From dd4cefe5bb81dd36c477e0adebf9dd71f536c150 Mon Sep 17 00:00:00 2001 From: Bryan Cox Date: Mon, 23 Sep 2024 13:44:54 -0400 Subject: [PATCH] Add ARO HCP environment vars to CSI deployment This commit adds environment variables needed by a CSI deployment for ARO HCP. Signed-off-by: Bryan Cox --- .../hypershift_deployment_controller.go | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/pkg/operator/csidriveroperator/hypershift_deployment_controller.go b/pkg/operator/csidriveroperator/hypershift_deployment_controller.go index 9b4ef33f9..40eac9a98 100644 --- a/pkg/operator/csidriveroperator/hypershift_deployment_controller.go +++ b/pkg/operator/csidriveroperator/hypershift_deployment_controller.go @@ -132,6 +132,26 @@ func (c *HyperShiftDeploymentController) Sync(ctx context.Context, syncCtx facto return fmt.Errorf("failed to inject proxy data into deployment: %w", err) } + // The existence of the environment variable, ARO_HCP_SECRET_PROVIDER_CLASS_FOR_FILE, means this is an ARO HCP + // deployment. We need to pass along additional environment variables for ARO HCP in order to mount the backing + // certificates, related to the client IDs, in a volume on the azure-disk-csi-controller and a + // zure-file-csi-controller deployments. + if os.Getenv("ARO_HCP_SECRET_PROVIDER_CLASS_FOR_FILE") != "" { + envVars := []corev1.EnvVar{ + {Name: "AZURE_CLIENT_ID_FOR_FILE", Value: os.Getenv("AZURE_CLIENT_ID_FOR_FILE")}, + {Name: "AZURE_CLIENT_CERTIFICATE_PATH_FOR_FILE", Value: os.Getenv("AZURE_CLIENT_CERTIFICATE_PATH_FOR_FILE")}, + {Name: "ARO_HCP_SECRET_PROVIDER_CLASS_FOR_FILE", Value: os.Getenv("ARO_HCP_SECRET_PROVIDER_CLASS_FOR_FILE")}, + + {Name: "AZURE_CLIENT_ID_FOR_DISK", Value: os.Getenv("AZURE_CLIENT_ID_FOR_DISK")}, + {Name: "AZURE_CLIENT_CERTIFICATE_PATH_FOR_DISK", Value: os.Getenv("AZURE_CLIENT_CERTIFICATE_PATH_FOR_DISK")}, + {Name: "ARO_HCP_SECRET_PROVIDER_CLASS_FOR_DISK", Value: os.Getenv("ARO_HCP_SECRET_PROVIDER_CLASS_FOR_DISK")}, + + {Name: "AZURE_TENANT_ID", Value: os.Getenv("AZURE_TENANT_ID")}, + } + + required.Spec.Template.Spec.Containers[0].Env = append(required.Spec.Template.Spec.Containers[0].Env, envVars...) + } + lastGeneration := resourcemerge.ExpectedDeploymentGeneration(requiredCopy, opStatus.Generations) deployment, _, err := resourceapply.ApplyDeployment(ctx, c.mgmtClient.KubeClient.AppsV1(), c.eventRecorder, requiredCopy, lastGeneration) if err != nil {