From 6ac4db3c917dc46d0b8219c7850f07c555ab1426 Mon Sep 17 00:00:00 2001 From: Bryan Cox Date: Thu, 13 Feb 2025 12:54:47 -0500 Subject: [PATCH] Update managed Azure HCP cloud network config This commit updates the parameters needed for authentication with Azure on managed Azure HCP. The client ID and tenant ID fields are removed since they are not needed for the new managed Azure HCP authentication type, UserAssignedIdentityCredentials. AzureManagedCertPath was renamed to AzureManagedCredsPath since this object now represents a credentials object but will still be mounted to the pod. Signed-off-by: Bryan Cox --- .../managed/controller.yaml | 14 +++++--------- pkg/network/cloud_network.go | 4 +--- 2 files changed, 6 insertions(+), 12 deletions(-) diff --git a/bindata/cloud-network-config-controller/managed/controller.yaml b/bindata/cloud-network-config-controller/managed/controller.yaml index 05c5ea8518..d08ea9924d 100644 --- a/bindata/cloud-network-config-controller/managed/controller.yaml +++ b/bindata/cloud-network-config-controller/managed/controller.yaml @@ -188,13 +188,9 @@ spec: - name: "NO_PROXY" value: "{{ .NO_PROXY}}" {{ end }} -{{- if not (eq .AzureManagedClientID "")}} - - name: "ARO_HCP_MI_CLIENT_ID" - value: "{{ .AzureManagedClientID }}" - - name: "ARO_HCP_TENANT_ID" - value: "{{ .AzureManagedTenantID }}" - - name: "ARO_HCP_CLIENT_CERTIFICATE_PATH" - value: "{{ .AzureManagedCertPath}}" +{{- if not (eq .AzureManagedSecretProviderClass "")}} + - name: "ARO_HCP_CLIENT_CREDENTIALS_PATH" + value: "{{ .AzureManagedCredsPath}}" {{ end }} resources: requests: @@ -214,7 +210,7 @@ spec: - name: cloud-token mountPath: /var/run/secrets/openshift/serviceaccount readOnly: true -{{- if not (eq .AzureManagedClientID "")}} +{{- if not (eq .AzureManagedSecretProviderClass "")}} - name: cncc-cert mountPath: {{.AzureManagedCertDirectory}} readOnly: true @@ -260,7 +256,7 @@ spec: - name: kube-cloud-config configMap: name: cloud-network-config-controller-kube-cloud-config -{{- if not (eq .AzureManagedClientID "")}} +{{- if not (eq .AzureManagedSecretProviderClass "")}} - name: cncc-cert csi: driver: secrets-store.csi.k8s.io diff --git a/pkg/network/cloud_network.go b/pkg/network/cloud_network.go index c7837be39d..3a756e9fb9 100644 --- a/pkg/network/cloud_network.go +++ b/pkg/network/cloud_network.go @@ -105,10 +105,8 @@ func renderCloudNetworkConfigController(conf *operv1.NetworkSpec, bootstrapResul data.Data["HTTP_PROXY"] = os.Getenv("MGMT_HTTP_PROXY") data.Data["HTTPS_PROXY"] = os.Getenv("MGMT_HTTPS_PROXY") data.Data["NO_PROXY"] = os.Getenv("MGMT_NO_PROXY") - data.Data["AzureManagedClientID"] = os.Getenv("ARO_HCP_MI_CLIENT_ID") - data.Data["AzureManagedTenantID"] = os.Getenv("ARO_HCP_TENANT_ID") data.Data["AzureManagedCertDirectory"] = azureCertPath - data.Data["AzureManagedCertPath"] = filepath.Join(azureCertPath, os.Getenv("ARO_HCP_CLIENT_CERTIFICATE_NAME")) + data.Data["AzureManagedCredsPath"] = filepath.Join(azureCertPath, os.Getenv("MANAGED_AZURE_HCP_CREDENTIALS_FILE_PATH")) data.Data["AzureManagedSecretProviderClass"] = os.Getenv("ARO_HCP_SECRET_PROVIDER_CLASS") caOverride.ObjectMeta = metav1.ObjectMeta{ Namespace: hcpCfg.Namespace,