From 2cb1cdc182925c18bd608ab95319f532a8fcd3a9 Mon Sep 17 00:00:00 2001
From: estevan <50840058+chaireze@users.noreply.github.com>
Date: Wed, 9 Aug 2023 18:00:39 -0400
Subject: [PATCH 1/3] pvc_annotator: update volume state anno to reflect what
 happens in hydra

---
 pkg/edgecache/cachevolume/pvc_annotator.go      | 8 ++++----
 pkg/edgecache/cachevolume/pvc_annotator_test.go | 8 ++++----
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/pkg/edgecache/cachevolume/pvc_annotator.go b/pkg/edgecache/cachevolume/pvc_annotator.go
index d02076891..4ff85f91c 100644
--- a/pkg/edgecache/cachevolume/pvc_annotator.go
+++ b/pkg/edgecache/cachevolume/pvc_annotator.go
@@ -33,7 +33,7 @@ import (
 const (
 	accountAnnotation               string = "external/edgecache-account"
 	containerAnnotation             string = "external/edgecache-container"
-	createVolumeAnnotation          string = "external/edgecache-create-volume"
+	volumeStateAnnotation           string = "external/edgecache-volume-state"
 	secretNameAnnotation            string = "external/edgecache-secret-name"
 	secretNamespaceAnnotation       string = "external/edgecache-secret-namespace"
 	storageAuthenticationAnnotation string = "external/edgecache-authentication"
@@ -84,7 +84,7 @@ func (c *PVCAnnotator) requestAuthIsValid(auth string) bool {
 
 func (c *PVCAnnotator) buildAnnotations(pv *v1.PersistentVolume, cfg config.AzureAuthConfig, providedAuth BlobAuth) (map[string]string, error) {
 	annotations := map[string]string{
-		createVolumeAnnotation:          "yes",
+		volumeStateAnnotation:           "not created",
 		accountAnnotation:               providedAuth.account,
 		containerAnnotation:             providedAuth.container,
 		storageAuthenticationAnnotation: providedAuth.authType,
@@ -126,8 +126,8 @@ func (c *PVCAnnotator) buildAnnotations(pv *v1.PersistentVolume, cfg config.Azur
 
 func (c *PVCAnnotator) needsToBeProvisioned(pvc *v1.PersistentVolumeClaim) bool {
 	// check if pv connected to the pvc has already been passed to be created
-	pvState, pvStateOk := pvc.ObjectMeta.Annotations[createVolumeAnnotation]
-	if pvStateOk && pvState == "no" {
+	pvState, pvStateOk := pvc.ObjectMeta.Annotations[volumeStateAnnotation]
+	if pvStateOk && pvState == "created" {
 		return false
 	}
 
diff --git a/pkg/edgecache/cachevolume/pvc_annotator_test.go b/pkg/edgecache/cachevolume/pvc_annotator_test.go
index 8d72fe7e7..3f8c62e61 100644
--- a/pkg/edgecache/cachevolume/pvc_annotator_test.go
+++ b/pkg/edgecache/cachevolume/pvc_annotator_test.go
@@ -102,7 +102,7 @@ func TestSendProvisionVolumeFailures(t *testing.T) {
 		},
 		{
 			name:        "VolumeIsAlreadyBeingProvisioned",
-			annotations: map[string]string{createVolumeAnnotation: "no"},
+			annotations: map[string]string{volumeStateAnnotation: "no"},
 			config:      config.AzureAuthConfig{},
 			blobAuth:    NewBlobAuth("", "", "", "", "WorkloadIdentity"),
 		},
@@ -154,7 +154,7 @@ func TestSendProvisionVolumeSuccess(t *testing.T) {
 			config:   config.AzureAuthConfig{UseFederatedWorkloadIdentityExtension: true},
 			blobAuth: NewBlobAuth(acct, container, "", "", "WorkloadIdentity"),
 			expectedAnnotations: map[string]string{
-				createVolumeAnnotation:          "yes",
+				volumeStateAnnotation:           "not created",
 				accountAnnotation:               acct,
 				containerAnnotation:             container,
 				storageAuthenticationAnnotation: "WorkloadIdentity",
@@ -166,7 +166,7 @@ func TestSendProvisionVolumeSuccess(t *testing.T) {
 			config:   config.AzureAuthConfig{},
 			blobAuth: NewBlobAuth(acct, container, secret, secretNamespace, "AccountKey"),
 			expectedAnnotations: map[string]string{
-				createVolumeAnnotation:          "yes",
+				volumeStateAnnotation:           "not created",
 				accountAnnotation:               acct,
 				containerAnnotation:             container,
 				secretNamespaceAnnotation:       secretNamespace,
@@ -180,7 +180,7 @@ func TestSendProvisionVolumeSuccess(t *testing.T) {
 			config:   config.AzureAuthConfig{},
 			blobAuth: NewBlobAuth(acct, container, "", "", "AccountKey"),
 			expectedAnnotations: map[string]string{
-				createVolumeAnnotation:          "yes",
+				volumeStateAnnotation:           "not created",
 				accountAnnotation:               acct,
 				containerAnnotation:             container,
 				secretNamespaceAnnotation:       secretNamespace,

From 6887eb54767197cdd1533a685ee74b28828c89b2 Mon Sep 17 00:00:00 2001
From: estevan <50840058+chaireze@users.noreply.github.com>
Date: Thu, 10 Aug 2023 09:51:05 -0400
Subject: [PATCH 2/3] charts: add new chart since changes are not backwards
 compatible

---
 charts/index.yaml                             |   9 +
 charts/v4.2.0/blob-csi-driver-v4.2.0.tgz      | Bin 0 -> 5821 bytes
 charts/v4.2.0/blob-csi-driver/Chart.yaml      |   5 +
 .../blob-csi-driver/templates/NOTES.txt       |   5 +
 .../blob-csi-driver/templates/_helpers.tpl    |  49 +++
 .../templates/csi-blob-controller.yaml        | 216 +++++++++++++
 .../templates/csi-blob-driver.yaml            |  14 +
 .../templates/csi-blob-node.yaml              | 288 ++++++++++++++++++
 .../templates/rbac-csi-blob-controller.yaml   | 115 +++++++
 .../templates/rbac-csi-blob-node.yaml         |  38 +++
 .../serviceaccount-csi-blob-controller.yaml   |  17 ++
 .../serviceaccount-csi-blob-node.yaml         |  17 ++
 charts/v4.2.0/blob-csi-driver/values.yaml     | 173 +++++++++++
 13 files changed, 946 insertions(+)
 create mode 100644 charts/v4.2.0/blob-csi-driver-v4.2.0.tgz
 create mode 100644 charts/v4.2.0/blob-csi-driver/Chart.yaml
 create mode 100644 charts/v4.2.0/blob-csi-driver/templates/NOTES.txt
 create mode 100644 charts/v4.2.0/blob-csi-driver/templates/_helpers.tpl
 create mode 100644 charts/v4.2.0/blob-csi-driver/templates/csi-blob-controller.yaml
 create mode 100644 charts/v4.2.0/blob-csi-driver/templates/csi-blob-driver.yaml
 create mode 100644 charts/v4.2.0/blob-csi-driver/templates/csi-blob-node.yaml
 create mode 100644 charts/v4.2.0/blob-csi-driver/templates/rbac-csi-blob-controller.yaml
 create mode 100644 charts/v4.2.0/blob-csi-driver/templates/rbac-csi-blob-node.yaml
 create mode 100644 charts/v4.2.0/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml
 create mode 100644 charts/v4.2.0/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml
 create mode 100644 charts/v4.2.0/blob-csi-driver/values.yaml

diff --git a/charts/index.yaml b/charts/index.yaml
index 3cf133be2..0729482ac 100644
--- a/charts/index.yaml
+++ b/charts/index.yaml
@@ -244,6 +244,15 @@ entries:
     urls:
     - https://raw.githubusercontent.com/avoltz/blob-csi-driver/staging/charts/v4.1.0/blob-csi-driver-v4.1.0.tgz
     version: v4.1.0
+  - apiVersion: v1
+    appVersion: v4.2.0
+    created: "2023-08-10T09:50:00.254303884Z"
+    description: Azure Blob Storage CSI driver
+    digest: 7e8895c9b539bd3866b18a0aada619582b36c5e4b06ef454f22194d24e69d4f9
+    name: blob-csi-driver
+    urls:
+    - https://raw.githubusercontent.com/avoltz/blob-csi-driver/staging/charts/v4.2.0/blob-csi-driver-v4.2.0.tgz
+    version: v4.2.0
   - apiVersion: v1
     appVersion: latest
     created: "2023-06-05T13:16:16.079514405Z"
diff --git a/charts/v4.2.0/blob-csi-driver-v4.2.0.tgz b/charts/v4.2.0/blob-csi-driver-v4.2.0.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..167fdd63dc3090c4dc02f70e5e225c87c0fe121b
GIT binary patch
literal 5821
zcmV;u7DDMCiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PH<&bK5r3{j6VsQF_zfJ)z$GlAdP#!LgK76GzrqPI~urIv$8z
zNjQ@L3xJAM*Z=()0DOOuWLZ{neZ+i-MJ{$1;O=6vy8tIHn^?9Wmcz*cc=KY8xoj-4
z=YF@dtJP|?PLGfE|E*Rl|9`7}dh}iU`1tgseR^`#e)C<cecXQ2`VO^r$3pcL2#NW3
zt!LB9ckaLB!an&7To6XPXwj}=-;aN~Sb~r>2ZYUuFZI3iKLQTut;;58EE&f$Ko{cy
zGQv}%*n=+0iBxS7<3Db68m-#b?(*SEU3vXqU^f7<TLZ9K|J$w8lQ((&KR$YM(Eoj0
z#KSY_))1Ot0oUNOF7j;N@QBTsU{l$!nWvt*Y@(nL;@~quB;(62YTo@MnzkU#NQyLs
z#Ix9VsNa6zx+CTid)Y;U>5$102LV()v;`S)wjjzr052iHglOIc6W|mi2t`8Cv;3q{
zLUM7`IBB%jk#xxdC<rm)Yyz86jGFkWNs3;l(Qd6LNSOmYtz6eIBSLcggpR7lp=w$@
zYMx=?r}Z4zf?R_je>`P`xoMCh)m~4kX1gqK!dYSzOk84Ls5`aVt5@h6roe&PfFwhV
z0%9C_i~|y2bC5#ao&X92IOxk9s3t?`3~3P+3I&I07tN*gMYow^x<OdeVYX;WEbc_p
zW^_ts0SC)xj%70{F`>Yl3ZJEsSw1HVEFl`wWwWO5j{?^n8*aMj*WYTdkcG^g<}JgQ
zxBLK012V)O)M^6wg4l3w+bp0`jjzoCOXwoW13<6PFRCl*@7E}VMc4of^o6*t>a%I$
zpef^M$$|zNgH*#Y#jXHErs^j8f~me42vEN{Vqa)O(PLC{=DNVU>P=fl7vr0jz~~iH
z%px{L<B)}r-*C($`i$%04}~^`PK)6dh-!R-?fjr9^s%F$MdLzoYAX*zp~jRliPbMH
z6WDR|f3Az<9FWf(QS+H|o<Mcc!($PRiznc&!f>epOk-qO=pqo3dAW9kN`^d;*ufIl
zYz>lXh|nu^_mi-&?-v~(#nUA$K)Xp8jW}VP$mNBLg~kt5C~r!?OvMxu0bh^>AP#~B
z+y*4(jLS`>-)7VXUnUBmN2jTjzz<1VJ_qo$FW0R3X?}+Kjfka?;90gC2npP>Ig!N1
zuA)8$J5bPC-r!!Mnc`H9C-Z&AWkA(K$q)}Hij@vwfheP#F^MKiBtS}~(pV|IMt5Pb
zDGHM%f_v=wE}*XZodfBj2Zj4wd=g63+pSg`J=TgqkF{D#C1PPKQ4J-R$~;}@@k+G1
zi?A|amVRjF8mAgs_}GRnQZK|Z<5xpU*4UT6=d00;+r;8OXF?7^eqsDBwi9wrL_9t=
z3tUGjltTobxZo%wkT8xM25MX-a=-`bAV$&0@gQnmLrP*fvBijS*+rdyo*o^SPknR1
zuAC=eotmB=Tw-I<Mfz7jujogt<e_T}Qgrje@H28Th2)XTW=iJWE;`Y;j3f&~u57+n
ze0fBQ=$B&N({s~FtM!qDcRBnXfJj5xexRhlD>UmwtxEb^O|1P)Vu^=TO{4Qn8u^L*
zrG^eqr$ni9XyTOhAA>TjjEA=*bAgA}S7Wiz9W1-3u4f9)Txeu1l&2-A9#Uk!YOS!<
z`}agh5j}wE6l~c=^&uPEb8rF|>Kow?mBUxU_~KNoXOOAsskLa9)a|ckko405bqR&f
z%ndyF0LydR1|fbSaz1c?N-YkNl6(066U7TmTxFfQsJ)qWIV#u(pbEiTmrbUDfDvc+
zDJql9ZH<voA+hU54dM<Yz;XDZ-fkQ>PU>aNIwkEoNyAQ~)i^Q@1;~&1{>lgXj<_%k
zyi`js_n`hyv-C49L(Bcicd&%s+qhjs?*iL%7-2c@qNb<abnGizenUJMOYHdrszG`r
zWp_R0YmI<=L<r;gwBEdVQ?#>twS1KeoUd$bpGRaX8(3lrYE!^6;QB30#e2>IKUzCo
z19pDlM8XxdK`Gk1@y*hQSS{XzG}<_pSglBm6x57&+0D4o4O@_gHWJ~2-FT|XRXU#m
zRYpjOWf1)y2h%CJ@1pwEcx=tV_0&_{{yiJ_K3v91TCby5DAsgj!b9rzkCZ807Jq+@
zdi}Sb-oHkJ;k&EX=$G^B;b8dwHR@kqUtKF_M|rHFW@{$YjpTRDB{aBKy-^0s1=&T-
z1?EkcOq$`Hn${-CSr<7lA(+-`%5`!Xc4E_{jUfRl2fdKYEA%VVo-THOLxZVyRnO0R
zO3jpeW0nbeox&|F1esBAkcTOrDR(Qxi-_^F2-WR{TK!0%YAJ?=z7_h)nxIr`J)zca
z8f4HzUx=J*u%}TCNep^Q%tBncTRV^c<l}!5JYUCdn!~G`{<tCU<+Ew5i~k>;c5?B*
zlhZdxhxp$<t{bHltAhGU17_i}!~x%BOVF!ny=o1Gzfr5*Fl5iczFULLEORB6fq0F4
z7q9@enCR9*{kNryEQ>~7%-O>OYFvYcYs9_{dVEwY8Dy3vLbH5U=LWLS3Ozp7k!5|s
z(w-mE51Ff4|8M8u`oKj)`p--StkM6@(dltc|4&a2`M>>K4-d_Mpat=|dfu867v$21
zGfxeRJ%=v(NAvNqR?}epdmmFrPiHg?1L_%2r;Ih+!-It!m=X%8uH6y^S4URz2nVi2
z4U=Wos@eE#GENHeY5|-R2hg9&Tc$QTJ<@*?&-g2-ZY9WoI{I(TTkS#z7!5CmJH=|4
zdQ@|@jw?@=3CAYT*Qk{<u0axFJ||R8QT=bi`kSa{J7E3}mk;Pq9Y0Z4s{TK9RKKln
z(;4P@OnDN<u!$-rBLEYSG}y53=N7HTOMG}hk#1++O#_uS(kmuvn}&H~TFtTvo>uYe
zrubA33ANq8sp?GyXEyVEMzv3yinSKue9WcArcds9=!{vDWw!58#5>}B8ol}RIA>mt
zFwTD~Y=tI&qTd51Go$+WSW_-}L(H3649mI@%4Z|ZPN+%gAhmgnB>Ok^+!YWp;mn&g
zYVQZG8z*U|j3?1ufy&>rpX5<eFFWBdpKMWt3kewAh+{f~mF-ZRqfx_K(VJ|?zP8Q%
zmagjgza(J3Wm&-L`M=ZZ9OvqP)Y83unE&^2-4W_^QBOPe9#C0J7X)G77tKYx7UjQ^
zn1j-_$e1MJLBr|6K!tJ0Di^+n!r8(EPjm)t9a@Bn(}o*Q7k?s3s9Hj!V+AgJ(7DGX
zpHYrJdTvNWvrspT@kx7rnPPKeM$1?&&Tt9Kr>0?~e<AtQ!0T97hLb1ovgyG6RA`b|
z?R?Co5d~b*ZA=U*0&PSQjiwIP)+G<(u(`n>TIULqah5i+;JJw`dA_0xsR<y9I+a3B
z+N842-IA#@*X&P}rkd-J5kPfQhk;67QWRuNk&nWTY1*sF6h^Ilnp9WWB%AMHp>>vc
z#jDGtG|MG21(LLLsEER$7bckSj&LD=A#(n+fe!(*g%-oS70NzNkxfWtLb$PnWPLRz
zx=05kt0XdQH<HX~O5#>0z{1#MW)Q2zKTj;3aovDqCR<fOd6jgg2Q24Eu9L`;+Je-}
zDm+bl!O`o^=JjLN1=wl@Fyc%tR+IY(sfBA7T?bSW4|-;)xw3z$0DeL^6V-o0j}xaj
z;mJxR`O+n8;cK2_G2)<?g3WqX{~Fm$c_S&=N?W&3p}VM_8eG#pD(6FwkA-KeaCg^1
zOFTo5k99Kuu7C~s*&WU7gn<y|Gm#bpHSBe3an`99ZfZvtI}QgS&c6Tgyw|(#kH>#6
z0dxU7z%2;tiPl4G5VI^nq9m0C@~quyiIT@~FFCeM?UWVy0%zGtGzQlBUhEU=cVC>H
zv{pe(0xslPyOjX~y2uZsk=}5aGS8671a(m}EEsGEX5ZxnVU#KqT=$NXqQdO!UFZzh
zM_n+N=g*`=O%64xK20vez2Xa`<q)2FoTN)piC2;F4MV^jyD5L8-AOYX4O*0ewM^0I
z1{$Bq+3r^1SD-HHUKV&ub>9`mO_V*W)>Q&&Aobgb)$T|X08Gh(<ufkN%H5bOw@HaZ
z$;hmf|16$u#D9f=tE*Z&wh;dew`-+eS9We7^Lib!Q&BHsEXtdP*;25#!@t>_Wi6^i
zE=<RlPa;4apAjn0zW?!JJh<%-d!wtt@TP293(EpyWob3^ziv6%R1sl0WfL<}uRP7T
zxf?A&%VuF6ezZ&ud<ImOw9eHplp{(oSVG6tOAzHs9x6D}g;l0*)-s_^E8nfuz?7C<
zJq>f>Dr|^;g%_c#w=D2{xy;b3Kwnx4mcy*<UqM1+7uQsDJ;ywvcz!kzf8?I|oJnRg
zw~KBrM%%EFmEBUxA;^Z5OG~QEHO0gYINZ!Rh&gi|Q`(kXb1D7zAiH@=#xz$9fbLt_
zGeU_Z*zJLfmt(LQbwn2(wK6c_1Q$PUXCM2(33JLDSG$4#`{}xWdvV?G^@lfu^UK?J
zgUf!IQ}~WEFW*<aKAMu*N9=!q<uy!;0MTm+OC32lmRjMJ!08%IHF_n_qLQCfonF2p
zX(L(g)CQE?cbm;>S0bF+DCDh8QtX84^}OIk4E%g^GaBEHuCM;}?{fM@E0)5WLs~k&
ztl@AI2A|H~Q`pN2)%&a4aqq+J<<<M!%l_y7<)&1N1#1<<0KX?TLfJf2*JUbWiS0XW
z1S^NaFxVe{9$a4yKlX<=TI@&XH$PXbhd|n?%^6M2qEK`+;l_Uiqw5D~z4sXB+4i<(
z$~Vq+v=mXI%e#FmLbxlOUB#IYZqo)X^X8occCM(qEU^!(H7Uic4iGj>Ng}FG!C@Tl
zm(>(<%fHLN#5@82jx=p-NgfE<)G-BH=HAHD2WE>kgp%2{ONaF4!_DGk;g*P<$H+?Y
zmd2_g$n9fe&!n~4`eM`QS842Q9}%%1tU0ER3zjip7NLOv3pi)|Ocy`@@O9%=(b#|M
zi}i%n3UxD#mPD#c`O_;4y$|7`sIR3ae$IsHOxEpOKXI5CevfdSbXZ<-Q`Z&4Y&CO~
zo8q-R7VUC%!tyDz!_L^Lo(0w-TQeoB%P{7$Gu3IEGLg+UE=}F0IQZHn5`XDygZiJ)
z+1~z0kahL{$8U1=|D9I5eW?H6%Vk+srsPMMn*GMzPo{RUT{9Iz7vq81<F&dNC>#6B
zmH2E?yMv{~_WT-t4+sY**$C$|XF#Xyit5QW_E~cqtWu1HyRaG=2*aY83@^zP?4|9(
zN9I7hp=+eZMM!gwhPu)B=imXy?q9?#ZJ_^@Iq<9lf!5Ujot$>^=YPF9Iq4kqe;-#^
z|A)b2bPQXR|7q#iW#L~A;Z|lN(7SHOl4A+8aO<%0k_nxe4Y`qHl;6ml=Og<(;wY>%
zNh92*a<I_TuTnEu!o{Il@T*k|mUe8v1${Z<T0Tnl>1S*IMuT2B3$HE>Oa+%-sPs?q
zyKT{5p<2u+$M$t_NjYakS|K|x+%-GYm5<X4IH9xfya+;PgBfM<?fyO3fj)^bv#?7u
zcmv!M`Rs~i%u)Z|=MbJ8P?9?dPrs064|?%RcDE0i9MDpjaD#a1Geu!RxD2psC0n}_
z`O6Dkx;nN*owG3ORodM6b}JKge|A)p_+%YcgLtu`gfTop!-|ftuzc12P~%Y@gDpf9
zbEon}m(4s6Q>PHFZDxnMsoqdS%+oQ`N>L02eL-B9sby0xq+c02?e*Ud&WE?}uCInS
z{b8>>gj%PJ5-NdXTarbg6wzQB497R;mzTG1FR$Ld`!p_16lcd?%V_4vmqzZ`mXe6E
zAr=w2{oKDE53Yt=5z8GQQ%Nk}v(7HM)>+%P&Q3blS=YO9|K|4N`M++jM*X2qb>0p?
zecXy<;pm)7nu^}DNO_yl=?%u`Z!i0|pGLj&n||-@R<v^G`s9eM&j2WI$O^=&_`d>a
z=0P&;LE7uuE08A@spl$I6V&@CWqe{*`cO{$-(60t^=i{fF@<Mw*4a2Erjc)3xmteU
z?gsK!athXNrEV>Oq9l|x*-`>ug8I{?G09pNz`_MZ{L*v^+Q)K!_Wh5&>%r&#_3d^4
z{q6Yb;=}Fe{O0E(hOCUOsP}{WWThTmrCyxDyyhV1-F76x;xPx#%2DOa`<4}jC!6?_
zTczSt6Lv{=%W<WI&*WdjuA|4trtbzbLPfJOO;N_gi=^_C#+f&=8bum(TN_xSiiaBh
zJ=E}<d2UzL``HCyx@Eio(nXsqk$^J;8{2cRw2-B-^n3677v~p0_isO5eHz}ZMx%oX
zIhG1tFAq7Cpi|JqIs5*{51-!lZ--aC{_XJmW50~@wwn$%DDl@kzeI6=HR2Uz{omd;
ziA^>dn5f(aTMV*-Gy@q`eF=%BI4jBBmYs@O!Kgk;RXe6aV$ZjX#5;r+S*<#CwH&ii
z8b3LLwSX{xM(e7fB>KqRsN;9Aw6H#P*ZM-_+#(LBnOPR~YP0itpSP#uNj~~^yEzVf
zDh_)p3aF}Pp^ebqYV8x%*ehnr^~kd`-C;|}M*MBFB_!(sY_1Gb0<Ke`1-Y-B6#;Z(
z<8TWfY;FAX2VTlJJZxHdiA^ipCNuW2*=5!8vUKUjnU81Kd^7JYadbViwxOjg=r-C5
zf4Mz3SwvnY1(h^5<zUJK+O0$$Htc-k8+LL5gB4qK;=Kb;&M~h{f~+iAPlK*Vgsdxj
zFI&i4D_cD)u9S5j*X(RqVUD(EaVrigtkJUv>Nfe>+BR%ehRjwo_N?tDD{Sh<!;#4$
z#$Wx&ibtjKJ?wWm?00$5tGfQ1Pq1z6<Pg|3`#(;P^51{%wBNK(4)x#rxN?H7UV6hE
zIHnJ74mW?8^2}@ILZ(1mL*qcs87F^e!<^bTva)Jiw+yFA3+^Rwirw@XdHOuV?e~xH
zz%^BfmRkGiEgzzbey!Jk)0k4e(64nr-s2IvHX+ag_(TKDK-OQQx=V!qUw=kI{b9yQ
z{pF~s4s^RM2-+?t-o{i-ZF?E5?B1O+${~d9Vj(u{=Z1ZP1yH%g$c4Rmjp}|Cx%J($
z1yQr?PCN80gf?T`AvCQLWi<5Oh@A{t&9baoQCr^<>JU1638l@QX=zPDQrmC&3MT&n
zTZUR|x-!m`cGnVD=_x0_Zn7msS(`9+R5W?dv0sr`tQhyIm-nKkHaueCzroCIU?O&G
zWuHZ%X+Ce1C$wcR%I)g&4C>yklalX!+os(J_+P*%<pyG7gS1n7q~1v7+e&?_+~m;r
zXOzOvnp6mRDAT`H49E^7_-W(v|6q>YN>DbD>4%5Ic@ibprtAObYyw~R{kK-Doj?EK
z`1tVsx4m3z*8h8*2y~6?w=@O(R@3)hnNQv^2apM6BQFqAf6{fC-T{mx(~zUj7y3I{
zaj9LDGYPQ~iDn>01p9;fi?d)h5AXaSUcjS%39mU0MSPX{F)c3N%FLMFe7u)Au|#JM
zv*F>|_^O`&L&?TQvY(R)STp~(Tc;<v`Tw|ei2v{BDkQqHj(*|^<VvVYE#%4-`kFPw
z(+`e$f^~oD*(95tOOiSKV^uSQ-XczBKvr_Gj^p?X^J_RZaBE4Y(LJpDe&%7$`0HFx
zxBpLH39hyOCvS50zjJbWSpV(i`fBz+@stmi|6utK*Wo%`hwE_d`TD;A009608Ua`3
H0HOc@jrf1q

literal 0
HcmV?d00001

diff --git a/charts/v4.2.0/blob-csi-driver/Chart.yaml b/charts/v4.2.0/blob-csi-driver/Chart.yaml
new file mode 100644
index 000000000..bd70c96af
--- /dev/null
+++ b/charts/v4.2.0/blob-csi-driver/Chart.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: latest
+description: Azure Blob Storage CSI driver
+name: blob-csi-driver
+version: v4.2.0
diff --git a/charts/v4.2.0/blob-csi-driver/templates/NOTES.txt b/charts/v4.2.0/blob-csi-driver/templates/NOTES.txt
new file mode 100644
index 000000000..9ad135dd4
--- /dev/null
+++ b/charts/v4.2.0/blob-csi-driver/templates/NOTES.txt
@@ -0,0 +1,5 @@
+The Azure Blob Storage CSI driver is getting deployed to your cluster.
+
+To check Azure Blob Storage CSI driver pods status, please run:
+
+  kubectl --namespace={{ .Release.Namespace }} get pods --selector="release={{ .Release.Name }}" --watch
diff --git a/charts/v4.2.0/blob-csi-driver/templates/_helpers.tpl b/charts/v4.2.0/blob-csi-driver/templates/_helpers.tpl
new file mode 100644
index 000000000..d99392f32
--- /dev/null
+++ b/charts/v4.2.0/blob-csi-driver/templates/_helpers.tpl
@@ -0,0 +1,49 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{/* Expand the name of the chart.*/}}
+{{- define "blob.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "blob.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common selectors.
+*/}}
+{{- define "blob.selectorLabels" -}}
+app.kubernetes.io/name: {{ template "blob.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+
+{{/*
+Common labels.
+*/}}
+{{- define "blob.labels" -}}
+{{- include "blob.selectorLabels" . }}
+app.kubernetes.io/component: csi-driver
+app.kubernetes.io/part-of: {{ template "blob.name" . }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+helm.sh/chart: {{ template "blob.chart" . }}
+{{- if .Values.customLabels }}
+{{ toYaml .Values.customLabels }}
+{{- end }}
+{{- end -}}
+
+
+{{/* pull secrets for containers */}}
+{{- define "blob.pullSecrets" -}}
+{{- if .Values.imagePullSecrets }}
+imagePullSecrets:
+{{- range .Values.imagePullSecrets }}
+  - name: {{ . }}
+{{- end }}
+{{- end }}
+{{- end -}}
\ No newline at end of file
diff --git a/charts/v4.2.0/blob-csi-driver/templates/csi-blob-controller.yaml b/charts/v4.2.0/blob-csi-driver/templates/csi-blob-controller.yaml
new file mode 100644
index 000000000..50afbb969
--- /dev/null
+++ b/charts/v4.2.0/blob-csi-driver/templates/csi-blob-controller.yaml
@@ -0,0 +1,216 @@
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  name: {{ .Values.controller.name }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Values.controller.name }}
+    {{- include "blob.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.controller.replicas }}
+  selector:
+    matchLabels:
+      app: {{ .Values.controller.name }}
+      {{- include "blob.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        app: {{ .Values.controller.name }}
+        {{- include "blob.labels" . | nindent 8 }}
+        {{- if .Values.workloadIdentity.clientID }}
+        azure.workload.identity/use: "true"
+        {{- end }}
+        {{- if .Values.podLabels }}
+{{- toYaml .Values.podLabels | nindent 8 }}
+        {{- end }}
+{{- if .Values.podAnnotations }}
+      annotations:
+{{ toYaml .Values.podAnnotations | indent 8 }}
+{{- end }}
+    spec:
+{{- with .Values.controller.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+{{- end }}
+      {{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+{{ toYaml .Values.imagePullSecrets | indent 8 }}
+      {{- end }}
+      hostNetwork: {{ .Values.controller.hostNetwork }}
+      dnsPolicy: ClusterFirstWithHostNet
+      serviceAccountName: {{ .Values.serviceAccount.controller }}
+      nodeSelector:
+        kubernetes.io/os: linux
+        {{- if .Values.controller.runOnMaster}}
+        node-role.kubernetes.io/master: ""
+        {{- end}}
+        {{- if .Values.controller.runOnControlPlane}}
+        node-role.kubernetes.io/control-plane: ""
+        {{- end}}
+{{- with .Values.controller.nodeSelector }}
+{{ toYaml . | indent 8 }}
+{{- end }}
+      priorityClassName: {{ .Values.priorityClassName | quote }}
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
+{{- with .Values.controller.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+{{- end }}
+      containers:
+        - name: csi-provisioner
+{{- if hasPrefix "/" .Values.image.csiProvisioner.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.csiProvisioner.repository }}:{{ .Values.image.csiProvisioner.tag }}"
+{{- else }}
+          image: "{{ .Values.image.csiProvisioner.repository }}:{{ .Values.image.csiProvisioner.tag }}"
+{{- end }}
+          args:
+            - "-v=2"
+            - "--csi-address=$(ADDRESS)"
+            - "--leader-election"
+            - "--leader-election-namespace={{ .Release.Namespace }}"
+            - "--timeout=120s"
+            - "--extra-create-metadata=true"
+            - "--kube-api-qps=50"
+            - "--kube-api-burst=100"
+          env:
+            - name: ADDRESS
+              value: /csi/csi.sock
+          imagePullPolicy: {{ .Values.image.csiProvisioner.pullPolicy }}
+          volumeMounts:
+            - mountPath: /csi
+              name: socket-dir
+          resources: {{- toYaml .Values.controller.resources.csiProvisioner | nindent 12 }}
+        - name: liveness-probe
+{{- if hasPrefix "/" .Values.image.livenessProbe.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
+{{- else }}
+          image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
+{{- end }}
+          args:
+            - --csi-address=/csi/csi.sock
+            - --probe-timeout=3s
+            - --health-port={{ .Values.controller.livenessProbe.healthPort }}
+          imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }}
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /csi
+          resources: {{- toYaml .Values.controller.resources.livenessProbe | nindent 12 }}
+        - name: blob
+{{- if hasPrefix "/" .Values.image.blob.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}"
+{{- else }}
+          image: "{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}"
+{{- end }}
+          args:
+            - "--v={{ .Values.controller.logLevel }}"
+            - "--endpoint=$(CSI_ENDPOINT)"
+            - "--metrics-address=0.0.0.0:{{ .Values.controller.metricsPort }}"
+            - "--drivername={{ .Values.driver.name }}"
+            - "--custom-user-agent={{ .Values.driver.customUserAgent }}"
+            - "--user-agent-suffix={{ .Values.driver.userAgentSuffix }}"
+            - "--cloud-config-secret-name={{ .Values.controller.cloudConfigSecretName }}"
+            - "--cloud-config-secret-namespace={{ .Values.controller.cloudConfigSecretNamespace }}"
+            - "--allow-empty-cloud-config={{ .Values.controller.allowEmptyCloudConfig }}"
+          ports:
+            - containerPort: {{ .Values.controller.livenessProbe.healthPort }}
+              name: healthz
+              protocol: TCP
+            - containerPort: {{ .Values.controller.metricsPort }}
+              name: metrics
+              protocol: TCP
+          livenessProbe:
+            failureThreshold: 5
+            httpGet:
+              path: /healthz
+              port: healthz
+            initialDelaySeconds: 30
+            timeoutSeconds: 10
+            periodSeconds: 30
+          env:
+            - name: AZURE_CREDENTIAL_FILE
+              valueFrom:
+                configMapKeyRef:
+                  name: azure-cred-file
+                  key: path
+                  optional: true
+            - name: CSI_ENDPOINT
+              value: unix:///csi/csi.sock
+            {{- if ne .Values.driver.httpsProxy "" }}
+            - name: HTTPS_PROXY
+              value: {{ .Values.driver.httpsProxy }}
+            {{- end }}
+            {{- if ne .Values.driver.httpProxy "" }}
+            - name: HTTP_PROXY
+              value: {{ .Values.driver.httpProxy }}
+            {{- end }}
+            - name: AZURE_GO_SDK_LOG_LEVEL
+              value: {{ .Values.driver.azureGoSDKLogLevel }}
+            {{- if eq .Values.cloud "AzureStackCloud" }}
+            - name: AZURE_ENVIRONMENT_FILEPATH
+              value: /etc/kubernetes/azurestackcloud.json
+            {{- end }}
+          imagePullPolicy: {{ .Values.image.blob.pullPolicy }}
+          volumeMounts:
+            - mountPath: /csi
+              name: socket-dir
+            - mountPath: /etc/kubernetes/
+              name: azure-cred
+            {{- if eq .Values.cloud "AzureStackCloud" }}
+            - name: ssl
+              mountPath: /etc/ssl/certs
+              readOnly: true
+            {{- end }}
+            {{- if eq .Values.linux.distro "fedora" }}
+            - name: ssl
+              mountPath: /etc/ssl/certs
+              readOnly: true
+            - name: ssl-pki
+              mountPath: /etc/pki/ca-trust/extracted
+              readOnly: true
+            {{- end }}
+          resources: {{- toYaml .Values.controller.resources.blob | nindent 12 }}
+        - name: csi-resizer
+{{- if hasPrefix "/" .Values.image.csiResizer.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.csiResizer.repository }}:{{ .Values.image.csiResizer.tag }}"
+{{- else }}
+          image: "{{ .Values.image.csiResizer.repository }}:{{ .Values.image.csiResizer.tag }}"
+{{- end }}
+          args:
+            - "-csi-address=$(ADDRESS)"
+            - "-v=2"
+            - "-leader-election"
+            - "--leader-election-namespace={{ .Release.Namespace }}"
+            - '-handle-volume-inuse-error=false'
+          env:
+            - name: ADDRESS
+              value: /csi/csi.sock
+          imagePullPolicy: {{ .Values.image.csiResizer.pullPolicy }}
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /csi
+          resources: {{- toYaml .Values.controller.resources.csiResizer | nindent 12 }}
+      volumes:
+        - name: socket-dir
+          emptyDir: {}
+        - name: azure-cred
+          hostPath:
+            path: /etc/kubernetes/
+            type: DirectoryOrCreate
+        {{- if eq .Values.cloud "AzureStackCloud" }}
+        - name: ssl
+          hostPath:
+            path: /etc/ssl/certs
+        {{- end }}
+        {{- if eq .Values.linux.distro "fedora" }}
+        - name: ssl
+          hostPath:
+            path: /etc/ssl/certs
+        - name: ssl-pki
+          hostPath:
+            path: /etc/pki/ca-trust/extracted
+        {{- end }}
+      {{- if .Values.securityContext }}
+      securityContext: {{- toYaml .Values.securityContext | nindent 8 }}
+      {{- end }}
diff --git a/charts/v4.2.0/blob-csi-driver/templates/csi-blob-driver.yaml b/charts/v4.2.0/blob-csi-driver/templates/csi-blob-driver.yaml
new file mode 100644
index 000000000..9a6aea64a
--- /dev/null
+++ b/charts/v4.2.0/blob-csi-driver/templates/csi-blob-driver.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: storage.k8s.io/v1
+kind: CSIDriver
+metadata:
+  name: {{ .Values.driver.name }}
+  labels:
+    {{- include "blob.labels" . | nindent 4 }}
+spec:
+  attachRequired: false
+  podInfoOnMount: true
+  fsGroupPolicy: {{ .Values.feature.fsGroupPolicy }}
+  volumeLifecycleModes:
+    - Persistent
+    - Ephemeral
diff --git a/charts/v4.2.0/blob-csi-driver/templates/csi-blob-node.yaml b/charts/v4.2.0/blob-csi-driver/templates/csi-blob-node.yaml
new file mode 100644
index 000000000..13e4291ed
--- /dev/null
+++ b/charts/v4.2.0/blob-csi-driver/templates/csi-blob-node.yaml
@@ -0,0 +1,288 @@
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+  name: {{ .Values.node.name }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Values.node.name }}
+    {{- include "blob.labels" . | nindent 4 }}
+spec:
+  updateStrategy:
+    rollingUpdate:
+      maxUnavailable: {{ .Values.node.maxUnavailable }}
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app: {{ .Values.node.name }}
+      {{- include "blob.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        app: {{ .Values.node.name }}
+        {{- include "blob.labels" . | nindent 8 }}
+        {{- if .Values.workloadIdentity.clientID }}
+        azure.workload.identity/use: "true"
+        {{- end }}
+        {{- if .Values.podLabels }}
+{{- toYaml .Values.podLabels | nindent 8 }}
+        {{- end }}
+{{- if .Values.podAnnotations }}
+      annotations:
+{{ toYaml .Values.podAnnotations | indent 8 }}
+{{- end }}
+    spec:
+      {{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+{{ toYaml .Values.imagePullSecrets | indent 8 }}
+      {{- end }}
+{{- if .Values.node.enableBlobfuseProxy }}
+      hostPID: true
+{{- end }}
+      hostNetwork: true
+      dnsPolicy: ClusterFirstWithHostNet
+      serviceAccountName: {{ .Values.serviceAccount.node }}
+      nodeSelector:
+        kubernetes.io/os: linux
+{{- with .Values.node.nodeSelector }}
+{{ toYaml . | indent 8 }}
+{{- end }}
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: type
+                    operator: NotIn
+                    values:
+                      - virtual-kubelet
+        {{- if .Values.node.affinity }}
+{{- toYaml .Values.node.affinity | nindent 8 }}
+        {{- end }}
+      priorityClassName: {{ .Values.priorityClassName | quote }}
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
+{{- with .Values.node.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+{{- end }}
+{{- if .Values.node.enableBlobfuseProxy }}
+      initContainers:
+        - name: install-blobfuse-proxy
+{{- if hasPrefix "/" .Values.image.blob.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}"
+{{- else }}
+          image: "{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}"
+{{- end }}
+          imagePullPolicy: IfNotPresent
+          command:
+            - "/blobfuse-proxy/init.sh"
+          securityContext:
+            privileged: true
+          env:
+            - name: DEBIAN_FRONTEND
+              value: "noninteractive"
+            - name: INSTALL_BLOBFUSE
+              value: "{{ .Values.node.blobfuseProxy.installBlobfuse }}"
+            - name: BLOBFUSE_VERSION
+              value: "{{ .Values.node.blobfuseProxy.blobfuseVersion }}"
+            - name: INSTALL_BLOBFUSE2
+              value: "{{ .Values.node.blobfuseProxy.installBlobfuse2 }}"
+            - name: BLOBFUSE2_VERSION
+              value: "{{ .Values.node.blobfuseProxy.blobfuse2Version }}"
+            - name: SET_MAX_OPEN_FILE_NUM
+              value: "{{ .Values.node.blobfuseProxy.setMaxOpenFileNum }}"
+            - name: MAX_FILE_NUM
+              value: "{{ .Values.node.blobfuseProxy.maxOpenFileNum }}"
+            - name: DISABLE_UPDATEDB
+              value: "{{ .Values.node.blobfuseProxy.disableUpdateDB }}"
+          volumeMounts:
+            - name: host-usr
+              mountPath: /host/usr
+            - name: host-etc
+              mountPath: /host/etc
+{{- end }}
+      containers:
+        - name: liveness-probe
+          imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }}
+          volumeMounts:
+            - mountPath: /csi
+              name: socket-dir
+{{- if hasPrefix "/" .Values.image.livenessProbe.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
+{{- else }}
+          image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
+{{- end }}
+          args:
+            - --csi-address=/csi/csi.sock
+            - --probe-timeout=3s
+            - --health-port={{ .Values.node.livenessProbe.healthPort }}
+            - --v=2
+          resources: {{- toYaml .Values.node.resources.livenessProbe | nindent 12 }}
+        - name: node-driver-registrar
+{{- if hasPrefix "/" .Values.image.nodeDriverRegistrar.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
+{{- else }}
+          image: "{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
+{{- end }}
+          args:
+            - --csi-address=$(ADDRESS)
+            - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
+            - --v=2
+          livenessProbe:
+            exec:
+              command:
+                - /csi-node-driver-registrar
+                - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
+                - --mode=kubelet-registration-probe
+            initialDelaySeconds: 30
+            timeoutSeconds: 15
+          env:
+            - name: ADDRESS
+              value: /csi/csi.sock
+            - name: DRIVER_REG_SOCK_PATH
+              value: {{ .Values.linux.kubelet }}/plugins/{{ .Values.driver.name }}/csi.sock
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /csi
+            - name: registration-dir
+              mountPath: /registration
+          resources: {{- toYaml .Values.node.resources.nodeDriverRegistrar | nindent 12 }}
+        - name: blob
+{{- if hasPrefix "/" .Values.image.blob.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}"
+{{- else }}
+          image: "{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}"
+{{- end }}
+          args:
+            - "--v={{ .Values.node.logLevel }}"
+            - "--endpoint=$(CSI_ENDPOINT)"
+            - "--blobfuse-proxy-endpoint=$(BLOBFUSE_PROXY_ENDPOINT)"
+            - "--edgecache-mount-endpoint=$(EDGECACHE_MOUNT_ENDPOINT)"
+            - "--enable-blobfuse-proxy={{ .Values.node.enableBlobfuseProxy }}"
+            - "--nodeid=$(KUBE_NODE_NAME)"
+            - "--drivername={{ .Values.driver.name }}"
+            - "--cloud-config-secret-name={{ .Values.node.cloudConfigSecretName }}"
+            - "--cloud-config-secret-namespace={{ .Values.node.cloudConfigSecretNamespace }}"
+            - "--custom-user-agent={{ .Values.driver.customUserAgent }}"
+            - "--user-agent-suffix={{ .Values.driver.userAgentSuffix }}"
+            - "--allow-empty-cloud-config={{ .Values.node.allowEmptyCloudConfig }}"
+            - "--enable-get-volume-stats={{ .Values.feature.enableGetVolumeStats }}"
+            - "--append-timestamp-cache-dir={{ .Values.node.appendTimeStampInCacheDir }}"
+            - "--mount-permissions={{ .Values.node.mountPermissions }}"
+            - "--allow-inline-volume-key-access-with-idenitity={{ .Values.node.allowInlineVolumeKeyAccessWithIdentity }}"
+          ports:
+            - containerPort: {{ .Values.node.livenessProbe.healthPort }}
+              name: healthz
+              protocol: TCP
+          livenessProbe:
+            failureThreshold: 5
+            httpGet:
+              path: /healthz
+              port: healthz
+            initialDelaySeconds: 30
+            timeoutSeconds: 10
+            periodSeconds: 30
+          env:
+            - name: AZURE_CREDENTIAL_FILE
+              valueFrom:
+                configMapKeyRef:
+                  name: azure-cred-file
+                  key: path
+                  optional: true
+            - name: CSI_ENDPOINT
+              value: unix:///csi/csi.sock
+            - name: EDGECACHE_MOUNT_ENDPOINT
+              value: unix:///csi/csi_mounts.sock
+            - name: BLOBFUSE_PROXY_ENDPOINT
+              value: unix:///csi/blobfuse-proxy.sock
+            {{- if ne .Values.driver.httpsProxy "" }}
+            - name: HTTPS_PROXY
+              value: {{ .Values.driver.httpsProxy }}
+            {{- end }}
+            {{- if ne .Values.driver.httpProxy "" }}
+            - name: HTTP_PROXY
+              value: {{ .Values.driver.httpProxy }}
+            {{- end }}
+            - name: KUBE_NODE_NAME
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: spec.nodeName
+            - name: AZURE_GO_SDK_LOG_LEVEL
+              value: {{ .Values.driver.azureGoSDKLogLevel }}
+            {{- if eq .Values.cloud "AzureStackCloud" }}
+            - name: AZURE_ENVIRONMENT_FILEPATH
+              value: /etc/kubernetes/azurestackcloud.json
+            {{- end }}
+          imagePullPolicy: {{ .Values.image.blob.pullPolicy }}
+          securityContext:
+            privileged: true
+          volumeMounts:
+            - mountPath: /csi
+              name: socket-dir
+            - mountPath: {{ .Values.linux.kubelet }}/
+              mountPropagation: Bidirectional
+              name: mountpoint-dir
+            - mountPath: /etc/kubernetes/
+              name: azure-cred
+            - mountPath: /mnt
+              name: blob-cache
+            {{- if eq .Values.cloud "AzureStackCloud" }}
+            - name: ssl
+              mountPath: /etc/ssl/certs
+              readOnly: true
+            {{- end }}
+            {{- if eq .Values.linux.distro "fedora" }}
+            - name: ssl
+              mountPath: /etc/ssl/certs
+              readOnly: true
+            - name: ssl-pki
+              mountPath: /etc/pki/ca-trust/extracted
+              readOnly: true
+            {{- end }}
+          resources: {{- toYaml .Values.node.resources.blob | nindent 12 }}
+      volumes:
+{{- if .Values.node.enableBlobfuseProxy }}
+        - name: host-usr
+          hostPath:
+            path: /usr
+        - name: host-etc
+          hostPath:
+            path: /etc
+{{- end }}
+        - hostPath:
+            path: {{ .Values.linux.kubelet }}/plugins/{{ .Values.driver.name }}
+            type: DirectoryOrCreate
+          name: socket-dir
+        - hostPath:
+            path: {{ .Values.linux.kubelet }}/
+            type: DirectoryOrCreate
+          name: mountpoint-dir
+        - hostPath:
+            path: {{ .Values.linux.kubelet }}/plugins_registry/
+            type: DirectoryOrCreate
+          name: registration-dir
+        - hostPath:
+            path: /etc/kubernetes/
+            type: DirectoryOrCreate
+          name: azure-cred
+        - hostPath:
+            path: {{ .Values.node.blobfuseCachePath }}
+          name: blob-cache
+        {{- if eq .Values.cloud "AzureStackCloud" }}
+        - name: ssl
+          hostPath:
+            path: /etc/ssl/certs
+        {{- end }}
+        {{- if eq .Values.linux.distro "fedora" }}
+        - name: ssl
+          hostPath:
+            path: /etc/ssl/certs
+        - name: ssl-pki
+          hostPath:
+            path: /etc/pki/ca-trust/extracted
+        {{- end }}
+      {{- if .Values.securityContext }}
+      securityContext: {{- toYaml .Values.securityContext | nindent 8 }}
+      {{- end }}
diff --git a/charts/v4.2.0/blob-csi-driver/templates/rbac-csi-blob-controller.yaml b/charts/v4.2.0/blob-csi-driver/templates/rbac-csi-blob-controller.yaml
new file mode 100644
index 000000000..833dcc640
--- /dev/null
+++ b/charts/v4.2.0/blob-csi-driver/templates/rbac-csi-blob-controller.yaml
@@ -0,0 +1,115 @@
+{{- if .Values.rbac.create -}}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ .Values.rbac.name }}-external-provisioner-role
+  labels:
+    {{- include "blob.labels" . | nindent 4 }}
+rules:
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "create", "delete"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch", "update"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["get", "list", "watch", "create", "update", "patch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["csinodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["get", "list", "watch", "create", "update", "patch"]
+
+---
+
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ .Values.rbac.name }}-csi-provisioner-binding
+  labels:
+    {{- include "blob.labels" . | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Values.serviceAccount.controller }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: {{ .Values.rbac.name }}-external-provisioner-role
+  apiGroup: rbac.authorization.k8s.io
+
+---
+
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ .Values.rbac.name }}-external-resizer-role
+  labels:
+    {{- include "blob.labels" . | nindent 4 }}
+rules:
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "update", "patch"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims/status"]
+    verbs: ["update", "patch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["list", "watch", "create", "update", "patch"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["get", "list", "watch", "create", "update", "patch"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ .Values.rbac.name }}-csi-resizer-role
+  labels:
+    {{- include "blob.labels" . | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Values.serviceAccount.controller }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: {{ .Values.rbac.name }}-external-resizer-role
+  apiGroup: rbac.authorization.k8s.io
+
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-{{ .Values.rbac.name }}-controller-secret-role
+  labels:
+    {{- include "blob.labels" . | nindent 4 }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "create"]
+
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-{{ .Values.rbac.name }}-controller-secret-binding
+  labels:
+    {{- include "blob.labels" . | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Values.serviceAccount.controller }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: csi-{{ .Values.rbac.name }}-controller-secret-role
+  apiGroup: rbac.authorization.k8s.io
+{{ end }}
diff --git a/charts/v4.2.0/blob-csi-driver/templates/rbac-csi-blob-node.yaml b/charts/v4.2.0/blob-csi-driver/templates/rbac-csi-blob-node.yaml
new file mode 100644
index 000000000..f4eb48e93
--- /dev/null
+++ b/charts/v4.2.0/blob-csi-driver/templates/rbac-csi-blob-node.yaml
@@ -0,0 +1,38 @@
+{{- if .Values.rbac.create -}}
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-{{ .Values.rbac.name }}-node-secret-role
+  labels:
+    {{- include "blob.labels" . | nindent 4 }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get"]
+
+    # the node plugin must apply annotations to the PVC for edgecache volumes
+    # it gets the PVC's through the PV's
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "update"]
+
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-{{ .Values.rbac.name }}-node-secret-binding
+  labels:
+    {{- include "blob.labels" . | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Values.serviceAccount.node }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: csi-{{ .Values.rbac.name }}-node-secret-role
+  apiGroup: rbac.authorization.k8s.io
+{{ end }}
diff --git a/charts/v4.2.0/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml b/charts/v4.2.0/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml
new file mode 100644
index 000000000..7433bccf1
--- /dev/null
+++ b/charts/v4.2.0/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml
@@ -0,0 +1,17 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.serviceAccount.controller }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "blob.labels" . | nindent 4 }}
+{{- if .Values.workloadIdentity.clientID }}
+    azure.workload.identity/use: "true"
+  annotations:
+    azure.workload.identity/client-id: {{ .Values.workloadIdentity.clientID }}
+{{- if .Values.workloadIdentity.tenantID }}
+    azure.workload.identity/tenant-id: {{ .Values.workloadIdentity.tenantID }}
+{{- end }}
+{{- end }}
+{{- end -}}
diff --git a/charts/v4.2.0/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml b/charts/v4.2.0/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml
new file mode 100644
index 000000000..a25090e30
--- /dev/null
+++ b/charts/v4.2.0/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml
@@ -0,0 +1,17 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.serviceAccount.node }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "blob.labels" . | nindent 4 }}
+{{- if .Values.workloadIdentity.clientID }}
+    azure.workload.identity/use: "true"
+  annotations:
+    azure.workload.identity/client-id: {{ .Values.workloadIdentity.clientID }}
+{{- if .Values.workloadIdentity.tenantID }}
+    azure.workload.identity/tenant-id: {{ .Values.workloadIdentity.tenantID }}
+{{- end }}
+{{- end }}
+{{- end -}}
diff --git a/charts/v4.2.0/blob-csi-driver/values.yaml b/charts/v4.2.0/blob-csi-driver/values.yaml
new file mode 100644
index 000000000..1ff9bbfaf
--- /dev/null
+++ b/charts/v4.2.0/blob-csi-driver/values.yaml
@@ -0,0 +1,173 @@
+image:
+  baseRepo: mcr.microsoft.com
+  blob:
+    repository: /k8s/csi/blob-csi
+    tag: latest
+    pullPolicy: IfNotPresent
+  csiProvisioner:
+    repository: /oss/kubernetes-csi/csi-provisioner
+    tag: v3.5.0
+    pullPolicy: IfNotPresent
+  livenessProbe:
+    repository: /oss/kubernetes-csi/livenessprobe
+    tag: v2.10.0
+    pullPolicy: IfNotPresent
+  nodeDriverRegistrar:
+    repository: /oss/kubernetes-csi/csi-node-driver-registrar
+    tag: v2.8.0
+    pullPolicy: IfNotPresent
+  csiResizer:
+    repository: /oss/kubernetes-csi/csi-resizer
+    tag: v1.8.0
+    pullPolicy: IfNotPresent
+
+cloud: AzurePublicCloud
+
+## Reference to one or more secrets to be used when pulling images
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+imagePullSecrets: []
+# - name: myRegistryKeySecretName
+
+serviceAccount:
+  create: true # When true, service accounts will be created for you. Set to false if you want to use your own.
+  controller: csi-blob-controller-sa # Name of Service Account to be created or used
+  node: csi-blob-node-sa # Name of Service Account to be created or used
+
+rbac:
+  create: true
+  name: blob
+
+## Collection of annotations to add to all the pods
+podAnnotations: {}
+## Collection of labels to add to all the pods
+podLabels: {}
+# -- Custom labels to add into metadata
+customLabels: {}
+  # k8s-app: blob-csi-driver
+
+## Leverage a PriorityClass to ensure your pods survive resource shortages
+## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
+priorityClassName: system-cluster-critical
+## Security context give the opportunity to run container as nonroot by setting a securityContext
+## by example :
+## securityContext: { runAsUser: 1001 }
+securityContext: {}
+
+controller:
+  name: csi-blob-controller
+  cloudConfigSecretName: azure-cloud-provider
+  cloudConfigSecretNamespace: kube-system
+  allowEmptyCloudConfig: true
+  hostNetwork: true # this setting could be disabled if controller does not depend on MSI setting
+  metricsPort: 29634
+  livenessProbe:
+    healthPort: 29632
+  replicas: 2
+  runOnMaster: false
+  runOnControlPlane: false
+  logLevel: 5
+  resources:
+    csiProvisioner:
+      limits:
+        memory: 500Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
+    livenessProbe:
+      limits:
+        memory: 100Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
+    blob:
+      limits:
+        memory: 200Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
+    csiResizer:
+      limits:
+        memory: 500Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
+  affinity: {}
+  nodeSelector: {}
+  tolerations:
+    - key: "node-role.kubernetes.io/master"
+      operator: "Exists"
+      effect: "NoSchedule"
+    - key: "node-role.kubernetes.io/controlplane"
+      operator: "Exists"
+      effect: "NoSchedule"
+    - key: "node-role.kubernetes.io/control-plane"
+      operator: "Exists"
+      effect: "NoSchedule"
+
+node:
+  name: csi-blob-node
+  cloudConfigSecretName: azure-cloud-provider
+  cloudConfigSecretNamespace: kube-system
+  allowEmptyCloudConfig: true
+  allowInlineVolumeKeyAccessWithIdentity: false
+  maxUnavailable: 1
+  livenessProbe:
+    healthPort: 29633
+  logLevel: 5
+  enableBlobfuseProxy: false
+  blobfuseProxy:
+    installBlobfuse: true
+    blobfuseVersion: "1.4.5"
+    installBlobfuse2: true
+    blobfuse2Version: "2.0.3"
+    setMaxOpenFileNum: true
+    maxOpenFileNum: "9000000"
+    disableUpdateDB: true
+  blobfuseCachePath: /mnt
+  appendTimeStampInCacheDir: false
+  mountPermissions: 0777
+  resources:
+    livenessProbe:
+      limits:
+        memory: 100Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
+    nodeDriverRegistrar:
+      limits:
+        memory: 100Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
+    blob:
+      limits:
+        memory: 2100Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
+  affinity: {}
+  nodeSelector: {}
+  tolerations:
+    - operator: "Exists"
+
+feature:
+  fsGroupPolicy: ReadWriteOnceWithFSType
+  enableGetVolumeStats: false
+
+driver:
+  name: blob.csi.azure.com
+  customUserAgent: ""
+  userAgentSuffix: "OSS-helm"
+  azureGoSDKLogLevel: "" # available values: ""(no logs), DEBUG, INFO, WARNING, ERROR
+  httpsProxy: ""
+  httpProxy: ""
+
+linux:
+  kubelet: /var/lib/kubelet
+  distro: debian
+
+workloadIdentity:
+  clientID: ""
+  # [optional] If the AAD application or user-assigned managed identity is not in the same tenant as the cluster
+  # then set tenantID with the application or user-assigned managed identity tenant ID
+  tenantID: ""

From 94f771734bae780af3ecd538bfd4215179214772 Mon Sep 17 00:00:00 2001
From: estevan <50840058+chaireze@users.noreply.github.com>
Date: Thu, 10 Aug 2023 13:11:57 -0400
Subject: [PATCH 3/3] pvc_annotator: ignore applying hints if 'created' OR
 'creating'

---
 pkg/edgecache/cachevolume/pvc_annotator.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/edgecache/cachevolume/pvc_annotator.go b/pkg/edgecache/cachevolume/pvc_annotator.go
index 4ff85f91c..919a53e95 100644
--- a/pkg/edgecache/cachevolume/pvc_annotator.go
+++ b/pkg/edgecache/cachevolume/pvc_annotator.go
@@ -127,7 +127,7 @@ func (c *PVCAnnotator) buildAnnotations(pv *v1.PersistentVolume, cfg config.Azur
 func (c *PVCAnnotator) needsToBeProvisioned(pvc *v1.PersistentVolumeClaim) bool {
 	// check if pv connected to the pvc has already been passed to be created
 	pvState, pvStateOk := pvc.ObjectMeta.Annotations[volumeStateAnnotation]
-	if pvStateOk && pvState == "created" {
+	if pvStateOk && (pvState == "created" || pvState == "creating") {
 		return false
 	}