fix: optionally skip reading the config from the API server#2940
fix: optionally skip reading the config from the API server#2940k8s-ci-robot merged 1 commit intokubernetes-sigs:masterfrom
Conversation
k8s-ci-robot
added
kind/bug
k8s-ci-robot
added
the
size/S
|
@andyzhangx this PR is for discussion. I can easily make the driver to use |
andyzhangx
changed the title
There was a problem hiding this comment.
Pull request overview
This PR adds the ability to skip reading the driver configuration from the Kubernetes API server by explicitly setting the -cloud-config-secret-name or -cloud-config-secret-namespace flags to empty strings. This allows the driver to use only the AZURE_CREDENTIAL_FILE environment variable without making API calls.
Changes:
- Modified the condition to skip Kubernetes secret reading when either
secretNameorsecretNamespaceis an empty string - Updated logging to distinguish between disabled secret reading and failed secret reading
- Updated test to provide non-empty secret name and namespace parameters for future-proofing
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| pkg/azurefile/azure.go | Added checks to skip API server config reading when secret name or namespace are empty strings, and updated logging accordingly |
| pkg/azurefile/azure_test.go | Updated test to pass concrete secret name and namespace values instead of empty strings |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Skip reading the driver configuration from the API server when -cloud-config-secret-name or -cloud-config-secret-namespace is explicitly set to an empty string. The unit test change is technically not necessary - no unit test actually tries to get the Secret from provided namespace / name, it only make the unit test future proof once they start doing so.
|
/test pull-azurefile-csi-driver-external-e2e-nfs |
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 3 out of 3 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: andyzhangx, jsafrane The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
/cherrypick release-1.34 |
|
@andyzhangx: new pull request created: #2942 DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
What type of PR is this?
/kind bug
What this PR does / why we need it:
Skip reading the driver configuration from the API server when
-cloud-config-secret-nameor-cloud-config-secret-namespaceis explicitly set to an empty string.The unit test change is technically not necessary - no unit test actually tries to get the Secret from provided namespace / name, it only make the unit test future proof once they start doing so.
Which issue(s) this PR fixes:
Fixes #2939
This fixes the aforementioned bug in a backward compatible way. If anyone set
AZURE_CREDENTIAL_FILE, the driver by default still reads the config from the Kubernetes API server Secret. Only when someone explicitly sets-cloud-config-secret-nameto"", the driver usesAZURE_CREDENTIAL_FILEenv var without talking to the API server.I think this makes the Deployments in this repository working as they are today.
Requirements:
--helpstrings)Release note: