Skip to content

Commit

Permalink
add support for azure system assigned identities
Browse files Browse the repository at this point in the history
 - add new field for IdentityType  in AzureMachineSpec
 - add new flavor for VMs with system assigned identity
  • Loading branch information
nader-ziada committed Apr 23, 2020
1 parent 259ffb2 commit 8f1ad61
Show file tree
Hide file tree
Showing 12 changed files with 366 additions and 0 deletions.
4 changes: 4 additions & 0 deletions api/v1alpha2/azuremachine_conversion.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,10 @@ func (src *AzureMachine) ConvertTo(dstRaw conversion.Hub) error { // nolint
restored := &infrav1alpha3.AzureMachine{}
if ok, err := utilconversion.UnmarshalData(src, restored); err != nil || !ok {
return err
} else if ok {
if restored.Spec.Identity != "" {
dst.Spec.Identity = restored.Spec.Identity
}
}

return nil
Expand Down
4 changes: 4 additions & 0 deletions api/v1alpha2/azuremachinetemplate_conversion.go
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,10 @@ func (src *AzureMachineTemplate) ConvertTo(dstRaw conversion.Hub) error { // nol
restored := &infrav1alpha3.AzureMachineTemplate{}
if ok, err := utilconversion.UnmarshalData(src, restored); err != nil || !ok {
return err
} else if ok {
if restored.Spec.Template.Spec.Identity != "" {
dst.Spec.Template.Spec.Identity = restored.Spec.Template.Spec.Identity
}
}

return nil
Expand Down
4 changes: 4 additions & 0 deletions api/v1alpha3/azuremachine_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,10 @@ type AzureMachineSpec struct {
// +optional
Image *Image `json:"image,omitempty"`

// Identity is the type of identity used for the virtual machine.
// The type 'SystemAssigned' is an implicitly created identity
Identity VMIdentity `json:"identity,omitempty"`

OSDisk OSDisk `json:"osDisk"`

Location string `json:"location"`
Expand Down
7 changes: 7 additions & 0 deletions api/v1alpha3/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -459,6 +459,13 @@ type AvailabilityZone struct {
// VMIdentity defines the identity of the virtual machine, if configured.
type VMIdentity string

const (
// VMIdentityNone ...
VMIdentityNone VMIdentity = "None"
// VMIdentitySystemAssigned ...
VMIdentitySystemAssigned VMIdentity = "SystemAssigned"
)

type OSDisk struct {
OSType string `json:"osType"`
DiskSizeGB int32 `json:"diskSizeGB"`
Expand Down
7 changes: 7 additions & 0 deletions cloud/services/virtualmachines/virtualmachines.go
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ type Spec struct {
Size string
Zone string
Image *infrav1.Image
Identity infrav1.VMIdentity
OSDisk infrav1.OSDisk
CustomData string
}
Expand Down Expand Up @@ -165,6 +166,12 @@ func (s *Service) Reconcile(ctx context.Context, spec interface{}) error {
virtualMachine.Zones = &zones
}

if vmSpec.Identity == infrav1.VMIdentitySystemAssigned {
virtualMachine.Identity = &compute.VirtualMachineIdentity{
Type: compute.ResourceIdentityTypeSystemAssigned,
}
}

err = s.Client.CreateOrUpdate(
ctx,
s.Scope.ResourceGroup(),
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -253,6 +253,10 @@ spec:
id:
type: string
type: object
identity:
description: Identity is the type of identity used for the virtual
machine. The type 'SystemAssigned' is an implicitly created identity
type: string
image:
description: Image is used to provide details of an image to use during
VM creation. If image details are omitted the image will default
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -190,6 +190,11 @@ spec:
id:
type: string
type: object
identity:
description: Identity is the type of identity used for the
virtual machine. The type 'SystemAssigned' is an implicitly
created identity
type: string
image:
description: Image is used to provide details of an image
to use during VM creation. If image details are omitted
Expand Down
1 change: 1 addition & 0 deletions controllers/azuremachine_reconciler.go
Original file line number Diff line number Diff line change
Expand Up @@ -306,6 +306,7 @@ func (s *azureMachineService) createVirtualMachine(nicName string) (*infrav1.VM,
Image: image,
CustomData: bootstrapData,
Zone: vmZone,
Identity: s.machineScope.AzureMachine.Spec.Identity,
}

err = s.virtualMachinesSvc.Reconcile(s.clusterScope.Context, vmSpec)
Expand Down
197 changes: 197 additions & 0 deletions templates/cluster-template-system-assigned-identity.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,197 @@
apiVersion: bootstrap.cluster.x-k8s.io/v1alpha3
kind: KubeadmConfigTemplate
metadata:
name: ${CLUSTER_NAME}-md-0
spec:
template:
spec:
files:
- content: |
{
"cloud": "AzurePublicCloud",
"tenantId": "${AZURE_TENANT_ID}",
"subscriptionId": "${AZURE_SUBSCRIPTION_ID}",
"resourceGroup": "${CLUSTER_NAME}",
"securityGroupName": "${CLUSTER_NAME}-node-nsg",
"location": "${AZURE_LOCATION}",
"vmType": "standard",
"vnetName": "${CLUSTER_NAME}-vnet",
"vnetResourceGroup": "${CLUSTER_NAME}",
"subnetName": "${CLUSTER_NAME}-node-subnet",
"routeTableName": "${CLUSTER_NAME}-node-routetable",
"loadBalancerSku": "standard",
"maximumLoadBalancerRuleCount": 250,
"useManagedIdentityExtension": true,
"useInstanceMetadata": true
}
owner: root:root
path: /etc/kubernetes/azure.json
permissions: "0644"
joinConfiguration:
nodeRegistration:
kubeletExtraArgs:
cloud-config: /etc/kubernetes/azure.json
cloud-provider: azure
name: '{{ ds.meta_data["local_hostname"] }}'
---
apiVersion: cluster.x-k8s.io/v1alpha3
kind: Cluster
metadata:
name: ${CLUSTER_NAME}
namespace: default
spec:
clusterNetwork:
pods:
cidrBlocks:
- 192.168.0.0/16
controlPlaneRef:
apiVersion: controlplane.cluster.x-k8s.io/v1alpha3
kind: KubeadmControlPlane
name: ${CLUSTER_NAME}-control-plane
infrastructureRef:
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
kind: AzureCluster
name: ${CLUSTER_NAME}
---
apiVersion: cluster.x-k8s.io/v1alpha3
kind: MachineDeployment
metadata:
name: ${CLUSTER_NAME}-md-0
spec:
clusterName: ${CLUSTER_NAME}
replicas: ${WORKER_MACHINE_COUNT}
selector:
matchLabels: null
template:
spec:
bootstrap:
configRef:
apiVersion: bootstrap.cluster.x-k8s.io/v1alpha3
kind: KubeadmConfigTemplate
name: ${CLUSTER_NAME}-md-0
clusterName: ${CLUSTER_NAME}
infrastructureRef:
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
kind: AzureMachineTemplate
name: ${CLUSTER_NAME}-md-0
version: ${KUBERNETES_VERSION}
---
apiVersion: controlplane.cluster.x-k8s.io/v1alpha3
kind: KubeadmControlPlane
metadata:
name: ${CLUSTER_NAME}-control-plane
namespace: default
spec:
infrastructureTemplate:
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
kind: AzureMachineTemplate
name: ${CLUSTER_NAME}-control-plane
kubeadmConfigSpec:
clusterConfiguration:
apiServer:
extraArgs:
cloud-config: /etc/kubernetes/azure.json
cloud-provider: azure
extraVolumes:
- hostPath: /etc/kubernetes/azure.json
mountPath: /etc/kubernetes/azure.json
name: cloud-config
readOnly: true
timeoutForControlPlane: 20m
controllerManager:
extraArgs:
allocate-node-cidrs: "false"
cloud-config: /etc/kubernetes/azure.json
cloud-provider: azure
extraVolumes:
- hostPath: /etc/kubernetes/azure.json
mountPath: /etc/kubernetes/azure.json
name: cloud-config
readOnly: true
files:
- content: |
{
"cloud": "AzurePublicCloud",
"tenantId": "${AZURE_TENANT_ID}",
"subscriptionId": "${AZURE_SUBSCRIPTION_ID}",
"aadClientId": "${AZURE_CLIENT_ID}",
"aadClientSecret": "${AZURE_CLIENT_SECRET}",
"resourceGroup": "${AZURE_RESOURCE_GROUP}",
"securityGroupName": "${CLUSTER_NAME}-node-nsg",
"location": "${AZURE_LOCATION}",
"vmType": "standard",
"vnetName": "${CLUSTER_NAME}-vnet",
"vnetResourceGroup": "${CLUSTER_NAME}",
"subnetName": "${CLUSTER_NAME}-node-subnet",
"routeTableName": "${CLUSTER_NAME}-node-routetable",
"userAssignedID": "${CLUSTER_NAME}",
"loadBalancerSku": "standard",
"maximumLoadBalancerRuleCount": 250,
"useManagedIdentityExtension": false,
"useInstanceMetadata": true
}
owner: root:root
path: /etc/kubernetes/azure.json
permissions: "0644"
initConfiguration:
nodeRegistration:
kubeletExtraArgs:
cloud-config: /etc/kubernetes/azure.json
cloud-provider: azure
name: '{{ ds.meta_data["local_hostname"] }}'
joinConfiguration:
nodeRegistration:
kubeletExtraArgs:
cloud-config: /etc/kubernetes/azure.json
cloud-provider: azure
name: '{{ ds.meta_data["local_hostname"] }}'
useExperimentalRetryJoin: true
replicas: ${CONTROL_PLANE_MACHINE_COUNT}
version: ${KUBERNETES_VERSION}
---
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
kind: AzureCluster
metadata:
name: ${CLUSTER_NAME}
namespace: default
spec:
location: ${AZURE_LOCATION}
networkSpec:
vnet:
name: ${AZURE_VNET_NAME}
resourceGroup: ${AZURE_RESOURCE_GROUP}
---
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
kind: AzureMachineTemplate
metadata:
name: ${CLUSTER_NAME}-control-plane
namespace: default
spec:
template:
spec:
identity: SystemAssigned
location: ${AZURE_LOCATION}
osDisk:
diskSizeGB: 128
managedDisk:
storageAccountType: Premium_LRS
osType: Linux
sshPublicKey: ${AZURE_SSH_PUBLIC_KEY}
vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE}
---
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
kind: AzureMachineTemplate
metadata:
name: ${CLUSTER_NAME}-md-0
spec:
template:
spec:
identity: SystemAssigned
location: ${AZURE_LOCATION}
osDisk:
diskSizeGB: 30
managedDisk:
storageAccountType: Premium_LRS
osType: Linux
sshPublicKey: ${AZURE_SSH_PUBLIC_KEY}
vmSize: ${AZURE_NODE_MACHINE_TYPE}
5 changes: 5 additions & 0 deletions templates/flavors/system-assigned-identity/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
resources:
- ../base
- system-assigned-identity.yaml
patchesStrategicMerge:
- patches/system-assigned-identity.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
apiVersion: bootstrap.cluster.x-k8s.io/v1alpha3
kind: KubeadmConfigTemplate
metadata:
name: ${CLUSTER_NAME}-md-0
spec:
template:
spec:
files:
- content: |
{
"cloud": "AzurePublicCloud",
"tenantId": "${AZURE_TENANT_ID}",
"subscriptionId": "${AZURE_SUBSCRIPTION_ID}",
"resourceGroup": "${CLUSTER_NAME}",
"securityGroupName": "${CLUSTER_NAME}-node-nsg",
"location": "${AZURE_LOCATION}",
"vmType": "standard",
"vnetName": "${CLUSTER_NAME}-vnet",
"vnetResourceGroup": "${CLUSTER_NAME}",
"subnetName": "${CLUSTER_NAME}-node-subnet",
"routeTableName": "${CLUSTER_NAME}-node-routetable",
"loadBalancerSku": "standard",
"maximumLoadBalancerRuleCount": 250,
"useManagedIdentityExtension": true,
"useInstanceMetadata": true
}
owner: root:root
path: /etc/kubernetes/azure.json
permissions: "0644"
joinConfiguration:
nodeRegistration:
kubeletExtraArgs:
cloud-config: /etc/kubernetes/azure.json
cloud-provider: azure
name: '{{ ds.meta_data["local_hostname"] }}'
---
kind: AzureMachineTemplate
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
metadata:
name: "${CLUSTER_NAME}-control-plane"
spec:
template:
spec:
location: ${AZURE_LOCATION}
identity: SystemAssigned
vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE}
osDisk:
osType: "Linux"
diskSizeGB: 128
managedDisk:
storageAccountType: "Premium_LRS"
sshPublicKey: ${AZURE_SSH_PUBLIC_KEY}
Loading

0 comments on commit 8f1ad61

Please sign in to comment.