud }}
+            - name: AZURE_RESOURCE_ID
+              value: {{ .Values.global.resourceId }}
+          imagePullPolicy: {{ .Values.image.blob.pullPolicy }}
+          securityContext:
+            privileged: true
+          volumeMounts:
+            - mountPath: /csi
+              name: socket-dir
+            - mountPath: {{ .Values.linux.kubelet }}/
+              mountPropagation: Bidirectional
+              name: mountpoint-dir
+            - mountPath: /etc/kubernetes/
+              name: azure-cred
+            - mountPath: /mnt
+              name: blob-cache
+            {{- if eq .Values.cloud "AzureStackCloud" }}
+            - name: ssl
+              mountPath: /etc/ssl/certs
+              readOnly: true
+            {{- end }}
+            {{- if eq .Values.linux.distro "fedora" }}
+            - name: ssl
+              mountPath: /etc/ssl/certs
+              readOnly: true
+            - name: ssl-pki
+              mountPath: /etc/pki/ca-trust/extracted
+              readOnly: true
+            {{- end }}
+          resources: {{- toYaml .Values.node.resources.blob | nindent 12 }}
+      volumes:
+{{- if .Values.node.enableBlobfuseProxy }}
+        - name: host-usr
+          hostPath:
+            path: /usr
+        - name: host-etc
+          hostPath:
+            path: /etc
+{{- end }}
+        - hostPath:
+            path: {{ .Values.linux.kubelet }}/plugins/{{ .Values.driver.name }}
+            type: DirectoryOrCreate
+          name: socket-dir
+        - hostPath:
+            path: {{ .Values.linux.kubelet }}/
+            type: DirectoryOrCreate
+          name: mountpoint-dir
+        - hostPath:
+            path: {{ .Values.linux.kubelet }}/plugins_registry/
+            type: DirectoryOrCreate
+          name: registration-dir
+        - hostPath:
+            path: /etc/kubernetes/
+            type: DirectoryOrCreate
+          name: azure-cred
+        - hostPath:
+            path: {{ .Values.node.blobfuseCachePath }}
+          name: blob-cache
+        {{- if eq .Values.cloud "AzureStackCloud" }}
+        - name: ssl
+          hostPath:
+            path: /etc/ssl/certs
+        {{- end }}
+        {{- if eq .Values.linux.distro "fedora" }}
+        - name: ssl
+          hostPath:
+            path: /etc/ssl/certs
+        - name: ssl-pki
+          hostPath:
+            path: /etc/pki/ca-trust/extracted
+        {{- end }}
+      {{- if .Values.securityContext }}
+      securityContext: {{- toYaml .Values.securityContext | nindent 8 }}
+      {{- end }}
diff --git a/charts/v4.6.0/blob-csi-driver/templates/rbac-csi-blob-controller.yaml b/charts/v4.6.0/blob-csi-driver/templates/rbac-csi-blob-controller.yaml
new file mode 100644
index 000000000..f27935671
--- /dev/null
+++ b/charts/v4.6.0/blob-csi-driver/templates/rbac-csi-blob-controller.yaml
@@ -0,0 +1,121 @@
+{{- if .Values.rbac.create -}}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ .Values.rbac.name }}-external-provisioner-role
+  labels:
+    {{- include "blob.labels" . | nindent 4 }}
+rules:
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "create", "delete"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch", "update"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["get", "list", "watch", "create", "update", "patch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["csinodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["get", "list", "watch", "create", "update", "patch"]
+
+---
+
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ .Values.rbac.name }}-csi-provisioner-binding
+  labels:
+    {{- include "blob.labels" . | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Values.serviceAccount.controller }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: {{ .Values.rbac.name }}-external-provisioner-role
+  apiGroup: rbac.authorization.k8s.io
+
+---
+
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ .Values.rbac.name }}-external-resizer-role
+  labels:
+    {{- include "blob.labels" . | nindent 4 }}
+rules:
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "update", "patch"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims/status"]
+    verbs: ["update", "patch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["list", "watch", "create", "update", "patch"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["get", "list", "watch", "create", "update", "patch"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ .Values.rbac.name }}-csi-resizer-role
+  labels:
+    {{- include "blob.labels" . | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Values.serviceAccount.controller }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: {{ .Values.rbac.name }}-external-resizer-role
+  apiGroup: rbac.authorization.k8s.io
+
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-{{ .Values.rbac.name }}-controller-secret-role
+  labels:
+    {{- include "blob.labels" . | nindent 4 }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "create"]
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["get", "list", "watch", "create", "update", "patch"]
+
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-{{ .Values.rbac.name }}-controller-secret-binding
+  labels:
+    {{- include "blob.labels" . | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Values.serviceAccount.controller }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: csi-{{ .Values.rbac.name }}-controller-secret-role
+  apiGroup: rbac.authorization.k8s.io
+{{ end }}
diff --git a/charts/v4.6.0/blob-csi-driver/templates/rbac-csi-blob-node.yaml b/charts/v4.6.0/blob-csi-driver/templates/rbac-csi-blob-node.yaml
new file mode 100644
index 000000000..6676656cf
--- /dev/null
+++ b/charts/v4.6.0/blob-csi-driver/templates/rbac-csi-blob-node.yaml
@@ -0,0 +1,44 @@
+{{- if .Values.rbac.create -}}
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-{{ .Values.rbac.name }}-node-secret-role
+  labels:
+    {{- include "blob.labels" . | nindent 4 }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get"]
+
+    # the node plugin must apply annotations to the PVC for edgecache volumes
+    # it gets the PVC's through the PV's
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "update"]
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["get", "list", "watch", "create"]
+
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-{{ .Values.rbac.name }}-node-secret-binding
+  labels:
+    {{- include "blob.labels" . | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Values.serviceAccount.node }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: csi-{{ .Values.rbac.name }}-node-secret-role
+  apiGroup: rbac.authorization.k8s.io
+{{ end }}
diff --git a/charts/v4.6.0/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml b/charts/v4.6.0/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml
new file mode 100644
index 000000000..7433bccf1
--- /dev/null
+++ b/charts/v4.6.0/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml
@@ -0,0 +1,17 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.serviceAccount.controller }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "blob.labels" . | nindent 4 }}
+{{- if .Values.workloadIdentity.clientID }}
+    azure.workload.identity/use: "true"
+  annotations:
+    azure.workload.identity/client-id: {{ .Values.workloadIdentity.clientID }}
+{{- if .Values.workloadIdentity.tenantID }}
+    azure.workload.identity/tenant-id: {{ .Values.workloadIdentity.tenantID }}
+{{- end }}
+{{- end }}
+{{- end -}}
diff --git a/charts/v4.6.0/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml b/charts/v4.6.0/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml
new file mode 100644
index 000000000..a25090e30
--- /dev/null
+++ b/charts/v4.6.0/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml
@@ -0,0 +1,17 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.serviceAccount.node }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "blob.labels" . | nindent 4 }}
+{{- if .Values.workloadIdentity.clientID }}
+    azure.workload.identity/use: "true"
+  annotations:
+    azure.workload.identity/client-id: {{ .Values.workloadIdentity.clientID }}
+{{- if .Values.workloadIdentity.tenantID }}
+    azure.workload.identity/tenant-id: {{ .Values.workloadIdentity.tenantID }}
+{{- end }}
+{{- end }}
+{{- end -}}
diff --git a/charts/v4.6.0/blob-csi-driver/values.yaml b/charts/v4.6.0/blob-csi-driver/values.yaml
new file mode 100644
index 000000000..1ff9bbfaf
--- /dev/null
+++ b/charts/v4.6.0/blob-csi-driver/values.yaml
@@ -0,0 +1,173 @@
+image:
+  baseRepo: mcr.microsoft.com
+  blob:
+    repository: /k8s/csi/blob-csi
+    tag: latest
+    pullPolicy: IfNotPresent
+  csiProvisioner:
+    repository: /oss/kubernetes-csi/csi-provisioner
+    tag: v3.5.0
+    pullPolicy: IfNotPresent
+  livenessProbe:
+    repository: /oss/kubernetes-csi/livenessprobe
+    tag: v2.10.0
+    pullPolicy: IfNotPresent
+  nodeDriverRegistrar:
+    repository: /oss/kubernetes-csi/csi-node-driver-registrar
+    tag: v2.8.0
+    pullPolicy: IfNotPresent
+  csiResizer:
+    repository: /oss/kubernetes-csi/csi-resizer
+    tag: v1.8.0
+    pullPolicy: IfNotPresent
+
+cloud: AzurePublicCloud
+
+## Reference to one or more secrets to be used when pulling images
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+imagePullSecrets: []
+# - name: myRegistryKeySecretName
+
+serviceAccount:
+  create: true # When true, service accounts will be created for you. Set to false if you want to use your own.
+  controller: csi-blob-controller-sa # Name of Service Account to be created or used
+  node: csi-blob-node-sa # Name of Service Account to be created or used
+
+rbac:
+  create: true
+  name: blob
+
+## Collection of annotations to add to all the pods
+podAnnotations: {}
+## Collection of labels to add to all the pods
+podLabels: {}
+# -- Custom labels to add into metadata
+customLabels: {}
+  # k8s-app: blob-csi-driver
+
+## Leverage a PriorityClass to ensure your pods survive resource shortages
+## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
+priorityClassName: system-cluster-critical
+## Security context give the opportunity to run container as nonroot by setting a securityContext
+## by example :
+## securityContext: { runAsUser: 1001 }
+securityContext: {}
+
+controller:
+  name: csi-blob-controller
+  cloudConfigSecretName: azure-cloud-provider
+  cloudConfigSecretNamespace: kube-system
+  allowEmptyCloudConfig: true
+  hostNetwork: true # this setting could be disabled if controller does not depend on MSI setting
+  metricsPort: 29634
+  livenessProbe:
+    healthPort: 29632
+  replicas: 2
+  runOnMaster: false
+  runOnControlPlane: false
+  logLevel: 5
+  resources:
+    csiProvisioner:
+      limits:
+        memory: 500Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
+    livenessProbe:
+      limits:
+        memory: 100Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
+    blob:
+      limits:
+        memory: 200Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
+    csiResizer:
+      limits:
+        memory: 500Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
+  affinity: {}
+  nodeSelector: {}
+  tolerations:
+    - key: "node-role.kubernetes.io/master"
+      operator: "Exists"
+      effect: "NoSchedule"
+    - key: "node-role.kubernetes.io/controlplane"
+      operator: "Exists"
+      effect: "NoSchedule"
+    - key: "node-role.kubernetes.io/control-plane"
+      operator: "Exists"
+      effect: "NoSchedule"
+
+node:
+  name: csi-blob-node
+  cloudConfigSecretName: azure-cloud-provider
+  cloudConfigSecretNamespace: kube-system
+  allowEmptyCloudConfig: true
+  allowInlineVolumeKeyAccessWithIdentity: false
+  maxUnavailable: 1
+  livenessProbe:
+    healthPort: 29633
+  logLevel: 5
+  enableBlobfuseProxy: false
+  blobfuseProxy:
+    installBlobfuse: true
+    blobfuseVersion: "1.4.5"
+    installBlobfuse2: true
+    blobfuse2Version: "2.0.3"
+    setMaxOpenFileNum: true
+    maxOpenFileNum: "9000000"
+    disableUpdateDB: true
+  blobfuseCachePath: /mnt
+  appendTimeStampInCacheDir: false
+  mountPermissions: 0777
+  resources:
+    livenessProbe:
+      limits:
+        memory: 100Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
+    nodeDriverRegistrar:
+      limits:
+        memory: 100Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
+    blob:
+      limits:
+        memory: 2100Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
+  affinity: {}
+  nodeSelector: {}
+  tolerations:
+    - operator: "Exists"
+
+feature:
+  fsGroupPolicy: ReadWriteOnceWithFSType
+  enableGetVolumeStats: false
+
+driver:
+  name: blob.csi.azure.com
+  customUserAgent: ""
+  userAgentSuffix: "OSS-helm"
+  azureGoSDKLogLevel: "" # available values: ""(no logs), DEBUG, INFO, WARNING, ERROR
+  httpsProxy: ""
+  httpProxy: ""
+
+linux:
+  kubelet: /var/lib/kubelet
+  distro: debian
+
+workloadIdentity:
+  clientID: ""
+  # [optional] If the AAD application or user-assigned managed identity is not in the same tenant as the cluster
+  # then set tenantID with the application or user-assigned managed identity tenant ID
+  tenantID: ""
diff --git a/pkg/blob/azure.go b/pkg/blob/azure.go
index 751fcc9dd..a48aa50d9 100644
--- a/pkg/blob/azure.go
+++ b/pkg/blob/azure.go
@@ -39,19 +39,45 @@ import (
 	providerconfig "sigs.k8s.io/cloud-provider-azure/pkg/provider/config"
 )
 
+// Env vars
+const (
+	CloudNameEnvVar = "AZURE_CLOUD_NAME"
+	ResourceId      = "AZURE_RESOURCE_ID"
+	LocationEnvVar  = "AZURE_LOCATION"
+)
+
 var (
 	DefaultAzureCredentialFileEnv = "AZURE_CREDENTIAL_FILE"
 	DefaultCredFilePath           = "/etc/kubernetes/azure.json"
 	storageService                = "Microsoft.Storage"
 )
 
+type ResourceGroupInfo struct {
+	Subscription  string
+	ResourceGroup string
+}
+
+func ParseResourceGroupInfo(resourceId string) ResourceGroupInfo {
+	components := strings.Split(resourceId, "/")
+	info := ResourceGroupInfo{}
+	if len(components) >= 3 && components[1] == "subscriptions" {
+		info.Subscription = components[2]
+	}
+
+	if len(components) >= 5 && components[3] == "resourceGroups" {
+		info.ResourceGroup = components[4]
+	}
+
+	return info
+}
+
 // IsAzureStackCloud decides whether the driver is running on Azure Stack Cloud.
 func IsAzureStackCloud(cloud *azure.Cloud) bool {
 	return !cloud.Config.DisableAzureStackCloud && strings.EqualFold(cloud.Config.Cloud, "AZURESTACKCLOUD")
 }
 
 // getCloudProvider get Azure Cloud Provider
-func getCloudProvider(kubeconfig, nodeID, secretName, secretNamespace, userAgent string, allowEmptyCloudConfig bool, kubeAPIQPS float64, kubeAPIBurst int) (*azure.Cloud, error) {
+func getCloudProvider(kubeconfig, nodeID, secretName, secretNamespace, userAgent string, allowEmptyCloudConfig bool, allowCloudConfigFromEnv bool, kubeAPIQPS float64, kubeAPIBurst int) (*azure.Cloud, error) {
 	var (
 		config     *azure.Config
 		kubeClient *clientset.Clientset
@@ -128,6 +154,20 @@ func getCloudProvider(kubeconfig, nodeID, secretName, secretNamespace, userAgent
 		}
 	}
 
+	// We fall back to reading env vars if no config has been found. This is primarily used
+	// in Arc-based configurations where we don't have a cloud secret, or `/etc/kubernetes/azure.json`
+	// file. These values can be injected from the arc infra, though.
+	if config == nil && allowCloudConfigFromEnv {
+		klog.V(2).Infof("Will fall back to use environmental config")
+		config = &azure.Config{}
+
+		config.Cloud = os.Getenv(CloudNameEnvVar)
+		resourceInfo := ParseResourceGroupInfo(os.Getenv(ResourceId))
+		config.SubscriptionID = resourceInfo.Subscription
+		config.ResourceGroup = resourceInfo.ResourceGroup
+		config.Location = os.Getenv(LocationEnvVar)
+	}
+
 	if config == nil {
 		if allowEmptyCloudConfig {
 			klog.V(2).Infof("no cloud config provided, error: %v, driver will run without cloud config", err)
diff --git a/pkg/blob/blob.go b/pkg/blob/blob.go
index 2d53f76e8..3504d3fd6 100644
--- a/pkg/blob/blob.go
+++ b/pkg/blob/blob.go
@@ -160,6 +160,7 @@ type DriverOptions struct {
 	EdgeCacheConnTimeout                   int
 	EnableBlobMockMount                    bool
 	AllowEmptyCloudConfig                  bool
+	AllowCloudConfigFromEnv                bool
 	AllowInlineVolumeKeyAccessWithIdentity bool
 	EnableGetVolumeStats                   bool
 	AppendTimeStampInCacheDir              bool
@@ -184,6 +185,7 @@ type Driver struct {
 	enableBlobfuseProxy                    bool
 	enableEdgeCacheFinalizer               bool
 	allowEmptyCloudConfig                  bool
+	allowCloudConfigFromEnv                bool
 	enableGetVolumeStats                   bool
 	allowInlineVolumeKeyAccessWithIdentity bool
 	appendTimeStampInCacheDir              bool
@@ -258,7 +260,7 @@ func (d *Driver) Run(endpoint, kubeconfig string, testBool bool) {
 
 	userAgent := GetUserAgent(d.Name, d.customUserAgent, d.userAgentSuffix)
 	klog.V(2).Infof("driver userAgent: %s", userAgent)
-	d.cloud, err = getCloudProvider(kubeconfig, d.NodeID, d.cloudConfigSecretName, d.cloudConfigSecretNamespace, userAgent, d.allowEmptyCloudConfig, d.kubeAPIQPS, d.kubeAPIBurst)
+	d.cloud, err = getCloudProvider(kubeconfig, d.NodeID, d.cloudConfigSecretName, d.cloudConfigSecretNamespace, userAgent, d.allowEmptyCloudConfig, d.allowCloudConfigFromEnv, d.kubeAPIQPS, d.kubeAPIBurst)
 	if err != nil {
 		klog.Fatalf("failed to get Azure Cloud Provider, error: %v", err)
 	}
diff --git a/pkg/blobplugin/main.go b/pkg/blobplugin/main.go
index c3b5ac2be..400ab979f 100644
--- a/pkg/blobplugin/main.go
+++ b/pkg/blobplugin/main.go
@@ -54,6 +54,7 @@ var (
 	customUserAgent                        = flag.String("custom-user-agent", "", "custom userAgent")
 	userAgentSuffix                        = flag.String("user-agent-suffix", "", "userAgent suffix")
 	allowEmptyCloudConfig                  = flag.Bool("allow-empty-cloud-config", true, "allow running driver without cloud config")
+	allowCloudConfigFromEnv                = flag.Bool("allow-cloud-config-from-env", true, "allow parsing cloud config from env")
 	enableGetVolumeStats                   = flag.Bool("enable-get-volume-stats", false, "allow GET_VOLUME_STATS on agent node")
 	appendTimeStampInCacheDir              = flag.Bool("append-timestamp-cache-dir", false, "append timestamp into cache directory on agent node")
 	mountPermissions                       = flag.Uint64("mount-permissions", 0777, "mounted folder permissions")
@@ -97,6 +98,7 @@ func handle() {
 		CustomUserAgent:                        *customUserAgent,
 		UserAgentSuffix:                        *userAgentSuffix,
 		AllowEmptyCloudConfig:                  *allowEmptyCloudConfig,
+		AllowCloudConfigFromEnv:                *allowCloudConfigFromEnv,
 		EnableGetVolumeStats:                   *enableGetVolumeStats,
 		AppendTimeStampInCacheDir:              *appendTimeStampInCacheDir,
 		MountPermissions:                       *mountPermissions,