User Story

As a user I want kubelet to know how to authenticate with acr automatically so that I don't have to roll credentials every 12h

Background

This functionality is being removed in tree from the kubelet, so we now need to provide it via a credential provider plugin

Before this can be completed, we will need to create and ship an rpm within RHCOS to provide the binary kubelet will exec.

Steps

• Update MCO pkg/controller/template/render.go credentialProviderConfigFlag to set the relevant bindir and config file for the azure acr credential provider plugin
• Provide the config file for the acr credential provider plugin to consume (see https://github.com/kubernetes/kubernetes/blob/773ad73b90c2836685358a0fafe285b9e4cdcc19/pkg/credentialprovider/azure/azure_credentials.go#L53 and  here)
• Update the tests to expect azure to have credentialProviderConfigFlag set

See https://github.com/openshift/machine-config-operator/pull/4103/files for an example PR

Stakeholders

• cluster-infra team
• workloads team

Definition of Done

• MCO sets -image-credential-provider-config and -image-credential-provider-bin-dir for azure
• credential provider config exists on azure master and worker nodes
• Tests updated to reflect the above changes

• Docs

• Add release note notifying of the change from in tree kubelet to an external process

• Testing

• Set up private registry on ACR
• Set up a new OCP cluster and check that it can pull from the registry