fix: mount certs for Azure Stack

Jiaxun Song · Jiaxun Song · commit bf501f3720f1 · 2021-01-10T18:46:27.000-08:00
diff --git a/Makefile b/Makefile
@@ -18,6 +18,7 @@ REGISTRY ?= andyzhangx
 REGISTRY_NAME ?= $(shell echo $(REGISTRY) | sed "s/.azurecr.io//g")
 IMAGE_NAME ?= blob-csi
 IMAGE_VERSION ?= v0.12.0
+CLOUD ?= AzurePublicCloud
 # Use a custom version for E2E tests if we are in Prow
 ifdef CI
 ifndef PUBLISH
@@ -65,6 +66,7 @@ e2e-bootstrap: install-helm
 	helm install blob-csi-driver ./charts/latest/blob-csi-driver --namespace kube-system --wait --timeout=15m -v=5 --debug \
 		--set controller.runOnMaster=true \
 		--set controller.replicas=1 \
+		--set cloud=CLOUD \
 		$(E2E_HELM_OPTIONS)
 
 .PHONY: install-helm
@@ -96,7 +98,7 @@ blob-container:
 	docker buildx rm container-builder || true
 	docker buildx create --use --name=container-builder
 ifdef CI
-ifdef AZURE_STACK
+ifeq ($(CLOUD), "AzureStackCloud")
 	docker run --privileged --name buildx_buildkit_container-builder0 -d --mount type=bind,src=/etc/ssl/certs,dst=/etc/ssl/certs moby/buildkit:latest || true
 endif
 	docker buildx build --no-cache --build-arg LDFLAGS=${LDFLAGS} -t $(IMAGE_TAG) -f ./pkg/blobplugin/Dockerfile --platform="linux/amd64" --push .
diff --git a/README.md b/README.md
@@ -34,8 +34,8 @@ Please refer to `blob.csi.azure.com` [driver parameters](./docs/driver-parameter
  - If cluster identity is [Managed Service Identity(MSI)](https://docs.microsoft.com/en-us/azure/aks/use-managed-identity), make sure user assigned identity has `Contributor` role on node resource group
 
 ### Install driver on a Kubernetes cluster
- - install by [kubectl](./docs/install-blob-csi-driver.md)
- - install by [helm charts](./charts)
+ - install via [kubectl](./docs/install-blob-csi-driver.md) on public Azure (please use helm for other cloud environments, e.g. Azure Stack)
+ - install via [helm charts](./charts) on public Azure and Azure Stack
 
 ### Usage
  - [Basic usage](./deploy/example/e2e_usage.md)
diff --git a/charts/README.md b/charts/README.md
@@ -17,6 +17,13 @@ $ helm package blob-csi-driver
 $ helm install blob-csi-driver blob-csi-driver-latest.tgz --namespace kube-system
 ```
   
+## Install latest CSI Driver on Azure Stack via `helm install`
+
+```console
+$ cd $GOPATH/src/sigs.k8s.io/blob-csi-driver
+$ helm install blob-csi-driver ./charts/latest/blob-csi-driver --namespace kube-system --set cloud=AzureStackCloud
+```
+
 ### Install a specific version
 
 ```console
@@ -57,10 +64,10 @@ The following table lists the configurable parameters of the latest Azure Blob S
 | `rbac.create`                                     | whether create rbac of csi-blob-controller             | true                                                              |
 | `controller.replicas`                             | the replicas of csi-blob-controller                    | 2                                                                 |
 | `controller.metricsPort`                          | metrics port of csi-blob-controller                    | 29634                                                             |
-| `controller.runOnMaster`                          | run controller on master node                          |
-`false`                                                           |
+| `controller.runOnMaster`                          | run controller on master node                          | false                                                             |
 | `node.metricsPort`                                | metrics port of csi-blob-node                          | 29635                                                                |
 | `kubelet.linuxPath`                               | configure the kubelet path for Linux node                  | `/var/lib/kubelet`                                                |
+| `cloud`                                           | the cloud environment the driver is running on             | AzurePublicCloud                                                  |
 
 ## Troubleshooting
  - Add `--wait -v=5 --debug` in `helm install` command to get detailed error
diff --git a/charts/latest/blob-csi-driver/templates/csi-blob-controller.yaml b/charts/latest/blob-csi-driver/templates/csi-blob-controller.yaml
@@ -98,8 +98,10 @@ spec:
                   optional: true
             - name: CSI_ENDPOINT
               value: unix:///csi/csi.sock
-            - name: AZURE_ENVIRONMENT_FILEPATH  # For Azure Stack Cloud
+            {{- if eq .Values.cloud "AzureStackCloud" }}
+            - name: AZURE_ENVIRONMENT_FILEPATH
               value: /etc/kubernetes/azurestackcloud.json
+            {{- end }}
           imagePullPolicy: {{ .Values.image.blob.pullPolicy }}
           volumeMounts:
             - mountPath: /csi
@@ -109,6 +111,11 @@ spec:
             - mountPath: /var/lib/waagent/ManagedIdentity-Settings
               readOnly: true
               name: msi
+            {{- if eq .Values.cloud "AzureStackCloud" }}
+            - name: ssl
+              mountPath: /etc/ssl/certs
+              readOnly: true
+            {{- end }}
           resources:
             limits:
               cpu: 200m
@@ -147,4 +154,8 @@ spec:
         - name: msi
           hostPath:
             path: /var/lib/waagent/ManagedIdentity-Settings
----
+        {{- if eq .Values.cloud "AzureStackCloud" }}
+        - name: ssl
+          hostPath:
+            path: /etc/ssl/certs
+        {{- end }}
diff --git a/charts/latest/blob-csi-driver/templates/csi-blob-node.yaml b/charts/latest/blob-csi-driver/templates/csi-blob-node.yaml
@@ -113,8 +113,10 @@ spec:
                 fieldRef:
                   apiVersion: v1
                   fieldPath: spec.nodeName
-            - name: AZURE_ENVIRONMENT_FILEPATH  # For Azure Stack Cloud
+            {{- if eq .Values.cloud "AzureStackCloud" }}
+            - name: AZURE_ENVIRONMENT_FILEPATH
               value: /etc/kubernetes/azurestackcloud.json
+            {{- end }}
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           securityContext:
             privileged: true
@@ -131,6 +133,11 @@ spec:
               name: msi
             - mountPath: /mnt
               name: blob-cache
+            {{- if eq .Values.cloud "AzureStackCloud" }}
+            - name: ssl
+              mountPath: /etc/ssl/certs
+              readOnly: true
+            {{- end }}
           resources:
             limits:
               cpu: 2
@@ -161,3 +168,8 @@ spec:
         - hostPath:
             path: /mnt
           name: blob-cache
+        {{- if eq .Values.cloud "AzureStackCloud" }}
+        - name: ssl
+          hostPath:
+            path: /etc/ssl/certs
+        {{- end }}
diff --git a/charts/latest/blob-csi-driver/values.yaml b/charts/latest/blob-csi-driver/values.yaml
@@ -36,3 +36,5 @@ node:
 
 kubelet:
   linuxPath: /var/lib/kubelet
+
+cloud: AzurePublicCloud
diff --git a/deploy/csi-blob-controller.yaml b/deploy/csi-blob-controller.yaml
@@ -93,8 +93,6 @@ spec:
                   optional: true
             - name: CSI_ENDPOINT
               value: unix:///csi/csi.sock
-            - name: AZURE_ENVIRONMENT_FILEPATH  # For Azure Stack Cloud
-              value: /etc/kubernetes/azurestackcloud.json
           volumeMounts:
             - mountPath: /csi
               name: socket-dir
diff --git a/deploy/csi-blob-node.yaml b/deploy/csi-blob-node.yaml
@@ -112,8 +112,6 @@ spec:
                 fieldRef:
                   apiVersion: v1
                   fieldPath: spec.nodeName
-            - name: AZURE_ENVIRONMENT_FILEPATH  # For Azure Stack Cloud
-              value: /etc/kubernetes/azurestackcloud.json
           securityContext:
             privileged: true
           volumeMounts:
