azure.workload.identity/inject-proxy-sidecar set to false is not respected
dnitsch opened this issue · 0 comments
Describe the bug
When setting the annotation of azure.workload.identity/inject-proxy-sidecar to false this is not respected as the shouldInjectProxySidecar helper method only checks the existance of the key in the map and not the value.
The docs do say somewhat misleadingly to set this value to true or false if you want the migration sidecar container
However, it would be a much nicer user experience to have a flag respected.
Steps To Reproduce
create a deployment and set the azure.workload.identity/inject-proxy-sidecar to false and then query the pods for that deployment and you will see a azwi-proxy and awei-proxy-init containers added as well as all the required volumes and env variables.
Expected behavior
setting the azure.workload.identity/inject-proxy-sidecar value to false is respected and sidecar creation is skipped.
Logs
Environment
- Kubernetes version (use
kubectl version):
v1.26.6
GoVersion:"go1.19.10", Compiler:"gc", Platform:"linux/amd64"} - Cloud provider or hardware configuration:
- Azure (AKS)
- OS (e.g:
cat /etc/os-release): - Kernel (e.g.
uname -a): - Install tools:
- Network plugin and version (if this is a network-related bug):
- Others:
Additional context