From 895283936d0316f1c023c1b0e08d762a2281cbc0 Mon Sep 17 00:00:00 2001 From: Jan Safranek Date: Mon, 12 Jan 2026 17:57:42 +0100 Subject: [PATCH] fix: optionally skip reading the config from the API server Skip reading the driver configuration from the API server when -cloud-config-secret-name or -cloud-config-secret-namespace is explicitly set to an empty string. The unit test change is technically not necessary - no unit test actually tries to get the Secret from provided namespace / name, it only make the unit test future proof once they start doing so. --- pkg/azurefile/azure.go | 8 ++++++-- pkg/azurefile/azure_test.go | 2 +- pkg/azurefile/azurefile_options.go | 4 ++-- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/pkg/azurefile/azure.go b/pkg/azurefile/azure.go index bea9605e5a..1076c2b688 100644 --- a/pkg/azurefile/azure.go +++ b/pkg/azurefile/azure.go @@ -99,7 +99,7 @@ func getCloudProvider(ctx context.Context, kubeconfig, nodeID, secretName, secre } } - if kubeClient != nil { + if kubeClient != nil && secretName != "" && secretNamespace != "" { klog.V(2).Infof("reading cloud config from secret %s/%s", secretNamespace, secretName) config, err = configloader.Load[azureconfig.Config](ctx, &configloader.K8sSecretLoaderConfig{ K8sSecretConfig: configloader.K8sSecretConfig{ @@ -118,7 +118,11 @@ func getCloudProvider(ctx context.Context, kubeconfig, nodeID, secretName, secre } if config == nil { - klog.V(2).Infof("could not read cloud config from secret %s/%s", secretNamespace, secretName) + if secretName == "" || secretNamespace == "" { + klog.V(2).Infof("reading cloud config from a Kubernetes secret is disabled") + } else { + klog.V(2).Infof("could not read cloud config from secret %s/%s", secretNamespace, secretName) + } credFile, ok := os.LookupEnv(DefaultAzureCredentialFileEnv) if ok && strings.TrimSpace(credFile) != "" { klog.V(2).Infof("%s env var set as %v", DefaultAzureCredentialFileEnv, credFile) diff --git a/pkg/azurefile/azure_test.go b/pkg/azurefile/azure_test.go index 5a1faef6c8..5fa430e21f 100644 --- a/pkg/azurefile/azure_test.go +++ b/pkg/azurefile/azure_test.go @@ -268,7 +268,7 @@ users: t.Setenv("AZURE_FEDERATED_TOKEN_FILE", test.aadFederatedTokenFile) } - cloud, _, err := getCloudProvider(context.Background(), test.kubeconfig, "", "", "", test.userAgent, test.allowEmptyCloudConfig, false, 5, 10) + cloud, _, err := getCloudProvider(context.Background(), test.kubeconfig, "", "azure-cloud-provider", "kube-system", test.userAgent, test.allowEmptyCloudConfig, false, 5, 10) if test.expectedErr.DefaultError != nil && test.expectedErr.WindowsError != nil { if !testutil.AssertError(err, &test.expectedErr) && !strings.Contains(err.Error(), test.expectedErr.DefaultError.Error()) { t.Errorf("desc: %s,\n input: %q, getCloudProvider err: %v, expectedErr: %v", test.desc, test.kubeconfig, err, test.expectedErr) diff --git a/pkg/azurefile/azurefile_options.go b/pkg/azurefile/azurefile_options.go index e30e4904fe..998293ff6d 100644 --- a/pkg/azurefile/azurefile_options.go +++ b/pkg/azurefile/azurefile_options.go @@ -65,8 +65,8 @@ func (o *DriverOptions) AddFlags() *flag.FlagSet { fs.StringVar(&o.DriverName, "drivername", DefaultDriverName, "name of the driver") fs.BoolVar(&o.EnableAzurefileProxy, "enable-azurefile-proxy", false, "enable azurefile proxy") fs.StringVar(&o.AzureFileProxyEndpoint, "azurefile-proxy-endpoint", "unix://tmp/azurefile-proxy.sock", "azurefile-proxy endpoint") - fs.StringVar(&o.CloudConfigSecretName, "cloud-config-secret-name", "azure-cloud-provider", "secret name of cloud config") - fs.StringVar(&o.CloudConfigSecretNamespace, "cloud-config-secret-namespace", "kube-system", "secret namespace of cloud config") + fs.StringVar(&o.CloudConfigSecretName, "cloud-config-secret-name", "azure-cloud-provider", "secret name of cloud config. If set to an empty string, the driver will not read cloud config from a Kubernetes secret.") + fs.StringVar(&o.CloudConfigSecretNamespace, "cloud-config-secret-namespace", "kube-system", "secret namespace of cloud config. If set to an empty string, the driver will not read cloud config from a Kubernetes secret.") fs.StringVar(&o.CustomUserAgent, "custom-user-agent", "", "custom userAgent") fs.StringVar(&o.UserAgentSuffix, "user-agent-suffix", "", "userAgent suffix") fs.BoolVar(&o.AllowEmptyCloudConfig, "allow-empty-cloud-config", true, "allow running driver without cloud config")