Merge pull request openshift#5216 from bryan-cox/OCPBUGS-44967

OCPBUGS-44967: Pass only the certificate name for CNO deployment
bryan-cox · Dec 5, 2024 · 5d79a32 · 5d79a32
2 parents 443bf28 + d776234
commit 5d79a32
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 11 deletions.
diff --git a/control-plane-operator/controllers/hostedcontrolplane/cno/clusternetworkoperator.go b/control-plane-operator/controllers/hostedcontrolplane/cno/clusternetworkoperator.go
@@ -622,11 +622,20 @@ if [[ -n $sc ]]; then kubectl --kubeconfig $kc delete --ignore-not-found validat
 	// to use on the CNCC deployment.
 	if azureutil.IsAroHCP() {
 		dep.Spec.Template.Spec.Containers[0].Env = append(dep.Spec.Template.Spec.Containers[0].Env,
-			azureutil.CreateEnvVarsForAzureManagedIdentity(params.AzureClientID, params.AzureTenantID, params.AzureCertificateName)...)
-
-		dep.Spec.Template.Spec.Containers[0].Env = append(dep.Spec.Template.Spec.Containers[0].Env,
 			corev1.EnvVar{
-				Name:  "ARO_HCP_SECRET_PROVIDER_CLASS",
+				Name:  config.ManagedAzureClientIdEnvVarKey,
+				Value: params.AzureClientID,
+			},
+			corev1.EnvVar{
+				Name:  config.ManagedAzureTenantIdEnvVarKey,
+				Value: params.AzureTenantID,
+			},
+			corev1.EnvVar{
+				Name:  config.ManagedAzureCertificateNameEnvVarKey,
+				Value: params.AzureCertificateName,
+			},
+			corev1.EnvVar{
+				Name:  config.ManagedAzureSecretProviderClassEnvVarKey,
 				Value: config.ManagedAzureNetworkSecretStoreProviderClassName,
 			},
 		)

diff --git a/support/config/constants.go b/support/config/constants.go
@@ -61,13 +61,15 @@ const (
 	// management cluster's resource group in Azure.
 	AROHCPKeyVaultManagedIdentityClientID = "ARO_HCP_KEY_VAULT_USER_CLIENT_ID"
 
-	ManagedAzureClientIdEnvVarKey        = "ARO_HCP_MI_CLIENT_ID"
-	ManagedAzureTenantIdEnvVarKey        = "ARO_HCP_TENANT_ID"
-	ManagedAzureCertificatePathEnvVarKey = "ARO_HCP_CLIENT_CERTIFICATE_PATH"
-	ManagedAzureCertificateMountPath     = "/mnt/certs"
-	ManagedAzureCertificatePath          = "/mnt/certs/"
-	ManagedAzureSecretsStoreCSIDriver    = "secrets-store.csi.k8s.io"
-	ManagedAzureSecretProviderClass      = "secretProviderClass"
+	ManagedAzureClientIdEnvVarKey            = "ARO_HCP_MI_CLIENT_ID"
+	ManagedAzureTenantIdEnvVarKey            = "ARO_HCP_TENANT_ID"
+	ManagedAzureCertificatePathEnvVarKey     = "ARO_HCP_CLIENT_CERTIFICATE_PATH"
+	ManagedAzureCertificateNameEnvVarKey     = "ARO_HCP_CLIENT_CERTIFICATE_NAME"
+	ManagedAzureSecretProviderClassEnvVarKey = "ARO_HCP_SECRET_PROVIDER_CLASS"
+	ManagedAzureCertificateMountPath         = "/mnt/certs"
+	ManagedAzureCertificatePath              = "/mnt/certs/"
+	ManagedAzureSecretsStoreCSIDriver        = "secrets-store.csi.k8s.io"
+	ManagedAzureSecretProviderClass          = "secretProviderClass"
 
 	ManagedAzureCPOSecretProviderClassName                = "managed-azure-cpo"
 	ManagedAzureCPOSecretStoreVolumeName                  = "cpo-cert"