Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add projected sa token config #4809

Merged
merged 1 commit into from Nov 2, 2023
Merged

add projected sa token config #4809

merged 1 commit into from Nov 2, 2023

Conversation

sonasingh46
Copy link
Contributor

What this PR does / why we need it:

This PR adds helm config to project service account token for cloud controller manager which is required for workload identity.

Which issue(s) this PR fixes:

Partially Fixes kubernetes-sigs/cluster-api-provider-azure#3589

Special notes for your reviewer:

Does this PR introduce a user-facing change?

Add config to project service account token for workload identity

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

None

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/needs-kind labels Oct 17, 2023
@k8s-ci-robot k8s-ci-robot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Oct 17, 2023
@sonasingh46 sonasingh46 mentioned this pull request Oct 17, 2023
Open
4 tasks
@MartinForReal
Copy link
Contributor

@sonasingh46 Could you please update the readme as well? I think additional config for workload identity is required if we want to enable workload identity for cloud provider.

@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Oct 17, 2023
@sonasingh46
Copy link
Contributor Author

@MartinForReal -- How can I fix the test-helm errors? I updated the readme.

@MartinForReal
Copy link
Contributor

/assign @lzhecheng

feiskyer
feiskyer reviewed Oct 25, 2023
View reviewed changes
Copy link
Member

@feiskyer feiskyer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Oct 25, 2023
feiskyer
feiskyer reviewed Oct 25, 2023
View reviewed changes
Copy link
Member

@feiskyer feiskyer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just noticed an existing chart is bumped in this PR. Could you bump the chart version and re-generate again?

/lgtm cancel

@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Oct 25, 2023
@sonasingh46
add projected sa token config
a016c05 
Signed-off-by: Ashutosh Kumar <sonasingh46@gmail.com>
@sonasingh46
Copy link
Contributor Author

@feiskyer -- Done

@nilo19
Copy link
Contributor

nilo19 commented Oct 31, 2023

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Oct 31, 2023
@MartinForReal
Copy link
Contributor

/retest

@CecileRobertMichon
Copy link
Contributor

/kind feature

@k8s-ci-robot k8s-ci-robot added kind/feature Categorizes issue or PR as related to a new feature. and removed do-not-merge/needs-kind labels Nov 1, 2023
@CecileRobertMichon
Copy link
Contributor

@lzhecheng @feiskyer PTAL this is blocking CAPZ workload identity

@lzhecheng
Copy link
Contributor

/approve

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: lzhecheng, sonasingh46

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Nov 2, 2023
@k8s-ci-robot k8s-ci-robot merged commit f456a5d into kubernetes-sigs:master Nov 2, 2023
12 checks passed
@nojnhuh nojnhuh mentioned this pull request Nov 2, 2023
Merged
@andyzhangx
Copy link
Member

andyzhangx commented Nov 3, 2023
edited

@sonasingh46 we are hitting lots of following errors in the csi driver e2e test:

Release "cloud-provider-azure" does not exist. Installing it now.
Error: 1 error occurred:
	* Deployment.apps "cloud-controller-manager" is invalid: spec.template.spec.containers[0].volumeMounts[3].name: Not found: "projectedToken"
CCM cluster CIDR: 192.168.0.0/16
Installing cloud-provider-azure components via helm
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /home/prow/go/src/sigs.k8s.io/cluster-api-provider-azure/kubeconfig
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /home/prow/go/src/sigs.k8s.io/cluster-api-provider-azure/kubeconfig
Error: UPGRADE FAILED: failed to create resource: Deployment.apps "cloud-controller-manager" is invalid: spec.template.spec.containers[0].volumeMounts[3].name: Not found: "projectedToken"

https://storage.googleapis.com/kubernetes-jenkins/pr-logs/pull/kubernetes-sigs_azuredisk-csi-driver/2035/pull-azuredisk-csi-driver-e2e-capz/1720087417538482176/build-log.txt

it's on v1.25.6, how can I overcome this issue?

@andyzhangx
Copy link
Member

ok, I see it's fixed by #4921

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@feiskyer feiskyer feiskyer left review comments

@andyzhangx andyzhangx Awaiting requested review from andyzhangx

@MartinForReal MartinForReal Awaiting requested review from MartinForReal

Assignees

@feiskyer feiskyer

@lzhecheng lzhecheng

@nilo19 nilo19

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/feature Categorizes issue or PR as related to a new feature. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

capz should support UX for using workload identity in cloud provider azure
8 participants
@sonasingh46 @MartinForReal @nilo19 @CecileRobertMichon @lzhecheng @k8s-ci-robot @andyzhangx @feiskyer