From d7762340ecfea418264c3140f6df7dc1619f911c Mon Sep 17 00:00:00 2001 From: Bryan Cox Date: Mon, 2 Dec 2024 15:32:11 -0500 Subject: [PATCH] Pass only the certificate name for CNO deployment Pass only the certificate name for the CNO deployment for managed Azure. CNO uses its own certificate path here, https://github.com/openshift/cluster-network-operator/blob/7736bfe37f1276f771fcef03077f6d840eb6b862/pkg/network/cloud_network.go#L23. This is combined with the certificate name here, https://github.com/openshift/cluster-network-operator/blob/7736bfe37f1276f771fcef03077f6d840eb6b862/pkg/network/cloud_network.go#L111. --- .../cno/clusternetworkoperator.go | 17 +++++++++++++---- support/config/constants.go | 16 +++++++++------- 2 files changed, 22 insertions(+), 11 deletions(-) diff --git a/control-plane-operator/controllers/hostedcontrolplane/cno/clusternetworkoperator.go b/control-plane-operator/controllers/hostedcontrolplane/cno/clusternetworkoperator.go index 663c2653263..16e1d9315a3 100644 --- a/control-plane-operator/controllers/hostedcontrolplane/cno/clusternetworkoperator.go +++ b/control-plane-operator/controllers/hostedcontrolplane/cno/clusternetworkoperator.go @@ -622,11 +622,20 @@ if [[ -n $sc ]]; then kubectl --kubeconfig $kc delete --ignore-not-found validat // to use on the CNCC deployment. if azureutil.IsAroHCP() { dep.Spec.Template.Spec.Containers[0].Env = append(dep.Spec.Template.Spec.Containers[0].Env, - azureutil.CreateEnvVarsForAzureManagedIdentity(params.AzureClientID, params.AzureTenantID, params.AzureCertificateName)...) - - dep.Spec.Template.Spec.Containers[0].Env = append(dep.Spec.Template.Spec.Containers[0].Env, corev1.EnvVar{ - Name: "ARO_HCP_SECRET_PROVIDER_CLASS", + Name: config.ManagedAzureClientIdEnvVarKey, + Value: params.AzureClientID, + }, + corev1.EnvVar{ + Name: config.ManagedAzureTenantIdEnvVarKey, + Value: params.AzureTenantID, + }, + corev1.EnvVar{ + Name: config.ManagedAzureCertificateNameEnvVarKey, + Value: params.AzureCertificateName, + }, + corev1.EnvVar{ + Name: config.ManagedAzureSecretProviderClassEnvVarKey, Value: config.ManagedAzureNetworkSecretStoreProviderClassName, }, ) diff --git a/support/config/constants.go b/support/config/constants.go index 7ab94e87e00..011288e5455 100644 --- a/support/config/constants.go +++ b/support/config/constants.go @@ -61,13 +61,15 @@ const ( // management cluster's resource group in Azure. AROHCPKeyVaultManagedIdentityClientID = "ARO_HCP_KEY_VAULT_USER_CLIENT_ID" - ManagedAzureClientIdEnvVarKey = "ARO_HCP_MI_CLIENT_ID" - ManagedAzureTenantIdEnvVarKey = "ARO_HCP_TENANT_ID" - ManagedAzureCertificatePathEnvVarKey = "ARO_HCP_CLIENT_CERTIFICATE_PATH" - ManagedAzureCertificateMountPath = "/mnt/certs" - ManagedAzureCertificatePath = "/mnt/certs/" - ManagedAzureSecretsStoreCSIDriver = "secrets-store.csi.k8s.io" - ManagedAzureSecretProviderClass = "secretProviderClass" + ManagedAzureClientIdEnvVarKey = "ARO_HCP_MI_CLIENT_ID" + ManagedAzureTenantIdEnvVarKey = "ARO_HCP_TENANT_ID" + ManagedAzureCertificatePathEnvVarKey = "ARO_HCP_CLIENT_CERTIFICATE_PATH" + ManagedAzureCertificateNameEnvVarKey = "ARO_HCP_CLIENT_CERTIFICATE_NAME" + ManagedAzureSecretProviderClassEnvVarKey = "ARO_HCP_SECRET_PROVIDER_CLASS" + ManagedAzureCertificateMountPath = "/mnt/certs" + ManagedAzureCertificatePath = "/mnt/certs/" + ManagedAzureSecretsStoreCSIDriver = "secrets-store.csi.k8s.io" + ManagedAzureSecretProviderClass = "secretProviderClass" ManagedAzureCPOSecretProviderClassName = "managed-azure-cpo" ManagedAzureCPOSecretStoreVolumeName = "cpo-cert"