Remove vsphere credentials from csi node daemonset

kubernetes-sigs · Nov 11, 2019 · 05bceec · 05bceec
1 parent ea3b770
commit 05bceec
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 8 deletions.
diff --git a/manifests/1.14/deploy/vsphere-csi-node-ds.yaml b/manifests/1.14/deploy/vsphere-csi-node-ds.yaml
@@ -53,8 +53,9 @@ spec:
               value: "node"
             - name: X_CSI_SPEC_REQ_VALIDATION
               value: "false"
-            - name: VSPHERE_CSI_CONFIG
-              value: "/etc/cloud/csi-vsphere.conf" # here csi-vsphere.conf is the name of the file used for creating secret using "--from-file" flag
+            # Add VSPHERE_CSI_CONFIG env for topology aware clusters.
+            #- name: VSPHERE_CSI_CONFIG
+            #  value: "/etc/cloud/csi-vsphere.conf" # here csi-vsphere.conf is the name of the file used for creating secret using "--from-file" flag
           args:
             - "--v=4"
           securityContext:
@@ -63,9 +64,10 @@ spec:
               add: ["SYS_ADMIN"]
             allowPrivilegeEscalation: true
           volumeMounts:
-            - name: vsphere-config-volume
-              mountPath: /etc/cloud
-              readOnly: true
+            # Add vsphere-config-volume for topology aware clusters.
+            #- name: vsphere-config-volume
+            #  mountPath: /etc/cloud
+            #  readOnly: true
             - name: plugin-dir
               mountPath: /csi
             - name: pods-mount-dir

diff --git a/pkg/common/config/config.go b/pkg/common/config/config.go
@@ -262,10 +262,11 @@ func GetCnsconfig(cfgPath string) (*Config, error) {
 	var cfg *Config
 	//Read in the vsphere.conf if it exists
 	if _, err := os.Stat(cfgPath); os.IsNotExist(err) {
+		klog.V(2).Infof("Could not stat %s, reading config params from env", cfgPath)
 		// config from Env var only
 		cfg = &Config{}
-		if err := FromEnv(cfg); err != nil {
-			klog.Errorf("Error reading vsphere.conf\n")
+		if fromEnvErr := FromEnv(cfg); fromEnvErr != nil {
+			klog.Errorf("Failed to get config params from env. Err: %v", fromEnvErr)
 			return cfg, err
 		}
 	} else {

diff --git a/pkg/csi/service/node.go b/pkg/csi/service/node.go
@@ -32,7 +32,6 @@ import (
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 	"k8s.io/klog"
-
 	cnsvsphere "sigs.k8s.io/vsphere-csi-driver/pkg/common/cns-lib/vsphere"
 	cnsconfig "sigs.k8s.io/vsphere-csi-driver/pkg/common/config"
 	"sigs.k8s.io/vsphere-csi-driver/pkg/csi/service/common"
@@ -364,6 +363,12 @@ func (s *service) NodeGetInfo(
 	}
 	cfg, err := cnsconfig.GetCnsconfig(cfgPath)
 	if err != nil {
+		if os.IsNotExist(err) {
+			klog.V(2).Infof("Config file not provided to node daemonset. Assuming non-topology aware cluster")
+			return &csi.NodeGetInfoResponse{
+				NodeId: nodeID,
+			}, nil
+		}
 		klog.Errorf("Failed to read cnsconfig. Error: %v", err)
 		return nil, status.Errorf(codes.Internal, err.Error())
 	}