Ability to set the masternode api address

[mvandewouw]

AKS cluster deployed with UDR for egress traffic via AzureFW.

Somehow we cannot set the KUBERNETES_SERVICE_HOST to the FQDN of our AKS cluster.
We are getting timeouts when the pod tries to mount the volume because it tries to connect to the masternode-api on the Service CIDR.

We would like to be able to configure the fqdn of the k8s masternode api.

Which access mode did you use to access the Azure Key Vault instance:
Service Principal

Environment:

• Secrets Store CSI Driver version: (use the image tag): 0.0.7
• Azure Key Vault provider version: (use the image tag): 0.0.6
• Kubernetes version: (use kubectl version and kubectl get nodes -o wide): v1.16.9
• Cluster type: (e.g. AKS, aks-engine, etc): AKS

[aramase]

@mvandewouw As documented in this specific issue, AKS sets the KUBERNETES_SERVICE_HOST to fqdn for pods deployed in kube-system namespace. The options for driver would be to -

1. deploy in kube-system namespace
2. Set the KUBERNETES_SERVICE_HOST to be fqdn in all the pods. This is not an option using helm chart, but you should be able to manually set those once the pods are deployed.

        env:
          - name: KUBERNETES_SERVICE_HOST
            value: <your-fqdn-prefix>.hcp.<region>.azmk8s.io

[mvandewouw]

Hi thanks for your suggestions
To be honest, i dont know if 1. is supported by Microsoft
And it would be ideal if we can set this environment variable during deploytime so deployment is done correctly first time.

We also do this with helm traefik deployment (setting the KUBERNETES_SERVICE_HOST)

[aramase]

Thank you for the reference @mvandewouw. Opened kubernetes-sigs/secrets-store-csi-driver#246 to track this.

[aramase]

Closing this with kubernetes-sigs/secrets-store-csi-driver#279. This will be included in the next release of driver.