From a1e785284321da728d244c4b609c494069488dfa Mon Sep 17 00:00:00 2001 From: Bryan Cox Date: Tue, 17 Dec 2024 08:15:23 -0500 Subject: [PATCH 1/2] Remove double reconciliation of CSO CSI Secrets This commit removes the double reconciliation of the CSO CSI secrets for managed azure deployments. Previous to the managed identity work merging into the HyperShift repo, we were reconciling the CSO CSI secrets with the Cloud Provider information. Once the managed identity work was added, the reconciliation with the Cloud Provider information wasn't removed. Signed-off-by: Bryan Cox --- .../hostedcontrolplane_controller.go | 26 ------------------- 1 file changed, 26 deletions(-) diff --git a/control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller.go b/control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller.go index 285879f0d8..cf065a6c81 100644 --- a/control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller.go +++ b/control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller.go @@ -5081,32 +5081,6 @@ func (r *HostedControlPlaneReconciler) reconcileClusterStorageOperator(ctx conte } } - if hcp.Spec.Platform.Type == hyperv1.AzurePlatform { - credentialsSecret := manifests.AzureCredentialInformation(hcp.Namespace) - if err := r.Client.Get(ctx, client.ObjectKeyFromObject(credentialsSecret), credentialsSecret); err != nil { - return fmt.Errorf("failed to get Azure credentials secret: %w", err) - } - - // Reconcile the Azure Disk configuration secret - // TODO this just copies the cloud provider secret at the moment. There will be a follow-on PR to provide - // different credentials for Azure Disk and Azure File (right below). - // This is related to https://github.com/openshift/csi-operator/pull/290. - azureDiskConfigSecret := manifests.AzureDiskConfigWithCredentials(hcp.Namespace) - if _, err := createOrUpdate(ctx, r, azureDiskConfigSecret, func() error { - return azure.ReconcileCloudConfigWithCredentials(azureDiskConfigSecret, hcp, credentialsSecret) - }); err != nil { - return fmt.Errorf("failed to reconcile Azure disk config: %w", err) - } - - // Reconcile the Azure File configuration secret - azureFileConfigSecret := manifests.AzureFileConfigWithCredentials(hcp.Namespace) - if _, err := createOrUpdate(ctx, r, azureFileConfigSecret, func() error { - return azure.ReconcileCloudConfigWithCredentials(azureFileConfigSecret, hcp, credentialsSecret) - }); err != nil { - return fmt.Errorf("failed to reconcile Azure disk config: %w", err) - } - } - deployment := manifests.ClusterStorageOperatorDeployment(hcp.Namespace) if _, err := createOrUpdate(ctx, r, deployment, func() error { return storage.ReconcileOperatorDeployment(deployment, params, hcp.Spec.Platform.Type) From b175cdcd38a43f6ee03227fc1f8b0aca0a277d46 Mon Sep 17 00:00:00 2001 From: Bryan Cox Date: Tue, 17 Dec 2024 08:20:57 -0500 Subject: [PATCH 2/2] Add the filepath to the CSO CSI certificate info This commit adds the file path with the certificate name for the CSO CSI secret reconciliation for managed azure deployments. Signed-off-by: Bryan Cox --- .../hostedcontrolplane/hostedcontrolplane_controller.go | 2 +- .../controllers/hostedcontrolplane/storage/azure.go | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller.go b/control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller.go index cf065a6c81..2fbee8dd38 100644 --- a/control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller.go +++ b/control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller.go @@ -5074,7 +5074,7 @@ func (r *HostedControlPlaneReconciler) reconcileClusterStorageOperator(ctx conte // Reconcile the secret needed for azure-disk-csi-controller // This is related to https://github.com/openshift/csi-operator/pull/290. azureFileCSISecret := manifests.AzureFileConfigWithCredentials(hcp.Namespace) - if _, err := createOrUpdate(ctx, r, azureDiskCSISecret, func() error { + if _, err := createOrUpdate(ctx, r, azureFileCSISecret, func() error { return storage.ReconcileAzureFileCSISecret(azureFileCSISecret, hcp, tenantID) }); err != nil { return fmt.Errorf("failed to reconcile Azure File CSI config: %w", err) diff --git a/control-plane-operator/controllers/hostedcontrolplane/storage/azure.go b/control-plane-operator/controllers/hostedcontrolplane/storage/azure.go index e77cc9afc2..e8001ced8d 100644 --- a/control-plane-operator/controllers/hostedcontrolplane/storage/azure.go +++ b/control-plane-operator/controllers/hostedcontrolplane/storage/azure.go @@ -3,9 +3,11 @@ package storage import ( "encoding/json" "fmt" + "path" hyperv1 "github.com/openshift/hypershift/api/hypershift/v1beta1" "github.com/openshift/hypershift/control-plane-operator/controllers/hostedcontrolplane/cloud/azure" + hypershiftconfig "github.com/openshift/hypershift/support/config" corev1 "k8s.io/api/core/v1" ) @@ -28,7 +30,7 @@ func initializeAzureCSIControllerConfig(hcp *hyperv1.HostedControlPlane, tenantI func ReconcileAzureDiskCSISecret(secret *corev1.Secret, hcp *hyperv1.HostedControlPlane, tenantID string) error { config := initializeAzureCSIControllerConfig(hcp, tenantID) config.AADClientID = hcp.Spec.Platform.Azure.ManagedIdentities.ControlPlane.Disk.ClientID - config.AADClientCertPath = hcp.Spec.Platform.Azure.ManagedIdentities.ControlPlane.Disk.CertificateName + config.AADClientCertPath = path.Join(hypershiftconfig.ManagedAzureCertificatePath, hcp.Spec.Platform.Azure.ManagedIdentities.ControlPlane.Disk.CertificateName) serializedConfig, err := json.MarshalIndent(config, "", " ") if err != nil { @@ -46,7 +48,7 @@ func ReconcileAzureDiskCSISecret(secret *corev1.Secret, hcp *hyperv1.HostedContr func ReconcileAzureFileCSISecret(secret *corev1.Secret, hcp *hyperv1.HostedControlPlane, tenantID string) error { config := initializeAzureCSIControllerConfig(hcp, tenantID) config.AADClientID = hcp.Spec.Platform.Azure.ManagedIdentities.ControlPlane.File.ClientID - config.AADClientCertPath = hcp.Spec.Platform.Azure.ManagedIdentities.ControlPlane.File.CertificateName + config.AADClientCertPath = path.Join(hypershiftconfig.ManagedAzureCertificatePath, hcp.Spec.Platform.Azure.ManagedIdentities.ControlPlane.File.CertificateName) serializedConfig, err := json.MarshalIndent(config, "", " ") if err != nil {