New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow setting Azure cloud provider from Kubernetes secrets instread of local configure file #78242
Allow setting Azure cloud provider from Kubernetes secrets instread of local configure file #78242
Conversation
f9b9cf3
to
cde137a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
one question about the code logic, we have two path
init --> NewCloud --> initializeCloudFromConfig(fromSecret: false)
Cloud.Initialize --> initializeCloudFromSecret --> initializeCloudFromConfig(fromSecret: true)
so init
would be invoked first and Cloud.Initialize
could be invoked second, and finally it will goto initializeCloudFromConfig
, right?
staging/src/k8s.io/legacy-cloud-providers/azure/azure_config.go
Outdated
Show resolved
Hide resolved
staging/src/k8s.io/legacy-cloud-providers/azure/azure_config.go
Outdated
Show resolved
Hide resolved
cde137a
to
609f8cf
Compare
/retest |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
one question about the code logic, we have two path
init --> NewCloud --> initializeCloudFromConfig(fromSecret: false)
Cloud.Initialize --> initializeCloudFromSecret --> initializeCloudFromConfig(fromSecret: true)
so init
would be invoked first and Cloud.Initialize
could be invoked second, and finally it will goto initializeCloudFromConfig
, right?
Both would go to initializeCloudFromConfig, the difference is Kubelet won't invoke |
There are other drivers like CSI driver would also leverage this azure cloud provider lib, it uses |
609f8cf
to
d127ef5
Compare
/hold So sorry for the last minute hold, but I think the kubelet checks are worth raising a flag for. Can we do this change without the kubelet checks? |
@andrewsykim thanks for reviewing. Agreed, the Kubelet check should be changed in alternative ways. will address these comments before v1.15 release |
/hold cancel Thanks @feiskyer |
heads up @claurence, we might have some follow-up PRs come in for this one |
/hold @feiskyer addressing comments given the code freeze extension |
@andrewsykim Addressed comments. PTAL /hold cancel |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: andrewsykim, feiskyer, justaugustus The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm, thanks for iterating @feiskyer!
@feiskyer will these capabilities ever be backported into pre-1.15 k8s or is this only applicable for 1.15 and greater? |
It won't be backported, only applicable for 1.15 and greater |
* feat: add support for Kubernetes 1.15.0-beta.2 See https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.15.md#changelog-since-v1150-beta1 * chore: add cluster role and binding for Azure secret getter See kubernetes/kubernetes#78242
@jackfrancis Yep, the feature is only available for v1.15 and greater |
What type of PR is this?
What this PR does / why we need it:
Refer Azure/container-upstream#27. This PR allows configure Azure cloud provider from Kubernetes secrets.
To support this, a new option
cloudConfigType
is added. Supported values are:Note that the secret is a serialized version of azure.json file with key
cloud-config
. And the secret name isazure-cloud-provider
.Since Azure cloud provider would read Kubernetes secrets, the following RBAC should also be configured:
Which issue(s) this PR fixes:
Fixes Azure/container-upstream#27
Special notes for your reviewer:
Does this PR introduce a user-facing change?:
/sig azure
/kind feature
/priority important-soon
/assign @khenidak @andyzhangx