Use a different bucket for pod-identity-webhook discovery store

rifelpet · Oct 4, 2024 · 1f4a97f · 1f4a97f
1 parent 6241230
commit 1f4a97f
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 1 deletion.
diff --git a/tests/e2e/kubetest2-kops/deployer/common.go b/tests/e2e/kubetest2-kops/deployer/common.go
@@ -331,6 +331,18 @@ func (d *deployer) stateStore() string {
 	return ss
 }
 
+// discoveryStore returns the VFS path to use for public OIDC documents
+func (d *deployer) discoveryStore() string {
+	discovery := os.Getenv("KOPS_DISCOVERY_STORE")
+	if discovery == "" {
+		switch d.CloudProvider {
+		case "aws":
+			discovery = "s3://k8s-kops-ci-prow"
+		}
+	}
+	return discovery
+}
+
 func (d *deployer) stagingStore() string {
 	sb := os.Getenv("KOPS_STAGING_BUCKET")
 	if sb == "" {

diff --git a/tests/e2e/kubetest2-kops/deployer/template.go b/tests/e2e/kubetest2-kops/deployer/template.go
@@ -79,6 +79,7 @@ func (d *deployer) templateValues(zones []string, publicIP string) (map[string]i
 		"kubernetesVersion": d.KubernetesVersion,
 		"publicIP":          publicIP,
 		"stateStore":        d.stateStore(),
+		"discoveryStore":    d.discoveryStore(),
 		"zones":             zones,
 		"sshPublicKey":      string(publicKey),
 	}, nil

diff --git a/tests/e2e/scenarios/podidentitywebhook/cluster.yaml.tmpl b/tests/e2e/scenarios/podidentitywebhook/cluster.yaml.tmpl
@@ -40,7 +40,7 @@ spec:
   podIdentityWebhook:
     enabled: true
   serviceAccountIssuerDiscovery:
-    discoveryStore: "{{.stateStore}}/{{.clusterName}}"
+    discoveryStore: "{{.discoveryStore}}/{{.clusterName}}"
     enableAWSOIDCProvider: true
   sshAccess:
     - {{.publicIP}}