use privateendpoint with privatelink in dns name for nfs

cvvz · cvvz · commit 220bf4764b7d · 2023-01-04T02:42:10.000Z
diff --git a/pkg/blob/controllerserver.go b/pkg/blob/controllerserver.go
@@ -316,8 +316,14 @@ func (d *Driver) CreateVolume(ctx context.Context, req *csi.CreateVolumeRequest)
 		}
 	}
 
-	if createPrivateEndpoint {
-		setKeyValueInMap(parameters, serverNameField, fmt.Sprintf("%s.blob.%s", accountName, storageEndpointSuffix))
+	if createPrivateEndpoint && protocol == NFS {
+		// As for blobfuse/blobfuse2, serverName, i.e.,AZURE_STORAGE_BLOB_ENDPOINT env variable can't include
+		// "privatelink", issue: https://github.com/Azure/azure-storage-fuse/issues/1014
+		//
+		// And use public endpoint will be befine to blobfuse/blobfuse2, because it will be resolved to private endpoint
+		// by private dns zone, which includes CNAME record, documented here:
+		// https://learn.microsoft.com/en-us/azure/storage/common/storage-private-endpoints?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json&bc=%2Fazure%2Fstorage%2Fblobs%2Fbreadcrumb%2Ftoc.json#dns-changes-for-private-endpoints
+		setKeyValueInMap(parameters, serverNameField, fmt.Sprintf("%s.privatelink.blob.%s", accountName, storageEndpointSuffix))
 	}
 
 	accountOptions.Name = accountName

Original file line number	Diff line number	Diff line change
`@@ -316,8 +316,14 @@ func (d Driver) CreateVolume(ctx context.Context, req csi.CreateVolumeRequest)`
`316`	`316`	`}`
`317`	`317`	`}`
`318`	`318`
`319`		`- if createPrivateEndpoint {`
`320`		`- setKeyValueInMap(parameters, serverNameField, fmt.Sprintf("%s.blob.%s", accountName, storageEndpointSuffix))`
	`319`	`+ if createPrivateEndpoint && protocol == NFS {`
	`320`	`+ // As for blobfuse/blobfuse2, serverName, i.e.,AZURE_STORAGE_BLOB_ENDPOINT env variable can't include`
	`321`	`+ // "privatelink", issue: https://github.com/Azure/azure-storage-fuse/issues/1014`
	`322`	`+ //`
	`323`	`+ // And use public endpoint will be befine to blobfuse/blobfuse2, because it will be resolved to private endpoint`
	`324`	`+ // by private dns zone, which includes CNAME record, documented here:`
	`325`	`+ // https://learn.microsoft.com/en-us/azure/storage/common/storage-private-endpoints?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json&bc=%2Fazure%2Fstorage%2Fblobs%2Fbreadcrumb%2Ftoc.json#dns-changes-for-private-endpoints`
	`326`	`+ setKeyValueInMap(parameters, serverNameField, fmt.Sprintf("%s.privatelink.blob.%s", accountName, storageEndpointSuffix))`
`321`	`327`	`}`
`322`	`328`
`323`	`329`	`accountOptions.Name = accountName`