From 1e065a0918053e03c44ca654e1b1bf051c81d2b3 Mon Sep 17 00:00:00 2001
From: Sergii Tkachenko <sergiitk@google.com>
Date: Fri, 2 Apr 2021 20:11:02 -0400
Subject: [PATCH] xds-k8s: Update Private CA GKE workload certificates config
 (#25875)

---
 .../kubernetes-manifests/client-secure.deployment.yaml    | 8 ++------
 .../kubernetes-manifests/server-secure.deployment.yaml    | 8 ++------
 2 files changed, 4 insertions(+), 12 deletions(-)

diff --git a/tools/run_tests/xds_k8s_test_driver/kubernetes-manifests/client-secure.deployment.yaml b/tools/run_tests/xds_k8s_test_driver/kubernetes-manifests/client-secure.deployment.yaml
index 302a410141a..7f96c4a3c50 100644
--- a/tools/run_tests/xds_k8s_test_driver/kubernetes-manifests/client-secure.deployment.yaml
+++ b/tools/run_tests/xds_k8s_test_driver/kubernetes-manifests/client-secure.deployment.yaml
@@ -7,6 +7,8 @@ metadata:
   labels:
     app: ${deployment_name}
     owner: xds-k8s-interop-test
+  annotations:
+    security.cloud.google.com/use-workload-certificates: ""
 spec:
   replicas: 1
   selector:
@@ -43,9 +45,6 @@ spec:
           - mountPath: /tmp/grpc-xds/
             name: grpc-td-conf
             readOnly: true
-          - mountPath: /var/run/gke-spiffe/certs
-            name: gke-spiffe-certs-volume
-            readOnly: true
         resources:
           limits:
             cpu: 800m
@@ -79,7 +78,4 @@ spec:
         - name: grpc-td-conf
           emptyDir:
             medium: Memory
-        - name: gke-spiffe-certs-volume
-          csi:
-            driver: certs.spiffe.gke.io
 ...
diff --git a/tools/run_tests/xds_k8s_test_driver/kubernetes-manifests/server-secure.deployment.yaml b/tools/run_tests/xds_k8s_test_driver/kubernetes-manifests/server-secure.deployment.yaml
index 7eb1c1cb515..117868caf96 100644
--- a/tools/run_tests/xds_k8s_test_driver/kubernetes-manifests/server-secure.deployment.yaml
+++ b/tools/run_tests/xds_k8s_test_driver/kubernetes-manifests/server-secure.deployment.yaml
@@ -7,6 +7,8 @@ metadata:
   labels:
     app: ${deployment_name}
     owner: xds-k8s-interop-test
+  annotations:
+    security.cloud.google.com/use-workload-certificates: ""
 spec:
   replicas: ${replica_count}
   selector:
@@ -44,9 +46,6 @@ spec:
           - mountPath: /tmp/grpc-xds/
             name: grpc-td-conf
             readOnly: true
-          - mountPath: /var/run/gke-spiffe/certs
-            name: gke-spiffe-certs-volume
-            readOnly: true
         resources:
           limits:
             cpu: 800m
@@ -81,7 +80,4 @@ spec:
         - name: grpc-td-conf
           emptyDir:
             medium: Memory
-        - name: gke-spiffe-certs-volume
-          csi:
-            driver: certs.spiffe.gke.io
 ...