chore: switch to using multi-os image, update docs

Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Azure · Mar 1, 2021 · 89a7d0a · 89a7d0a
1 parent 0253083
commit 89a7d0a
Show file tree

Hide file tree

Showing 26 changed files with 159 additions and 134 deletions.
diff --git a/docs/sample/ingress-controller-tls/deployment-app-one.yaml b/docs/sample/ingress-controller-tls/deployment-app-one.yaml
@@ -1,22 +1,25 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: nginx-one
+  name: busybox-one
   labels:
-    app: nginx-one
+    app: busybox-one
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app: nginx-one
+      app: busybox-one
   template:
     metadata:
       labels:
-        app: nginx-one
+        app: busybox-one
     spec:
       containers:
-      - image: nginx
-        name: nginx
+      - name: busybox
+        image: k8s.gcr.io/e2e-test-images/busybox:1.29
+        command:
+          - "/bin/sh"
+          - "10000"
         volumeMounts:
         - name: secrets-store-inline
           mountPath: "/mnt/secrets-store"
@@ -34,10 +37,10 @@ spec:
 apiVersion: v1
 kind: Service
 metadata:
-  name: nginx-one
+  name: busybox-one
 spec:
   type: ClusterIP
   ports:
   - port: 80
   selector:
-    app: nginx-one
+    app: busybox-one
diff --git a/docs/sample/ingress-controller-tls/deployment-app-two.yaml b/docs/sample/ingress-controller-tls/deployment-app-two.yaml
@@ -1,22 +1,25 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: nginx-two
+  name: busybox-two
   labels:
-    app: nginx-two
+    app: busybox-two
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app: nginx-two
+      app: busybox-two
   template:
     metadata:
       labels:
-        app: nginx-two
+        app: busybox-two
     spec:
       containers:
-      - image: nginx
-        name: nginx
+      - name: busybox
+        image: k8s.gcr.io/e2e-test-images/busybox:1.29
+        command:
+          - "/bin/sh"
+          - "10000"
         volumeMounts:
         - name: secrets-store-inline
           mountPath: "/mnt/secrets-store"
@@ -34,10 +37,10 @@ spec:
 apiVersion: v1
 kind: Service
 metadata:
-  name: nginx-two
+  name: busybox-two
 spec:
   type: ClusterIP
   ports:
   - port: 80
   selector:
-    app: nginx-two
+    app: busybox-two
diff --git a/docs/sample/ingress-controller-tls/ingress.yaml b/docs/sample/ingress-controller-tls/ingress.yaml
@@ -1,4 +1,4 @@
-apiVersion: extensions/v1beta1
+apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: ingress-tls
@@ -15,10 +15,14 @@ spec:
     http:
       paths:
       - backend:
-          serviceName: nginx-one
-          servicePort: 80
+          service:
+            name: busybox-one
+            port:
+              number: 80
         path: /(.*)
       - backend:
-          serviceName: nginx-two
-          servicePort: 80
+          service:
+            name: busybox-two
+            port:
+              number: 80
         path: /two(/|$)(.*)
diff --git a/examples/kind/README.md b/examples/kind/README.md
@@ -4,21 +4,21 @@
 
 ## Prerequisite
 
-- Follow [instructions](https://github.com/kubernetes-sigs/kind#installation-and-usage) to setup kind in your machine
+- Follow [instructions](https://github.com/kubernetes-sigs/kind#installation-and-usage) to set up kind in your machine
 
-> Windows 10 users can use WSL 2 to install kind. Integrate docker for windows with WSL 2 by following the [instructions](https://kind.sigs.k8s.io/docs/user/using-wsl2/)..
+> Windows 10 users can use WSL 2 to install kind. Integrate docker for windows with WSL 2 by following the [instructions](https://kind.sigs.k8s.io/docs/user/using-wsl2/).
 
 ## Setup
 
-- Follow the [instructions](https://github.com/Azure/secrets-store-csi-driver-provider-azure/blob/master/docs/service-principal-mode.md) to setup Service Principal and give it access to Azure Key Vault. Keep `ClientID` and `ClientSecret` of the Service Principal handy.
+- Follow the [instructions](https://azure.github.io/secrets-store-csi-driver-provider-azure/configurations/identity-access-modes/service-principal-mode/) to set up Service Principal and give it access to Azure Key Vault. Keep `ClientID` and `ClientSecret` of the Service Principal handy.
 
-- Copy [v1alpha1_secretproviderclass.yaml](https://github.com/Azure/secrets-store-csi-driver-provider-azure/blob/master/examples/v1alpha1_secretproviderclass.yaml) and [nginx-pod-secrets-store-inline-volume-secretproviderclass.yaml](https://github.com/Azure/secrets-store-csi-driver-provider-azure/blob/master/examples/nginx-pod-secrets-store-inline-volume-secretproviderclass.yaml) to this directory.
+- Copy [v1alpha1_secretproviderclass.yaml](https://raw.githubusercontent.com/Azure/secrets-store-csi-driver-provider-azure/master/examples/service-principal/v1alpha1_secretproviderclass_service_principal.yaml) and [pod-secrets-store-inline-volume-secretproviderclass.yaml](https://raw.githubusercontent.com/Azure/secrets-store-csi-driver-provider-azure/master/examples/service-principal/pod-secrets-store-inline-volume-secretproviderclass.yaml) to this directory.
 
-- Update `v1alpha1_secretproviderclass.yaml` to provide keyvault name and the keyvault resources to fetch.
+- Update `v1alpha1_secretproviderclass.yaml` to provide keyvault name and keyvault resources to fetch.
 
 ```yaml
 cloudName: 'AzurePublicCloud' # [OPTIONAL available for version > 0.0.4] if not provided, azure environment will default to AzurePublicCloud
-keyvaultName: '' # the name of the KeyVault
+keyvaultName: ''              # the name of the KeyVault
 objects: |
   array:
     - |
@@ -29,9 +29,7 @@ objects: |
     objectName: key1
     objectType: key
     objectVersion: ""
-resourceGroup: '' # [REQUIRED for version < 0.0.4] the resource group of the KeyVault
-subscriptionId: '' # [REQUIRED for version < 0.0.4] the subscription ID of the KeyVault
-tenantId: '' # the tenant ID of the KeyVault
+tenantId: '<tenant id>'       # the tenant ID of the KeyVault
 ```
 
 ## Usage
@@ -52,24 +50,24 @@ The final output would contain the list of keys and secrets pulled from the keyv
 kind create cluster --name kind-csi-demo
 ```
 
-- Install [csi-secrets-store-provider-azure](https://github.com/Azure/secrets-store-csi-driver-provider-azure#install-the-secrets-store-csi-driver-and-the-azure-keyvault-provider)
+- Install [csi-secrets-store-provider-azure](https://azure.github.io/secrets-store-csi-driver-provider-azure/getting-started/installation/)
 
 - Add your Service Principal credentials as a Kubernetes secrets accessible by the Secrets Store CSI driver.
 
 ```sh
 kubectl create secret generic secrets-store-creds --from-literal clientid=<CLIENTID> --from-literal clientsecret=<CLIENTSECRET>
 ```
 
-- Deploy the app. This will deploy a nginx container and mount the secrets as volume at path `/mnt/secrets-store`
+- Deploy the app. This will deploy a busybox container and mount the secrets as volume at path `/mnt/secrets-store`
 
 ```sh
-kubectl apply -f nginx-pod-secrets-store-inline-volume.yaml
+kubectl apply -f pod-secrets-store-inline-volume.yaml
 ```
 
 ### Validate the secret
 
-Run the below command and it should list the secrets pulled from keyvault. Each of the file contains the value of the secret.
+Run the below command to list the secrets pulled from keyvault. Each of the file contains the value of the secret.
 
 ```sh
-kubectl exec -it nginx-secrets-store-inline ls /mnt/secrets-store/
+kubectl exec busybox-secrets-store-inline ls /mnt/secrets-store/
 ```
diff --git a/examples/kind/kind-demo.sh b/examples/kind/kind-demo.sh
@@ -13,10 +13,10 @@ kubectl create secret generic secrets-store-creds --from-literal clientid=$CLIEN
 
 # Deploy app
 kubectl apply -f v1alpha1_secretproviderclass.yaml
-kubectl apply -f nginx-pod-secrets-store-inline-volume-secretproviderclass.yaml
+kubectl apply -f pod-secrets-store-inline-volume-secretproviderclass.yaml
 
 # wait for deployment
-kubectl wait --for=condition=ready pods/nginx-secrets-store-inline --timeout=300s
+kubectl wait --for=condition=ready pods/busybox-secrets-store-inline --timeout=300s
 
 # validate
-kubectl exec -it nginx-secrets-store-inline ls /mnt/secrets-store/
+kubectl exec busybox-secrets-store-inline ls /mnt/secrets-store/
diff --git a/...nginx-pod-inline-volume-pod-identity.yaml → ...ntity/pod-inline-volume-pod-identity.yaml b/...nginx-pod-inline-volume-pod-identity.yaml → ...ntity/pod-inline-volume-pod-identity.yaml
@@ -2,13 +2,16 @@
 kind: Pod
 apiVersion: v1
 metadata:
-  name: nginx-secrets-store-inline-podid
+  name: busybox-secrets-store-inline-podid
   labels:
     aadpodidbinding: "demo"                             # Set the label value to the selector defined in AzureIdentityBinding
 spec:
   containers:
-    - name: nginx
-      image: nginx
+    - name: busybox
+      image: k8s.gcr.io/e2e-test-images/busybox:1.29
+      command:
+        - "/bin/sh"
+        - "10000"
       volumeMounts:
       - name: secrets-store01-inline
         mountPath: "/mnt/secrets-store"

diff --git a/...-pod-inline-volume-service-principal.yaml → .../pod-inline-volume-service-principal.yaml b/...-pod-inline-volume-service-principal.yaml → .../pod-inline-volume-service-principal.yaml
@@ -2,11 +2,14 @@
 kind: Pod
 apiVersion: v1
 metadata:
-  name: nginx-secrets-store-inline
+  name: busybox-secrets-store-inline
 spec:
   containers:
-  - image: nginx
-    name: nginx
+  - name: busybox
+    image: k8s.gcr.io/e2e-test-images/busybox:1.29
+    command:
+      - "/bin/sh"
+      - "10000"
     volumeMounts:
     - name: secrets-store-inline
       mountPath: "/mnt/secrets-store"

diff --git a/examples/service-principal/windows-pod-secrets-store-inline-volume-secret-providerclass.yaml b/examples/service-principal/windows-pod-secrets-store-inline-volume-secret-providerclass.yaml
diff --git a/...etes-secret/nginx-deployment-synck8s.yaml → ...kubernetes-secret/deployment-synck8s.yaml b/...etes-secret/nginx-deployment-synck8s.yaml → ...kubernetes-secret/deployment-synck8s.yaml
@@ -1,23 +1,26 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: nginx-deployment
+  name: busybox-deployment
   labels:
-    app: nginx
+    app: busybox
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app: nginx
+      app: busybox
   template:
     metadata:
       labels:
-        app: nginx
+        app: busybox
     spec:
       terminationGracePeriodSeconds: 0
       containers:
-        - image: nginx
-          name: nginx
+        - name: busybox
+          image: k8s.gcr.io/e2e-test-images/busybox:1.29
+          command:
+            - "/bin/sh"
+            - "10000"
           env:
             - name: SECRET_USERNAME
               valueFrom:

diff --git a/...line-volume-system-assigned-identity.yaml → ...line-volume-system-assigned-identity.yaml b/...line-volume-system-assigned-identity.yaml → ...line-volume-system-assigned-identity.yaml
@@ -2,11 +2,14 @@
 kind: Pod
 apiVersion: v1
 metadata:
-  name: nginx-secrets-store-inline-system-msi
+  name: busybox-secrets-store-inline-system-msi
 spec:
   containers:
-    - name: nginx
-      image: nginx
+    - name: busybox
+      image: k8s.gcr.io/e2e-test-images/busybox:1.29
+      command:
+        - "/bin/sh"
+        - "10000"
       volumeMounts:
       - name: secrets-store01-inline
         mountPath: "/mnt/secrets-store"

diff --git a/...inline-volume-user-assigned-identity.yaml → ...inline-volume-user-assigned-identity.yaml b/...inline-volume-user-assigned-identity.yaml → ...inline-volume-user-assigned-identity.yaml
@@ -2,11 +2,14 @@
 kind: Pod
 apiVersion: v1
 metadata:
-  name: nginx-secrets-store-inline-user-msi
+  name: busybox-secrets-store-inline-user-msi
 spec:
   containers:
-    - name: nginx
-      image: nginx
+    - name: busybox
+      image: k8s.gcr.io/e2e-test-images/busybox:1.29
+      command:
+        - "/bin/sh"
+        - "10000"
       volumeMounts:
       - name: secrets-store01-inline
         mountPath: "/mnt/secrets-store"

diff --git a/test/e2e/auto_rotation_test.go b/test/e2e/auto_rotation_test.go
@@ -125,7 +125,7 @@ var _ = Describe("Test auto rotation of mount contents and K8s secrets", func()
 		p = pod.Create(pod.CreateInput{
 			Creator:                  kubeClient,
 			Config:                   config,
-			Name:                     "nginx-secrets-store-inline",
+			Name:                     "busybox-secrets-store-inline",
 			Namespace:                ns.Name,
 			SecretProviderClassName:  spc.Name,
 			NodePublishSecretRefName: nodePublishSecretRef.Name,
@@ -245,7 +245,7 @@ var _ = Describe("Test auto rotation of mount contents and K8s secrets", func()
 		p = pod.Create(pod.CreateInput{
 			Creator:                 kubeClient,
 			Config:                  config,
-			Name:                    "nginx-secrets-store-inline",
+			Name:                    "busybox-secrets-store-inline",
 			Namespace:               ns.Name,
 			SecretProviderClassName: spc.Name,
 		})
@@ -423,7 +423,7 @@ var _ = Describe("Test auto rotation of mount contents and K8s secrets", func()
 		p = pod.Create(pod.CreateInput{
 			Creator:                 kubeClient,
 			Config:                  config,
-			Name:                    "nginx-secrets-store-inline",
+			Name:                    "busybox-secrets-store-inline",
 			Namespace:               ns.Name,
 			SecretProviderClassName: spc.Name,
 			Labels:                  map[string]string{"aadpodidbinding": ns.Name},

diff --git a/test/e2e/certificates_test.go b/test/e2e/certificates_test.go
@@ -129,7 +129,7 @@ var _ = Describe("When fetching certificates and private key from Key Vault", fu
 		p = pod.Create(pod.CreateInput{
 			Creator:                  kubeClient,
 			Config:                   config,
-			Name:                     "nginx-secrets-store-inline-crd-certs",
+			Name:                     "busybox-secrets-store-inline-crd-certs",
 			Namespace:                ns.Name,
 			SecretProviderClassName:  spc.Name,
 			NodePublishSecretRefName: nodePublishSecretRef.Name,

diff --git a/test/e2e/framework/pod/pod.go b/test/e2e/framework/pod/pod.go
@@ -70,8 +70,9 @@ func Create(input CreateInput) *corev1.Pod {
 			Containers: []corev1.Container{
 				{
 					Name:            "tester",
-					Image:           "nginx",
+					Image:           "k8s.gcr.io/e2e-test-images/busybox:1.29",
 					ImagePullPolicy: corev1.PullIfNotPresent,
+					Command:         []string{"/bin/sleep", "10000"},
 					VolumeMounts: []corev1.VolumeMount{
 						{
 							Name:      "secrets-store-inline",
@@ -103,8 +104,6 @@ func Create(input CreateInput) *corev1.Pod {
 	}
 
 	if input.Config.IsWindowsTest {
-		pod.Spec.Containers[0].Image = "e2eteam/busybox:1.29"
-		pod.Spec.Containers[0].Command = []string{"powershell.exe", "-Command", "while (1) { sleep 1}"}
 		pod.Spec.NodeSelector = map[string]string{"kubernetes.io/os": "windows"}
 	} else {
 		pod.Spec.NodeSelector = map[string]string{"kubernetes.io/os": "linux"}

diff --git a/test/e2e/key_test.go b/test/e2e/key_test.go
@@ -83,7 +83,7 @@ var _ = Describe("When deploying SecretProviderClass CRD with keys", func() {
 		p = pod.Create(pod.CreateInput{
 			Creator:                  kubeClient,
 			Config:                   config,
-			Name:                     "nginx-secrets-store-inline-crd",
+			Name:                     "busybox-secrets-store-inline-crd",
 			Namespace:                ns.Name,
 			SecretProviderClassName:  spc.Name,
 			NodePublishSecretRefName: nodePublishSecretRef.Name,