From f1f1d3c8fffc5aebdb2712cf9e15706ca4280525 Mon Sep 17 00:00:00 2001
From: David Zhu <dyzz@google.com>
Date: Tue, 26 Nov 2019 16:52:55 -0800
Subject: [PATCH] Deploy driver with hostNetwork to fix interaction with GKE
 Workload Identity

---
 deploy/kubernetes/base/controller.yaml | 5 +++++
 deploy/kubernetes/base/node.yaml       | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/deploy/kubernetes/base/controller.yaml b/deploy/kubernetes/base/controller.yaml
index 73c033fd1..5003f98a1 100644
--- a/deploy/kubernetes/base/controller.yaml
+++ b/deploy/kubernetes/base/controller.yaml
@@ -13,6 +13,11 @@ spec:
       labels:
         app: gcp-compute-persistent-disk-csi-driver
     spec:
+      # Host network must be used for interaction with Workload Identity in GKE
+      # since it replaces GCE Metadata Server with GKE Metadata Server. Remove
+      # this requirement when issue is resolved and before any exposure of
+      # metrics ports
+      hostNetwork: true
       serviceAccountName: csi-controller-sa
       priorityClassName: gce-pd-csi-driver-controller
       containers:
diff --git a/deploy/kubernetes/base/node.yaml b/deploy/kubernetes/base/node.yaml
index 41cd0a1a4..3cdfbb360 100644
--- a/deploy/kubernetes/base/node.yaml
+++ b/deploy/kubernetes/base/node.yaml
@@ -12,6 +12,11 @@ spec:
       labels:
         app: gcp-compute-persistent-disk-csi-driver
     spec:
+      # Host network must be used for interaction with Workload Identity in GKE
+      # since it replaces GCE Metadata Server with GKE Metadata Server. Remove
+      # this requirement when issue is resolved and before any exposure of
+      # metrics ports
+      hostNetwork: true
       priorityClassName: gce-pd-csi-driver-node
       serviceAccountName: csi-node-sa
       containers: