cluster/gce/gci/credential-provider: add a README

Signed-off-by: Andrew Sy Kim <andrewsy@google.com> Co-authored-by: Aditi Sharma <adi.sky17@gmail.com>
2025-07-21 19:01:49 +00:00 · 2022-03-11 15:47:27 +00:00 · 2022-03-11 15:47:27 +00:00 · fe55bf111b
commit fe55bf111b
parent ddeb1e1352
1 changed files with 35 additions and 0 deletions
--- a/cluster/gce/gci/credential-provider/README.md
+++ b/cluster/gce/gci/credential-provider/README.md
@ -0,0 +1,35 @@
+# GCP credential provider for e2e testing
+
+This package contains a barebones implementation of the [kubelet GCP credential
+provider](https://github.com/kubernetes/cloud-provider-gcp/tree/master/cmd/auth-provider-gcp)
+for testing purposes only. This plugin SHOULD NOT be used in production.
+
+This credential provider is installed and configured in the node e2e tests by:
+
+1. Building the credential-provider binary and including it in the test archive
+   uploaded to the GCE remote node.
+
+2. Writing the credential provider config into the temporary workspace consumed
+  by the kubelet. The contents of the config should be something like this:
+
+```yaml
+kind: CredentialProviderConfig
+apiVersion: kubelet.config.k8s.io/v1alpha1
+providers:
+  - name: credential-provider
+    apiVersion: credentialprovider.kubelet.k8s.io/v1alpha1
+    matchImages:
+    - "gcr.io"
+    - "*.gcr.io"
+    - "container.cloud.google.com"
+    - "*.pkg.dev"
+    defaultCacheDuration: 1m`
+```
+
+3. Configuring the following additional flags on the kubelet:
+
+```
+--feature-gates=DisableKubeletCloudCredentialProviders=true,KubeletCredentialProviders=true
+--image-credential-provider-config=/tmp/node-e2e-123456/credential-provider.yaml
+--image-credential-provider-bin-dir=/tmp/node-e2e-12345
+```