Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

azure.workload.identity/inject-proxy-sidecar set to false is not respected #1210

Open
dnitsch opened this issue Dec 18, 2023 · 0 comments
Open
Labels
bug Something isn't working

Comments

@dnitsch
Copy link

dnitsch commented Dec 18, 2023

Describe the bug
When setting the annotation of azure.workload.identity/inject-proxy-sidecar to false this is not respected as the shouldInjectProxySidecar helper method only checks the existance of the key in the map and not the value.

The docs do say somewhat misleadingly to set this value to true or false if you want the migration sidecar container

https://learn.microsoft.com/en-us/azure/aks/workload-identity-migrate-from-pod-identity#deploy-the-workload-with-migration-sidecar

However, it would be a much nicer user experience to have a flag respected.

Steps To Reproduce

create a deployment and set the azure.workload.identity/inject-proxy-sidecar to false and then query the pods for that deployment and you will see a azwi-proxy and awei-proxy-init containers added as well as all the required volumes and env variables.

Expected behavior

setting the azure.workload.identity/inject-proxy-sidecar value to false is respected and sidecar creation is skipped.

Logs

Environment

  • Kubernetes version (use kubectl version):
    v1.26.6
    GoVersion:"go1.19.10", Compiler:"gc", Platform:"linux/amd64"}
  • Cloud provider or hardware configuration:
  • Azure (AKS)
  • OS (e.g: cat /etc/os-release):
  • Kernel (e.g. uname -a):
  • Install tools:
  • Network plugin and version (if this is a network-related bug):
  • Others:

Additional context

# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

1 participant