util: allow configuring VAULT_AUTH_MOUNT_PATH for Vault Tenant SA KMS

[nixpanic]

The VAULT_AUTH_MOUNT_PATH is a Vault configuration parameter that allows
a user to set a non default path for the Kubernetes ServiceAccount
integration. This can already be configured for the Vault KMS, and is
now added to the Vault Tenant SA KMS as well.

---

Show available bot commands

These commands are normally not required, but in case of issues, leave any of
the following bot commands in an otherwise empty comment in this PR:

• /retest ci/centos/<job-name>: retest the <job-name> after unrelated
  failure (please report the failure too!)
• /retest all: run this in case the CentOS CI failed to start/report any test
  progress or results

[Madhu-1]

code = InvalidArgument desc = invalid encryption kms configuration: failed creating new Vault Secrets: Error making API request.
URL: PUT http://vault.cephcsi-e2e-2fdab8bd.svc.cluster.local:8200/v1/auth/v1/auth/kubernetes/login/login
Code: 400. Errors:

• missing client token

@nixpanic CI is failing PTAL.

[Madhu-1]

http://vault.cephcsi-e2e-2fdab8bd.svc.cluster.local:8200/v1/auth/v1/auth/kubernetes/login/login

URL seems problamatic.

Pull request has been modified.

[nixpanic]

/retest ci/centos/mini-e2e-helm/k8s-1.19

[nixpanic]

/retest ci/centos/mini-e2e/k8s-1.20

[nixpanic]

/retest ci/centos/mini-e2e-helm/k8s-1.19

New etcdserver timeout related error (logs):

Jul 26 14:17:53.181: INFO: waiting for PVC rbd-80810 (112 seconds elapsed)
Jul 26 14:18:00.773: INFO: Error getting pvc "rbd-80810" in namespace "rbd-8081": etcdserver: request timed out
Jul 26 14:18:01.182: INFO: waiting for PVC rbd-80810 (120 seconds elapsed)
Jul 26 14:18:01.711: INFO: Error getting pvc "rbd-80810" in namespace "rbd-8081": rpc error: code = Unavailable desc = transport is closing
Jul 26 14:18:01.711: INFO: failed to create PVC (rbd-80810): failed to get pvc: rpc error: code = Unavailable desc = transport is closing
Jul 26 14:18:01.711: FAIL: creating PVCs failed, 1 errors were logged

[nixpanic]

/retest ci/centos/mini-e2e/k8s-1.20

Failed to deploy CephFS RBAC (logs):

Jul 26 13:54:42.766: INFO: Running '/usr/bin/kubectl --server=https://192.168.39.187:8443 --kubeconfig=/root/.kube/config --namespace=cephcsi-e2e-ea434921 create --namespace=cephcsi-e2e-ea434921 -f -'
Jul 26 13:55:04.448: INFO: rc: 1
Jul 26 13:55:04.448: FAIL: failed to create CephFS provisioner rbac with error error running /usr/bin/kubectl --server=https://192.168.39.187:8443 --kubeconfig=/root/.kube/config --namespace=cephcsi-e2e-ea434921 create --namespace=cephcsi-e2e-ea434921 -f -:
Command stdout:
role.rbac.authorization.k8s.io/cephfs-external-provisioner-cfg created
rolebinding.rbac.authorization.k8s.io/cephfs-csi-provisioner-role-cfg created

stderr:
Error from server: error when creating "STDIN": etcdserver: request timed out
Error from server: error when creating "STDIN": etcdserver: request timed out
Error from server: error when creating "STDIN": etcdserver: request timed out

error:
exit status 1

[nixpanic]

/retest ci/centos/mini-e2e

[nixpanic]

/retest ci/centos/mini-e2e-helm

[nixpanic]

@Mergifyio rebase

Required for change in CentOS image used by e2e #2349

[mergify]

Command rebase: success

Branch has been successfully rebased

[nixpanic]

/retest ci/centos/mini-e2e-helm/k8s-1.21

[nixpanic]

/retest ci/centos/mini-e2e-helm/k8s-1.21

Failed due to etcdserver timeout (logs):

Aug  3 15:47:04.927: INFO: waiting for PVC raw-block-pvc (0 seconds elapsed)
Aug  3 15:47:11.936: INFO: Error getting pvc in namespace: '': etcdserver: request timed out
Aug  3 15:47:13.937: INFO: waiting for PVC  (9 seconds elapsed)
Aug  3 15:47:13.937: INFO: Error getting pvc in namespace: '': an empty namespace may not be set when a resource name is provided
Aug  3 15:47:13.937: FAIL: validating thick-provisioning failed: failed to expand PVC: failed to get pvc: an empty namespace may not be set when a resource name is provided

[nixpanic]

/retest ci/centos/mini-e2e-helm/k8s-1.19

[nixpanic]

@Mergifyio rebase

[mergify]

Command rebase: success

Branch has been successfully rebased

[nixpanic]

This should not have been closed 😞

[nixpanic]

/retest ci/centos/mini-e2e/k8s-1.21

[nixpanic]

/retest ci/centos/mini-e2e/k8s-1.21

e2e failed to deploy rbd component (logs):

Aug  4 10:46:40.250: INFO: Running '/usr/bin/kubectl --server=https://192.168.39.12:8443 --kubeconfig=/root/.kube/config --namespace=cephcsi-e2e-212c5ecc create -f -'
Aug  4 10:46:47.691: INFO: rc: 1
Aug  4 10:46:49.691: INFO: Running '/usr/bin/kubectl --server=https://192.168.39.12:8443 --kubeconfig=/root/.kube/config --namespace=cephcsi-e2e-212c5ecc create -f -'
Aug  4 10:46:50.116: INFO: rc: 1
Aug  4 10:46:50.117: INFO: will run kubectl (create) again (9 seconds elapsed)
Aug  4 10:46:50.117: FAIL: failed to create vault statefulset failed to run kubectl: error running /usr/bin/kubectl --server=https://192.168.39.12:8443 --kubeconfig=/root/.kube/config --namespace=cephcsi-e2e-212c5ecc create -f -:
Command stdout:

stderr:
Error from server (AlreadyExists): error when creating "STDIN": serviceaccounts "rbd-csi-vault-token-review" already exists
Error from server (AlreadyExists): error when creating "STDIN": clusterroles.rbac.authorization.k8s.io "rbd-csi-vault-token-review" already exists
Error from server (AlreadyExists): error when creating "STDIN": clusterrolebindings.rbac.authorization.k8s.io "rbd-csi-vault-token-review" already exists

error:
exit status 1

Should get fixed with #2329

[nixpanic]

/retest ci/centos/mini-e2e-helm/k8s-1.22

[nixpanic]

/retest ci/centos/mini-e2e-helm/k8s-1.22

resizing cephfs volume failed (logs):

Aug  4 11:56:29.209: INFO: current size in status {{1073741824 0} {<nil>} 1Gi BinarySI},expected size {{10737418240 0} {<nil>} 10Gi BinarySI}
Aug  4 11:56:29.209: INFO: waiting for PVC csi-cephfs-pvc (600 seconds elapsed)
Aug  4 11:56:29.212: INFO: current size in status {{1073741824 0} {<nil>} 1Gi BinarySI},expected size {{10737418240 0} {<nil>} 10Gi BinarySI}
Aug  4 11:56:29.212: FAIL: failed to resize PVC with error timed out waiting for the condition

[nixpanic]

/retest ci/centos/mini-e2e/k8s-1.21

[nixpanic]

/retest ci/centos/mini-e2e/k8s-1.21

[nixpanic]

@Mergifyio rebase

More PRs got merged, lets restart CI jobs

[mergify]

Command rebase: success

Branch has been successfully rebased

[Madhu-1]

/test ci/centos/mini-e2e/k8s-1.21

[Madhu-1]

/test ci/centos/mini-e2e/k8s-1.21

`Aug 4 20:23:22.683: INFO: >>> kubeConfig: /root/.kube/config
Aug 4 20:23:23.708: INFO: stdErr occurred: /bin/sh: 1: cannot create /var/lib/www/html/test: Read-only file system

Aug 4 20:23:23.708: FAIL: failed to write IO, err: command terminated with exit code 2, stdErr: /bin/sh: 1: cannot create /var/lib/www/html/test: Read-only file system
`
https://jenkins-ceph-csi.apps.ocp.ci.centos.org/blue/rest/organizations/jenkins/pipelines/mini-e2e_k8s-1.21/runs/624/nodes/87/steps/90/log/?start=0

[pkalever]

/test ci/centos/mini-e2e/k8s-1.21

`Aug 4 20:23:22.683: INFO: >>> kubeConfig: /root/.kube/config
Aug 4 20:23:23.708: INFO: stdErr occurred: /bin/sh: 1: cannot create /var/lib/www/html/test: Read-only file system

Aug 4 20:23:23.708: FAIL: failed to write IO, err: command terminated with exit code 2, stdErr: /bin/sh: 1: cannot create /var/lib/www/html/test: Read-only file system
`
https://jenkins-ceph-csi.apps.ocp.ci.centos.org/blue/rest/organizations/jenkins/pipelines/mini-e2e_k8s-1.21/runs/624/nodes/87/steps/90/log/?start=0

Cool!! good catch ceph-csi CI :-)

Looking into this now. And thanks for reporting this @Madhu-1 👍