gardener · prashanth26 · Dec 2, 2020 · Nov 27, 2020 · Nov 29, 2020 · Nov 27, 2020
@@ -99,7 +99,7 @@ func main() {
 		log.Fatalf("Could not parse machine class yaml: %s", err)
 	}
 
-	driver := driver.NewDriver(machineID, &secret, classKind, machineclass, machineName)
+	driver := driver.NewDriver(machineID, secret.Data, classKind, machineclass, machineName)
 
 	if machineID == "" {
 		id, name, err := driver.Create()

@@ -9,4 +9,7 @@ data:
   userData: "encoded-cloud-config" # Alicloud cloud config file (base64 encoded)
   alicloudAccessKeyID: "alicloud-access-key-id" # Alicloud access key ID (base64 encoded)
   alicloudAccessKeySecret: "alicloud-access-key-secret" # Alicloud secret access key (base64 encoded)
+### Alternative data keys are:
+# accessKeyID: "alicloud-access-key-id" # Alicloud access key ID (base64 encoded)
+# accessKeySecret: "alicloud-access-key-secret" # Alicloud secret access key (base64 encoded)
 type: Opaque
@@ -9,4 +9,7 @@ data:
   userData: "encoded-cloud-config" # AWS cloud config file (base64 encoded)
   providerAccessKeyId: "pqrstu67890" # AWS access key id (base64 encoded)
   providerSecretAccessKey: "abcdef123456" # AWS secret access key (base64 encoded)
+### Alternative data keys are:
+# accessKeyId: "pqrstu67890" # AWS access key id (base64 encoded)
+# secretAccessKey: "abcdef123456" # AWS secret access key (base64 encoded)
 type: Opaque
@@ -11,4 +11,9 @@ data:
   azureClientSecret: "azure-client-secret" # Azure client secret (base64 encoded)
   azureSubscriptionId: "azure-subscription-id" # Azure subscription id (base64 encoded)
   azureTenantId: "azure-tenant-id" # Azure tenant id (base64 encoded)
+### Alternative data keys are:
+# clientID: "azure-client-id" # Azure client id (base64 encoded)
+# clientSecret: "azure-client-secret" # Azure client secret (base64 encoded)
+# subscriptionID: "azure-subscription-id" # Azure subscription id (base64 encoded)
+# tenantID: "azure-tenant-id" # Azure tenant id (base64 encoded)
 type: Opaque
@@ -8,4 +8,6 @@ metadata:
 data:
   userData: "encoded-cloud-config" # GCP cloud config file (base64 encoded)
   serviceAccountJSON: "{...}" # GCP service account json object (base64 encoded)
+### Alternative data keys are:
+# serviceaccount.json: "{...}" # GCP service account json object (base64 encoded)
 type: Opaque
@@ -51,6 +51,19 @@ spec:
           properties:
             IoOptimized:
               type: string
+            credentialsSecretRef:
+              description: SecretReference represents a Secret Reference. It has enough
+                information to retrieve secret in any namespace
+              properties:
+                name:
+                  description: Name is unique within a namespace to reference a secret
+                    resource.
+                  type: string
+                namespace:
+                  description: Namespace defines the space within which the secret
+                    name must be unique.
+                  type: string
+              type: object
             dataDisks:
               items:
                 properties:

@@ -135,6 +135,19 @@ spec:
                     type: string
                 type: object
               type: array
+            credentialsSecretRef:
+              description: SecretReference represents a Secret Reference. It has enough
+                information to retrieve secret in any namespace
+              properties:
+                name:
+                  description: Name is unique within a namespace to reference a secret
+                    resource.
+                  type: string
+                namespace:
+                  description: Namespace defines the space within which the secret
+                    name must be unique.
+                  type: string
+              type: object
             ebsOptimized:
               type: boolean
             iam:

@@ -49,6 +49,19 @@ spec:
         spec:
           description: AzureMachineClassSpec is the specification of a AzureMachineClass.
           properties:
+            credentialsSecretRef:
+              description: SecretReference represents a Secret Reference. It has enough
+                information to retrieve secret in any namespace
+              properties:
+                name:
+                  description: Name is unique within a namespace to reference a secret
+                    resource.
+                  type: string
+                namespace:
+                  description: Namespace defines the space within which the secret
+                    name must be unique.
+                  type: string
+              type: object
             location:
               type: string
             properties:

@@ -51,6 +51,19 @@ spec:
           properties:
             canIpForward:
               type: boolean
+            credentialsSecretRef:
+              description: SecretReference represents a Secret Reference. It has enough
+                information to retrieve secret in any namespace
+              properties:
+                name:
+                  description: Name is unique within a namespace to reference a secret
+                    resource.
+                  type: string
+                namespace:
+                  description: Namespace defines the space within which the secret
+                    name must be unique.
+                  type: string
+              type: object
             deletionProtection:
               type: boolean
             description:

@@ -25,6 +25,21 @@ spec:
             of an object. Servers should convert recognized schemas to the latest
             internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
           type: string
+        credentialsSecretRef:
+          description: CredentialsSecretRef can optionally store the credentials (in
+            this case the SecretRef does not need to store them). This might be useful
+            if multiple machine classes with the same credentials but different user-datas
+            are used.
+          properties:
+            name:
+              description: Name is unique within a namespace to reference a secret
+                resource.
+              type: string
+            namespace:
+              description: Namespace defines the space within which the secret name
+                must be unique.
+              type: string
+          type: object
         kind:
           description: 'Kind is a string value representing the REST resource this
             object represents. Servers may infer this from the endpoint the client
@@ -40,8 +55,8 @@ spec:
           description: Provider-specific configuration to use during node creation.
           type: object
         secretRef:
-          description: SecretRef stores the necessary secrets such as credetials or
-            userdata.
+          description: SecretRef stores the necessary secrets such as credentials
+            or userdata.
           properties:
             name:
               description: Name is unique within a namespace to reference a secret

@@ -59,6 +59,9 @@ spec:
             object represents. Servers may infer this from the endpoint the client
             submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
           type: string
+        metadata:
+          description: Standard object metadata.
+          type: object
         spec:
           description: Specification of the desired behavior of the MachineDeployment.
           properties:

@@ -54,6 +54,19 @@ spec:
           properties:
             availabilityZone:
               type: string
+            credentialsSecretRef:
+              description: SecretReference represents a Secret Reference. It has enough
+                information to retrieve secret in any namespace
+              properties:
+                name:
+                  description: Name is unique within a namespace to reference a secret
+                    resource.
+                  type: string
+                namespace:
+                  description: Namespace defines the space within which the secret
+                    name must be unique.
+                  type: string
+              type: object
             flavorName:
               type: string
             imageID:

@@ -46,6 +46,19 @@ spec:
               type: string
             billingCycle:
               type: string
+            credentialsSecretRef:
+              description: SecretReference represents a Secret Reference. It has enough
+                information to retrieve secret in any namespace
+              properties:
+                name:
+                  description: Name is unique within a namespace to reference a secret
+                    resource.
+                  type: string
+                namespace:
+                  description: Namespace defines the space within which the secret
+                    name must be unique.
+                  type: string
+              type: object
             facility:
               items:
                 type: string

@@ -42,3 +42,6 @@ spec:
   secretRef: # Secret pointing to a secret which contains the provider secret and cloudconfig
     namespace: default  # Namespace
     name: test-secret # Name of the secret
+# credentialsSecretRef: # Optional - Kubernetes secret containing only provider secrets (in this case the Secret in the secretRef does not need them)
+#   name: "test-secret-credentials" # Name of the secret
+#   namespace: "default" # Namespace of secret
@@ -24,6 +24,9 @@ spec:
   secretRef: # Secret pointing to a secret which contains the provider secret and cloudconfig
     namespace: default  # Namespace
     name: test-secret # Name of the secret
+# credentialsSecretRef: # Optional - Kubernetes secret containing only provider secrets (in this case the Secret in the secretRef does not need them)
+#   name: "test-secret-credentials" # Name of the secret
+#   namespace: "default" # Namespace of secret
   blockDevices:
     - deviceName: /root
       ebs:
@@ -36,4 +39,4 @@ spec:
         volumeSize: 50  # Size of the root block device
         volumeType: gp2 # Type of the root block device
         encrypted: true
-        deleteOnTermination: true
+        deleteOnTermination: true
@@ -14,6 +14,9 @@ spec:
   secretRef: # Kubernetes secret containing values for provider secrets and user-data
     name: "test-secret" # Name of the secret
     namespace: "default" # Namespace of secret
+# credentialsSecretRef: # Optional - Kubernetes secret containing only provider secrets (in this case the Secret in the secretRef does not need them)
+#   name: "test-secret-credentials" # Name of the secret
+#   namespace: "default" # Namespace of secret
   tags:
     kubernetes.io-cluster-YOUR_CLUSTER_NAME: "1" # This is mandatory as the safety controller uses this tag to identify VMs created by this controller.
     kubernetes.io-role-YOUR_ROLE_NAME: "1" # This is mandatory as the safety controller uses this tag to identify VMs created by this controller.

@@ -41,6 +41,9 @@ spec:
   secretRef: # Kubernetes secret containing values for provider secrets and user-data
     name: "test-secret" # Name of the secret
     namespace: "default" # Namespace of secret
+# credentialsSecretRef: # Optional - Kubernetes secret containing only provider secrets (in this case the Secret in the secretRef does not need them)
+#   name: "test-secret-credentials" # Name of the secret
+#   namespace: "default" # Namespace of secret
   serviceAccounts:
   - email: default@project.iam.gserviceaccount.com # Service account email
     scopes: # List of scopes

@@ -28,3 +28,6 @@ spec:
   secretRef: # Secret pointing to a secret which contains the provider secret and cloudconfig
     namespace: default  # Namespace
     name: test-secret # Name of the secret
+# credentialsSecretRef: # Optional - Kubernetes secret containing only provider secrets (in this case the Secret in the secretRef does not need them)
+#   name: "test-secret-credentials" # Name of the secret
+#   namespace: "default" # Namespace of secret
@@ -21,3 +21,6 @@ spec:
   secretRef: # Secret pointing to a secret which contains the provider secret and cloudconfig
     namespace: default  # Namespace
     name: test-secret # Name of the secret
+# credentialsSecretRef: # Optional - Kubernetes secret containing only provider secrets (in this case the Secret in the secretRef does not need them)
+#   name: "test-secret-credentials" # Name of the secret
+#   namespace: "default" # Namespace of secret