swap curl for az storage blob download for credential provider #4961
Conversation
Signed-off-by: Jeremy Rickard <[email protected]>
k8s-ci-robot
added
release-note
k8s-ci-robot
added
the
size/S
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #4961 +/- ##
=======================================
Coverage 62.25% 62.25%
=======================================
Files 201 201
Lines 16912 16912
=======================================
Hits 10529 10529
Misses 5590 5590
Partials 793 793 ☔ View full report in Codecov by Sentry. |
|
@jeremyrickard: The following tests failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
| echo "Use OOT credential provider" | ||
| mkdir C:\var\lib\kubelet\credential-provider | ||
| curl.exe --retry 10 --retry-delay 5 -L "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/azure-acr-credential-provider.exe" --output C:\var\lib\kubelet\credential-provider\acr-credential-provider.exe | ||
| az storage blob download --blob-url "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/azure-acr-credential-provider.exe" --file "C:\var\lib\kubelet\credential-provider\acr-credential-provider.exe" --auth-mode login |
There was a problem hiding this comment.
The source of truth for these scripts looks to be in the oot-credential-provider*.yaml files here: https://github.com/kubernetes-sigs/cluster-api-provider-azure/tree/5493e53d1aff013b9a093c9732559f12b51b01ca/templates/test/ci/prow-ci-version/patches
Making these changes there then running make generate should get the "Verify" CI check green.
There was a problem hiding this comment.
@jackfrancis Do you remember exactly what the issue was with #4724? I can't think of any blockers there anymore. I've been doing local testing with custom builds/CI versions and have been needing to make these changes in order to run in the corp tenant. I can open a PR unless you know of some reason that obviously still won't work.
|
I am working on something similar, posting here for reference #5109 |
What type of PR is this?
/kind bug
What this PR does / why we need it:
This PR makes a change to
templates/test/dev/cluster-template-custom-builds.yamlto replace the use of curl to get the acr credential provider with the az storage download call to be consistent with the rest of the template. In cases where the test is using a storage account with anon blob access disabled, az storage blob download is required.Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Fixes #
Special notes for your reviewer:
TODOs:
Release note: