� This is a combination of 2 commits.

� This is the 1st commit message: add helm chart � The commit message #2 will be skipped: � Expose AKS Preview Features � � Co-authored-by: Jon Huhn <[email protected]>
nellyk · Apr 16, 2024 · 1bf2cf0 · 1bf2cf0
1 parent 61d96e8
commit 1bf2cf0
Show file tree

Hide file tree

Showing 10 changed files with 229 additions and 111 deletions.
diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
@@ -0,0 +1,32 @@
+name: Release Charts
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  release:
+    # depending on default permission settings for your org (contents being read-only or read-write for workloads), you will have to add permissions
+    # see: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "[email protected]"
+
+      - name: Install Helm
+        uses: azure/setup-helm@v3
+
+      - name: Run chart-releaser
+        uses: helm/[email protected]
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
diff --git a/charts/azure-managed-cluster/.helmignore b/charts/azure-managed-cluster/.helmignore
@@ -21,3 +21,4 @@
 .idea/
 *.tmproj
 .vscode/
+*.code-workspace
diff --git a/charts/azure-managed-cluster/Chart.yaml b/charts/azure-managed-cluster/Chart.yaml
@@ -14,8 +14,8 @@ type: application
 
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
+# Versions are expected to follow Semantic Versioning (https://semver.org/).
+version: 0.2.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

diff --git a/charts/azure-managed-cluster/README.md b/charts/azure-managed-cluster/README.md
@@ -0,0 +1,114 @@
+# Cluster API Provider Azure Helm Chart
+
+## Prerequisites
+
+- [Docker Desktop](https://www.docker.com/)
+- [Kind](https://kind.sigs.k8s.io/)
+- [ClusterCTL](https://cluster-api.sigs.k8s.io/clusterctl/overview.html) Version v1.6.1 or older
+- [Helm](https://helm.sh) version v3.14.0 or later
+
+## Prerequisites Installations
+
+- Docker Desktop
+ <https://www.docker.com/products/docker-desktop>
+
+- Install Kind
+  <https://kind.sigs.k8s.io/>
+
+- Install Clusterctl
+  <https://cluster-api.sigs.k8s.io/clusterctl/overview.html>
+
+- Install Helm3
+- <https://helm.sh/docs/intro/install/>
+
+## Usage
+
+To install the Helm chart, run the following command:
+
+```bash
+
+helm repo add capz https://kubernetes-sigs.github.io/azure-managed-cluster-capz-helm
+
+```
+
+### Create an Azure Service Principal or user-assigned Managed Identity
+
+- [How to create a service principal](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli?view=azure-cli-latest)
+- [How to create a User-assigned Managed Identity](https://learn.microsoft.com/en-gb/entra/identity/managed-identities-azure-resources/how-manage-user-assigned-managed-identities?pivots=identity-mi-methods-azp#create-a-user-assigned-managed-identity)
+
+Set the following environment variables that are needed based on [The Cluster API Provider Azure documentation](https://capz.sigs.k8s.io/topics/managedcluster)
+
+### Create a KIND cluster (Kind clusters only work service principal)
+
+```bash
+kind create cluster --name capi-helm
+```
+
+### Initialize Cluster API and install Azure CAPZ provider
+
+```bash
+clusterctl init --infrastructure azure
+```
+
+### Deploy a cluster with Helm (please customize parameters as required)
+
+The `values.yaml` file contains the default values for the helm chart. You can override these values by creating a new values file and passing it to the helm install command.
+
+```bash
+
+**Using Service Principal:**
+
+```bash
+
+```bash
+helm install capz1 capz/azure-managed-cluster  \
+--namespace default \
+--set controlplane.sshPublicKey="$(cat ~/.ssh/id_rsa.pub)" \
+--set subscriptionID="${AZURE_SUBSCRIPTION_ID}" \
+--set identity.clientID="${AZURE_CLIENT_ID}" \
+--set identity.tenantID="${AZURE_TENANT_ID}" \
+--set identity.clientSecret="${AZURE_CLIENT_SECRET}" \
+--set identity.type=ServicePrincipal 
+```
+
+**Using Managed Identity**
+
+NB: Ensure the AZURE_USER_ASSIGNED_IDENTITY_RESOURCE_ID is set by getting the resource id of the managed identity created in Azure and it has the required permissions.
+
+```bash
+
+helm install capz1 capz/azure-managed-cluster  \
+--namespace default \
+--set subscriptionID="${AZURE_SUBSCRIPTION_ID}" \
+--set identity.clientID="${AZURE_CLIENT_ID}" \
+--set identity.tenantID="${AZURE_TENANT_ID}" \
+--set identity.type=UserAssignedMSI \
+--set identity.resourceID="${AZURE_USER_ASSIGNED_IDENTITY_RESOURCE_ID}" 
+```
+
+Check the status with:
+
+```bash
+kubectl get cluster-api
+kubectl  logs -n capz-system -l control-plane=capz-controller-manager -c manager -f
+```
+
+Get the credentials
+
+```bash
+kubectl get secret capi-helm-kubeconfig -o yaml -o jsonpath={.data.value} | base64 --decode > aks1.kubeconfig
+kubectl get secret aks-cluster-api-kubeconfig -o yaml -o jsonpath={.data.value} | base64 --decode > aks1.kubeconfig
+```
+
+Test the cluster!
+
+```bash
+kubectl --kubeconfig=aks1.kubeconfig cluster-info
+```
+
+Clean up:
+
+```bash
+helm delete capz1 -n default
+kubectl delete namespace default
+```
diff --git a/charts/azure-managed-cluster/templates/AzureClusterIdentity.yaml b/charts/azure-managed-cluster/templates/AzureClusterIdentity.yaml
@@ -14,4 +14,5 @@ spec:
   clientID: {{ $.Values.identity.clientID }} 
   tenantID: {{ $.Values.identity.tenantID }}
   type: {{ $.Values.identity.type }}
-  resourceID: {{ $.Values.identity.resourceID }}
+  resourceID: {{ $.Values.identity.resourceID }}
+
diff --git a/charts/azure-managed-cluster/templates/agentpool.yaml b/charts/azure-managed-cluster/templates/agentpool.yaml
@@ -1,10 +1,10 @@
-{{- range $agentpools := .Values.agentpools }}
+{{- range $agentpoolsname, $agentpools := .Values.agentpools }}
 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
 kind: AzureManagedMachinePool
 metadata:
-  name: {{ $agentpools.name }}
+  name: {{ $agentpoolsname }}
 spec:
-  name: {{ $agentpools.name }}
+  name: {{ $agentpoolsname }}
   scaling:
     minSize: {{ $agentpools.scaling.minSize }}
     maxSize: {{ $agentpools.scaling.maxSize }}
@@ -16,7 +16,7 @@ spec:
   sku: {{ $agentpools.sku }}
   availabilityZones:
       {{- range $agentpools.availabilityZones }}
-      - {{ .  | quote }}
+      - {{ . | quote }}
       {{- end }}    
   nodeLabels: 
    {{- range $nodeLabels := $agentpools.nodeLabels }}
@@ -50,7 +50,7 @@ spec:
 apiVersion: cluster.x-k8s.io/v1beta1
 kind: MachinePool
 metadata:
-  name: {{ $agentpools.name }}
+  name: {{ $agentpoolsname }}
 spec:
   clusterName: {{ $.Values.cluster.name }}
   replicas: {{ $agentpools.nodecount }}
@@ -63,7 +63,7 @@ spec:
       infrastructureRef:
         apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
         kind: AzureManagedMachinePool
-        name: {{ $agentpools.name }}
+        name: {{ $agentpoolsname }}
         namespace: {{ $.Release.Namespace }}
       version: {{ $.Values.controlplane.kubernetes_version }}
 ---

diff --git a/charts/azure-managed-cluster/templates/azuremanagedccontrolplane.yaml b/charts/azure-managed-cluster/templates/azuremanagedccontrolplane.yaml
@@ -20,25 +20,24 @@ spec:
   dnsServiceIP: {{ $.Values.controlplane.dnsServiceIP }}
   loadBalancerSKU: {{ $.Values.controlplane.loadBalancerSKU }}
   aadProfile:
-        {{- if $.Values.controlplane.aadProfile }}
+    {{- if $.Values.controlplane.aadProfile }}
         managed: {{ $.Values.controlplane.aadProfile.managed }}
         adminGroupObjectIDs: 
           {{- range $adminGroupObjectIDs := $.Values.controlplane.aadProfile.adminGroupObjectIDs }}
           - {{ $adminGroupObjectIDs }}
           {{- end }}
-
         {{- end }}
   addonProfiles: 
-      {{- if $.Values.controlplane.aadProfile }}
-       {{- range $addonProfile := $.Values.controlplane.addonProfiles }}
+    {{- if $.Values.controlplane.aadProfile }}
+      {{- range $addonProfile := $.Values.controlplane.addonProfiles }}
         - name: {{ $addonProfile.name }} 
           enabled: {{ $addonProfile.enabled }}
           config: 
            {{- range $config := $addonProfile.config }}
             {{ $config.key }}: {{ $config.value }}
-            {{- end }}
-       {{- end }}
+           {{- end }}
       {{- end }}
+    {{- end }}
   loadBalancerProfile: 
     {{- if $.Values.controlplane.loadBalancerProfile }}
     managedOutboundIPs: {{ $.Values.controlplane.loadBalancerProfile.managedOutboundIPs }}
@@ -48,32 +47,32 @@ spec:
     idleTimeoutInMinutes: {{ $.Values.controlplane.loadBalancerProfile.idleTimeoutInMinutes }}
     {{- end }}
   apiServerAccessProfile: 
-      {{- if $.Values.controlplane.apiServerAccessProfile }}
-      authorizedIPRanges: {{ $.Values.controlplane.apiServerAccessProfile.authorizedIPRanges }}
-      enablePrivateCluster: {{ $.Values.controlplane.apiServerAccessProfile.spec.enablePrivateCluster }}
-      privateDNSZone: {{ $.Values.controlplane.apiServerAccessProfile.spec.privateDNSZone }}
-      enablePrivateClusterPublicFQDN: {{ $.Values.controlplane.apiServerAccessProfile.spec.enablePrivateClusterPublicFQDN}}
-      {{- end }}
+    {{- if $.Values.controlplane.apiServerAccessProfile }}
+    authorizedIPRanges: {{ $.Values.controlplane.apiServerAccessProfile.authorizedIPRanges }}
+    enablePrivateCluster: {{ $.Values.controlplane.apiServerAccessProfile.spec.enablePrivateCluster }}
+    privateDNSZone: {{ $.Values.controlplane.apiServerAccessProfile.spec.privateDNSZone }}
+    enablePrivateClusterPublicFQDN: {{ $.Values.controlplane.apiServerAccessProfile.spec.enablePrivateClusterPublicFQDN}}
+    {{- end }}
   autoscalerProfile: 
-      {{- if $.Values.controlplane.autoscalerProfile }}
-      balanceSimilarNodeGroups: "{{ $.Values.controlplane.autoscalerProfile.balanceSimilarNodeGroups }}"
-      expander: {{ $.Values.controlplane.autoscalerProfile.expander }}
-      maxEmptyBulkDelete: "{{ $.Values.controlplane.autoscalerProfile.maxEmptyBulkDelete }}"
-      maxGracefulTerminationSec: "{{ $.Values.controlplane.autoscalerProfile.maxGracefulTerminationSec }}"
-      maxNodeProvisionTime: "{{ $.Values.controlplane.autoscalerProfile.maxNodeProvisionTime }}"
-      maxTotalUnreadyPercentage: "{{ $.Values.controlplane.autoscalerProfile.maxTotalUnreadyPercentage }}"
-      newPodScaleUpDelay: "{{ $.Values.controlplane.autoscalerProfile.newPodScaleUpDelay }}"
-      okTotalUnreadyCount: "{{ $.Values.controlplane.autoscalerProfile.okTotalUnreadyCount }}"
-      scanInterval: "{{ $.Values.controlplane.autoscalerProfile.scanInterval }}"
-      scaleDownDelayAfterAdd: "{{ $.Values.controlplane.autoscalerProfile.scaleDownDelayAfterAdd }}"
-      scaleDownDelayAfterDelete: "{{ $.Values.controlplane.autoscalerProfile.scaleDownDelayAfterDelete }}"
-      scaleDownDelayAfterFailure: "{{ $.Values.controlplane.autoscalerProfile.scaleDownDelayAfterFailure }}"
-      scaleDownUnneededTime: "{{ $.Values.controlplane.autoscalerProfile.scaleDownUnneededTime }}"
-      scaleDownUnreadyTime: "{{ $.Values.controlplane.autoscalerProfile.scaleDownUnreadyTime }}"
-      scaleDownUtilizationThreshold: "{{ $.Values.controlplane.autoscalerProfile.scaleDownUtilizationThreshold }}"
-      skipNodesWithLocalStorage : "{{ $.Values.controlplane.autoscalerProfile.skipNodesWithLocalStorage }}"
-      skipNodesWithSystemPods: "{{ $.Values.controlplane.autoscalerProfile.skipNodesWithSystemPods }}"
-      {{- end }}
+    {{- if $.Values.controlplane.autoscalerProfile }}
+    balanceSimilarNodeGroups: "{{ $.Values.controlplane.autoscalerProfile.balanceSimilarNodeGroups }}"
+    expander: {{ $.Values.controlplane.autoscalerProfile.expander }}
+    maxEmptyBulkDelete: "{{ $.Values.controlplane.autoscalerProfile.maxEmptyBulkDelete }}"
+    maxGracefulTerminationSec: "{{ $.Values.controlplane.autoscalerProfile.maxGracefulTerminationSec }}"
+    maxNodeProvisionTime: "{{ $.Values.controlplane.autoscalerProfile.maxNodeProvisionTime }}"
+    maxTotalUnreadyPercentage: "{{ $.Values.controlplane.autoscalerProfile.maxTotalUnreadyPercentage }}"
+    newPodScaleUpDelay: "{{ $.Values.controlplane.autoscalerProfile.newPodScaleUpDelay }}"
+    okTotalUnreadyCount: "{{ $.Values.controlplane.autoscalerProfile.okTotalUnreadyCount }}"
+    scanInterval: "{{ $.Values.controlplane.autoscalerProfile.scanInterval }}"
+    scaleDownDelayAfterAdd: "{{ $.Values.controlplane.autoscalerProfile.scaleDownDelayAfterAdd }}"
+    scaleDownDelayAfterDelete: "{{ $.Values.controlplane.autoscalerProfile.scaleDownDelayAfterDelete }}"
+    scaleDownDelayAfterFailure: "{{ $.Values.controlplane.autoscalerProfile.scaleDownDelayAfterFailure }}"
+    scaleDownUnneededTime: "{{ $.Values.controlplane.autoscalerProfile.scaleDownUnneededTime }}"
+    scaleDownUnreadyTime: "{{ $.Values.controlplane.autoscalerProfile.scaleDownUnreadyTime }}"
+    scaleDownUtilizationThreshold: "{{ $.Values.controlplane.autoscalerProfile.scaleDownUtilizationThreshold }}"
+    skipNodesWithLocalStorage : "{{ $.Values.controlplane.autoscalerProfile.skipNodesWithLocalStorage }}"
+    skipNodesWithSystemPods: "{{ $.Values.controlplane.autoscalerProfile.skipNodesWithSystemPods }}"
+    {{- end }}
   azureEnvironment: {{ $.Values.controlplane.azureEnvironment }}
   kubeletUserAssignedIdentity: {{ $.Values.controlplane.kubeletUserAssignedIdentity }}
   httpProxyConfig: 
@@ -97,4 +96,5 @@ spec:
         managerResourceGroup: {{ $.Values.cluster.resourceGroupName }}-fleets 
     {{- end }}
   sku:
-   tier: {{ $.Values.controlplane.sku.tier }}
+    tier: {{ $.Values.controlplane.sku.tier }}
+
diff --git a/charts/azure-managed-cluster/templates/azuremanagedcluster.yaml b/charts/azure-managed-cluster/templates/azuremanagedcluster.yaml
@@ -4,5 +4,5 @@ metadata:
   name: {{ .Values.cluster.name }}
 spec:
   controlPlaneEndpoint: 
-      host: sigs.k8s.io/cluster-api/api/v1beta1.APIEndpoint
-      port: 443
+    host: sigs.k8s.io/cluster-api/api/v1beta1.APIEndpoint
+    port: 443
diff --git a/charts/azure-managed-cluster/templates/cluster.yaml b/charts/azure-managed-cluster/templates/cluster.yaml
@@ -16,4 +16,5 @@ spec:
   infrastructureRef:
     apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
     kind: AzureManagedCluster
-    name: {{ .Values.cluster.name }}
+    name: {{ .Values.cluster.name }}
+