From f6c364168af4f7df5285672dbb6199601cd56d81 Mon Sep 17 00:00:00 2001 From: ritikaguptams Date: Sun, 28 Jul 2024 15:15:13 -0700 Subject: [PATCH] Wiring user identities Signed-off-by: ritikaguptams --- capz/templates/gmsa-ci.yaml | 2 ++ capz/templates/gmsa-pr.yaml | 2 ++ capz/templates/shared-image-gallery-ci.yaml | 5 +++++ capz/templates/windows-base.yaml | 5 +++++ capz/templates/windows-ci.yaml | 5 +++++ capz/templates/windows-pr.yaml | 6 ++++++ 6 files changed, 25 insertions(+) diff --git a/capz/templates/gmsa-ci.yaml b/capz/templates/gmsa-ci.yaml index 53a64e4b..c3a74cdd 100644 --- a/capz/templates/gmsa-ci.yaml +++ b/capz/templates/gmsa-ci.yaml @@ -121,6 +121,8 @@ spec: criSocket: npipe:////./pipe/containerd-containerd kubeletExtraArgs: cloud-provider: external + image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml + image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider feature-gates: ${NODE_FEATURE_GATES:-"HPAContainerMetrics=true"} v: "2" windows-priorityclass: ABOVE_NORMAL_PRIORITY_CLASS diff --git a/capz/templates/gmsa-pr.yaml b/capz/templates/gmsa-pr.yaml index f6fca0e5..abb74549 100644 --- a/capz/templates/gmsa-pr.yaml +++ b/capz/templates/gmsa-pr.yaml @@ -116,6 +116,8 @@ spec: criSocket: npipe:////./pipe/containerd-containerd kubeletExtraArgs: cloud-provider: external + image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml + image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider feature-gates: ${NODE_FEATURE_GATES:-"HPAContainerMetrics=true"} v: "2" windows-priorityclass: ABOVE_NORMAL_PRIORITY_CLASS diff --git a/capz/templates/shared-image-gallery-ci.yaml b/capz/templates/shared-image-gallery-ci.yaml index a2ecfb9a..bf04327b 100644 --- a/capz/templates/shared-image-gallery-ci.yaml +++ b/capz/templates/shared-image-gallery-ci.yaml @@ -126,6 +126,8 @@ spec: criSocket: npipe:////./pipe/containerd-containerd kubeletExtraArgs: cloud-provider: external + image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml + image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider feature-gates: ${NODE_FEATURE_GATES:-"HPAContainerMetrics=true"} v: "2" windows-priorityclass: ABOVE_NORMAL_PRIORITY_CLASS @@ -433,6 +435,7 @@ spec: annotations: runtime: containerd spec: + identity: UserAssigned image: sharedGallery: gallery: SigwinTestingImages @@ -446,4 +449,6 @@ spec: storageAccountType: Premium_LRS osType: Windows sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + userAssignedIdentities: + - providerID: /subscriptions/${AZURE_SUBSCRIPTION_ID}/resourceGroups/${CI_RG:=capz-ci}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/${USER_IDENTITY:=cloud-provider-user-identity} vmSize: ${AZURE_NODE_MACHINE_TYPE:-"Standard_D4s_v3"} diff --git a/capz/templates/windows-base.yaml b/capz/templates/windows-base.yaml index dd6c5b4f..9c9efd49 100644 --- a/capz/templates/windows-base.yaml +++ b/capz/templates/windows-base.yaml @@ -88,6 +88,8 @@ spec: criSocket: npipe:////./pipe/containerd-containerd kubeletExtraArgs: cloud-provider: external + image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml + image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider feature-gates: ${NODE_FEATURE_GATES:-"HPAContainerMetrics=true"} v: "2" windows-priorityclass: ABOVE_NORMAL_PRIORITY_CLASS @@ -326,6 +328,7 @@ metadata: namespace: default spec: template: + identity: UserAssigned metadata: annotations: runtime: containerd @@ -337,4 +340,6 @@ spec: storageAccountType: Premium_LRS osType: Windows sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + userAssignedIdentities: + - providerID: /subscriptions/${AZURE_SUBSCRIPTION_ID}/resourceGroups/${CI_RG:=capz-ci}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/${USER_IDENTITY:=cloud-provider-user-identity} vmSize: ${AZURE_NODE_MACHINE_TYPE:-"Standard_D4s_v3"} diff --git a/capz/templates/windows-ci.yaml b/capz/templates/windows-ci.yaml index 2d84fc6c..3f942b97 100644 --- a/capz/templates/windows-ci.yaml +++ b/capz/templates/windows-ci.yaml @@ -121,6 +121,8 @@ spec: criSocket: npipe:////./pipe/containerd-containerd kubeletExtraArgs: cloud-provider: external + image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml + image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider feature-gates: ${NODE_FEATURE_GATES:-"HPAContainerMetrics=true"} v: "2" windows-priorityclass: ABOVE_NORMAL_PRIORITY_CLASS @@ -423,6 +425,7 @@ metadata: namespace: default spec: template: + identity: UserAssigned metadata: annotations: runtime: containerd @@ -439,4 +442,6 @@ spec: storageAccountType: Premium_LRS osType: Windows sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + userAssignedIdentities: + - providerID: /subscriptions/${AZURE_SUBSCRIPTION_ID}/resourceGroups/${CI_RG:=capz-ci}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/${USER_IDENTITY:=cloud-provider-user-identity} vmSize: ${AZURE_NODE_MACHINE_TYPE:-"Standard_D4s_v3"} diff --git a/capz/templates/windows-pr.yaml b/capz/templates/windows-pr.yaml index 75ac0762..2355c187 100644 --- a/capz/templates/windows-pr.yaml +++ b/capz/templates/windows-pr.yaml @@ -116,6 +116,8 @@ spec: criSocket: npipe:////./pipe/containerd-containerd kubeletExtraArgs: cloud-provider: external + image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml + image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider feature-gates: ${NODE_FEATURE_GATES:-"HPAContainerMetrics=true"} v: "2" windows-priorityclass: ABOVE_NORMAL_PRIORITY_CLASS @@ -411,10 +413,12 @@ metadata: namespace: default spec: template: + identity: UserAssigned metadata: annotations: runtime: containerd spec: + identity: UserAssigned image: marketplace: offer: capi-windows @@ -427,4 +431,6 @@ spec: storageAccountType: Premium_LRS osType: Windows sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + userAssignedIdentities: + - providerID: /subscriptions/${AZURE_SUBSCRIPTION_ID}/resourceGroups/${CI_RG:=capz-ci}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/${USER_IDENTITY:=cloud-provider-user-identity} vmSize: ${AZURE_NODE_MACHINE_TYPE:-"Standard_D4s_v3"}