Merge pull request #18170 from hakman/azure-csi-flakes

azure: Get node info from node labels for CSI driver

Author: k8s-ci-robot

nodeup/pkg/model/cloudconfig.go

@@ -29,6 +29,7 @@ import (
 
 const (
 	CloudConfigFilePath       = "/etc/kubernetes/cloud.config"
+	AzureCloudConfigFilePath  = "/etc/kubernetes/azure.json"
 	InTreeCloudConfigFilePath = "/etc/kubernetes/in-tree-cloud.config"
 
 	// VM UUID is set by cloud-init
@@ -155,6 +156,8 @@ func (b *CloudConfigBuilder) build(c *fi.NodeupModelBuilderContext, inTree bool)
 	path := CloudConfigFilePath
 	if inTree {
 		path = InTreeCloudConfigFilePath
+	} else if cloudProvider == kops.CloudProviderAzure {
+		path = AzureCloudConfigFilePath
 	}
 	t := &nodetasks.File{
 		Path:     path,

tests/integration/update_cluster/minimal_azure/data/azurerm_storage_blob_minimal-azure.example.com-addons-azuredisk-csi-driver.addons.k8s.io-k8s-1.31_source

@@ -636,20 +636,24 @@ spec:
         - --drivername=disk.csi.azure.com
         - --volume-attach-limit=-1
         - --reserved-data-disk-slot-num=0
-        - --cloud-config-secret-name=azure-cloud-provider
-        - --cloud-config-secret-namespace=kube-system
+        - --cloud-config-secret-name=
+        - --cloud-config-secret-namespace=
         - --custom-user-agent=
         - --user-agent-suffix=kops
         - --allow-empty-cloud-config=true
         - --support-zone=true
-        - --get-node-info-from-labels=false
+        - --get-node-info-from-labels=true
         - --get-nodeid-from-imds=false
         - --enable-otel-tracing=false
         - --metrics-address=0.0.0.0:29605
         - --remove-not-ready-taint=true
         env:
         - name: AZURE_CREDENTIAL_FILE
-          value: /etc/kubernetes/cloud.config
+          valueFrom:
+            configMapKeyRef:
+              key: path
+              name: azure-cred-file
+              optional: true
         - name: CSI_ENDPOINT
           value: unix:///csi/csi.sock
         - name: KUBE_NODE_NAME
@@ -941,7 +945,11 @@ spec:
         - --vmss-detach-timeout-seconds=20
         env:
         - name: AZURE_CREDENTIAL_FILE
-          value: /etc/kubernetes/cloud.config
+          valueFrom:
+            configMapKeyRef:
+              key: path
+              name: azure-cred-file
+              optional: true
         - name: CSI_ENDPOINT
           value: unix:///csi/csi.sock
         - name: AZURE_GO_SDK_LOG_LEVEL
@@ -977,7 +985,6 @@ spec:
           name: socket-dir
         - mountPath: /etc/kubernetes/
           name: azure-cred
-          readOnly: true
       hostNetwork: true
       nodeSelector:
         kubernetes.io/os: linux

tests/integration/update_cluster/minimal_azure/data/azurerm_storage_blob_minimal-azure.example.com-addons-bootstrap_source

@@ -85,7 +85,7 @@ spec:
     version: 9.99.0
   - id: k8s-1.31
     manifest: azuredisk-csi-driver.addons.k8s.io/k8s-1.31.yaml
-    manifestHash: d3e7fdef377b4741d80d9219172c3c47b48573668e71c5aacadb06d82c021b9f
+    manifestHash: da0ccb52e5db231adbe24c372b9e2e87ea02f9559e80e09b6dbcbc094371220f
     name: azuredisk-csi-driver.addons.k8s.io
     prune:
       kinds:

upup/models/cloudup/resources/addons/azuredisk-csi-driver.addons.k8s.io/helm-values.yaml

@@ -5,12 +5,9 @@
 #   helm template azuredisk-csi-driver azuredisk-csi-driver/azuredisk-csi-driver \
 #     --version 1.34.0 --namespace kube-system -f helm-values.yaml > k8s-1.31.yaml.template
 #
-# After generating, apply kops-specific patches:
-#   1. Prepend the StorageClass block from the bottom of this file
-#   2. Replace AZURE_CREDENTIAL_FILE env var (both controller and node azuredisk containers):
-#        from: valueFrom: configMapKeyRef: ...
-#        to:   value: /etc/kubernetes/cloud.config
-#   3. Add readOnly: true to controller azure-cred volume mount
+# Note: No kops-specific patches are needed. The driver finds the cloud config
+# at /etc/kubernetes/azure.json (its default path) on control-plane nodes.
+# Node pods use --get-node-info-from-labels and --allow-empty-cloud-config=true.
 #
 # Note: StorageClass is managed separately via storage-azure.addons.k8s.io
 
@@ -25,6 +22,11 @@ controller:
 linux:
   enabled: true
   hostNetwork: true
+  getNodeInfoFromLabels: true
+
+node:
+  cloudConfigSecretName: ""
+  cloudConfigSecretNamespace: ""
 
 windows:
   enabled: false

upup/models/cloudup/resources/addons/azuredisk-csi-driver.addons.k8s.io/k8s-1.31.yaml.template

@@ -1,5 +1,3 @@
-# Generated from azuredisk-csi-driver Helm chart v1.34.0 with helm-values.yaml
-# kops-specific patches: AZURE_CREDENTIAL_FILE, readOnly mount
 ---
 # Source: azuredisk-csi-driver/templates/serviceaccount-csi-azuredisk-controller.yaml
 apiVersion: v1
@@ -410,13 +408,13 @@ spec:
             - "--drivername=disk.csi.azure.com"
             - "--volume-attach-limit=-1"
             - "--reserved-data-disk-slot-num=0"
-            - "--cloud-config-secret-name=azure-cloud-provider"
-            - "--cloud-config-secret-namespace=kube-system"
+            - "--cloud-config-secret-name="
+            - "--cloud-config-secret-namespace="
             - "--custom-user-agent="
             - "--user-agent-suffix=kops"
             - "--allow-empty-cloud-config=true"
             - "--support-zone=true"
-            - "--get-node-info-from-labels=false"
+            - "--get-node-info-from-labels=true"
             - "--get-nodeid-from-imds=false"
             - "--enable-otel-tracing=false"
             - "--metrics-address=0.0.0.0:29605"
@@ -438,7 +436,11 @@ spec:
             periodSeconds: 30
           env:
             - name: AZURE_CREDENTIAL_FILE
-              value: /etc/kubernetes/cloud.config
+              valueFrom:
+                configMapKeyRef:
+                  name: azure-cred-file
+                  key: path
+                  optional: true
             - name: CSI_ENDPOINT
               value: unix:///csi/csi.sock
             - name: KUBE_NODE_NAME
@@ -729,7 +731,11 @@ spec:
             periodSeconds: 30
           env:
             - name: AZURE_CREDENTIAL_FILE
-              value: /etc/kubernetes/cloud.config
+              valueFrom:
+                configMapKeyRef:
+                  name: azure-cred-file
+                  key: path
+                  optional: true
             - name: CSI_ENDPOINT
               value: unix:///csi/csi.sock
             - name: AZURE_GO_SDK_LOG_LEVEL
@@ -740,7 +746,6 @@ spec:
               name: socket-dir
             - mountPath: /etc/kubernetes/
               name: azure-cred
-              readOnly: true
           resources:
             limits:
               memory: 500Mi

upup/pkg/fi/cloudup/template_functions.go

@@ -549,7 +549,12 @@ func (tf *TemplateFunctions) CloudControllerConfigArgv() ([]string, error) {
 		argv = append(argv, fmt.Sprintf("--use-service-account-credentials=%t", true))
 	}
 
-	if cluster.GetCloudProvider() != kops.CloudProviderHetzner {
+	switch cluster.GetCloudProvider() {
+	case kops.CloudProviderHetzner:
+		// Hetzner does not use cloud config.
+	case kops.CloudProviderAzure:
+		argv = append(argv, "--cloud-config=/etc/kubernetes/azure.json")
+	default:
 		argv = append(argv, "--cloud-config=/etc/kubernetes/cloud.config")
 	}