Merge pull request #2942 from k8s-infra-cherrypick-robot/cherry-pick-2940-to-release-1.34

[release-1.34] fix: optionally skip reading the config from the API server

Author: k8s-ci-robot

pkg/azurefile/azure.go

@@ -99,7 +99,7 @@ func getCloudProvider(ctx context.Context, kubeconfig, nodeID, secretName, secre
 		}
 	}
 
-	if kubeClient != nil {
+	if kubeClient != nil && secretName != "" && secretNamespace != "" {
 		klog.V(2).Infof("reading cloud config from secret %s/%s", secretNamespace, secretName)
 		config, err = configloader.Load[azureconfig.Config](ctx, &configloader.K8sSecretLoaderConfig{
 			K8sSecretConfig: configloader.K8sSecretConfig{
@@ -118,7 +118,11 @@ func getCloudProvider(ctx context.Context, kubeconfig, nodeID, secretName, secre
 	}
 
 	if config == nil {
-		klog.V(2).Infof("could not read cloud config from secret %s/%s", secretNamespace, secretName)
+		if secretName == "" || secretNamespace == "" {
+			klog.V(2).Infof("reading cloud config from a Kubernetes secret is disabled")
+		} else {
+			klog.V(2).Infof("could not read cloud config from secret %s/%s", secretNamespace, secretName)
+		}
 		credFile, ok := os.LookupEnv(DefaultAzureCredentialFileEnv)
 		if ok && strings.TrimSpace(credFile) != "" {
 			klog.V(2).Infof("%s env var set as %v", DefaultAzureCredentialFileEnv, credFile)

pkg/azurefile/azure_test.go

@@ -268,7 +268,7 @@ users:
 			t.Setenv("AZURE_FEDERATED_TOKEN_FILE", test.aadFederatedTokenFile)
 		}
 
-		cloud, _, err := getCloudProvider(context.Background(), test.kubeconfig, "", "", "", test.userAgent, test.allowEmptyCloudConfig, false, 5, 10)
+		cloud, _, err := getCloudProvider(context.Background(), test.kubeconfig, "", "azure-cloud-provider", "kube-system", test.userAgent, test.allowEmptyCloudConfig, false, 5, 10)
 		if test.expectedErr.DefaultError != nil && test.expectedErr.WindowsError != nil {
 			if !testutil.AssertError(err, &test.expectedErr) && !strings.Contains(err.Error(), test.expectedErr.DefaultError.Error()) {
 				t.Errorf("desc: %s,\n input: %q, getCloudProvider err: %v, expectedErr: %v", test.desc, test.kubeconfig, err, test.expectedErr)

pkg/azurefile/azurefile_options.go

@@ -65,8 +65,8 @@ func (o *DriverOptions) AddFlags() *flag.FlagSet {
 	fs.StringVar(&o.DriverName, "drivername", DefaultDriverName, "name of the driver")
 	fs.BoolVar(&o.EnableAzurefileProxy, "enable-azurefile-proxy", false, "enable azurefile proxy")
 	fs.StringVar(&o.AzureFileProxyEndpoint, "azurefile-proxy-endpoint", "unix://tmp/azurefile-proxy.sock", "azurefile-proxy endpoint")
-	fs.StringVar(&o.CloudConfigSecretName, "cloud-config-secret-name", "azure-cloud-provider", "secret name of cloud config")
-	fs.StringVar(&o.CloudConfigSecretNamespace, "cloud-config-secret-namespace", "kube-system", "secret namespace of cloud config")
+	fs.StringVar(&o.CloudConfigSecretName, "cloud-config-secret-name", "azure-cloud-provider", "secret name of cloud config. If set to an empty string, the driver will not read cloud config from a Kubernetes secret.")
+	fs.StringVar(&o.CloudConfigSecretNamespace, "cloud-config-secret-namespace", "kube-system", "secret namespace of cloud config. If set to an empty string, the driver will not read cloud config from a Kubernetes secret.")
 	fs.StringVar(&o.CustomUserAgent, "custom-user-agent", "", "custom userAgent")
 	fs.StringVar(&o.UserAgentSuffix, "user-agent-suffix", "", "userAgent suffix")
 	fs.BoolVar(&o.AllowEmptyCloudConfig, "allow-empty-cloud-config", true, "allow running driver without cloud config")