[akv2k8s] Fix broken volumeMount when userDefinedMSI is enabled

[KenADev]

Problem Statement

I encountered the following error when setting global.userDefinedMSI.enabled to true, causing the controller and env-injector pods to crash:

# E0609 21:45:27.641654 1 main.go:178] "failed to create cloud config provider for azure key vault" err="Failed reading azure config from /etc/kubernetes/azure.json, error: failed reading cloud config, error: read /etc/kubernetes/azure.json: is a directory" file="/etc/kubernetes/azure.json" `

A short excerpt from the rendered controller-deployment.yaml explains the issue:

        volumeMounts:
          - name: azure-config
            mountPath: "/etc/kubernetes/azure.json"
            readOnly: true
      volumes:
      - name: azure-config
        configMap:
          defaultMode: 420
          items:
          - key: azure.json
            path: azure.json
          name: akv2k8s-azureconfig

The volumeMount defines the mountPath (which becomes a directory inside the pod) as /etc/kubernetes/azure.json and mounts the ConfigMap as azure.json within it, causing it's real location to be /etc/kubernetes/azure.json/azure.json.

Hence, the error about /etc/kubernetes/azure.json being a directory is true.

When userDefinedMSI is enabled, the correct mountPath should be /etc/kubernetes/, so that the ConfigMap is mounted to /etc/kubernetes/azure.json as intended.

Steps to Reproduce

Chart.yaml:

---
apiVersion: v2
name: akv2k8s
version: 1.0.0
appVersion: 2.3.5
description: Installs akv2k8s
type: application
dependencies:
  - name: akv2k8s
    repository: https://charts.spvapi.no
    version: 2.3.5

values.yaml:

akv2k8s:
  global:
    metrics:
      enabled: true
    userDefinedMSI:
      enabled: true
      msi: 'msi-uuid'
      subscriptionId: 'subscription-uuid'
      tenantId: 'tenant-uuid'
      azureCloudType: 'AzureCloud'

Commands:

helm dependency build 
helm upgrade --install akv2k8s --create-namespace --namespace akv2k8s . --values values.yaml --debug

Resolution

This PR resolves the issue by:

• Introducing an if-else-block in the volumeMount section of the deployments
  • If the ConfigMap is mounted (userDefinedMSI.enabled == true), use Helm's dir function in order to get the directory path of .Values.cloudConfig (e.g., /etc/kubernetes/)
• Using Helm's base function to set the path of the configMap's azure.json key to the filename set in .Values.cloudConfig (e.g., azure.json)

These changes fix the mentioned issue while still mounting the ConfigMap to whatever path is defined in .Values.cloudConfig.

.