remove unnecessary client_secret auth examples

docs/topics/addpool.md

@@ -17,8 +17,6 @@ To add a new pool to the cluster you will run a command like:
 ```sh
 $ aks-engine addpool --subscription-id <subscription_id> \
     --resource-group mycluster --location <location> \
-    --client-id '<service principal client ID>' \
-    --client-secret '<service principal client secret>' \
     --api-model _output/mycluster/apimodel.json \
     --node-pool ./pool.json
 ```
@@ -58,8 +56,8 @@ Some important considerations:
 |--resource-group|yes|The resource group the cluster is deployed in.|
 |--location|yes|The location the resource group is in.|
 |--api-model|yes|Relative path to the generated API model for the cluster.|
-|--client-id|depends| The Service Principal Client ID. This is required if the auth-method is set to service_principal/client_certificate|
-|--client-secret|depends| The Service Principal Client secret. This is required if the auth-method is set to service_principal|
+|--client-id|depends| The Service Principal Client ID. This is required if the auth-method is set to client_secret or client_certificate|
+|--client-secret|depends| The Service Principal Client secret. This is required if the auth-method is set to client_secret|
 |--certificate-path|depends| The path to the file which contains the client certificate. This is required if the auth-method is set to client_certificate|
 |--node-pool|yes|Path to JSON file expressing the `agentPoolProfile` spec of the new node pool.|
 |--auth-method|no|The authentication method used. Default value is `client_secret`. Other supported values are: `cli`, `client_certificate`, and `device`.|
@@ -133,15 +131,15 @@ $ grep orchestratorRelease -A 1 _output/kubernetes-westus2-1838/apimodel.json
 We can now run addpool once per new pool to begin the process of validating v1.19.1 across our existing v1.18.8 cluster:
 
 ```sh
-$ aks-engine addpool --subscription-id $TEST_AZURE_SUB_ID --api-model _output/kubernetes-westus2-1838/apimodel.json --node-pool newpool1.json --location westus2 --resource-group kubernetes-westus2-1838 --auth-method client_secret --client-id $TEST_AZURE_SP_ID --client-secret $TEST_AZURE_SP_PW
+$ aks-engine addpool --subscription-id $TEST_AZURE_SUB_ID --api-model _output/kubernetes-westus2-1838/apimodel.json --node-pool newpool1.json --location westus2 --resource-group kubernetes-westus2-1838
 WARN[0003] Any new nodes will have containerd version 1.3.7
 INFO[0003] Starting ARM Deployment kubernetes-westus2-1838-1942811440 in resource group kubernetes-westus2-1838. This will take some time...
 INFO[0158] Finished ARM Deployment (kubernetes-westus2-1838-1942811440). Succeeded
-$ aks-engine addpool --subscription-id $TEST_AZURE_SUB_ID --api-model _output/kubernetes-westus2-1838/apimodel.json --node-pool newpool2.json --location westus2 --resource-group kubernetes-westus2-1838 --auth-method client_secret --client-id $TEST_AZURE_SP_ID --client-secret $TEST_AZURE_SP_PW
+$ aks-engine addpool --subscription-id $TEST_AZURE_SUB_ID --api-model _output/kubernetes-westus2-1838/apimodel.json --node-pool newpool2.json --location westus2 --resource-group kubernetes-westus2-1838
 WARN[0008] Any new nodes will have containerd version 1.3.7
 INFO[0008] Starting ARM Deployment kubernetes-westus2-1838-25937475 in resource group kubernetes-westus2-1838. This will take some time...
 INFO[0163] Finished ARM Deployment (kubernetes-westus2-1838-25937475). Succeeded
-$ aks-engine addpool --subscription-id $TEST_AZURE_SUB_ID --api-model _output/kubernetes-westus2-1838/apimodel.json --node-pool newpool3.json --location westus2 --resource-group kubernetes-westus2-1838 --auth-method client_secret --client-id $TEST_AZURE_SP_ID --client-secret $TEST_AZURE_SP_PW
+$ aks-engine addpool --subscription-id $TEST_AZURE_SUB_ID --api-model _output/kubernetes-westus2-1838/apimodel.json --node-pool newpool3.json --location westus2 --resource-group kubernetes-westus2-1838
 WARN[0004] Any new nodes will have containerd version 1.3.7
 INFO[0004] Starting ARM Deployment kubernetes-westus2-1838-1370618455 in resource group kubernetes-westus2-1838. This will take some time...
 INFO[0174] Finished ARM Deployment (kubernetes-westus2-1838-1370618455). Succeeded
@@ -188,7 +186,7 @@ node/k8s-newpool3-26196714-vmss000000 tainted
 Let's say we've validated the "pool1" replacement, which we've called "newpool1". Let's scale that pool out to match the original "pool1":
 
 ```sh
-$ aks-engine scale --subscription-id $TEST_AZURE_SUB_ID --client-id $TEST_AZURE_SP_ID --client-secret $TEST_AZURE_SP_PW --api-model _output/kubernetes-westus2-1838/apimodel.json --location westus2 --resource-group kubernetes-westus2-1838 --apiserver kubernetes-westus2-1838.westus2.cloudapp.azure.com --node-pool newpool1 --new-node-count 3 --auth-method client_secret --identity-system azure_ad
+$ aks-engine scale --api-model _output/kubernetes-westus2-1838/apimodel.json --location westus2 --resource-group kubernetes-westus2-1838 --apiserver kubernetes-westus2-1838.westus2.cloudapp.azure.com --node-pool newpool1 --new-node-count 3
 INFO[0003] found VMSS k8s-newpool1-26196714-vmss in resource group kubernetes-westus2-1838 that correlates with node pool newpool1
 WARN[0003] Any new nodes will have containerd version 1.3.7
 INFO[0003] Removing singlePlacementGroup property from [variables('newpool1VMNamePrefix')]

docs/topics/creating_new_clusters.md

@@ -9,9 +9,7 @@ $ aks-engine deploy --subscription-id $SUBSCRIPTION_ID \
     --dns-prefix $CLUSTER_NAME \
     --resource-group $RESOURCE_GROUP \
     --location $LOCATION \
-    --api-model examples/kubernetes.json \
-    --client-id $SERVICE_PRINCIPAL_ID \
-    --client-secret $SERVICE_PRINCIPAL_PASSWORD
+    --api-model examples/kubernetes.json
 ```
 
 `aks-engine deploy` is a long-running operation that creates Azure resources (e.g., Virtual Machine and/or Virtual Machine Scale Set [VMSS], Disk, Network Interface, Network Security Group, Public IP Address, Virtual Network, Load Balancer, and others) that will underly a Kubernetes cluster. All deployed VMs will be configured to run Kubernetes bootstrap scripts appropriate for the desired cluster configuration. The outcome of a successful `aks-engine deploy` operation is a fully operational Kubernetes cluster, ready for use immediately.
@@ -34,8 +32,8 @@ A more detailed walk-through of `aks-engine deploy` is in the [quickstart guide]
 |--set|no|Set values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2).|
 |--ca-certificate-path|no|Path to the CA certificate to use for Kubernetes PKI assets.|
 |--ca-private-key-path|no|Path to the CA private key to use for Kubernetes PKI assets.|
-|--client-id|depends| The Service Principal Client ID. This is required if the auth-method is set to service_principal/client_certificate|
-|--client-secret|depends| The Service Principal Client secret. This is required if the auth-method is set to service_principal|
+|--client-id|depends| The Service Principal Client ID. This is required if the auth-method is set to client_secret or client_certificate|
+|--client-secret|depends| The Service Principal Client secret. This is required if the auth-method is set to client_secret|
 |--certificate-path|depends| The path to the file which contains the client certificate. This is required if the auth-method is set to client_certificate|
 |--identity-system|no|Identity system (default is azure_ad)|
 |--auth-method|no|The authentication method used. Default value is `client_secret`. Other supported values are: `cli`, `client_certificate`, and `device`.|

docs/topics/scale.md

@@ -19,8 +19,6 @@ To scale the cluster you will run a command like:
 ```sh
 $ aks-engine scale --subscription-id <subscription_id> \
     --resource-group mycluster --location <location> \
-    --client-id '<service principal client ID>' \
-    --client-secret '<service principal client secret>' \
     --api-model _output/mycluster/apimodel.json --new-node-count <desired node count> \
     --node-pool agentpool1 --apiserver mycluster.<location>.cloudapp.azure.com
 ```
@@ -35,8 +33,8 @@ This command will re-use the `apimodel.json` file inside the output directory as
 |--resource-group|yes|The resource group the cluster is deployed in.|
 |--location|yes|The location the resource group is in.|
 |--api-model|yes|Relative path to the generated API model for the cluster.|
-|--client-id|depends| The Service Principal Client ID. This is required if the auth-method is set to service_principal/client_certificate|
-|--client-secret|depends| The Service Principal Client secret. This is required if the auth-method is set to service_principal|
+|--client-id|depends| The Service Principal Client ID. This is required if the auth-method is set to client_secret or client_certificate|
+|--client-secret|depends| The Service Principal Client secret. This is required if the auth-method is set to client_secret|
 |--certificate-path|depends| The path to the file which contains the client certificate. This is required if the auth-method is set to client_certificate|
 |--node-pool|depends|Required if there is more than one node pool. Which node pool should be scaled.|
 |--new-node-count|yes|Desired number of nodes in the node pool.|
@@ -185,7 +183,7 @@ $ grep orchestratorVersion _output/kubernetes-westus2-95121/apimodel.json
 Now, let's try that scale operation again!
 
 ```sh
-$ bin/aks-engine scale --subscription-id $AZURE_SUB_ID --client-id $AZURE_SP_ID --client-secret $AZURE_SP_PW --api-model _output/$RESOURCE_GROUP/apimodel.json --location westus2 --resource-group $RESOURCE_GROUP --apiserver $RESOURCE_GROUP.westus2.cloudapp.azure.com --node-pool agentpool1 --new-node-count 10 --auth-method client_secret --identity-system azure_ad
+$ bin/aks-engine scale --api-model _output/$RESOURCE_GROUP/apimodel.json --location westus2 --resource-group $RESOURCE_GROUP --apiserver $RESOURCE_GROUP.westus2.cloudapp.azure.com --node-pool agentpool1 --new-node-count 10
 INFO[0004] found VMSS k8s-agentpool1-10367588-vmss in resource group kubernetes-westus2-95121 that correlates with node pool agentpool1
 WARN[0004] Any new nodes will have Moby version 19.03.12
 WARN[0004] containerd will be upgraded to version 1.3.7

docs/topics/update.md

@@ -21,8 +21,6 @@ To update the cluster you will run a command like:
 ```sh
 $ aks-engine update --subscription-id <subscription_id> \
     --resource-group mycluster --location <location> \
-    --client-id '<service principal client ID>' \
-    --client-secret '<service principal client secret>' \
     --api-model _output/mycluster/apimodel.json \
     --node-pool agentpool1
 ```
@@ -37,8 +35,8 @@ The above operation will complete rather quickly, as it is only updating the VMS
 |--resource-group|yes|The resource group the cluster is deployed in.|
 |--location|yes|The location the resource group is in.|
 |--api-model|yes|Relative path to the generated API model for the cluster.|
-|--client-id|depends| The Service Principal Client ID. This is required if the auth-method is set to service_principal/client_certificate|
-|--client-secret|depends| The Service Principal Client secret. This is required if the auth-method is set to service_principal|
+|--client-id|depends| The Service Principal Client ID. This is required if the auth-method is set to client_secret or client_certificate|
+|--client-secret|depends| The Service Principal Client secret. This is required if the auth-method is set to client_secret|
 |--certificate-path|depends| The path to the file which contains the client certificate. This is required if the auth-method is set to client_certificate|
 |--node-pool|yes|Which node pool should be updated.|
 |--auth-method|no|The authentication method used. Default value is `client_secret`. Other supported values are: `cli`, `client_certificate`, and `device`.|

docs/topics/upgrade.md

@@ -68,8 +68,8 @@ In summary, using `aks-engine upgrade` means you will freshen and re-pave the en
 |--subscription-id|yes|The subscription id the cluster is deployed in.|
 |--resource-group|yes|The resource group the cluster is deployed in.|
 |--location|yes|The location to deploy to.|\
-|--client-id|depends| The Service Principal Client ID. This is required if the auth-method is set to service_principal/client_certificate|
-|--client-secret|depends| The Service Principal Client secret. This is required if the auth-method is set to service_principal|
+|--client-id|depends| The Service Principal Client ID. This is required if the auth-method is set to client_secret or client_certificate|
+|--client-secret|depends| The Service Principal Client secret. This is required if the auth-method is set to client_secret|
 |--certificate-path|depends| The path to the file which contains the client certificate. This is required if the auth-method is set to client_certificate|
 |--identity-system|no|Identity system (default is azure_ad)|
 |--auth-method|no|The authentication method used. Default value is `client_secret`. Other supported values are: `cli`, `client_certificate`, and `device`.|
@@ -106,10 +106,7 @@ Once you have read all the [requirements](#pre-requirements), run `aks-engine up
   --api-model <generated apimodel.json> \
   --location <resource group location> \
   --resource-group <resource group name> \
-  --upgrade-version <desired Kubernetes version> \
-  --auth-method client_secret \
-  --client-id <service principal id> \
-  --client-secret <service principal secret>
+  --upgrade-version <desired Kubernetes version>
 ```
 
 For example,
@@ -120,9 +117,7 @@ For example,
   --api-model _output/mycluster/apimodel.json \
   --location westus \
   --resource-group test-upgrade \
-  --upgrade-version 1.8.7 \
-  --client-id xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \
-  --client-secret xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+  --upgrade-version 1.8.7
 ```
 
 ### Steps to run when using Key Vault for secrets
@@ -131,13 +126,10 @@ If you use Key Vault for secrets, you must specify a local [kubeconfig file](htt
 
 ```bash
  ./bin/aks-engine upgrade \
-   --subscription-id xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \
    --api-model _output/mycluster/apimodel.json \
    --location westus \
    --resource-group test-upgrade \
-   --upgrade-version 1.8.7 \
-   --client-id xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \
-   --client-secret xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \
+   --upgrade-version 1.18.7 \
    --kubeconfig ./path/to/kubeconfig.json
 ```
 

docs/tutorials/cli-overview.md

@@ -51,7 +51,7 @@ Usage:
 
 Flags:
   -m, --api-model string             path to your cluster definition file
-      --auth-method client_secret    auth method (default:client_secret, `cli`, `client_certificate`, `device`) (default "client_secret")
+      --auth-method client_secret    auth method (default:client_secret, `cli`, `client_certificate`, `device`) (default "cli")
       --auto-suffix                  automatically append a compressed timestamp to the dnsPrefix to ensure unique cluster name automatically
       --azure-env string             the target Azure cloud (default "AzurePublicCloud")
       --ca-certificate-path string   path to the CA certificate to use for Kubernetes PKI assets
@@ -91,7 +91,7 @@ Usage:
 Flags:
   -m, --api-model string            path to the generated apimodel.json file
       --apiserver string            apiserver endpoint (required to cordon and drain nodes)
-      --auth-method client_secret   auth method (default:client_secret, `cli`, `client_certificate`, `device`) (default "client_secret")
+      --auth-method client_secret   auth method (default:client_secret, `cli`, `client_certificate`, `device`) (default "cli")
       --azure-env string            the target Azure cloud (default "AzurePublicCloud")
       --certificate-path string     path to client certificate (used with --auth-method=client_certificate)
       --client-id string            client id (used with --auth-method=[client_secret|client_certificate])
@@ -135,7 +135,7 @@ Usage:
 
 Flags:
   -m, --api-model string            path to the generated apimodel.json file
-      --auth-method client_secret   auth method (default:client_secret, `cli`, `client_certificate`, `device`) (default "client_secret")
+      --auth-method client_secret   auth method (default:client_secret, `cli`, `client_certificate`, `device`) (default "cli")
       --azure-env string            the target Azure cloud (default "AzurePublicCloud")
       --certificate-path string     path to client certificate (used with --auth-method=client_certificate)
       --client-id string            client id (used with --auth-method=[client_secret|client_certificate])
@@ -168,7 +168,7 @@ Usage:
 
 Flags:
   -m, --api-model string            path to the generated apimodel.json file
-      --auth-method client_secret   auth method (default:client_secret, `cli`, `client_certificate`, `device`) (default "client_secret")
+      --auth-method client_secret   auth method (default:client_secret, `cli`, `client_certificate`, `device`) (default "cli")
       --azure-env string            the target Azure cloud (default "AzurePublicCloud")
       --certificate-path string     path to client certificate (used with --auth-method=client_certificate)
       --client-id string            client id (used with --auth-method=[client_secret|client_certificate])
@@ -201,7 +201,7 @@ Usage:
 
 Flags:
   -m, --api-model string            path to the generated apimodel.json file
-      --auth-method client_secret   auth method (default:client_secret, `cli`, `client_certificate`, `device`) (default "client_secret")
+      --auth-method client_secret   auth method (default:client_secret, `cli`, `client_certificate`, `device`) (default "cli")
       --azure-env string            the target Azure cloud (default "AzurePublicCloud")
       --certificate-path string     path to client certificate (used with --auth-method=client_certificate)
       --client-id string            client id (used with --auth-method=[client_secret|client_certificate])

examples/addons/container-monitoring/README.md

@@ -51,7 +51,7 @@ This is sample API definition with Container-monitoring addon.
 > Note: If the AKS Engine version is v0.38.5 or higher, the clusterName will be the dnsPrefix of the cluster. If the AKS Engine version is v0.29.1 or ACS Engine Kubernetes cluster, then default clusterName is my_acs_cluster_name in the container monitoring addon. In  AKS Engine version is less than v0.38.5, the default cluster name is aks-engine-cluster.
 
 Example command to create AKS Engine cluster with monitoring addon
-`aks-engine deploy --subscription-id <subscriptionId> --client-id <clientId> --client-secret <clientSecret> --dns-prefix <dnsPrefix> --location <location> --api-model  <kubernetes.json>`
+`aks-engine deploy ---dns-prefix <dnsPrefix> --location <location> --api-model <kubernetes.json>`
 
 You can validate that the addon is running as expected with the following commands:
 

examples/addpool/addpool.sh

@@ -18,13 +18,13 @@ export password=$(cat ~/.kube/$group-sp.json | jq -r .password)
 sleep 180
 
 # Deploy Cluster
-aks-engine deploy --subscription-id $subscription --resource-group $group --location $location us --api-model apimodel.json --dns-prefix $group --client-id $appId --client-secret $password --set servicePrincipalProfile.clientId=$appId --set servicePrincipalProfile.secret=$password
+aks-engine deploy --subscription-id $subscription --resource-group $group --location $location us --api-model apimodel.json --dns-prefix $group
 
 cp $(pwd)/_output/$group/kubeconfig/kubeconfig.eastus.json ~/.kube/$group.json
 
 sleep 180
 
-aks-engine addpool --subscription-id $subscription --resource-group $group --location $location us --api-model _output/$group/apimodel.json --agent-pool agentpool.json --client-id $appId --client-secret $password
+aks-engine addpool --subscription-id $subscription --resource-group $group --location $location us --api-model _output/$group/apimodel.json --agent-pool agentpool.json
 
 az vmss list -g $group --subscription $subscription -o table
 

examples/cosmos-etcd/readme.md

@@ -18,8 +18,6 @@ Here is an example `aks-engine` command:
 
 ```console
 $ aks-engine deploy --subscription-id <SubscriptionId> \
-    --client-id <servicePrincipalClientId> \
-    --client-secret <ServicePrincipalSecret> \
     --dns-prefix <YourDNSPrefix> \
     --location centralus \
     --api-model <apiModel>.json