Fix dev overlay IDENTITY_PROVIDER passthrough

Question

Fix dev overlay IDENTITY_PROVIDER passthrough

saikat-royc opened this issue 9 months ago · 1 comments

When deploying the dev overlay, the --identity-provider=$(IDENTITY_PROVIDER) flag is missing in the gcs fuse container

      - args:
        - --v=5
        - --endpoint=unix:/csi/csi.sock
        - --nodeid=$(KUBE_NODE_NAME)
        - --node=true
        - --enable-profiling=true
        env:
        - name: KUBE_NODE_NAME
          valueFrom:
            fieldRef:
              fieldPath: spec.nodeName
        - name: IDENTITY_PROVIDER
           value: <>

This causes token exchange failures

error fetching initial token: identity binding token fetch error: IdentityBindingToken exchange error with audience googleapi: got HTTP response code 400 with body: {"error":"invalid_request","error_description":"Invalid value for \"audience\". This value should be the full resource name of the Identity Provider. See https://cloud.google.com/iam/docs/reference/sts/rest/v1/TopLevel/token for the list of possible formats."}