Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: support workload identity setting in static PV mount #1566

Merged
merged 1 commit into from
Dec 28, 2023
Merged

feat: support workload identity setting in static PV mount #1566

merged 1 commit into from
Dec 28, 2023

Conversation

cvvz
Copy link
Member

@cvvz cvvz commented Nov 14, 2023
edited
Loading

What type of PR is this?
/kind feature

What this PR does / why we need it:

Which issue(s) this PR fixes:

Fixes
Azure/AKS#3432
Azure/azure-storage-fuse#1049 (comment)

Requirements:

Special notes for your reviewer:
documentation: https://github.com/kubernetes-sigs/azurefile-csi-driver/pull/1566/files#diff-ba6bdf5d643d138b4a41b51808bf8041b48d4d519ebc3c511b4464d14a6ba639

Here are the csi driver's logs:

  • When mount static PV, first we skip NodeStageVolume, then we use service account token to get the account key during NodePublishVolume
I1214 01:30:11.728538       1 utils.go:76] GRPC call: /csi.v1.Node/NodeStageVolume
I1214 01:30:11.728570       1 utils.go:77] GRPC request: {"staging_target_path":"/var/lib/kubelet/plugins/kubernetes.io/csi/file.csi.azure.com/e53ce882ae47f30739a21cc04a37ac4a14a19894e1551e7d78909e7e1d52d167/globalmount","volume_capability":{"AccessType":{"Mount":{"mount_flags":["dir_mode=0777","file_mode=0777","uid=0","gid=0","mfsymlinks","cache=strict","nosharesock"]}},"access_mode":{"mode":5}},"volume_context":{"clientID":"0aeece1c-c25d-4a23-8eb2-7983972d97dc","resourcegroup":"weizhichen-test","shareName":"testshare","storageaccount":"weizhichenaccount"},"volume_id":"unique_volume_id"}
I1214 01:30:11.729242       1 nodeserver.go:173] Skip NodeStageVolume for volume(unique_volume_id) since clientID(0aeece1c-c25d-4a23-8eb2-7983972d97dc) is provided
I1214 01:30:11.729758       1 utils.go:83] GRPC response: {}
I1214 01:30:11.775801       1 utils.go:76] GRPC call: /csi.v1.Node/NodePublishVolume
I1214 01:30:11.775823       1 utils.go:77] GRPC request: {"staging_target_path":"/var/lib/kubelet/plugins/kubernetes.io/csi/file.csi.azure.com/e53ce882ae47f30739a21cc04a37ac4a14a19894e1551e7d78909e7e1d52d167/globalmount","target_path":"/var/lib/kubelet/pods/bfb6af8e-b08f-4d03-b622-410310168858/volumes/kubernetes.io~csi/pv-azurefile/mount","volume_capability":{"AccessType":{"Mount":{"mount_flags":["dir_mode=0777","file_mode=0777","uid=0","gid=0","mfsymlinks","cache=strict","nosharesock"]}},"access_mode":{"mode":5}},"volume_context":{"clientID":"0aeece1c-c25d-4a23-8eb2-7983972d97dc","csi.storage.k8s.io/ephemeral":"false","csi.storage.k8s.io/pod.name":"statefulset-azurefile-0","csi.storage.k8s.io/pod.namespace":"default","csi.storage.k8s.io/pod.uid":"bfb6af8e-b08f-4d03-b622-410310168858","csi.storage.k8s.io/serviceAccount.name":"workload-identity-sa","csi.storage.k8s.io/serviceAccount.tokens":"{\"api://AzureADTokenExchange\":{\"token\":\"eyJhbGciOiJSUzI1NiIsImtpZCI6IjlrX1dRS2k1TjB1LW82RFVCenFhcHl6aHd0SUhQMXJvSkprQzJFazQ5QncifQ.eyJhdWQiOlsiYXBpOi8vQXp1cmVBRFRva2VuRXhjaGFuZ2UiXSwiZXhwIjoxNzAyNTIxMDExLCJpYXQiOjE3MDI1MTc0MTEsImlzcyI6Imh0dHBzOi8vZWFzdHVzLm9pYy5wcm9kLWFrcy5henVyZS5jb20vNzJmOTg4YmYtODZmMS00MWFmLTkxYWItMmQ3Y2QwMTFkYjQ3L2NmZmFjM2I5LWQ3MDMtNGU0YS05MDU3LWI3ZWFiMzA1ZjMwMy8iLCJrdWJlcm5ldGVzLmlvIjp7Im5hbWVzcGFjZSI6ImRlZmF1bHQiLCJwb2QiOnsibmFtZSI6InN0YXRlZnVsc2V0LWF6dXJlZmlsZS0wIiwidWlkIjoiYmZiNmFmOGUtYjA4Zi00ZDAzLWI2MjItNDEwMzEwMTY4ODU4In0sInNlcnZpY2VhY2NvdW50Ijp7Im5hbWUiOiJ3b3JrbG9hZC1pZGVudGl0eS1zYSIsInVpZCI6IjFkODgzZDFjLTliZTUtNDA4Yi05YzcyLWE1MmE4MDBmMjViOCJ9fSwibmJmIjoxNzAyNTE3NDExLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDp3b3JrbG9hZC1pZGVudGl0eS1zYSJ9.N9z3ouArfR2IsPr8IdMlSYlXFHpAF3_B_Nv0XtN73pD2yshtS_ee00cKNGCGIY4VtFjK9eXsDXmAlhOZXGnyBnjYsdoh_ntRSuW6dytEsPZc8foPA_wq-2TRDbZxc3FqoiKSGZz4isPeWYZmKGzDmUNOXGoqJ-FIMVzHlsBqWhQQAPLWU6B8v3m_iSFH-mQiZZVIKsAZLqNH5y3sEQe42CJI30RlXJSnmPil-rcTY_-F6F07eUS0Eat5NWPRnFjrTrYtcCzwyJNjVof5OJ_4UEWR25woV1fA30GDdCkC9xRKX4Kq7baXMbZ2AkUUqaTuzTna-G9rNmFhCSeroKfH1AEO5GrPYgMAaH7W1pi2lXhAFfwC6Ar6rBIOU6b5DRSA8gefAj7kYXehRTMQipFy2giK8YkS0RxOLsds3MZVTajGZR7obJ3iJKuiQkZfTuk_A_NgWD9kWzgMNcFQ12biCv-RMOi_drPS9gmSZctc6syEx5NW7GrhIVl3WugXaC10Qbyy1r0eSWlj41UOzIS_1P-OwqkKgR6qtHVTE4THBDdIyZgNdSt3KQWcXEE3-KLPttCzW_7h4ZL6PsjH5G5gS5miXjlD0brsnwlskrYk9mwRwtBzP6fJevYVkZzYYyrfC5T_9Yh2bno3_cXgQpiQ9AJ_QEmPCd5H4W7rdA29TIg\",\"expirationTimestamp\":\"2023-12-14T02:30:11Z\"}}","resourcegroup":"weizhichen-test","shareName":"testshare","storageaccount":"weizhichenaccount"},"volume_id":"unique_volume_id"}
I1214 01:30:11.776015       1 nodeserver.go:64] NodePublishVolume: volume(unique_volume_id) mount on /var/lib/kubelet/pods/bfb6af8e-b08f-4d03-b622-410310168858/volumes/kubernetes.io~csi/pv-azurefile/mount with service account token, VolumeContext: map[clientID:0aeece1c-c25d-4a23-8eb2-7983972d97dc csi.storage.k8s.io/ephemeral:false csi.storage.k8s.io/pod.name:statefulset-azurefile-0 csi.storage.k8s.io/pod.namespace:default csi.storage.k8s.io/pod.uid:bfb6af8e-b08f-4d03-b622-410310168858 csi.storage.k8s.io/serviceAccount.name:workload-identity-sa csi.storage.k8s.io/serviceAccount.tokens:{"api://AzureADTokenExchange":{"token":"eyJhbGciOiJSUzI1NiIsImtpZCI6IjlrX1dRS2k1TjB1LW82RFVCenFhcHl6aHd0SUhQMXJvSkprQzJFazQ5QncifQ.eyJhdWQiOlsiYXBpOi8vQXp1cmVBRFRva2VuRXhjaGFuZ2UiXSwiZXhwIjoxNzAyNTIxMDExLCJpYXQiOjE3MDI1MTc0MTEsImlzcyI6Imh0dHBzOi8vZWFzdHVzLm9pYy5wcm9kLWFrcy5henVyZS5jb20vNzJmOTg4YmYtODZmMS00MWFmLTkxYWItMmQ3Y2QwMTFkYjQ3L2NmZmFjM2I5LWQ3MDMtNGU0YS05MDU3LWI3ZWFiMzA1ZjMwMy8iLCJrdWJlcm5ldGVzLmlvIjp7Im5hbWVzcGFjZSI6ImRlZmF1bHQiLCJwb2QiOnsibmFtZSI6InN0YXRlZnVsc2V0LWF6dXJlZmlsZS0wIiwidWlkIjoiYmZiNmFmOGUtYjA4Zi00ZDAzLWI2MjItNDEwMzEwMTY4ODU4In0sInNlcnZpY2VhY2NvdW50Ijp7Im5hbWUiOiJ3b3JrbG9hZC1pZGVudGl0eS1zYSIsInVpZCI6IjFkODgzZDFjLTliZTUtNDA4Yi05YzcyLWE1MmE4MDBmMjViOCJ9fSwibmJmIjoxNzAyNTE3NDExLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDp3b3JrbG9hZC1pZGVudGl0eS1zYSJ9.N9z3ouArfR2IsPr8IdMlSYlXFHpAF3_B_Nv0XtN73pD2yshtS_ee00cKNGCGIY4VtFjK9eXsDXmAlhOZXGnyBnjYsdoh_ntRSuW6dytEsPZc8foPA_wq-2TRDbZxc3FqoiKSGZz4isPeWYZmKGzDmUNOXGoqJ-FIMVzHlsBqWhQQAPLWU6B8v3m_iSFH-mQiZZVIKsAZLqNH5y3sEQe42CJI30RlXJSnmPil-rcTY_-F6F07eUS0Eat5NWPRnFjrTrYtcCzwyJNjVof5OJ_4UEWR25woV1fA30GDdCkC9xRKX4Kq7baXMbZ2AkUUqaTuzTna-G9rNmFhCSeroKfH1AEO5GrPYgMAaH7W1pi2lXhAFfwC6Ar6rBIOU6b5DRSA8gefAj7kYXehRTMQipFy2giK8YkS0RxOLsds3MZVTajGZR7obJ3iJKuiQkZfTuk_A_NgWD9kWzgMNcFQ12biCv-RMOi_drPS9gmSZctc6syEx5NW7GrhIVl3WugXaC10Qbyy1r0eSWlj41UOzIS_1P-OwqkKgR6qtHVTE4THBDdIyZgNdSt3KQWcXEE3-KLPttCzW_7h4ZL6PsjH5G5gS5miXjlD0brsnwlskrYk9mwRwtBzP6fJevYVkZzYYyrfC5T_9Yh2bno3_cXgQpiQ9AJ_QEmPCd5H4W7rdA29TIg","expirationTimestamp":"2023-12-14T02:30:11Z"}} resourcegroup:weizhichen-test shareName:testshare storageaccount:weizhichenaccount]
W1214 01:30:11.776069       1 azurefile.go:710] parsing volumeID(unique_volume_id) return with error: error parsing volume id: "unique_volume_id", should at least contain two #
I1214 01:30:11.776094       1 azurefile.go:780] clientID is specified, use service account token to get account key
I1214 01:30:12.811176       1 nodeserver.go:329] cifsMountPath(/var/lib/kubelet/pods/bfb6af8e-b08f-4d03-b622-410310168858/volumes/kubernetes.io~csi/pv-azurefile/mount) fstype() volumeID(unique_volume_id) context(map[clientID:0aeece1c-c25d-4a23-8eb2-7983972d97dc csi.storage.k8s.io/ephemeral:false csi.storage.k8s.io/pod.name:statefulset-azurefile-0 csi.storage.k8s.io/pod.namespace:default csi.storage.k8s.io/pod.uid:bfb6af8e-b08f-4d03-b622-410310168858 csi.storage.k8s.io/serviceAccount.name:workload-identity-sa csi.storage.k8s.io/serviceAccount.tokens:{"api://AzureADTokenExchange":{"token":"eyJhbGciOiJSUzI1NiIsImtpZCI6IjlrX1dRS2k1TjB1LW82RFVCenFhcHl6aHd0SUhQMXJvSkprQzJFazQ5QncifQ.eyJhdWQiOlsiYXBpOi8vQXp1cmVBRFRva2VuRXhjaGFuZ2UiXSwiZXhwIjoxNzAyNTIxMDExLCJpYXQiOjE3MDI1MTc0MTEsImlzcyI6Imh0dHBzOi8vZWFzdHVzLm9pYy5wcm9kLWFrcy5henVyZS5jb20vNzJmOTg4YmYtODZmMS00MWFmLTkxYWItMmQ3Y2QwMTFkYjQ3L2NmZmFjM2I5LWQ3MDMtNGU0YS05MDU3LWI3ZWFiMzA1ZjMwMy8iLCJrdWJlcm5ldGVzLmlvIjp7Im5hbWVzcGFjZSI6ImRlZmF1bHQiLCJwb2QiOnsibmFtZSI6InN0YXRlZnVsc2V0LWF6dXJlZmlsZS0wIiwidWlkIjoiYmZiNmFmOGUtYjA4Zi00ZDAzLWI2MjItNDEwMzEwMTY4ODU4In0sInNlcnZpY2VhY2NvdW50Ijp7Im5hbWUiOiJ3b3JrbG9hZC1pZGVudGl0eS1zYSIsInVpZCI6IjFkODgzZDFjLTliZTUtNDA4Yi05YzcyLWE1MmE4MDBmMjViOCJ9fSwibmJmIjoxNzAyNTE3NDExLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDp3b3JrbG9hZC1pZGVudGl0eS1zYSJ9.N9z3ouArfR2IsPr8IdMlSYlXFHpAF3_B_Nv0XtN73pD2yshtS_ee00cKNGCGIY4VtFjK9eXsDXmAlhOZXGnyBnjYsdoh_ntRSuW6dytEsPZc8foPA_wq-2TRDbZxc3FqoiKSGZz4isPeWYZmKGzDmUNOXGoqJ-FIMVzHlsBqWhQQAPLWU6B8v3m_iSFH-mQiZZVIKsAZLqNH5y3sEQe42CJI30RlXJSnmPil-rcTY_-F6F07eUS0Eat5NWPRnFjrTrYtcCzwyJNjVof5OJ_4UEWR25woV1fA30GDdCkC9xRKX4Kq7baXMbZ2AkUUqaTuzTna-G9rNmFhCSeroKfH1AEO5GrPYgMAaH7W1pi2lXhAFfwC6Ar6rBIOU6b5DRSA8gefAj7kYXehRTMQipFy2giK8YkS0RxOLsds3MZVTajGZR7obJ3iJKuiQkZfTuk_A_NgWD9kWzgMNcFQ12biCv-RMOi_drPS9gmSZctc6syEx5NW7GrhIVl3WugXaC10Qbyy1r0eSWlj41UOzIS_1P-OwqkKgR6qtHVTE4THBDdIyZgNdSt3KQWcXEE3-KLPttCzW_7h4ZL6PsjH5G5gS5miXjlD0brsnwlskrYk9mwRwtBzP6fJevYVkZzYYyrfC5T_9Yh2bno3_cXgQpiQ9AJ_QEmPCd5H4W7rdA29TIg","expirationTimestamp":"2023-12-14T02:30:11Z"}} resourcegroup:weizhichen-test shareName:testshare storageaccount:weizhichenaccount]) mountflags([dir_mode=0777 file_mode=0777 uid=0 gid=0 mfsymlinks cache=strict nosharesock]) mountOptions([dir_mode=0777 file_mode=0777 uid=0 gid=0 mfsymlinks cache=strict nosharesock actimeo=30]) volumeMountGroup()
I1214 01:30:12.811560       1 mount_linux.go:243] Detected OS without systemd
I1214 01:30:12.811576       1 mount_linux.go:218] Mounting cmd (mount) with arguments (-t cifs -o dir_mode=0777,file_mode=0777,uid=0,gid=0,mfsymlinks,cache=strict,nosharesock,actimeo=30,<masked> //weizhichenaccount.file.core.windows.net/testshare /var/lib/kubelet/pods/bfb6af8e-b08f-4d03-b622-410310168858/volumes/kubernetes.io~csi/pv-azurefile/mount)
I1214 01:30:13.029480       1 nodeserver.go:363] volume(unique_volume_id) mount //weizhichenaccount.file.core.windows.net/testshare on /var/lib/kubelet/pods/bfb6af8e-b08f-4d03-b622-410310168858/volumes/kubernetes.io~csi/pv-azurefile/mount succeeded
I1214 01:30:13.029622       1 azure_metrics.go:115] "Observed Request Latency" latency_seconds=1.253521313 request="azurefile_csi_driver_node_stage_volume" resource_group="mc_weizhichen-test_weizhichen-test_eastus" subscription_id="" source="file.csi.azure.com" volumeid="unique_volume_id" result_code="succeeded"
I1214 01:30:13.029659       1 utils.go:83] GRPC response: {}
  • When mount ephemeral volume, we use service account token to get the account key during NodePublishVolume
I1214 01:24:31.351593       1 utils.go:76] GRPC call: /csi.v1.Node/NodePublishVolume
I1214 01:24:31.351614       1 utils.go:77] GRPC request: {"target_path":"/var/lib/kubelet/pods/6307069e-fbe9-4ff3-9179-c520e1e343da/volumes/kubernetes.io~csi/persistent-storage/mount","volume_capability":{"AccessType":{"Mount":{}},"access_mode":{"mode":7}},"volume_context":{"clientID":"0aeece1c-c25d-4a23-8eb2-7983972d97dc","csi.storage.k8s.io/ephemeral":"true","csi.storage.k8s.io/pod.name":"nginx-azurefile-inline-volume","csi.storage.k8s.io/pod.namespace":"default","csi.storage.k8s.io/pod.uid":"6307069e-fbe9-4ff3-9179-c520e1e343da","csi.storage.k8s.io/serviceAccount.name":"workload-identity-sa","csi.storage.k8s.io/serviceAccount.tokens":"{\"api://AzureADTokenExchange\":{\"token\":\"eyJhbGciOiJSUzI1NiIsImtpZCI6IjlrX1dRS2k1TjB1LW82RFVCenFhcHl6aHd0SUhQMXJvSkprQzJFazQ5QncifQ.eyJhdWQiOlsiYXBpOi8vQXp1cmVBRFRva2VuRXhjaGFuZ2UiXSwiZXhwIjoxNzAyNTIwNjcxLCJpYXQiOjE3MDI1MTcwNzEsImlzcyI6Imh0dHBzOi8vZWFzdHVzLm9pYy5wcm9kLWFrcy5henVyZS5jb20vNzJmOTg4YmYtODZmMS00MWFmLTkxYWItMmQ3Y2QwMTFkYjQ3L2NmZmFjM2I5LWQ3MDMtNGU0YS05MDU3LWI3ZWFiMzA1ZjMwMy8iLCJrdWJlcm5ldGVzLmlvIjp7Im5hbWVzcGFjZSI6ImRlZmF1bHQiLCJwb2QiOnsibmFtZSI6Im5naW54LWF6dXJlZmlsZS1pbmxpbmUtdm9sdW1lIiwidWlkIjoiNjMwNzA2OWUtZmJlOS00ZmYzLTkxNzktYzUyMGUxZTM0M2RhIn0sInNlcnZpY2VhY2NvdW50Ijp7Im5hbWUiOiJ3b3JrbG9hZC1pZGVudGl0eS1zYSIsInVpZCI6IjFkODgzZDFjLTliZTUtNDA4Yi05YzcyLWE1MmE4MDBmMjViOCJ9fSwibmJmIjoxNzAyNTE3MDcxLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDp3b3JrbG9hZC1pZGVudGl0eS1zYSJ9.nMRqaZUhHKLNkra6-0J4UicV-eEepBKIoErALXCjJJsS228w31q1McOaev8WPHgatkVEiZFMMQqzaUrhMTNc6foYKkHPQaUGRsmDkeVLXbSk5TeKADUsgY7nG6xaDgpNkwyj7KXd3ybp1J5_oMHstZL8xpvLzAWsPMCPDki1wjxfgZH2SnHgUaA5FZs1MiT_OOhM1rtRwtQSEmLHmwpalAQiWZfztVnnML69CxXPcEjGOxhGwAUfuBShIb44MJWxYvuXSNFavj0-x36btKj-sNvgyvEEVJ2j4rNYCAyufPwq-fw-n4VzW-F6uVZe8AqLv-ZMqgetJExsFp4lV2LFurJucpn76fCCR0zM3vHhZQNcbesloxH_mRbuZnP9vyxjjSOhtQsGOh3WHC0oFoLMUrmMY68nvm1MyxVG_vhNqDUoE6tl3147Z6Kczs19z5g_3WWeCqw_sozAya3BwG693iQaijMZPnvkJYoC48GFyYWnF2YVh6PqSHFLO6hWego9TzmsP-xu9T0ye4XrPdk028hkqGyELBTCP3U7E2ejTwC3I1qcq4Vy3N2LGhI3R9EUeBOFC_hfKFB8PAnlRQHYdfR4LrGKl58A-S3PMRogxnTpjujOgzNNipDQ3OvFOUPWCrlqSoQOJhv3THY2x9bHSx8q7TeRV6Rei6qX_mvIQbw\",\"expirationTimestamp\":\"2023-12-14T02:24:31Z\"}}","resourcegroup":"weizhichen-test","shareName":"testshare","storageaccount":"weizhichenaccount"},"volume_id":"csi-ead51bfec25e792bdca4e3f40729506319188cf73617ab987b77beb6a4f90c8f"}
I1214 01:24:31.351748       1 nodeserver.go:64] NodePublishVolume: volume(csi-ead51bfec25e792bdca4e3f40729506319188cf73617ab987b77beb6a4f90c8f) mount on /var/lib/kubelet/pods/6307069e-fbe9-4ff3-9179-c520e1e343da/volumes/kubernetes.io~csi/persistent-storage/mount with service account token, VolumeContext: map[clientID:0aeece1c-c25d-4a23-8eb2-7983972d97dc csi.storage.k8s.io/ephemeral:true csi.storage.k8s.io/pod.name:nginx-azurefile-inline-volume csi.storage.k8s.io/pod.namespace:default csi.storage.k8s.io/pod.uid:6307069e-fbe9-4ff3-9179-c520e1e343da csi.storage.k8s.io/serviceAccount.name:workload-identity-sa csi.storage.k8s.io/serviceAccount.tokens:{"api://AzureADTokenExchange":{"token":"eyJhbGciOiJSUzI1NiIsImtpZCI6IjlrX1dRS2k1TjB1LW82RFVCenFhcHl6aHd0SUhQMXJvSkprQzJFazQ5QncifQ.eyJhdWQiOlsiYXBpOi8vQXp1cmVBRFRva2VuRXhjaGFuZ2UiXSwiZXhwIjoxNzAyNTIwNjcxLCJpYXQiOjE3MDI1MTcwNzEsImlzcyI6Imh0dHBzOi8vZWFzdHVzLm9pYy5wcm9kLWFrcy5henVyZS5jb20vNzJmOTg4YmYtODZmMS00MWFmLTkxYWItMmQ3Y2QwMTFkYjQ3L2NmZmFjM2I5LWQ3MDMtNGU0YS05MDU3LWI3ZWFiMzA1ZjMwMy8iLCJrdWJlcm5ldGVzLmlvIjp7Im5hbWVzcGFjZSI6ImRlZmF1bHQiLCJwb2QiOnsibmFtZSI6Im5naW54LWF6dXJlZmlsZS1pbmxpbmUtdm9sdW1lIiwidWlkIjoiNjMwNzA2OWUtZmJlOS00ZmYzLTkxNzktYzUyMGUxZTM0M2RhIn0sInNlcnZpY2VhY2NvdW50Ijp7Im5hbWUiOiJ3b3JrbG9hZC1pZGVudGl0eS1zYSIsInVpZCI6IjFkODgzZDFjLTliZTUtNDA4Yi05YzcyLWE1MmE4MDBmMjViOCJ9fSwibmJmIjoxNzAyNTE3MDcxLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDp3b3JrbG9hZC1pZGVudGl0eS1zYSJ9.nMRqaZUhHKLNkra6-0J4UicV-eEepBKIoErALXCjJJsS228w31q1McOaev8WPHgatkVEiZFMMQqzaUrhMTNc6foYKkHPQaUGRsmDkeVLXbSk5TeKADUsgY7nG6xaDgpNkwyj7KXd3ybp1J5_oMHstZL8xpvLzAWsPMCPDki1wjxfgZH2SnHgUaA5FZs1MiT_OOhM1rtRwtQSEmLHmwpalAQiWZfztVnnML69CxXPcEjGOxhGwAUfuBShIb44MJWxYvuXSNFavj0-x36btKj-sNvgyvEEVJ2j4rNYCAyufPwq-fw-n4VzW-F6uVZe8AqLv-ZMqgetJExsFp4lV2LFurJucpn76fCCR0zM3vHhZQNcbesloxH_mRbuZnP9vyxjjSOhtQsGOh3WHC0oFoLMUrmMY68nvm1MyxVG_vhNqDUoE6tl3147Z6Kczs19z5g_3WWeCqw_sozAya3BwG693iQaijMZPnvkJYoC48GFyYWnF2YVh6PqSHFLO6hWego9TzmsP-xu9T0ye4XrPdk028hkqGyELBTCP3U7E2ejTwC3I1qcq4Vy3N2LGhI3R9EUeBOFC_hfKFB8PAnlRQHYdfR4LrGKl58A-S3PMRogxnTpjujOgzNNipDQ3OvFOUPWCrlqSoQOJhv3THY2x9bHSx8q7TeRV6Rei6qX_mvIQbw","expirationTimestamp":"2023-12-14T02:24:31Z"}} resourcegroup:weizhichen-test shareName:testshare storageaccount:weizhichenaccount]
W1214 01:24:31.351783       1 azurefile.go:710] parsing volumeID(csi-ead51bfec25e792bdca4e3f40729506319188cf73617ab987b77beb6a4f90c8f) return with error: error parsing volume id: "csi-ead51bfec25e792bdca4e3f40729506319188cf73617ab987b77beb6a4f90c8f", should at least contain two #
I1214 01:24:31.351802       1 azurefile.go:780] clientID is specified, use service account token to get account key
I1214 01:24:32.199412       1 nodeserver.go:329] cifsMountPath(/var/lib/kubelet/pods/6307069e-fbe9-4ff3-9179-c520e1e343da/volumes/kubernetes.io~csi/persistent-storage/mount) fstype() volumeID(csi-ead51bfec25e792bdca4e3f40729506319188cf73617ab987b77beb6a4f90c8f) context(map[clientID:0aeece1c-c25d-4a23-8eb2-7983972d97dc csi.storage.k8s.io/ephemeral:true csi.storage.k8s.io/pod.name:nginx-azurefile-inline-volume csi.storage.k8s.io/pod.namespace:default csi.storage.k8s.io/pod.uid:6307069e-fbe9-4ff3-9179-c520e1e343da csi.storage.k8s.io/serviceAccount.name:workload-identity-sa csi.storage.k8s.io/serviceAccount.tokens:{"api://AzureADTokenExchange":{"token":"eyJhbGciOiJSUzI1NiIsImtpZCI6IjlrX1dRS2k1TjB1LW82RFVCenFhcHl6aHd0SUhQMXJvSkprQzJFazQ5QncifQ.eyJhdWQiOlsiYXBpOi8vQXp1cmVBRFRva2VuRXhjaGFuZ2UiXSwiZXhwIjoxNzAyNTIwNjcxLCJpYXQiOjE3MDI1MTcwNzEsImlzcyI6Imh0dHBzOi8vZWFzdHVzLm9pYy5wcm9kLWFrcy5henVyZS5jb20vNzJmOTg4YmYtODZmMS00MWFmLTkxYWItMmQ3Y2QwMTFkYjQ3L2NmZmFjM2I5LWQ3MDMtNGU0YS05MDU3LWI3ZWFiMzA1ZjMwMy8iLCJrdWJlcm5ldGVzLmlvIjp7Im5hbWVzcGFjZSI6ImRlZmF1bHQiLCJwb2QiOnsibmFtZSI6Im5naW54LWF6dXJlZmlsZS1pbmxpbmUtdm9sdW1lIiwidWlkIjoiNjMwNzA2OWUtZmJlOS00ZmYzLTkxNzktYzUyMGUxZTM0M2RhIn0sInNlcnZpY2VhY2NvdW50Ijp7Im5hbWUiOiJ3b3JrbG9hZC1pZGVudGl0eS1zYSIsInVpZCI6IjFkODgzZDFjLTliZTUtNDA4Yi05YzcyLWE1MmE4MDBmMjViOCJ9fSwibmJmIjoxNzAyNTE3MDcxLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDp3b3JrbG9hZC1pZGVudGl0eS1zYSJ9.nMRqaZUhHKLNkra6-0J4UicV-eEepBKIoErALXCjJJsS228w31q1McOaev8WPHgatkVEiZFMMQqzaUrhMTNc6foYKkHPQaUGRsmDkeVLXbSk5TeKADUsgY7nG6xaDgpNkwyj7KXd3ybp1J5_oMHstZL8xpvLzAWsPMCPDki1wjxfgZH2SnHgUaA5FZs1MiT_OOhM1rtRwtQSEmLHmwpalAQiWZfztVnnML69CxXPcEjGOxhGwAUfuBShIb44MJWxYvuXSNFavj0-x36btKj-sNvgyvEEVJ2j4rNYCAyufPwq-fw-n4VzW-F6uVZe8AqLv-ZMqgetJExsFp4lV2LFurJucpn76fCCR0zM3vHhZQNcbesloxH_mRbuZnP9vyxjjSOhtQsGOh3WHC0oFoLMUrmMY68nvm1MyxVG_vhNqDUoE6tl3147Z6Kczs19z5g_3WWeCqw_sozAya3BwG693iQaijMZPnvkJYoC48GFyYWnF2YVh6PqSHFLO6hWego9TzmsP-xu9T0ye4XrPdk028hkqGyELBTCP3U7E2ejTwC3I1qcq4Vy3N2LGhI3R9EUeBOFC_hfKFB8PAnlRQHYdfR4LrGKl58A-S3PMRogxnTpjujOgzNNipDQ3OvFOUPWCrlqSoQOJhv3THY2x9bHSx8q7TeRV6Rei6qX_mvIQbw","expirationTimestamp":"2023-12-14T02:24:31Z"}} resourcegroup:weizhichen-test shareName:testshare storageaccount:weizhichenaccount]) mountflags([]) mountOptions([ file_mode=0777 dir_mode=0777 actimeo=30 mfsymlinks nosharesock]) volumeMountGroup()
I1214 01:24:32.199668       1 mount_linux.go:218] Mounting cmd (mount) with arguments (-t cifs -o ,file_mode=0777,dir_mode=0777,actimeo=30,mfsymlinks,nosharesock,<masked> //weizhichenaccount.file.core.windows.net/testshare /var/lib/kubelet/pods/6307069e-fbe9-4ff3-9179-c520e1e343da/volumes/kubernetes.io~csi/persistent-storage/mount)
I1214 01:24:32.278606       1 nodeserver.go:363] volume(csi-ead51bfec25e792bdca4e3f40729506319188cf73617ab987b77beb6a4f90c8f) mount //weizhichenaccount.file.core.windows.net/testshare on /var/lib/kubelet/pods/6307069e-fbe9-4ff3-9179-c520e1e343da/volumes/kubernetes.io~csi/persistent-storage/mount succeeded
I1214 01:24:32.278710       1 azure_metrics.go:115] "Observed Request Latency" latency_seconds=0.926907381 request="azurefile_csi_driver_node_stage_volume" resource_group="mc_weizhichen-test_weizhichen-test_eastus" subscription_id="" source="file.csi.azure.com" volumeid="csi-ead51bfec25e792bdca4e3f40729506319188cf73617ab987b77beb6a4f90c8f" result_code="succeeded"
I1214 01:24:32.278777       1 utils.go:83] GRPC response: {}
I1214 01:25:13.031250       1 azure_metrics.go:115] "Observed Request Latency" latency_seconds=0.008469899 request="azurefile_csi_driver_node_get_volume_stats" resource_group="mc_weizhichen-test_weizhichen-test_eastus" subscription_id="" source="file.csi.azure.com" volumeid="csi-ead51bfec25e792bdca4e3f40729506319188cf73617ab987b77beb6a4f90c8f" result_code="succeeded"

Release note:

feat: support workload identity setting in static PV mount on AKS

@k8s-ci-robot k8s-ci-robot added kind/feature Categorizes issue or PR as related to a new feature. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. labels Nov 14, 2023
@cvvz cvvz changed the title feat: support workload identity setting in static PV mount on AKS [WIP]feat: support workload identity setting in static PV mount on AKS Nov 14, 2023
@k8s-ci-robot k8s-ci-robot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Nov 14, 2023
andyzhangx
andyzhangx reviewed Nov 14, 2023
View reviewed changes
Copy link
Member

@andyzhangx andyzhangx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pls provide brief description in PR, .e.g.
what new fields are introduced
what protocol is supported
dynamic provisioning (storage class) is not supported, etc.

docs/workload-identity-static-pv-mount.md Show resolved Hide resolved
docs/workload-identity-static-pv-mount.md Outdated Show resolved Hide resolved
docs/workload-identity-static-pv-mount.md Outdated Show resolved Hide resolved
docs/workload-identity-static-pv-mount.md Outdated

## prerequisite

### 1. Create a cluster with oidc-issuer enabled
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

there is already doc here: https://github.com/kubernetes-sigs/azurefile-csi-driver/blob/master/docs/workload-identity.md, it's better removing redundant doc steps otherwise we need to maintain two doc pages.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Basically, these are two very different features for different purpose although they both use federated workload identity and actually there are very few common steps between these two docs and maintain two docs should be better.

pkg/azurefile/nodeserver.go Show resolved Hide resolved
@andyzhangx
Copy link
Member

btw, AKS should be removed in PR title since this is not only for AKS

@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Nov 19, 2023
@cvvz cvvz changed the title [WIP]feat: support workload identity setting in static PV mount on AKS [WIP]feat: support workload identity setting in static PV mount Dec 13, 2023
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. labels Dec 13, 2023
andyzhangx
andyzhangx reviewed Dec 14, 2023
View reviewed changes
docs/workload-identity-static-pv-mount.md Outdated
az aks get-credentials -n $CLUSTER_NAME -g $RESOURCE_GROUP --overwrite-existing
```

### 2. Create a storage account and fileshare (or use your own storage account and fileshare)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove the account creation steps

docs/workload-identity-static-pv-mount.md Outdated

az group create --name $RESOURCE_GROUP --location $REGION

az aks create -n $CLUSTER_NAME -g $RESOURCE_GROUP --enable-oidc-issuer
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let's only mention --enable-oidc-issuer should be specified for cluster creation.

@k8s-ci-robot k8s-ci-robot added needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. and removed needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. labels Dec 15, 2023
@cvvz cvvz changed the title [WIP]feat: support workload identity setting in static PV mount feat: support workload identity setting in static PV mount Dec 26, 2023
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Dec 26, 2023
andyzhangx
andyzhangx reviewed Dec 26, 2023
View reviewed changes
pkg/azurefile/nodeserver.go Outdated
@@ -59,6 +59,19 @@ func (d *Driver) NodePublishVolume(ctx context.Context, req *csi.NodePublishVolu
mountPermissions := d.mountPermissions
context := req.GetVolumeContext()
if context != nil {
// token request
if context[serviceAccountTokenField] != "" && context[clientIDField] != "" {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

clientID is a user input parameter, since all user input parameters are not case sensitive, suggest using a func to check whether it's a token request

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I use a func to check the clientIDField for both upper and lower case.

pkg/azurefile/nodeserver.go Outdated
@@ -155,6 +168,12 @@ func (d *Driver) NodeStageVolume(ctx context.Context, req *csi.NodeStageVolumeRe

volumeID := req.GetVolumeId()
context := req.GetVolumeContext()

if context[serviceAccountTokenField] == "" && context[clientIDField] != "" {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

clientID is a user input parameter, since all user input parameters are not case sensitive, suggest using a func to check whether it's a token request

@cvvz
Copy link
Member Author

cvvz commented Dec 27, 2023

/retest

andyzhangx
andyzhangx reviewed Dec 27, 2023
View reviewed changes
Copy link
Member

@andyzhangx andyzhangx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pls squash all commits, it lgtm in general.

pkg/azurefile/azurefile.go Outdated
@@ -765,8 +778,16 @@ func (d *Driver) GetAccountInfo(ctx context.Context, volumeID string, secrets, r
}
}

// if client id is specified, we only use service account token to get account key
if clientID != "" {
klog.Info("clientID is specified, use service account token to get account key")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

klog.V(2).Infof("clientID(%s) is specified, use service account token to get account key", clientID)

pkg/azurefile/nodeserver.go Outdated Show resolved Hide resolved
@cvvz
Squashed commit of the following:
64c67e3 
commit 15c7f99
Merge: 8388a01 7fe3ebc
Author: weizhichen <weizhichen@microsoft.com>
Date:   Wed Dec 27 09:37:50 2023 +0000

    Merge branch 'master' of https://github.com/kubernetes-sigs/azurefile-csi-driver into workload-identity

commit 8388a01
Author: weizhichen <weizhichen@microsoft.com>
Date:   Wed Dec 27 09:33:51 2023 +0000

    fix

commit 44c4812
Author: weizhichen <weizhichen@microsoft.com>
Date:   Wed Dec 27 06:15:20 2023 +0000

    fix

commit 09e5b67
Author: weizhichen <weizhichen@microsoft.com>
Date:   Wed Dec 27 04:00:47 2023 +0000

    fix

commit 354f4d7
Author: weizhichen <weizhichen@microsoft.com>
Date:   Tue Dec 26 08:29:07 2023 +0000

    helm

commit 960912d
Merge: 0c58154 5dd86f5
Author: weizhichen <weizhichen@microsoft.com>
Date:   Tue Dec 26 08:00:51 2023 +0000

    Merge branch 'master' of https://github.com/kubernetes-sigs/azurefile-csi-driver into workload-identity

commit 0c58154
Merge: e3adfa4 d519073
Author: weizhichen <weizhichen@microsoft.com>
Date:   Mon Dec 18 02:18:53 2023 +0000

    Merge branch 'master' of https://github.com/kubernetes-sigs/azurefile-csi-driver into workload-identity

commit e3adfa4
Author: weizhichen <weizhichen@microsoft.com>
Date:   Thu Dec 14 03:17:25 2023 +0000

    spell

commit 78c82b5
Author: weizhichen <weizhichen@microsoft.com>
Date:   Thu Dec 14 03:09:16 2023 +0000

    doc

commit 7bb959f
Author: weizhichen <weizhichen@microsoft.com>
Date:   Thu Dec 14 03:05:08 2023 +0000

    doc

commit 2dde59d
Author: weizhichen <weizhichen@microsoft.com>
Date:   Wed Dec 13 14:45:37 2023 +0000

    doc

commit e774ff5
Author: weizhichen <weizhichen@microsoft.com>
Date:   Wed Dec 13 13:46:37 2023 +0000

    update go mod

commit 2e79ca3
Merge: 7846026 6cfe218
Author: weizhichen <weizhichen@microsoft.com>
Date:   Wed Dec 13 13:19:41 2023 +0000

    Merge branch 'master' of https://github.com/kubernetes-sigs/azurefile-csi-driver into workload-identity

commit 7846026
Author: weizhichen <weizhichen@microsoft.com>
Date:   Wed Dec 13 13:07:48 2023 +0000

    update go mod

commit 0446a46
Author: weizhichen <weizhichen@microsoft.com>
Date:   Fri Nov 24 08:52:03 2023 +0000

    update cloud-provider-azure

commit ff2aeb4
Author: weizhichen <weizhichen@microsoft.com>
Date:   Tue Nov 14 12:29:14 2023 +0000

    doc

commit 633641b
Author: weizhichen <weizhichen@microsoft.com>
Date:   Tue Nov 14 12:01:02 2023 +0000

    add docs

commit afcb818
Author: weizhichen <weizhichen@microsoft.com>
Date:   Tue Nov 14 11:20:40 2023 +0000

    feat: support workload identity setting in static PV mount on AKS
@cvvz cvvz force-pushed the workload-identity branch from 15c7f99 to 64c67e3 Compare December 27, 2023 09:41
@cvvz
Copy link
Member Author

cvvz commented Dec 28, 2023

/retest

1 similar comment
@cvvz
Copy link
Member Author

cvvz commented Dec 28, 2023

/retest

andyzhangx
andyzhangx approved these changes Dec 28, 2023
View reviewed changes
Copy link
Member

@andyzhangx andyzhangx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Dec 28, 2023
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: andyzhangx, cvvz

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Dec 28, 2023
@andyzhangx andyzhangx merged commit 3decb86 into kubernetes-sigs:master Dec 28, 2023
27 checks passed
@andyzhangx
Copy link
Member

/cherrypick release-1.29

@k8s-infra-cherrypick-robot
Copy link

@andyzhangx: #1566 failed to apply on top of branch "release-1.29":

Applying: Squashed commit of the following:
Using index info to reconstruct a base tree...
A	charts/latest/azurefile-csi-driver-v0.0.0.tgz
M	go.mod
M	go.sum
M	pkg/azurefile/azurefile.go
M	vendor/modules.txt
M	vendor/sigs.k8s.io/cloud-provider-azure/pkg/azureclients/diskclient/mockdiskclient/interface.go
M	vendor/sigs.k8s.io/cloud-provider-azure/pkg/azureclients/fileclient/mockfileclient/interface.go
M	vendor/sigs.k8s.io/cloud-provider-azure/pkg/azureclients/interfaceclient/mockinterfaceclient/interface.go
M	vendor/sigs.k8s.io/cloud-provider-azure/pkg/azureclients/loadbalancerclient/mockloadbalancerclient/interface.go
M	vendor/sigs.k8s.io/cloud-provider-azure/pkg/azureclients/privatelinkserviceclient/mockprivatelinkserviceclient/interface.go
M	vendor/sigs.k8s.io/cloud-provider-azure/pkg/azureclients/publicipclient/mockpublicipclient/interface.go
M	vendor/sigs.k8s.io/cloud-provider-azure/pkg/azureclients/routeclient/mockrouteclient/interface.go
M	vendor/sigs.k8s.io/cloud-provider-azure/pkg/azureclients/routetableclient/mockroutetableclient/interface.go
M	vendor/sigs.k8s.io/cloud-provider-azure/pkg/azureclients/securitygroupclient/mocksecuritygroupclient/interface.go
M	vendor/sigs.k8s.io/cloud-provider-azure/pkg/azureclients/snapshotclient/mocksnapshotclient/interface.go
M	vendor/sigs.k8s.io/cloud-provider-azure/pkg/azureclients/storageaccountclient/mockstorageaccountclient/interface.go
M	vendor/sigs.k8s.io/cloud-provider-azure/pkg/azureclients/subnetclient/mocksubnetclient/interface.go
M	vendor/sigs.k8s.io/cloud-provider-azure/pkg/azureclients/vmclient/mockvmclient/interface.go
M	vendor/sigs.k8s.io/cloud-provider-azure/pkg/azureclients/vmssclient/mockvmssclient/interface.go
M	vendor/sigs.k8s.io/cloud-provider-azure/pkg/azureclients/vmssvmclient/mockvmssvmclient/interface.go
M	vendor/sigs.k8s.io/cloud-provider-azure/pkg/provider/azure.go
M	vendor/sigs.k8s.io/cloud-provider-azure/pkg/provider/azure_controller_common.go
M	vendor/sigs.k8s.io/cloud-provider-azure/pkg/provider/azure_loadbalancer.go
M	vendor/sigs.k8s.io/cloud-provider-azure/pkg/provider/azure_loadbalancer_healthprobe.go.git/rebase-apply/patch:579: trailing whitespace.
> Note: 
.git/rebase-apply/patch:684: trailing whitespace.
  podManagementPolicy: Parallel 
warning: 2 lines add whitespace errors.

M	vendor/sigs.k8s.io/cloud-provider-azure/pkg/provider/azure_storageaccount.go
Falling back to patching base and 3-way merge...
Auto-merging vendor/sigs.k8s.io/cloud-provider-azure/pkg/provider/azure_storageaccount.go
Auto-merging vendor/sigs.k8s.io/cloud-provider-azure/pkg/provider/azure_loadbalancer_healthprobe.go
Auto-merging vendor/sigs.k8s.io/cloud-provider-azure/pkg/provider/azure_loadbalancer.go
Auto-merging vendor/sigs.k8s.io/cloud-provider-azure/pkg/provider/azure_controller_common.go
CONFLICT (content): Merge conflict in vendor/sigs.k8s.io/cloud-provider-azure/pkg/provider/azure_controller_common.go
Auto-merging vendor/sigs.k8s.io/cloud-provider-azure/pkg/provider/azure.go
CONFLICT (content): Merge conflict in vendor/sigs.k8s.io/cloud-provider-azure/pkg/provider/azure.go
Auto-merging vendor/modules.txt
CONFLICT (content): Merge conflict in vendor/modules.txt
Auto-merging pkg/azurefile/azurefile.go
Auto-merging go.sum
CONFLICT (content): Merge conflict in go.sum
Auto-merging go.mod
CONFLICT (content): Merge conflict in go.mod
CONFLICT (modify/delete): charts/latest/azurefile-csi-driver-v0.0.0.tgz deleted in HEAD and modified in Squashed commit of the following:. Version Squashed commit of the following: of charts/latest/azurefile-csi-driver-v0.0.0.tgz left in tree.
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0001 Squashed commit of the following:
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".

In response to this:

/cherrypick release-1.29

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@andyzhangx
Copy link
Member

@cvvz can you cherrypick to release-1.29 and also make similar change in blob csi driver? thanks.

@k8s-ci-robot
Copy link
Contributor

@cvvz: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
pull-azurefile-csi-driver-e2e-capz-windows-2019 64c67e3 link unknown /test pull-azurefile-csi-driver-e2e-capz-windows-2019
pull-azurefile-csi-driver-external-e2e-nfs 64c67e3 link unknown /test pull-azurefile-csi-driver-external-e2e-nfs
pull-azurefile-csi-driver-e2e-capz 64c67e3 link unknown /test pull-azurefile-csi-driver-e2e-capz

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@cvvz cvvz mentioned this pull request Dec 29, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andyzhangx andyzhangx andyzhangx approved these changes

@ZeroMagic ZeroMagic Awaiting requested review from ZeroMagic

Assignees

@andyzhangx andyzhangx

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/feature Categorizes issue or PR as related to a new feature. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@cvvz @andyzhangx @k8s-ci-robot @k8s-infra-cherrypick-robot