diff --git a/cmd/deploy.go b/cmd/deploy.go index 3585c531aa..41bd4c3679 100644 --- a/cmd/deploy.go +++ b/cmd/deploy.go @@ -270,13 +270,13 @@ func autofillApimodel(dc *deployCmd) error { if dc.dnsPrefix == "" { return errors.New("apimodel: missing masterProfile.dnsPrefix and --dns-prefix was not specified") } - log.Warnf("apimodel: missing masterProfile.dnsPrefix will use %q", dc.dnsPrefix) dc.containerService.Properties.MasterProfile.DNSPrefix = dc.dnsPrefix } if dc.autoSuffix { suffix := strconv.FormatInt(time.Now().Unix(), 16) dc.containerService.Properties.MasterProfile.DNSPrefix += "-" + suffix + log.Infof("Generated random suffix %s, DNS Prefix is %s", suffix, dc.containerService.Properties.MasterProfile.DNSPrefix) } if dc.outputDirectory == "" { @@ -324,7 +324,7 @@ func autofillApimodel(dc *deployCmd) error { k8sConfig := dc.containerService.Properties.OrchestratorProfile.KubernetesConfig - useManagedIdentity := k8sConfig != nil && k8sConfig.UseManagedIdentity + useManagedIdentity := k8sConfig != nil && to.Bool(k8sConfig.UseManagedIdentity) if !useManagedIdentity { spp := dc.containerService.Properties.ServicePrincipalProfile diff --git a/cmd/generate.go b/cmd/generate.go index dafeec3da8..739b474741 100644 --- a/cmd/generate.go +++ b/cmd/generate.go @@ -14,6 +14,7 @@ import ( "github.com/Azure/aks-engine/pkg/engine/transform" "github.com/Azure/aks-engine/pkg/helpers" "github.com/Azure/aks-engine/pkg/i18n" + "github.com/Azure/go-autorest/autorest/to" "github.com/google/uuid" "github.com/leonelquinteros/gotext" "github.com/pkg/errors" @@ -191,7 +192,7 @@ func (gc *generateCmd) loadAPIModel() error { func (gc *generateCmd) autofillApimodel() error { // set the client id and client secret by command flags k8sConfig := gc.containerService.Properties.OrchestratorProfile.KubernetesConfig - useManagedIdentity := k8sConfig != nil && k8sConfig.UseManagedIdentity + useManagedIdentity := k8sConfig != nil && to.Bool(k8sConfig.UseManagedIdentity) if !useManagedIdentity { if (gc.containerService.Properties.ServicePrincipalProfile == nil || ((gc.containerService.Properties.ServicePrincipalProfile.ClientID == "" || gc.containerService.Properties.ServicePrincipalProfile.ClientID == "00000000-0000-0000-0000-000000000000") && gc.containerService.Properties.ServicePrincipalProfile.Secret == "")) && gc.ClientID.String() != "" && gc.ClientSecret != "" { gc.containerService.Properties.ServicePrincipalProfile = &api.ServicePrincipalProfile{ diff --git a/cmd/root.go b/cmd/root.go index 4803954ed8..cbdf35188c 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -121,7 +121,7 @@ type authArgs struct { func addAuthFlags(authArgs *authArgs, f *flag.FlagSet) { f.StringVar(&authArgs.RawAzureEnvironment, "azure-env", "AzurePublicCloud", "the target Azure cloud") f.StringVarP(&authArgs.rawSubscriptionID, "subscription-id", "s", "", "azure subscription id (required)") - f.StringVar(&authArgs.AuthMethod, "auth-method", "client_secret", "auth method (default:`client_secret`, `cli`, `client_certificate`, `device`)") + f.StringVar(&authArgs.AuthMethod, "auth-method", "cli", "auth method (default:`client_secret`, `cli`, `client_certificate`, `device`)") f.StringVar(&authArgs.rawClientID, "client-id", "", "client id (used with --auth-method=[client_secret|client_certificate])") f.StringVar(&authArgs.ClientSecret, "client-secret", "", "client secret (used with --auth-method=client_secret)") f.StringVar(&authArgs.CertificatePath, "certificate-path", "", "path to client certificate (used with --auth-method=client_certificate)") @@ -146,6 +146,11 @@ func (authArgs *authArgs) validateAuthArgs() error { return errors.New("--auth-method is a required parameter") } + // Back-compat to accommodate existing client usage patterns that assume that "client-secret" is the default + if authArgs.AuthMethod == "cli" && authArgs.rawClientID != "" && authArgs.ClientSecret != "" { + authArgs.AuthMethod = "client_secret" + } + if authArgs.AuthMethod == "client_secret" || authArgs.AuthMethod == "client_certificate" { authArgs.ClientID, err = uuid.Parse(authArgs.rawClientID) if err != nil { diff --git a/docs/topics/addpool.md b/docs/topics/addpool.md index 12f7c64155..56a82223f1 100644 --- a/docs/topics/addpool.md +++ b/docs/topics/addpool.md @@ -17,8 +17,6 @@ To add a new pool to the cluster you will run a command like: ```sh $ aks-engine addpool --subscription-id \ --resource-group mycluster --location \ - --client-id '' \ - --client-secret '' \ --api-model _output/mycluster/apimodel.json \ --node-pool ./pool.json ``` @@ -58,8 +56,8 @@ Some important considerations: |--resource-group|yes|The resource group the cluster is deployed in.| |--location|yes|The location the resource group is in.| |--api-model|yes|Relative path to the generated API model for the cluster.| -|--client-id|depends| The Service Principal Client ID. This is required if the auth-method is set to service_principal/client_certificate| -|--client-secret|depends| The Service Principal Client secret. This is required if the auth-method is set to service_principal| +|--client-id|depends| The Service Principal Client ID. This is required if the auth-method is set to client_secret or client_certificate| +|--client-secret|depends| The Service Principal Client secret. This is required if the auth-method is set to client_secret| |--certificate-path|depends| The path to the file which contains the client certificate. This is required if the auth-method is set to client_certificate| |--node-pool|yes|Path to JSON file expressing the `agentPoolProfile` spec of the new node pool.| |--auth-method|no|The authentication method used. Default value is `client_secret`. Other supported values are: `cli`, `client_certificate`, and `device`.| @@ -133,15 +131,15 @@ $ grep orchestratorRelease -A 1 _output/kubernetes-westus2-1838/apimodel.json We can now run addpool once per new pool to begin the process of validating v1.19.1 across our existing v1.18.8 cluster: ```sh -$ aks-engine addpool --subscription-id $TEST_AZURE_SUB_ID --api-model _output/kubernetes-westus2-1838/apimodel.json --node-pool newpool1.json --location westus2 --resource-group kubernetes-westus2-1838 --auth-method client_secret --client-id $TEST_AZURE_SP_ID --client-secret $TEST_AZURE_SP_PW +$ aks-engine addpool --subscription-id $TEST_AZURE_SUB_ID --api-model _output/kubernetes-westus2-1838/apimodel.json --node-pool newpool1.json --location westus2 --resource-group kubernetes-westus2-1838 WARN[0003] Any new nodes will have containerd version 1.3.7 INFO[0003] Starting ARM Deployment kubernetes-westus2-1838-1942811440 in resource group kubernetes-westus2-1838. This will take some time... INFO[0158] Finished ARM Deployment (kubernetes-westus2-1838-1942811440). Succeeded -$ aks-engine addpool --subscription-id $TEST_AZURE_SUB_ID --api-model _output/kubernetes-westus2-1838/apimodel.json --node-pool newpool2.json --location westus2 --resource-group kubernetes-westus2-1838 --auth-method client_secret --client-id $TEST_AZURE_SP_ID --client-secret $TEST_AZURE_SP_PW +$ aks-engine addpool --subscription-id $TEST_AZURE_SUB_ID --api-model _output/kubernetes-westus2-1838/apimodel.json --node-pool newpool2.json --location westus2 --resource-group kubernetes-westus2-1838 WARN[0008] Any new nodes will have containerd version 1.3.7 INFO[0008] Starting ARM Deployment kubernetes-westus2-1838-25937475 in resource group kubernetes-westus2-1838. This will take some time... INFO[0163] Finished ARM Deployment (kubernetes-westus2-1838-25937475). Succeeded -$ aks-engine addpool --subscription-id $TEST_AZURE_SUB_ID --api-model _output/kubernetes-westus2-1838/apimodel.json --node-pool newpool3.json --location westus2 --resource-group kubernetes-westus2-1838 --auth-method client_secret --client-id $TEST_AZURE_SP_ID --client-secret $TEST_AZURE_SP_PW +$ aks-engine addpool --subscription-id $TEST_AZURE_SUB_ID --api-model _output/kubernetes-westus2-1838/apimodel.json --node-pool newpool3.json --location westus2 --resource-group kubernetes-westus2-1838 WARN[0004] Any new nodes will have containerd version 1.3.7 INFO[0004] Starting ARM Deployment kubernetes-westus2-1838-1370618455 in resource group kubernetes-westus2-1838. This will take some time... INFO[0174] Finished ARM Deployment (kubernetes-westus2-1838-1370618455). Succeeded @@ -188,7 +186,7 @@ node/k8s-newpool3-26196714-vmss000000 tainted Let's say we've validated the "pool1" replacement, which we've called "newpool1". Let's scale that pool out to match the original "pool1": ```sh -$ aks-engine scale --subscription-id $TEST_AZURE_SUB_ID --client-id $TEST_AZURE_SP_ID --client-secret $TEST_AZURE_SP_PW --api-model _output/kubernetes-westus2-1838/apimodel.json --location westus2 --resource-group kubernetes-westus2-1838 --apiserver kubernetes-westus2-1838.westus2.cloudapp.azure.com --node-pool newpool1 --new-node-count 3 --auth-method client_secret --identity-system azure_ad +$ aks-engine scale --api-model _output/kubernetes-westus2-1838/apimodel.json --location westus2 --resource-group kubernetes-westus2-1838 --apiserver kubernetes-westus2-1838.westus2.cloudapp.azure.com --node-pool newpool1 --new-node-count 3 INFO[0003] found VMSS k8s-newpool1-26196714-vmss in resource group kubernetes-westus2-1838 that correlates with node pool newpool1 WARN[0003] Any new nodes will have containerd version 1.3.7 INFO[0003] Removing singlePlacementGroup property from [variables('newpool1VMNamePrefix')] diff --git a/docs/topics/creating_new_clusters.md b/docs/topics/creating_new_clusters.md index 1173c4c5aa..a5750acc84 100644 --- a/docs/topics/creating_new_clusters.md +++ b/docs/topics/creating_new_clusters.md @@ -9,9 +9,7 @@ $ aks-engine deploy --subscription-id $SUBSCRIPTION_ID \ --dns-prefix $CLUSTER_NAME \ --resource-group $RESOURCE_GROUP \ --location $LOCATION \ - --api-model examples/kubernetes.json \ - --client-id $SERVICE_PRINCIPAL_ID \ - --client-secret $SERVICE_PRINCIPAL_PASSWORD + --api-model examples/kubernetes.json ``` `aks-engine deploy` is a long-running operation that creates Azure resources (e.g., Virtual Machine and/or Virtual Machine Scale Set [VMSS], Disk, Network Interface, Network Security Group, Public IP Address, Virtual Network, Load Balancer, and others) that will underly a Kubernetes cluster. All deployed VMs will be configured to run Kubernetes bootstrap scripts appropriate for the desired cluster configuration. The outcome of a successful `aks-engine deploy` operation is a fully operational Kubernetes cluster, ready for use immediately. @@ -34,8 +32,8 @@ A more detailed walk-through of `aks-engine deploy` is in the [quickstart guide] |--set|no|Set values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2).| |--ca-certificate-path|no|Path to the CA certificate to use for Kubernetes PKI assets.| |--ca-private-key-path|no|Path to the CA private key to use for Kubernetes PKI assets.| -|--client-id|depends| The Service Principal Client ID. This is required if the auth-method is set to service_principal/client_certificate| -|--client-secret|depends| The Service Principal Client secret. This is required if the auth-method is set to service_principal| +|--client-id|depends| The Service Principal Client ID. This is required if the auth-method is set to client_secret or client_certificate| +|--client-secret|depends| The Service Principal Client secret. This is required if the auth-method is set to client_secret| |--certificate-path|depends| The path to the file which contains the client certificate. This is required if the auth-method is set to client_certificate| |--identity-system|no|Identity system (default is azure_ad)| |--auth-method|no|The authentication method used. Default value is `client_secret`. Other supported values are: `cli`, `client_certificate`, and `device`.| diff --git a/docs/topics/scale.md b/docs/topics/scale.md index 5bf1f67357..43fa2d33e9 100644 --- a/docs/topics/scale.md +++ b/docs/topics/scale.md @@ -19,8 +19,6 @@ To scale the cluster you will run a command like: ```sh $ aks-engine scale --subscription-id \ --resource-group mycluster --location \ - --client-id '' \ - --client-secret '' \ --api-model _output/mycluster/apimodel.json --new-node-count \ --node-pool agentpool1 --apiserver mycluster..cloudapp.azure.com ``` @@ -35,8 +33,8 @@ This command will re-use the `apimodel.json` file inside the output directory as |--resource-group|yes|The resource group the cluster is deployed in.| |--location|yes|The location the resource group is in.| |--api-model|yes|Relative path to the generated API model for the cluster.| -|--client-id|depends| The Service Principal Client ID. This is required if the auth-method is set to service_principal/client_certificate| -|--client-secret|depends| The Service Principal Client secret. This is required if the auth-method is set to service_principal| +|--client-id|depends| The Service Principal Client ID. This is required if the auth-method is set to client_secret or client_certificate| +|--client-secret|depends| The Service Principal Client secret. This is required if the auth-method is set to client_secret| |--certificate-path|depends| The path to the file which contains the client certificate. This is required if the auth-method is set to client_certificate| |--node-pool|depends|Required if there is more than one node pool. Which node pool should be scaled.| |--new-node-count|yes|Desired number of nodes in the node pool.| @@ -185,7 +183,7 @@ $ grep orchestratorVersion _output/kubernetes-westus2-95121/apimodel.json Now, let's try that scale operation again! ```sh -$ bin/aks-engine scale --subscription-id $AZURE_SUB_ID --client-id $AZURE_SP_ID --client-secret $AZURE_SP_PW --api-model _output/$RESOURCE_GROUP/apimodel.json --location westus2 --resource-group $RESOURCE_GROUP --apiserver $RESOURCE_GROUP.westus2.cloudapp.azure.com --node-pool agentpool1 --new-node-count 10 --auth-method client_secret --identity-system azure_ad +$ bin/aks-engine scale --api-model _output/$RESOURCE_GROUP/apimodel.json --location westus2 --resource-group $RESOURCE_GROUP --apiserver $RESOURCE_GROUP.westus2.cloudapp.azure.com --node-pool agentpool1 --new-node-count 10 INFO[0004] found VMSS k8s-agentpool1-10367588-vmss in resource group kubernetes-westus2-95121 that correlates with node pool agentpool1 WARN[0004] Any new nodes will have Moby version 19.03.12 WARN[0004] containerd will be upgraded to version 1.3.7 diff --git a/docs/topics/update.md b/docs/topics/update.md index 695c1f6e59..848cf94513 100644 --- a/docs/topics/update.md +++ b/docs/topics/update.md @@ -21,8 +21,6 @@ To update the cluster you will run a command like: ```sh $ aks-engine update --subscription-id \ --resource-group mycluster --location \ - --client-id '' \ - --client-secret '' \ --api-model _output/mycluster/apimodel.json \ --node-pool agentpool1 ``` @@ -37,8 +35,8 @@ The above operation will complete rather quickly, as it is only updating the VMS |--resource-group|yes|The resource group the cluster is deployed in.| |--location|yes|The location the resource group is in.| |--api-model|yes|Relative path to the generated API model for the cluster.| -|--client-id|depends| The Service Principal Client ID. This is required if the auth-method is set to service_principal/client_certificate| -|--client-secret|depends| The Service Principal Client secret. This is required if the auth-method is set to service_principal| +|--client-id|depends| The Service Principal Client ID. This is required if the auth-method is set to client_secret or client_certificate| +|--client-secret|depends| The Service Principal Client secret. This is required if the auth-method is set to client_secret| |--certificate-path|depends| The path to the file which contains the client certificate. This is required if the auth-method is set to client_certificate| |--node-pool|yes|Which node pool should be updated.| |--auth-method|no|The authentication method used. Default value is `client_secret`. Other supported values are: `cli`, `client_certificate`, and `device`.| diff --git a/docs/topics/upgrade.md b/docs/topics/upgrade.md index c2138edbae..bfea87ae3c 100644 --- a/docs/topics/upgrade.md +++ b/docs/topics/upgrade.md @@ -68,8 +68,8 @@ In summary, using `aks-engine upgrade` means you will freshen and re-pave the en |--subscription-id|yes|The subscription id the cluster is deployed in.| |--resource-group|yes|The resource group the cluster is deployed in.| |--location|yes|The location to deploy to.|\ -|--client-id|depends| The Service Principal Client ID. This is required if the auth-method is set to service_principal/client_certificate| -|--client-secret|depends| The Service Principal Client secret. This is required if the auth-method is set to service_principal| +|--client-id|depends| The Service Principal Client ID. This is required if the auth-method is set to client_secret or client_certificate| +|--client-secret|depends| The Service Principal Client secret. This is required if the auth-method is set to client_secret| |--certificate-path|depends| The path to the file which contains the client certificate. This is required if the auth-method is set to client_certificate| |--identity-system|no|Identity system (default is azure_ad)| |--auth-method|no|The authentication method used. Default value is `client_secret`. Other supported values are: `cli`, `client_certificate`, and `device`.| @@ -106,10 +106,7 @@ Once you have read all the [requirements](#pre-requirements), run `aks-engine up --api-model \ --location \ --resource-group \ - --upgrade-version \ - --auth-method client_secret \ - --client-id \ - --client-secret + --upgrade-version ``` For example, @@ -120,9 +117,7 @@ For example, --api-model _output/mycluster/apimodel.json \ --location westus \ --resource-group test-upgrade \ - --upgrade-version 1.8.7 \ - --client-id xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \ - --client-secret xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx + --upgrade-version 1.8.7 ``` ### Steps to run when using Key Vault for secrets @@ -131,13 +126,10 @@ If you use Key Vault for secrets, you must specify a local [kubeconfig file](htt ```bash ./bin/aks-engine upgrade \ - --subscription-id xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \ --api-model _output/mycluster/apimodel.json \ --location westus \ --resource-group test-upgrade \ - --upgrade-version 1.8.7 \ - --client-id xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \ - --client-secret xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \ + --upgrade-version 1.18.7 \ --kubeconfig ./path/to/kubeconfig.json ``` diff --git a/docs/tutorials/cli-overview.md b/docs/tutorials/cli-overview.md index 0364cb5aba..e08259f2ac 100644 --- a/docs/tutorials/cli-overview.md +++ b/docs/tutorials/cli-overview.md @@ -51,7 +51,7 @@ Usage: Flags: -m, --api-model string path to your cluster definition file - --auth-method client_secret auth method (default:client_secret, `cli`, `client_certificate`, `device`) (default "client_secret") + --auth-method client_secret auth method (default:client_secret, `cli`, `client_certificate`, `device`) (default "cli") --auto-suffix automatically append a compressed timestamp to the dnsPrefix to ensure unique cluster name automatically --azure-env string the target Azure cloud (default "AzurePublicCloud") --ca-certificate-path string path to the CA certificate to use for Kubernetes PKI assets @@ -91,7 +91,7 @@ Usage: Flags: -m, --api-model string path to the generated apimodel.json file --apiserver string apiserver endpoint (required to cordon and drain nodes) - --auth-method client_secret auth method (default:client_secret, `cli`, `client_certificate`, `device`) (default "client_secret") + --auth-method client_secret auth method (default:client_secret, `cli`, `client_certificate`, `device`) (default "cli") --azure-env string the target Azure cloud (default "AzurePublicCloud") --certificate-path string path to client certificate (used with --auth-method=client_certificate) --client-id string client id (used with --auth-method=[client_secret|client_certificate]) @@ -135,7 +135,7 @@ Usage: Flags: -m, --api-model string path to the generated apimodel.json file - --auth-method client_secret auth method (default:client_secret, `cli`, `client_certificate`, `device`) (default "client_secret") + --auth-method client_secret auth method (default:client_secret, `cli`, `client_certificate`, `device`) (default "cli") --azure-env string the target Azure cloud (default "AzurePublicCloud") --certificate-path string path to client certificate (used with --auth-method=client_certificate) --client-id string client id (used with --auth-method=[client_secret|client_certificate]) @@ -168,7 +168,7 @@ Usage: Flags: -m, --api-model string path to the generated apimodel.json file - --auth-method client_secret auth method (default:client_secret, `cli`, `client_certificate`, `device`) (default "client_secret") + --auth-method client_secret auth method (default:client_secret, `cli`, `client_certificate`, `device`) (default "cli") --azure-env string the target Azure cloud (default "AzurePublicCloud") --certificate-path string path to client certificate (used with --auth-method=client_certificate) --client-id string client id (used with --auth-method=[client_secret|client_certificate]) @@ -201,7 +201,7 @@ Usage: Flags: -m, --api-model string path to the generated apimodel.json file - --auth-method client_secret auth method (default:client_secret, `cli`, `client_certificate`, `device`) (default "client_secret") + --auth-method client_secret auth method (default:client_secret, `cli`, `client_certificate`, `device`) (default "cli") --azure-env string the target Azure cloud (default "AzurePublicCloud") --certificate-path string path to client certificate (used with --auth-method=client_certificate) --client-id string client id (used with --auth-method=[client_secret|client_certificate]) diff --git a/docs/tutorials/custom-vnet.md b/docs/tutorials/custom-vnet.md index f6b0a9522e..aeb65b85fb 100644 --- a/docs/tutorials/custom-vnet.md +++ b/docs/tutorials/custom-vnet.md @@ -125,10 +125,6 @@ In this case, we are going to use the following template (this creates a cluster } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/docs/tutorials/quickstart.md b/docs/tutorials/quickstart.md index 116bcc1dd8..6ae07c5672 100644 --- a/docs/tutorials/quickstart.md +++ b/docs/tutorials/quickstart.md @@ -42,7 +42,7 @@ source <(aks-engine completion) `aks-engine` reads a cluster definition which describes the size, shape, and configuration of your cluster. This guide takes the default configuration of a control plane configuration with one master VM, and a single node pool with two Linux nodes exemplified [here](/examples/kubernetes.json). If you would like to change the configuration, edit `examples/kubernetes.json` before continuing. -The `aks-engine deploy` command automates creation of a Service Principal, Resource Group and SSH key for your cluster. If operators need more control or are interested in the individual steps see the ["Long Way" section below](#aks-engine-the-long-way). +The `aks-engine deploy` command automates the creation of an Azure resource group to contain cluster resources, and SSH keypair to connect to a control plane VM on your behalf. If you need more control or are interested in the individual steps see the ["Long Way" section below](#aks-engine-the-long-way). **NOTE:** AKS Engine creates a _cluster_; it _doesn't_ create an Azure Kubernetes Service (AKS) resource. Clusters that you create using the `aks-engine` command (or ARM templates generated by the `aks-engine` command) won't show up as AKS resources, for example when you run `az aks list`. The resultant resource group + IaaS will be entirely under your own control and management, and unknown to AKS or any other Azure service. @@ -74,108 +74,48 @@ Note, we have launched a browser for you to login. For old experience with devic You have logged in. Now let us find all the subscriptions to which you have access... ``` -Next, we'll create a resource group. A resource group is a container that holds related resources for an Azure solution. In Azure, you logically group related resources such as storage accounts, virtual networks, and virtual machines (VMs) to deploy, manage, and maintain them as a single entity. In this case, we want to deploy, manage and maintain the whole Kubernetes cluster as a single entity. - -```console -$ az group create --name contoso-apple --location westus2 -{ - "id": "/subscriptions/51ac25de-afdg-9201-d923-8d8e8e8e8e8e/resourceGroups/contoso-apple", - "location": "westus2", - "managedBy": null, - "name": "contoso-apple", - "properties": { - "provisioningState": "Succeeded" - }, - "tags": null -} -``` - -Again, because in this example we are deploying to Azure Public Cloud, we may omit the `location` property from our API model; although strictly speaking we could add `westus2` — the region where we just created our `contoso-apple` resource group in — to our [example](/examples/kubernetes.json) if we want to be more explicit: - -``` -{ - "apiVersion": "vlabs", - "location": "westus2", - "properties": { - (etc ...) -``` - -Once that's done, we need to create a [service principal][sp] for the Kubernetes cluster so it can talk to any resources that are a part of the same resource group. - -```console -$ az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/51ac25de-afdg-9201-d923-8d8e8e8e8e8e/resourceGroups/contoso-apple" -{ - "appId": "47a62f0b-917c-4def-aa85-9b010455e591", - "displayName": "azure-cli-2019-01-11-22-22-06", - "name": "http://azure-cli-2019-01-11-22-22-06", - "password": "26054d2b-799b-448e-962a-783d0d6f976b", - "tenant": "72f988bf-86f1-41af-91ab-2d7cd011db47" -} -``` - -Make a note of the `appId` and the `password` fields, as we will be providing them as the values to `client-id` and `client-secret` in the next step, respectively. - Finally, run `aks-engine deploy` with the appropriate arguments: ```console -$ aks-engine deploy --subscription-id 51ac25de-afdg-9201-d923-8d8e8e8e8e8e \ - --dns-prefix contoso-apple \ +$ aks-engine deploy --dns-prefix contoso-apple \ --resource-group contoso-apple \ --location westus2 \ --api-model examples/kubernetes.json \ - --client-id 47a62f0b-917c-4def-aa85-9b010455e591 \ - --client-secret 26054d2b-799b-448e-962a-783d0d6f976b \ - --set servicePrincipalProfile.clientId="47a62f0b-917c-4def-aa85-9b010455e591" \ - --set servicePrincipalProfile.secret="26054d2b-799b-448e-962a-783d0d6f976b" - -INFO[0000] new API model file has been generated during merge: /tmp/mergedApiModel619868596 -WARN[0002] apimodel: missing masterProfile.dnsPrefix will use "contoso-apple" -INFO[0025] Starting ARM Deployment contoso-apple-1423145182 in resource group contoso-apple. This will take some time... -INFO[0256] Finished ARM Deployment (contoso-apple-1423145182). Succeeded -``` - -Note that we also used the `--set` CLI argument twice to inject the service principal `appId` and `password` into the API model: + --auto-suffix" +INFO[0000] No subscription provided, using selected subscription from azure CLI: 51ac25de-afdg-9201-d923-8d8e8e8e8e8e +INFO[0003] Generated random suffix 5f776b0d, DNS Prefix is contoso-apple2-5f776b0d +WARN[0005] Running only 1 control plane VM not recommended for production clusters, use 3 or 5 for control plane redundancy +INFO[0011] Starting ARM Deployment contoso-apple-1877721870 in resource group contoso-apple. This will take some time... +INFO[0273] Finished ARM Deployment (contoso-apple-1877721870). Succeeded ``` - --set servicePrincipalProfile.clientId="47a62f0b-917c-4def-aa85-9b010455e591" \ - --set servicePrincipalProfile.secret="26054d2b-799b-448e-962a-783d0d6f976b" -``` - -The `--set` argument allows runtime overrides of the values in the input `--api-model` file. In this case, the example API model under `examples/kubernetes.json` doesn't include any real service principal secrets, so we need to either include our desired secrets using the `--set` mechanism described above, or manually fill in these empty string values in the API model: -``` -... - "servicePrincipalProfile": { - "clientId": "", - "secret": "" - } -... -``` +`aks-engine` creates a new resource group automatically from the `--resource-group` value passed into the `aks-engine deploy` statement, if that resource group doesn't already exist. A resource group is a container that holds related resources for an Azure solution. In Azure, you can organize related resources such as storage accounts, virtual networks, and virtual machines (VMs) into resource groups. AKS Engine takes advantage of that organizational model to place all Kubernetes cluster resources into a dedicated resource group. -`aks-engine` will generate ARM templates, SSH keys, and a kubeconfig (A specification that may be used as input to the `kubectl` command to establish a privileged connection to the Kubernetes apiserver, see [here](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/) for more documentation.), and then persist those as local files under the `_output/contoso-apple` directory: +`aks-engine` will generate ARM templates, SSH keys, and a kubeconfig (A specification that may be used as input to the `kubectl` command to establish a privileged connection to the Kubernetes apiserver, see [here](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/) for more documentation.), and then persist those as local files under a child directory in the relative path `_output/`. Because we used the `--auto-suffix` option, AKS Engine created the cluster configuration artifacts under the child directory `contoso-apple-5f776b0d`: ```sh -$ ls _output/contoso-apple/ +$ ls _output/contoso-apple-5f776b0d/ apimodel.json azuredeploy.parameters.json client.crt etcdpeer0.crt kubeconfig apiserver.crt azureuser_rsa client.key etcdpeer0.key kubectlClient.crt apiserver.key ca.crt etcdclient.crt etcdserver.crt kubectlClient.key azuredeploy.json ca.key etcdclient.key etcdserver.key ``` -Access the new cluster by using the kubeconfig generated for the cluster's location. This example used `westus2`, so the kubeconfig is located at `_output/contoso-apple/kubeconfig/kubeconfig.westus2.json`: +Access the new cluster by using the kubeconfig generated for the cluster's location. This example used `westus2`, so the kubeconfig is located at `_output/contoso-apple-5f776b0d/kubeconfig/kubeconfig.westus2.json`: ```sh -$ KUBECONFIG=_output/contoso-apple/kubeconfig/kubeconfig.westus2.json kubectl cluster-info -Kubernetes master is running at https://contoso-apple-59769a59.westus2.cloudapp.azure.com -CoreDNS is running at https://contoso-apple-59769a59.westus2.cloudapp.azure.com/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy -Metrics-server is running at https://contoso-apple-59769a59.westus2.cloudapp.azure.com/api/v1/namespaces/kube-system/services/https:metrics-server:/proxy +$ KUBECONFIG=_output/contoso-apple-5f776b0d/kubeconfig/kubeconfig.westus2.json kubectl cluster-info +Kubernetes master is running at https://contoso-apple-5f776b0d.westus2.cloudapp.azure.com +CoreDNS is running at https://contoso-apple-5f776b0d.westus2.cloudapp.azure.com/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy +Metrics-server is running at https://contoso-apple-5f776b0d.westus2.cloudapp.azure.com/api/v1/namespaces/kube-system/services/https:metrics-server:/proxy To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'. ``` -The files saved to the `output/contoso-apple/` directory (using our example) are critical to keep save for any future cluster operations using the `aks-engine` CLI. Store them somewhere safe and reliable! +The files saved to the `output/contoso-apple-5f776b0d/` directory (using our example) are critical to keep save for any future cluster operations using the `aks-engine` CLI. Store them somewhere safe and reliable! -Administrative note: By default, the directory where aks-engine stores cluster configuration (`_output/contoso-apple` above) won't be overwritten as a result of subsequent attempts to deploy a cluster using the same `--dns-prefix`) To re-use the same resource group name repeatedly, include the `--force-overwrite` command line option with your `aks-engine deploy` command. On a related note, include an `--auto-suffix` option to append a randomly generated suffix to the dns-prefix to form the resource group name, for example if your workflow requires a common prefix across multiple cluster deployments. Using the `--auto-suffix` pattern appends a compressed timestamp to ensure a unique cluster name (and thus ensure that each deployment's configuration artifacts will be stored locally under a discrete `_output//` directory). +Administrative note: By default, the directory where aks-engine stores cluster configuration (`_output/contoso-apple-5f776b0d` above) won't be overwritten as a result of subsequent attempts to deploy a cluster using the same `--dns-prefix`) To re-use the same resource group name repeatedly, include the `--force-overwrite` command line option with your `aks-engine deploy` command. On a related note, include an `--auto-suffix` option to append a randomly generated suffix to the dns-prefix to form the resource group name, for example if your workflow requires a common prefix across multiple cluster deployments. Using the `--auto-suffix` pattern appends a compressed timestamp to ensure a unique cluster name (and thus ensure that each deployment's configuration artifacts will be stored locally under a discrete `_output//` directory). **Note**: If the cluster is using an existing VNET, please see the [Custom VNET][custom-vnet] feature documentation for additional steps that must be completed after cluster provisioning. @@ -192,7 +132,7 @@ We will also need to generate an SSH key. When creating VMs, you will need an SS 1. Windows - https://www.digitalocean.com/community/tutorials/how-to-create-ssh-keys-with-putty-to-connect-to-a-vps 1. Mac and Linux - https://help.github.com/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent/ -Next, we'll create a resource group as we did in the "deploy" method above. +Next, we'll create a resource group to demonstrate building a cluster into a resource group that already exists (Note: we recommend you use this resource group *only* for your Kubernetes cluster resources, and use *one, dedicated resource group per cluster*). ```console $ az group create --name contoso-apple-5eac6ed8 --location westus2 @@ -208,7 +148,7 @@ $ az group create --name contoso-apple-5eac6ed8 --location westus2 } ``` -Again, we need to create a [service principal][sp]. +In this example, we'll create a [service principal][sp] to demonstrate that authentication option for establishing a privileged connection between the Kubernetes runtime and Azure APIs. Normally, we recommend that you use the managed identity configuration (the default), which uses service principals generated from the VM identity itself, rather than maintain your own service principals. [More documentation about managed identity is here](https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity). ```console $ az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/51ac25de-afdg-9201-d923-8d8e8e8e8e8e/resourceGroups/contoso-apple-5eac6ed8" @@ -221,14 +161,15 @@ $ az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/51ac25d } ``` -We again make a note of the `appId` and the `password` fields, as we will be providing them in the next step. +We make a note of the `appId` and the `password` fields, as we will be providing them in the next step. Edit the [simple Kubernetes cluster definition](/examples/kubernetes.json) and fill out the required values: -* `dnsPrefix`: in this example we're using "contoso-apple-5eac6ed8" -* `keyData`: must contain the public portion of the SSH key we generated - this will be associated with the `adminUsername` value found in the same section of the cluster definition (e.g. 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABA....') -* `clientId`: this is the service principal's appId UUID or name from earlier -* `secret`: this is the service principal's password or randomly-generated password from earlier +* `properties.MasterProfile.dnsPrefix`: in this example we're using "contoso-apple-5eac6ed8" +* `properties.linuxProfile.ssh.publicKeys[0].keyData`: must contain the public portion of the SSH key we generated - this will be associated with the `adminUsername` value found in the same section of the cluster definition (e.g. 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABA....') +* Add a new `properties.servicePrincipalProfile` JSON object: + * `properties.servicePrincipalProfile.clientId`: this is the service principal's appId UUID or name from earlier + * `properties.servicePrincipalProfile.secret`: this is the service principal's password or randomly-generated password from earlier Optional: attach to an existing virtual network (VNET). Details [here][custom-vnet] diff --git a/examples/addons/aad-pod-identity/README.md b/examples/addons/aad-pod-identity/README.md index d4b3036a90..23d1986caf 100644 --- a/examples/addons/aad-pod-identity/README.md +++ b/examples/addons/aad-pod-identity/README.md @@ -41,10 +41,6 @@ This is the AAD Pod Identity add-on. Add this add-on to your json file as shown } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } @@ -63,4 +59,4 @@ Plese follow the README here for further infromation: https://github.com/Azure/a ## Supported Orchestrators -Kubernetes \ No newline at end of file +Kubernetes diff --git a/examples/addons/aad-pod-identity/kubernetes-aad-pod-identity.json b/examples/addons/aad-pod-identity/kubernetes-aad-pod-identity.json index 6b0eaaa545..36276197f4 100644 --- a/examples/addons/aad-pod-identity/kubernetes-aad-pod-identity.json +++ b/examples/addons/aad-pod-identity/kubernetes-aad-pod-identity.json @@ -33,10 +33,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/addons/aci-connector/README.md b/examples/addons/aci-connector/README.md index 1fc35bd084..45cee44b25 100644 --- a/examples/addons/aci-connector/README.md +++ b/examples/addons/aci-connector/README.md @@ -46,10 +46,6 @@ This is the ACI Connector add-on. Add this add-on to your json file as shown be } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/addons/aci-connector/kubernetes-aci-connector.json b/examples/addons/aci-connector/kubernetes-aci-connector.json index ce3495e4d6..c620eabe38 100644 --- a/examples/addons/aci-connector/kubernetes-aci-connector.json +++ b/examples/addons/aci-connector/kubernetes-aci-connector.json @@ -34,10 +34,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } -} \ No newline at end of file +} diff --git a/examples/addons/container-monitoring/README.md b/examples/addons/container-monitoring/README.md index 6b0f704cc5..6b21fa3561 100644 --- a/examples/addons/container-monitoring/README.md +++ b/examples/addons/container-monitoring/README.md @@ -51,7 +51,7 @@ This is sample API definition with Container-monitoring addon. > Note: If the AKS Engine version is v0.38.5 or higher, the clusterName will be the dnsPrefix of the cluster. If the AKS Engine version is v0.29.1 or ACS Engine Kubernetes cluster, then default clusterName is my_acs_cluster_name in the container monitoring addon. In AKS Engine version is less than v0.38.5, the default cluster name is aks-engine-cluster. Example command to create AKS Engine cluster with monitoring addon -`aks-engine deploy --subscription-id --client-id --client-secret --dns-prefix --location --api-model ` +`aks-engine deploy ---dns-prefix --location --api-model ` You can validate that the addon is running as expected with the following commands: diff --git a/examples/addons/csi-secrets-store/kubernetes-csi-secrets-store.json b/examples/addons/csi-secrets-store/kubernetes-csi-secrets-store.json index eb317ae6ac..859fbbb855 100644 --- a/examples/addons/csi-secrets-store/kubernetes-csi-secrets-store.json +++ b/examples/addons/csi-secrets-store/kubernetes-csi-secrets-store.json @@ -35,11 +35,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } - diff --git a/examples/addons/custom-manifests/kubernetes-custom-psp.json b/examples/addons/custom-manifests/kubernetes-custom-psp.json index efee9fce86..4999f73c96 100644 --- a/examples/addons/custom-manifests/kubernetes-custom-psp.json +++ b/examples/addons/custom-manifests/kubernetes-custom-psp.json @@ -34,10 +34,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/addons/keyvault-flexvolume/README.md b/examples/addons/keyvault-flexvolume/README.md index 17a8312624..1da53e255f 100644 --- a/examples/addons/keyvault-flexvolume/README.md +++ b/examples/addons/keyvault-flexvolume/README.md @@ -43,10 +43,6 @@ Add this add-on to your API model as shown below to automatically enable Key Vau } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/addons/keyvault-flexvolume/kubernetes-keyvault-flexvolume.json b/examples/addons/keyvault-flexvolume/kubernetes-keyvault-flexvolume.json index 19983f85be..d62cacad8e 100644 --- a/examples/addons/keyvault-flexvolume/kubernetes-keyvault-flexvolume.json +++ b/examples/addons/keyvault-flexvolume/kubernetes-keyvault-flexvolume.json @@ -34,10 +34,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } -} \ No newline at end of file +} diff --git a/examples/addons/node-problem-detector/README.md b/examples/addons/node-problem-detector/README.md index a06f365505..1863f0c656 100644 --- a/examples/addons/node-problem-detector/README.md +++ b/examples/addons/node-problem-detector/README.md @@ -43,10 +43,6 @@ The following is a sample API definition with the node-problem-detector addon en } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/addons/node-problem-detector/node-problem-detector.json b/examples/addons/node-problem-detector/node-problem-detector.json index d927c0b9f1..61704cb697 100644 --- a/examples/addons/node-problem-detector/node-problem-detector.json +++ b/examples/addons/node-problem-detector/node-problem-detector.json @@ -33,10 +33,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/addons/nvidia-device-plugin/README.md b/examples/addons/nvidia-device-plugin/README.md index 233d291ae2..482ece8a43 100644 --- a/examples/addons/nvidia-device-plugin/README.md +++ b/examples/addons/nvidia-device-plugin/README.md @@ -39,10 +39,6 @@ This is the [NVIDIA Device Plugin](https://github.com/NVIDIA/k8s-device-plugin) } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/addons/nvidia-device-plugin/nvidia-device-plugin.json b/examples/addons/nvidia-device-plugin/nvidia-device-plugin.json index 57871f816a..410864f7f4 100644 --- a/examples/addons/nvidia-device-plugin/nvidia-device-plugin.json +++ b/examples/addons/nvidia-device-plugin/nvidia-device-plugin.json @@ -33,10 +33,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/addpool/addpool.sh b/examples/addpool/addpool.sh index d8c8f256bd..dceec558c8 100755 --- a/examples/addpool/addpool.sh +++ b/examples/addpool/addpool.sh @@ -18,13 +18,13 @@ export password=$(cat ~/.kube/$group-sp.json | jq -r .password) sleep 180 # Deploy Cluster -aks-engine deploy --subscription-id $subscription --resource-group $group --location $location us --api-model apimodel.json --dns-prefix $group --client-id $appId --client-secret $password --set servicePrincipalProfile.clientId=$appId --set servicePrincipalProfile.secret=$password +aks-engine deploy --subscription-id $subscription --resource-group $group --location $location us --api-model apimodel.json --dns-prefix $group cp $(pwd)/_output/$group/kubeconfig/kubeconfig.eastus.json ~/.kube/$group.json sleep 180 -aks-engine addpool --subscription-id $subscription --resource-group $group --location $location us --api-model _output/$group/apimodel.json --agent-pool agentpool.json --client-id $appId --client-secret $password +aks-engine addpool --subscription-id $subscription --resource-group $group --location $location us --api-model _output/$group/apimodel.json --agent-pool agentpool.json az vmss list -g $group --subscription $subscription -o table diff --git a/examples/addpool/apimodel.json b/examples/addpool/apimodel.json index e841b6eecd..6c1502fc6b 100644 --- a/examples/addpool/apimodel.json +++ b/examples/addpool/apimodel.json @@ -25,10 +25,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/cosmos-etcd/readme.md b/examples/cosmos-etcd/readme.md index 96abbf764a..7d4cf08bd7 100644 --- a/examples/cosmos-etcd/readme.md +++ b/examples/cosmos-etcd/readme.md @@ -18,8 +18,6 @@ Here is an example `aks-engine` command: ```console $ aks-engine deploy --subscription-id \ - --client-id \ - --client-secret \ --dns-prefix \ --location centralus \ --api-model .json diff --git a/examples/custom-image.json b/examples/custom-image.json index fe61d40ef1..70d6825b9f 100644 --- a/examples/custom-image.json +++ b/examples/custom-image.json @@ -34,10 +34,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/custom-shared-image.json b/examples/custom-shared-image.json index 53bd4bb04a..5a805c2614 100644 --- a/examples/custom-shared-image.json +++ b/examples/custom-shared-image.json @@ -40,11 +40,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } - \ No newline at end of file diff --git a/examples/customfiles/kubernetes-customfiles-podnodeselector.json b/examples/customfiles/kubernetes-customfiles-podnodeselector.json index 33a2705bfb..b75ced1090 100644 --- a/examples/customfiles/kubernetes-customfiles-podnodeselector.json +++ b/examples/customfiles/kubernetes-customfiles-podnodeselector.json @@ -50,10 +50,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/disks-ephemeral/ephemeral-disks.json b/examples/disks-ephemeral/ephemeral-disks.json index 2c9937be96..b37ddf8564 100644 --- a/examples/disks-ephemeral/ephemeral-disks.json +++ b/examples/disks-ephemeral/ephemeral-disks.json @@ -29,10 +29,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/disks-ephemeral/kubernetes-vmas.json b/examples/disks-ephemeral/kubernetes-vmas.json index 2f2db40e6f..1d98eb9f92 100644 --- a/examples/disks-ephemeral/kubernetes-vmas.json +++ b/examples/disks-ephemeral/kubernetes-vmas.json @@ -29,10 +29,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/disks-managed/kubernetes-preAttachedDisks-vmas.json b/examples/disks-managed/kubernetes-preAttachedDisks-vmas.json index 53ad456332..bb8d6cffab 100644 --- a/examples/disks-managed/kubernetes-preAttachedDisks-vmas.json +++ b/examples/disks-managed/kubernetes-preAttachedDisks-vmas.json @@ -28,10 +28,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/disks-managed/kubernetes-vmas.json b/examples/disks-managed/kubernetes-vmas.json index 26c61c53e3..70d9bfaf65 100644 --- a/examples/disks-managed/kubernetes-vmas.json +++ b/examples/disks-managed/kubernetes-vmas.json @@ -29,10 +29,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/disks-storageaccount/kubernetes-master-sa.json b/examples/disks-storageaccount/kubernetes-master-sa.json index 6ba31ddf7f..b9e2273d6a 100644 --- a/examples/disks-storageaccount/kubernetes-master-sa.json +++ b/examples/disks-storageaccount/kubernetes-master-sa.json @@ -27,10 +27,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/disks-storageaccount/kubernetes.json b/examples/disks-storageaccount/kubernetes.json index 29c8cf96f6..f690b7effe 100644 --- a/examples/disks-storageaccount/kubernetes.json +++ b/examples/disks-storageaccount/kubernetes.json @@ -38,10 +38,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/dualstack/kubernetes.json b/examples/dualstack/kubernetes.json index b06bdc5d2b..65d7b8e2b0 100644 --- a/examples/dualstack/kubernetes.json +++ b/examples/dualstack/kubernetes.json @@ -46,11 +46,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } - diff --git a/examples/e2e-tests/kubernetes/flatcar/flatcar.json b/examples/e2e-tests/kubernetes/flatcar/flatcar.json index 76d6f80476..c73cb95059 100644 --- a/examples/e2e-tests/kubernetes/flatcar/flatcar.json +++ b/examples/e2e-tests/kubernetes/flatcar/flatcar.json @@ -95,10 +95,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/e2e-tests/kubernetes/gpu-enabled/definition.json b/examples/e2e-tests/kubernetes/gpu-enabled/definition.json index f33f6ce214..06b1fc95b6 100644 --- a/examples/e2e-tests/kubernetes/gpu-enabled/definition.json +++ b/examples/e2e-tests/kubernetes/gpu-enabled/definition.json @@ -27,11 +27,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" - }, - "certificateProfile": {} + } } } diff --git a/examples/e2e-tests/kubernetes/kubernetes-config/addons-disabled.json b/examples/e2e-tests/kubernetes/kubernetes-config/addons-disabled.json index 70033042e6..59e8c1d6aa 100644 --- a/examples/e2e-tests/kubernetes/kubernetes-config/addons-disabled.json +++ b/examples/e2e-tests/kubernetes/kubernetes-config/addons-disabled.json @@ -74,11 +74,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" - }, - "certificateProfile": {} + } } } diff --git a/examples/e2e-tests/kubernetes/kubernetes-config/addons-enabled.json b/examples/e2e-tests/kubernetes/kubernetes-config/addons-enabled.json index 676f7d6a80..7c8980061d 100644 --- a/examples/e2e-tests/kubernetes/kubernetes-config/addons-enabled.json +++ b/examples/e2e-tests/kubernetes/kubernetes-config/addons-enabled.json @@ -74,11 +74,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" - }, - "certificateProfile": {} + } } } diff --git a/examples/e2e-tests/kubernetes/kubernetes-config/network-plugin-kubenet.json b/examples/e2e-tests/kubernetes/kubernetes-config/network-plugin-kubenet.json index 559aeae4a4..e3f264ffd4 100644 --- a/examples/e2e-tests/kubernetes/kubernetes-config/network-plugin-kubenet.json +++ b/examples/e2e-tests/kubernetes/kubernetes-config/network-plugin-kubenet.json @@ -29,11 +29,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" - }, - "certificateProfile": {} + } } } diff --git a/examples/e2e-tests/kubernetes/node-count/50-nodes/definition.json b/examples/e2e-tests/kubernetes/node-count/50-nodes/definition.json index c01d6f2ba6..286e72f673 100644 --- a/examples/e2e-tests/kubernetes/node-count/50-nodes/definition.json +++ b/examples/e2e-tests/kubernetes/node-count/50-nodes/definition.json @@ -29,10 +29,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/e2e-tests/kubernetes/windows/definition.json b/examples/e2e-tests/kubernetes/windows/definition.json index eefe40da5c..cb8d88c2a4 100644 --- a/examples/e2e-tests/kubernetes/windows/definition.json +++ b/examples/e2e-tests/kubernetes/windows/definition.json @@ -31,10 +31,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/e2e-tests/kubernetes/windows/hybrid/definition.json b/examples/e2e-tests/kubernetes/windows/hybrid/definition.json index 19877ac3fd..3de1d1c31e 100644 --- a/examples/e2e-tests/kubernetes/windows/hybrid/definition.json +++ b/examples/e2e-tests/kubernetes/windows/hybrid/definition.json @@ -41,10 +41,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/e2e-tests/kubernetes/zones/definition.json b/examples/e2e-tests/kubernetes/zones/definition.json index 3d34e11062..64df141368 100644 --- a/examples/e2e-tests/kubernetes/zones/definition.json +++ b/examples/e2e-tests/kubernetes/zones/definition.json @@ -36,10 +36,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/e2e-tests/userassignedidentity/vmas/kubernetes-vmas-multimaster.json b/examples/e2e-tests/userassignedidentity/vmas/kubernetes-vmas-multimaster.json index 78ff0358b2..e8f8532300 100644 --- a/examples/e2e-tests/userassignedidentity/vmas/kubernetes-vmas-multimaster.json +++ b/examples/e2e-tests/userassignedidentity/vmas/kubernetes-vmas-multimaster.json @@ -32,10 +32,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/e2e-tests/userassignedidentity/vmas/kubernetes-vmas.json b/examples/e2e-tests/userassignedidentity/vmas/kubernetes-vmas.json index 8fc3229251..4a84ba3614 100644 --- a/examples/e2e-tests/userassignedidentity/vmas/kubernetes-vmas.json +++ b/examples/e2e-tests/userassignedidentity/vmas/kubernetes-vmas.json @@ -32,10 +32,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/e2e-tests/userassignedidentity/vmss/kubernetes-vmss.json b/examples/e2e-tests/userassignedidentity/vmss/kubernetes-vmss.json index f376ccc513..3d591d50db 100644 --- a/examples/e2e-tests/userassignedidentity/vmss/kubernetes-vmss.json +++ b/examples/e2e-tests/userassignedidentity/vmss/kubernetes-vmss.json @@ -32,10 +32,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/extensions/kubernetes.json b/examples/extensions/kubernetes.json index 9187256057..0586c221c3 100644 --- a/examples/extensions/kubernetes.json +++ b/examples/extensions/kubernetes.json @@ -37,10 +37,6 @@ "name": "hello-world-k8s", "version": "v1" } - ], - "servicePrincipalProfile": { - "clientId": "", - "secret": "" - } + ] } } diff --git a/examples/extensions/kubernetes.oms.json b/examples/extensions/kubernetes.oms.json index f0281cff56..2969ecb8c5 100644 --- a/examples/extensions/kubernetes.oms.json +++ b/examples/extensions/kubernetes.oms.json @@ -38,10 +38,6 @@ "version": "v1", "extensionParameters": "" } - ], - "servicePrincipalProfile": { - "clientId": "", - "secret": "" - } + ] } } diff --git a/examples/extensions/kubernetes.preprovision.json b/examples/extensions/kubernetes.preprovision.json index f85b5ce0b9..2460a49921 100644 --- a/examples/extensions/kubernetes.preprovision.json +++ b/examples/extensions/kubernetes.preprovision.json @@ -41,10 +41,6 @@ "version": "v1", "script": "hello.sh" } - ], - "servicePrincipalProfile": { - "clientId": "", - "secret": "" - } + ] } } diff --git a/examples/extensions/prometheus-grafana-k8s.json b/examples/extensions/prometheus-grafana-k8s.json index 33a27105b5..4696f18231 100644 --- a/examples/extensions/prometheus-grafana-k8s.json +++ b/examples/extensions/prometheus-grafana-k8s.json @@ -38,10 +38,6 @@ "version": "v1", "rootURL": "https://raw.githubusercontent.com/Azure/aks-engine/master/" } - ], - "servicePrincipalProfile": { - "clientId": "", - "secret": "" - } + ] } } diff --git a/examples/feature-gates/kubernetes-featuresgates.json b/examples/feature-gates/kubernetes-featuresgates.json index f5385fde5f..fc37a8e38a 100644 --- a/examples/feature-gates/kubernetes-featuresgates.json +++ b/examples/feature-gates/kubernetes-featuresgates.json @@ -35,10 +35,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/flatcar/kubernetes-flatcar-hybrid.json b/examples/flatcar/kubernetes-flatcar-hybrid.json index 993ee99a9b..8242303598 100644 --- a/examples/flatcar/kubernetes-flatcar-hybrid.json +++ b/examples/flatcar/kubernetes-flatcar-hybrid.json @@ -54,10 +54,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/flatcar/kubernetes-flatcar.json b/examples/flatcar/kubernetes-flatcar.json index ca39a099fc..2398a0dc30 100644 --- a/examples/flatcar/kubernetes-flatcar.json +++ b/examples/flatcar/kubernetes-flatcar.json @@ -30,10 +30,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/ipv6/kubernetes.json b/examples/ipv6/kubernetes.json index 2ac597f1cf..f18d687a3b 100644 --- a/examples/ipv6/kubernetes.json +++ b/examples/ipv6/kubernetes.json @@ -49,11 +49,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } - diff --git a/examples/kubernetes-D2.json b/examples/kubernetes-D2.json index 7944a59c5b..3df4c7aa5c 100644 --- a/examples/kubernetes-D2.json +++ b/examples/kubernetes-D2.json @@ -26,10 +26,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/kubernetes-config/kubernetes-accelerated-network.json b/examples/kubernetes-config/kubernetes-accelerated-network.json index eba0d3d41a..f7f09e42e2 100644 --- a/examples/kubernetes-config/kubernetes-accelerated-network.json +++ b/examples/kubernetes-config/kubernetes-accelerated-network.json @@ -26,10 +26,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/kubernetes-config/kubernetes-cloud-controller-manager.json b/examples/kubernetes-config/kubernetes-cloud-controller-manager.json index 84676a153a..24016320af 100644 --- a/examples/kubernetes-config/kubernetes-cloud-controller-manager.json +++ b/examples/kubernetes-config/kubernetes-cloud-controller-manager.json @@ -30,10 +30,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/kubernetes-config/kubernetes-clustersubnet.json b/examples/kubernetes-config/kubernetes-clustersubnet.json index ad4a2ad0cf..cb8b0fbe42 100644 --- a/examples/kubernetes-config/kubernetes-clustersubnet.json +++ b/examples/kubernetes-config/kubernetes-clustersubnet.json @@ -29,10 +29,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/kubernetes-config/kubernetes-containerd-tmpdir.json b/examples/kubernetes-config/kubernetes-containerd-tmpdir.json index cc1fcd7b37..3fa73a6582 100644 --- a/examples/kubernetes-config/kubernetes-containerd-tmpdir.json +++ b/examples/kubernetes-config/kubernetes-containerd-tmpdir.json @@ -38,10 +38,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/kubernetes-config/kubernetes-data-encryption-at-rest.json b/examples/kubernetes-config/kubernetes-data-encryption-at-rest.json index 42f77355ba..1040e3144c 100644 --- a/examples/kubernetes-config/kubernetes-data-encryption-at-rest.json +++ b/examples/kubernetes-config/kubernetes-data-encryption-at-rest.json @@ -29,10 +29,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/kubernetes-config/kubernetes-docker-tmpdir.json b/examples/kubernetes-config/kubernetes-docker-tmpdir.json index 665d049b77..542f683a98 100644 --- a/examples/kubernetes-config/kubernetes-docker-tmpdir.json +++ b/examples/kubernetes-config/kubernetes-docker-tmpdir.json @@ -37,10 +37,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/kubernetes-config/kubernetes-dockerbridgesubnet.json b/examples/kubernetes-config/kubernetes-dockerbridgesubnet.json index cf71eb2124..1438991f9a 100644 --- a/examples/kubernetes-config/kubernetes-dockerbridgesubnet.json +++ b/examples/kubernetes-config/kubernetes-dockerbridgesubnet.json @@ -29,10 +29,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/kubernetes-config/kubernetes-etcd-storage-size.json b/examples/kubernetes-config/kubernetes-etcd-storage-size.json index 92c47fef5c..460bc1facc 100644 --- a/examples/kubernetes-config/kubernetes-etcd-storage-size.json +++ b/examples/kubernetes-config/kubernetes-etcd-storage-size.json @@ -29,10 +29,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/kubernetes-config/kubernetes-gc.json b/examples/kubernetes-config/kubernetes-gc.json index fcf21ba38e..e0bf2af895 100644 --- a/examples/kubernetes-config/kubernetes-gc.json +++ b/examples/kubernetes-config/kubernetes-gc.json @@ -30,10 +30,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/kubernetes-config/kubernetes-kube-reserved.json b/examples/kubernetes-config/kubernetes-kube-reserved.json index 25dadecbcc..86cc78188b 100644 --- a/examples/kubernetes-config/kubernetes-kube-reserved.json +++ b/examples/kubernetes-config/kubernetes-kube-reserved.json @@ -32,10 +32,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } -} \ No newline at end of file +} diff --git a/examples/kubernetes-config/kubernetes-maxpods.json b/examples/kubernetes-config/kubernetes-maxpods.json index f88a2d41b6..79401b67e2 100644 --- a/examples/kubernetes-config/kubernetes-maxpods.json +++ b/examples/kubernetes-config/kubernetes-maxpods.json @@ -31,10 +31,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/kubernetes-config/kubernetes-no-dashboard.json b/examples/kubernetes-config/kubernetes-no-dashboard.json index 9e6ca5556f..2eb6cb980f 100644 --- a/examples/kubernetes-config/kubernetes-no-dashboard.json +++ b/examples/kubernetes-config/kubernetes-no-dashboard.json @@ -34,10 +34,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/kubernetes-config/kubernetes-private-cluster-single-master.json b/examples/kubernetes-config/kubernetes-private-cluster-single-master.json index 9c9143c2ce..fe614b4dfb 100644 --- a/examples/kubernetes-config/kubernetes-private-cluster-single-master.json +++ b/examples/kubernetes-config/kubernetes-private-cluster-single-master.json @@ -38,11 +38,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" - }, - "certificateProfile": {} + } } } diff --git a/examples/kubernetes-config/kubernetes-private-cluster.json b/examples/kubernetes-config/kubernetes-private-cluster.json index 60501098db..53d7eb9828 100644 --- a/examples/kubernetes-config/kubernetes-private-cluster.json +++ b/examples/kubernetes-config/kubernetes-private-cluster.json @@ -13,36 +13,31 @@ "username": "azureuser", "publicKey": "" } - } } - }, - "masterProfile": { + } + }, + "masterProfile": { + "count": 3, + "dnsPrefix": "", + "vmSize": "Standard_D2_v3" + }, + "agentPoolProfiles": [ + { + "name": "linuxpool1", "count": 3, - "dnsPrefix": "", - "vmSize": "Standard_D2_v3" - }, - "agentPoolProfiles": [ - { - "name": "linuxpool1", - "count": 3, - "vmSize": "Standard_D2_v3", - "availabilityProfile": "AvailabilitySet" - } - ], - "linuxProfile": { - "adminUsername": "azureuser", - "ssh": { - "publicKeys": [ - { - "keyData": "" - } - ] - } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" - }, - "certificateProfile": {} + "vmSize": "Standard_D2_v3", + "availabilityProfile": "AvailabilitySet" + } + ], + "linuxProfile": { + "adminUsername": "azureuser", + "ssh": { + "publicKeys": [ + { + "keyData": "" + } + ] + } + } } } diff --git a/examples/kubernetes-config/kubernetes-rescheduler.json b/examples/kubernetes-config/kubernetes-rescheduler.json index 6e088e049d..418b179447 100644 --- a/examples/kubernetes-config/kubernetes-rescheduler.json +++ b/examples/kubernetes-config/kubernetes-rescheduler.json @@ -34,10 +34,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/kubernetes-config/kubernetes-standardlb.json b/examples/kubernetes-config/kubernetes-standardlb.json index 55e63db791..b4a640bd42 100644 --- a/examples/kubernetes-config/kubernetes-standardlb.json +++ b/examples/kubernetes-config/kubernetes-standardlb.json @@ -31,10 +31,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/kubernetes-containerd.json b/examples/kubernetes-containerd.json index 7fabfb60d1..a53461278e 100644 --- a/examples/kubernetes-containerd.json +++ b/examples/kubernetes-containerd.json @@ -41,10 +41,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/kubernetes-gpu/kubernetes.json b/examples/kubernetes-gpu/kubernetes.json index 94586c840d..8b18995a34 100644 --- a/examples/kubernetes-gpu/kubernetes.json +++ b/examples/kubernetes-gpu/kubernetes.json @@ -26,10 +26,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/kubernetes-labels/kubernetes.json b/examples/kubernetes-labels/kubernetes.json index b33a9d019f..60140a1673 100644 --- a/examples/kubernetes-labels/kubernetes.json +++ b/examples/kubernetes-labels/kubernetes.json @@ -31,10 +31,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/kubernetes-non-vhd-distros.json b/examples/kubernetes-non-vhd-distros.json index 5f10492fe1..40045b2b9d 100644 --- a/examples/kubernetes-non-vhd-distros.json +++ b/examples/kubernetes-non-vhd-distros.json @@ -34,7 +34,7 @@ "count": 1, "vmSize": "Standard_D2s_v3", "osType": "Windows" - } + } ], "linuxProfile": { "adminUsername": "azureuser", @@ -55,10 +55,6 @@ "windowsOffer": "WindowsServer", "windowsSku": "2019-datacenter-core-with-containers-smalldisk-g2", "imageVersion": "latest" - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/kubernetes-releases/kubernetes1.15.json b/examples/kubernetes-releases/kubernetes1.15.json index 4cfc786ca3..af0f7836fb 100644 --- a/examples/kubernetes-releases/kubernetes1.15.json +++ b/examples/kubernetes-releases/kubernetes1.15.json @@ -26,10 +26,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/kubernetes-releases/kubernetes1.16.json b/examples/kubernetes-releases/kubernetes1.16.json index 84f4f0fa0d..b4975a86f6 100644 --- a/examples/kubernetes-releases/kubernetes1.16.json +++ b/examples/kubernetes-releases/kubernetes1.16.json @@ -26,10 +26,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/kubernetes-releases/kubernetes1.17.json b/examples/kubernetes-releases/kubernetes1.17.json index fc913bca36..f7433f0799 100644 --- a/examples/kubernetes-releases/kubernetes1.17.json +++ b/examples/kubernetes-releases/kubernetes1.17.json @@ -26,10 +26,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/kubernetes-releases/kubernetes1.18.json b/examples/kubernetes-releases/kubernetes1.18.json index ae12a43f2a..1b73320564 100644 --- a/examples/kubernetes-releases/kubernetes1.18.json +++ b/examples/kubernetes-releases/kubernetes1.18.json @@ -26,10 +26,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/kubernetes-releases/kubernetes1.19.json b/examples/kubernetes-releases/kubernetes1.19.json index 7b8800dafa..5aae1e55db 100644 --- a/examples/kubernetes-releases/kubernetes1.19.json +++ b/examples/kubernetes-releases/kubernetes1.19.json @@ -26,10 +26,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/kubernetes-vmss-master/customvnet.json b/examples/kubernetes-vmss-master/customvnet.json index 5abb894d99..8b224f36f8 100644 --- a/examples/kubernetes-vmss-master/customvnet.json +++ b/examples/kubernetes-vmss-master/customvnet.json @@ -99,10 +99,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/kubernetes-vmss-master/windows.json b/examples/kubernetes-vmss-master/windows.json index e19367c79f..13e0dc0e6b 100644 --- a/examples/kubernetes-vmss-master/windows.json +++ b/examples/kubernetes-vmss-master/windows.json @@ -39,10 +39,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/kubernetes-zones/README.md b/examples/kubernetes-zones/README.md index c123eca59a..e8579c0a6d 100644 --- a/examples/kubernetes-zones/README.md +++ b/examples/kubernetes-zones/README.md @@ -50,10 +50,6 @@ Here is an [example of a Kubernetes cluster with Availability Zones support](../ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/kubernetes.json b/examples/kubernetes.json index e841b6eecd..6c1502fc6b 100644 --- a/examples/kubernetes.json +++ b/examples/kubernetes.json @@ -25,10 +25,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/largeclusters/kubernetes.json b/examples/largeclusters/kubernetes.json index bafb8c0713..250e04f009 100644 --- a/examples/largeclusters/kubernetes.json +++ b/examples/largeclusters/kubernetes.json @@ -69,10 +69,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/multiple-masters/kubernetes-3-masters.json b/examples/multiple-masters/kubernetes-3-masters.json index 5cc0dc8d00..a793136666 100644 --- a/examples/multiple-masters/kubernetes-3-masters.json +++ b/examples/multiple-masters/kubernetes-3-masters.json @@ -26,10 +26,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/multiple-masters/kubernetes-5-masters.json b/examples/multiple-masters/kubernetes-5-masters.json index a815e4c62c..c7b60043a7 100644 --- a/examples/multiple-masters/kubernetes-5-masters.json +++ b/examples/multiple-masters/kubernetes-5-masters.json @@ -26,10 +26,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/multiple-nodepools/multipool.json b/examples/multiple-nodepools/multipool.json index 459f79b46a..794ba960a1 100644 --- a/examples/multiple-nodepools/multipool.json +++ b/examples/multiple-nodepools/multipool.json @@ -31,10 +31,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/networkplugin/kubernetes-azure.json b/examples/networkplugin/kubernetes-azure.json index 876a653a59..6de47011b3 100644 --- a/examples/networkplugin/kubernetes-azure.json +++ b/examples/networkplugin/kubernetes-azure.json @@ -35,10 +35,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/networkpolicy/kubernetes-antrea.json b/examples/networkpolicy/kubernetes-antrea.json index 9494572654..49f10285c5 100644 --- a/examples/networkpolicy/kubernetes-antrea.json +++ b/examples/networkpolicy/kubernetes-antrea.json @@ -30,10 +30,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/networkpolicy/kubernetes-calico-azure.json b/examples/networkpolicy/kubernetes-calico-azure.json index f2dc3f40c2..eb66f18b9e 100644 --- a/examples/networkpolicy/kubernetes-calico-azure.json +++ b/examples/networkpolicy/kubernetes-calico-azure.json @@ -30,10 +30,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/networkpolicy/kubernetes-calico-kubenet.json b/examples/networkpolicy/kubernetes-calico-kubenet.json index f866abdcd3..c7d3519706 100644 --- a/examples/networkpolicy/kubernetes-calico-kubenet.json +++ b/examples/networkpolicy/kubernetes-calico-kubenet.json @@ -30,10 +30,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/networkpolicy/kubernetes-cilium.json b/examples/networkpolicy/kubernetes-cilium.json index 96d748b181..8b64d5e621 100644 --- a/examples/networkpolicy/kubernetes-cilium.json +++ b/examples/networkpolicy/kubernetes-cilium.json @@ -29,10 +29,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/service-mesh/istio.json b/examples/service-mesh/istio.json index bd394a7b8d..3d95884784 100644 --- a/examples/service-mesh/istio.json +++ b/examples/service-mesh/istio.json @@ -34,10 +34,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/ubuntu-1604/kubernetes.json b/examples/ubuntu-1604/kubernetes.json index c39260988b..7e553066d1 100644 --- a/examples/ubuntu-1604/kubernetes.json +++ b/examples/ubuntu-1604/kubernetes.json @@ -30,10 +30,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/ubuntu-1804/kubernetes.json b/examples/ubuntu-1804/kubernetes.json index 20bcdeb51d..59ac18cbcf 100644 --- a/examples/ubuntu-1804/kubernetes.json +++ b/examples/ubuntu-1804/kubernetes.json @@ -30,10 +30,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/vnet/kubernetes-master-vmss.json b/examples/vnet/kubernetes-master-vmss.json index f479c4adfc..8b224f36f8 100644 --- a/examples/vnet/kubernetes-master-vmss.json +++ b/examples/vnet/kubernetes-master-vmss.json @@ -57,7 +57,7 @@ "vmSize": "Standard_DS2_v2", "OSDiskSizeGB": 200, "vnetSubnetId": "/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/Microsoft.Network/virtualNetworks/VNET_NAME/subnets/SUBNET_NAME", - "agentVnetSubnetId": "/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/Microsoft.Network/virtualNetworks/VNET_NAME/subnets/SUBNET_NAME", + "agentVnetSubnetId": "/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/Microsoft.Network/virtualNetworks/VNET_NAME/subnets/SUBNET_NAME", "vnetCidr": "10.239.0.0/16", "availabilityProfile": "VirtualMachineScaleSets" }, @@ -99,10 +99,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/vnet/kubernetesvnet-azure-cni.json b/examples/vnet/kubernetesvnet-azure-cni.json index ba67e9879d..1d319cb170 100644 --- a/examples/vnet/kubernetesvnet-azure-cni.json +++ b/examples/vnet/kubernetesvnet-azure-cni.json @@ -37,10 +37,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/vnet/kubernetesvnet-customnodesdns.json b/examples/vnet/kubernetesvnet-customnodesdns.json index 078850b232..00b47c4ab3 100644 --- a/examples/vnet/kubernetesvnet-customnodesdns.json +++ b/examples/vnet/kubernetesvnet-customnodesdns.json @@ -64,10 +64,6 @@ "rootURL": "https://raw.githubusercontent.com/Azure/aks-engine/master/extensions/dnsupdate/", "script": "register-dns.sh" } - ], - "servicePrincipalProfile": { - "clientId": "", - "secret": "" - } + ] } } diff --git a/examples/vnet/kubernetesvnet-customsearchdomain.json b/examples/vnet/kubernetesvnet-customsearchdomain.json index e833f511cb..4dbf0cdb05 100644 --- a/examples/vnet/kubernetesvnet-customsearchdomain.json +++ b/examples/vnet/kubernetesvnet-customsearchdomain.json @@ -44,10 +44,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/vnet/kubernetesvnet.json b/examples/vnet/kubernetesvnet.json index 6645e038ec..4e0e5961b7 100644 --- a/examples/vnet/kubernetesvnet.json +++ b/examples/vnet/kubernetesvnet.json @@ -39,10 +39,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/windows/kubernetes-D2.json b/examples/windows/kubernetes-D2.json index f4c433e119..d2ddff6023 100644 --- a/examples/windows/kubernetes-D2.json +++ b/examples/windows/kubernetes-D2.json @@ -31,10 +31,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/windows/kubernetes-custom-image.json b/examples/windows/kubernetes-custom-image.json index 2b0cf57053..80263c9641 100644 --- a/examples/windows/kubernetes-custom-image.json +++ b/examples/windows/kubernetes-custom-image.json @@ -35,10 +35,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/windows/kubernetes-custom-shared-image.json b/examples/windows/kubernetes-custom-shared-image.json index af2c63f87a..f5cbd61a7e 100644 --- a/examples/windows/kubernetes-custom-shared-image.json +++ b/examples/windows/kubernetes-custom-shared-image.json @@ -38,10 +38,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/windows/kubernetes-custom-vhd.json b/examples/windows/kubernetes-custom-vhd.json index fcbf4d5373..121249e931 100644 --- a/examples/windows/kubernetes-custom-vhd.json +++ b/examples/windows/kubernetes-custom-vhd.json @@ -32,10 +32,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/windows/kubernetes-hybrid.azure-containerd.json b/examples/windows/kubernetes-hybrid.azure-containerd.json index 990618ecd1..70b3273bed 100644 --- a/examples/windows/kubernetes-hybrid.azure-containerd.json +++ b/examples/windows/kubernetes-hybrid.azure-containerd.json @@ -45,10 +45,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/windows/kubernetes-hybrid.json b/examples/windows/kubernetes-hybrid.json index 3c6bdcb727..7324df2262 100644 --- a/examples/windows/kubernetes-hybrid.json +++ b/examples/windows/kubernetes-hybrid.json @@ -37,10 +37,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/windows/kubernetes-hybrid.kubenet-containerd.json b/examples/windows/kubernetes-hybrid.kubenet-containerd.json index 1c9810874a..ef0ff1ed0f 100644 --- a/examples/windows/kubernetes-hybrid.kubenet-containerd.json +++ b/examples/windows/kubernetes-hybrid.kubenet-containerd.json @@ -46,10 +46,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/windows/kubernetes-hyperv.json b/examples/windows/kubernetes-hyperv.json index 249c5798d7..26fbcd0210 100644 --- a/examples/windows/kubernetes-hyperv.json +++ b/examples/windows/kubernetes-hyperv.json @@ -51,10 +51,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } -} \ No newline at end of file +} diff --git a/examples/windows/kubernetes-manageddisks.json b/examples/windows/kubernetes-manageddisks.json index e917d91e84..681b03e762 100644 --- a/examples/windows/kubernetes-manageddisks.json +++ b/examples/windows/kubernetes-manageddisks.json @@ -35,10 +35,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/windows/kubernetes-master-sa.json b/examples/windows/kubernetes-master-sa.json index c53c2522d3..70714e42e6 100644 --- a/examples/windows/kubernetes-master-sa.json +++ b/examples/windows/kubernetes-master-sa.json @@ -32,10 +32,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/windows/kubernetes-pause-image.json b/examples/windows/kubernetes-pause-image.json index fb5b239169..40a8ba4f81 100644 --- a/examples/windows/kubernetes-pause-image.json +++ b/examples/windows/kubernetes-pause-image.json @@ -32,7 +32,7 @@ "windowsProfile": { "adminUsername": "azureuser", "adminPassword": "replacepassword1234$", - "sshEnabled": true, + "sshEnabled": true, "windowsPauseImageURL": "mcr.microsoft.com/oss/kubernetes/pause:1.4.0", "alwaysPullWindowsPauseImage": true }, @@ -45,10 +45,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/windows/kubernetes-sadisks.json b/examples/windows/kubernetes-sadisks.json index 5b47b24d92..dfd1da0dbe 100644 --- a/examples/windows/kubernetes-sadisks.json +++ b/examples/windows/kubernetes-sadisks.json @@ -35,10 +35,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/windows/kubernetes-wincni.json b/examples/windows/kubernetes-wincni.json index fd916ef276..b55cd57474 100644 --- a/examples/windows/kubernetes-wincni.json +++ b/examples/windows/kubernetes-wincni.json @@ -42,10 +42,6 @@ ] } }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" - }, "extensionProfiles": [ { "name": "winrm", @@ -53,4 +49,4 @@ } ] } -} \ No newline at end of file +} diff --git a/examples/windows/kubernetes-windows-1903.json b/examples/windows/kubernetes-windows-1903.json index bb0cee9792..e736a21a01 100644 --- a/examples/windows/kubernetes-windows-1903.json +++ b/examples/windows/kubernetes-windows-1903.json @@ -38,10 +38,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } -} \ No newline at end of file +} diff --git a/examples/windows/kubernetes-windows-1909.json b/examples/windows/kubernetes-windows-1909.json index 999a87c9f0..3502ae8683 100644 --- a/examples/windows/kubernetes-windows-1909.json +++ b/examples/windows/kubernetes-windows-1909.json @@ -37,10 +37,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/windows/kubernetes-windows-docker-version.json b/examples/windows/kubernetes-windows-docker-version.json index 978c49eece..2606c4c4b7 100644 --- a/examples/windows/kubernetes-windows-docker-version.json +++ b/examples/windows/kubernetes-windows-docker-version.json @@ -32,10 +32,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/examples/windows/kubernetes-windows-version.json b/examples/windows/kubernetes-windows-version.json index a06fe23d7a..109e612ab5 100644 --- a/examples/windows/kubernetes-windows-version.json +++ b/examples/windows/kubernetes-windows-version.json @@ -35,10 +35,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/extensions/prometheus-grafana-k8s/README.md b/extensions/prometheus-grafana-k8s/README.md index d73dba90f1..5031e02f2a 100644 --- a/extensions/prometheus-grafana-k8s/README.md +++ b/extensions/prometheus-grafana-k8s/README.md @@ -44,11 +44,7 @@ This is the prometheus-grafana extension. Add this extension to the API model y "version": "v1", "rootURL": "https://raw.githubusercontent.com/Azure/aks-engine/master/" } - ], - "servicePrincipalProfile": { - "clientId": "", - "secret": "" - } + ] } } ``` diff --git a/pkg/api/addons_test.go b/pkg/api/addons_test.go index 78c122297e..06b7cba953 100644 --- a/pkg/api/addons_test.go +++ b/pkg/api/addons_test.go @@ -4853,7 +4853,7 @@ func TestGetClusterAutoscalerNodesConfig(t *testing.T) { Enabled: to.BoolPtr(true), }, }, - UseManagedIdentity: true, + UseManagedIdentity: to.BoolPtr(true), }, }, AgentPoolProfiles: []*AgentPoolProfile{ @@ -4917,7 +4917,7 @@ func TestGetClusterAutoscalerNodesConfig(t *testing.T) { Enabled: to.BoolPtr(true), }, }, - UseManagedIdentity: true, + UseManagedIdentity: to.BoolPtr(true), }, }, AgentPoolProfiles: []*AgentPoolProfile{ @@ -4970,7 +4970,7 @@ func TestGetClusterAutoscalerNodesConfig(t *testing.T) { Enabled: to.BoolPtr(true), }, }, - UseManagedIdentity: true, + UseManagedIdentity: to.BoolPtr(true), }, }, AgentPoolProfiles: []*AgentPoolProfile{ diff --git a/pkg/api/const.go b/pkg/api/const.go index adefa2d26c..43d85e331b 100644 --- a/pkg/api/const.go +++ b/pkg/api/const.go @@ -246,7 +246,7 @@ const ( // Azure API Versions const ( APIVersionAuthorizationUser = "2018-09-01-preview" - APIVersionAuthorizationSystem = "2018-01-01-preview" + APIVersionAuthorizationSystem = "2018-09-01-preview" APIVersionCompute = "2019-07-01" APIVersionDeployments = "2018-06-01" APIVersionKeyVault = "2018-02-14" diff --git a/pkg/api/converterfromapi_test.go b/pkg/api/converterfromapi_test.go index a4222994b0..31d2d32e98 100644 --- a/pkg/api/converterfromapi_test.go +++ b/pkg/api/converterfromapi_test.go @@ -537,7 +537,7 @@ func getDefaultContainerService() *ContainerService { DockerBridgeSubnet: "sampleDockerSubnet", DNSServiceIP: "172.0.0.1", ServiceCIDR: "172.0.0.1/16", - UseManagedIdentity: true, + UseManagedIdentity: to.BoolPtr(true), UserAssignedID: "fooUserAssigneID", UserAssignedClientID: "fooUserAssigneClientID", MobyVersion: "3.0.0", diff --git a/pkg/api/defaults.go b/pkg/api/defaults.go index b1561f34d3..b7a14652bf 100644 --- a/pkg/api/defaults.go +++ b/pkg/api/defaults.go @@ -181,6 +181,14 @@ func (cs *ContainerService) setOrchestratorDefaults(isUpgrade, isScale bool) { } } + if !isUpgrade && !isScale && + !cs.Properties.IsHostedMasterProfile() && + !cs.Properties.IsCustomCloudProfile() && + !cs.Properties.MasterProfile.IsVirtualMachineScaleSets() && + o.KubernetesConfig.UseManagedIdentity == nil { + o.KubernetesConfig.UseManagedIdentity = to.BoolPtr(true) + } + if a.HasWindows() { if o.KubernetesConfig.NetworkPlugin == "" { o.KubernetesConfig.NetworkPlugin = DefaultNetworkPluginWindows diff --git a/pkg/api/defaults_test.go b/pkg/api/defaults_test.go index 5f602e1c0e..e089d795fb 100644 --- a/pkg/api/defaults_test.go +++ b/pkg/api/defaults_test.go @@ -790,6 +790,60 @@ func TestDiskCachingTypes(t *testing.T) { } } +func TestDefaultUseManagedIdentity(t *testing.T) { + mockCS := getMockBaseContainerService("1.18.8") + mockCS.Properties.OrchestratorProfile.OrchestratorType = Kubernetes + isUpgrade := false + isScale := false + mockCS.setOrchestratorDefaults(isUpgrade, isScale) + if !to.Bool(mockCS.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity) { + t.Errorf("expected UseManagedIdentity to be true by default, instead got %t", to.Bool(mockCS.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity)) + } + mockCS = getMockBaseContainerService("1.18.8") + mockCS.Properties.OrchestratorProfile.OrchestratorType = Kubernetes + mockCS.Properties.CustomCloudProfile = &CustomCloudProfile{ + Environment: &azure.Environment{}, + } + mockCS.setOrchestratorDefaults(isUpgrade, isScale) + if to.Bool(mockCS.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity) { + t.Errorf("expected UseManagedIdentity to be false by default in CustomCloudProfile context, instead got %t", to.Bool(mockCS.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity)) + } + + mockCS = getMockBaseContainerService("1.18.8") + mockCS.Properties.OrchestratorProfile.OrchestratorType = Kubernetes + mockCS.Properties.MasterProfile.AvailabilityProfile = VirtualMachineScaleSets + mockCS.setOrchestratorDefaults(isUpgrade, isScale) + if to.Bool(mockCS.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity) { + t.Errorf("expected UseManagedIdentity to be false by default in VMSS control plane context, instead got %t", to.Bool(mockCS.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity)) + } + + isUpgrade = true + isScale = false + mockCS = getMockBaseContainerService("1.18.8") + mockCS.Properties.OrchestratorProfile.OrchestratorType = Kubernetes + mockCS.setOrchestratorDefaults(isUpgrade, isScale) + if mockCS.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity != nil { + t.Errorf("expected UseManagedIdentity to be unchanged by default in upgrade context, instead got %t", to.Bool(mockCS.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity)) + } + + isUpgrade = false + isScale = true + mockCS = getMockBaseContainerService("1.18.8") + mockCS.Properties.OrchestratorProfile.OrchestratorType = Kubernetes + mockCS.setOrchestratorDefaults(isUpgrade, isScale) + if mockCS.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity != nil { + t.Errorf("expected UseManagedIdentity to be unchanged by default in scale context, instead got %t", to.Bool(mockCS.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity)) + } + + mockCS = getMockBaseContainerService("1.18.8") + mockCS.Properties.OrchestratorProfile.OrchestratorType = Kubernetes + mockCS.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity = to.BoolPtr(false) + mockCS.setOrchestratorDefaults(isUpgrade, isScale) + if to.Bool(mockCS.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity) { + t.Errorf("expected UseManagedIdentity=false config to be honored by defaults enforcement, instead got %t", to.Bool(mockCS.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity)) + } +} + func TestKubeletFeatureGatesEnsureFeatureGatesOnAgentsFor1_6_0(t *testing.T) { mockCS := getMockBaseContainerService("1.6.0") properties := mockCS.Properties diff --git a/pkg/api/types.go b/pkg/api/types.go index 34e29735e7..e0397958ad 100644 --- a/pkg/api/types.go +++ b/pkg/api/types.go @@ -456,7 +456,7 @@ type KubernetesConfig struct { DockerBridgeSubnet string `json:"dockerBridgeSubnet,omitempty"` DNSServiceIP string `json:"dnsServiceIP,omitempty"` ServiceCIDR string `json:"serviceCidr,omitempty"` - UseManagedIdentity bool `json:"useManagedIdentity,omitempty"` + UseManagedIdentity *bool `json:"useManagedIdentity,omitempty"` UserAssignedID string `json:"userAssignedID,omitempty"` UserAssignedClientID string `json:"userAssignedClientID,omitempty"` //Note: cannot be provided in config. Used *only* for transferring this to azure.json. CustomHyperkubeImage string `json:"customHyperkubeImage,omitempty"` @@ -2075,12 +2075,12 @@ func (k *KubernetesConfig) IsRBACEnabled() bool { // UserAssignedIDEnabled checks if the user assigned ID is enabled or not. func (k *KubernetesConfig) UserAssignedIDEnabled() bool { - return k.UseManagedIdentity && k.UserAssignedID != "" + return to.Bool(k.UseManagedIdentity) && k.UserAssignedID != "" } // SystemAssignedIDEnabled checks if system assigned IDs should be used. func (k *KubernetesConfig) SystemAssignedIDEnabled() bool { - return k.UseManagedIdentity && k.UserAssignedID == "" + return to.Bool(k.UseManagedIdentity) && k.UserAssignedID == "" } func (k *KubernetesConfig) ShouldCreateNewUserAssignedIdentity() bool { @@ -2508,7 +2508,7 @@ func (cs *ContainerService) GetProvisionScriptParametersCommon(input ProvisionSc "CLOUDPROVIDER_RATELIMIT_BUCKET": strconv.Itoa(kubernetesConfig.CloudProviderRateLimitBucket), "CLOUDPROVIDER_RATELIMIT_BUCKET_WRITE": strconv.Itoa(kubernetesConfig.CloudProviderRateLimitBucketWrite), "LOAD_BALANCER_DISABLE_OUTBOUND_SNAT": strconv.FormatBool(to.Bool(kubernetesConfig.CloudProviderDisableOutboundSNAT)), - "USE_MANAGED_IDENTITY_EXTENSION": strconv.FormatBool(kubernetesConfig.UseManagedIdentity), + "USE_MANAGED_IDENTITY_EXTENSION": strconv.FormatBool(to.Bool(kubernetesConfig.UseManagedIdentity)), "USE_INSTANCE_METADATA": strconv.FormatBool(to.Bool(kubernetesConfig.UseInstanceMetadata)), "LOAD_BALANCER_SKU": kubernetesConfig.LoadBalancerSku, "EXCLUDE_MASTER_FROM_STANDARD_LB": strconv.FormatBool(to.Bool(kubernetesConfig.ExcludeMasterFromStandardLB)), diff --git a/pkg/api/types_test.go b/pkg/api/types_test.go index 42deb37dd0..e2411ca48c 100644 --- a/pkg/api/types_test.go +++ b/pkg/api/types_test.go @@ -3883,7 +3883,7 @@ func TestUserAssignedMSI(t *testing.T) { if err != nil { t.Fatalf("unexpected error deserailizing the example user msi api model: %s", err) } - systemMSI := apiModel.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity + systemMSI := to.Bool(apiModel.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity) actualUserMSI := apiModel.Properties.OrchestratorProfile.KubernetesConfig.UserAssignedID if !systemMSI || actualUserMSI != "" { t.Fatalf("found user msi: %t and usermsi: %s", systemMSI, actualUserMSI) @@ -3897,7 +3897,7 @@ func TestUserAssignedMSI(t *testing.T) { if err != nil { t.Fatalf("unexpected error deserailizing the example user msi api model: %s", err) } - systemMSI = apiModel.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity + systemMSI = to.Bool(apiModel.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity) actualUserMSI = apiModel.Properties.OrchestratorProfile.KubernetesConfig.UserAssignedID if !systemMSI && actualUserMSI != exampleUserMSI { t.Fatalf("found user msi: %t and usermsi: %s", systemMSI, actualUserMSI) @@ -6429,7 +6429,7 @@ func TestIsFeatureEnabled(t *testing.T) { func TestKubernetesConfig_UserAssignedIDEnabled(t *testing.T) { k := KubernetesConfig{ - UseManagedIdentity: true, + UseManagedIdentity: to.BoolPtr(true), UserAssignedID: "fooID", } if !k.UserAssignedIDEnabled() { @@ -6437,7 +6437,7 @@ func TestKubernetesConfig_UserAssignedIDEnabled(t *testing.T) { } k = KubernetesConfig{ - UseManagedIdentity: false, + UseManagedIdentity: to.BoolPtr(false), UserAssignedID: "fooID", } @@ -6448,7 +6448,7 @@ func TestKubernetesConfig_UserAssignedIDEnabled(t *testing.T) { func TestKubernetesConfig_ShouldCreateNewUserAssignedIdentity(t *testing.T) { k := KubernetesConfig{ - UseManagedIdentity: true, + UseManagedIdentity: to.BoolPtr(true), UserAssignedID: "fooID", } if !k.ShouldCreateNewUserAssignedIdentity() { @@ -6456,7 +6456,7 @@ func TestKubernetesConfig_ShouldCreateNewUserAssignedIdentity(t *testing.T) { } k = KubernetesConfig{ - UseManagedIdentity: true, + UseManagedIdentity: to.BoolPtr(true), UserAssignedID: exampleUserMSI, } @@ -6467,7 +6467,7 @@ func TestKubernetesConfig_ShouldCreateNewUserAssignedIdentity(t *testing.T) { func TestKubernetesConfig_SystemAssignedIDEnabled(t *testing.T) { k := KubernetesConfig{ - UseManagedIdentity: true, + UseManagedIdentity: to.BoolPtr(true), UserAssignedID: "", } if !k.SystemAssignedIDEnabled() { @@ -6475,7 +6475,7 @@ func TestKubernetesConfig_SystemAssignedIDEnabled(t *testing.T) { } k = KubernetesConfig{ - UseManagedIdentity: true, + UseManagedIdentity: to.BoolPtr(true), UserAssignedID: "foo", } @@ -6484,7 +6484,7 @@ func TestKubernetesConfig_SystemAssignedIDEnabled(t *testing.T) { } k = KubernetesConfig{ - UseManagedIdentity: false, + UseManagedIdentity: to.BoolPtr(false), UserAssignedID: "", } diff --git a/pkg/api/vlabs/types.go b/pkg/api/vlabs/types.go index 73f8a390ee..29033e3e85 100644 --- a/pkg/api/vlabs/types.go +++ b/pkg/api/vlabs/types.go @@ -341,7 +341,7 @@ type KubernetesConfig struct { ContainerRuntime string `json:"containerRuntime,omitempty"` MaxPods int `json:"maxPods,omitempty"` DockerBridgeSubnet string `json:"dockerBridgeSubnet,omitempty"` - UseManagedIdentity bool `json:"useManagedIdentity,omitempty"` + UseManagedIdentity *bool `json:"useManagedIdentity,omitempty"` UserAssignedID string `json:"userAssignedID,omitempty"` UserAssignedClientID string `json:"userAssignedClientID,omitempty"` //Note: cannot be provided in config. Used *only* for transferring this to azure.json. CustomHyperkubeImage string `json:"customHyperkubeImage,omitempty"` diff --git a/pkg/api/vlabs/validate.go b/pkg/api/vlabs/validate.go index cbc012dbb9..d986a83ae6 100644 --- a/pkg/api/vlabs/validate.go +++ b/pkg/api/vlabs/validate.go @@ -158,10 +158,6 @@ func (a *Properties) validate(isUpdate bool) error { return e } - if e := a.validateManagedIdentity(); e != nil { - return e - } - if e := a.validateAADProfile(); e != nil { return e } @@ -449,7 +445,7 @@ func (a *Properties) validateMasterProfile(isUpdate bool) error { return errors.New("VirtualMachineScaleSets for master profile must be used together with virtualMachineScaleSets for agent profiles. Set \"availabilityProfile\" to \"VirtualMachineScaleSets\" for agent profiles") } - if a.OrchestratorProfile.KubernetesConfig != nil && a.OrchestratorProfile.KubernetesConfig.UseManagedIdentity && a.OrchestratorProfile.KubernetesConfig.UserAssignedID == "" { + if a.OrchestratorProfile.KubernetesConfig != nil && to.Bool(a.OrchestratorProfile.KubernetesConfig.UseManagedIdentity) && a.OrchestratorProfile.KubernetesConfig.UserAssignedID == "" { return errors.New("virtualMachineScaleSets for master profile can be used only with user assigned MSI ! Please specify \"userAssignedID\" in \"kubernetesConfig\"") } } @@ -790,7 +786,7 @@ func (a *Properties) validateAddons() error { } case "appgw-ingress": if (a.ServicePrincipalProfile == nil || len(a.ServicePrincipalProfile.ObjectID) == 0) && - !a.OrchestratorProfile.KubernetesConfig.UseManagedIdentity { + !to.Bool(a.OrchestratorProfile.KubernetesConfig.UseManagedIdentity) { return errors.New("appgw-ingress add-ons requires 'objectID' to be specified or UseManagedIdentity to be true") } @@ -966,10 +962,10 @@ func (a *Properties) validateVNET() error { func (a *Properties) validateServicePrincipalProfile() error { if a.OrchestratorProfile.OrchestratorType == Kubernetes { - useManagedIdentity := a.OrchestratorProfile.KubernetesConfig != nil && - a.OrchestratorProfile.KubernetesConfig.UseManagedIdentity + useManagedIdentityDisabled := a.OrchestratorProfile.KubernetesConfig != nil && + a.OrchestratorProfile.KubernetesConfig.UseManagedIdentity != nil && !to.Bool(a.OrchestratorProfile.KubernetesConfig.UseManagedIdentity) - if !useManagedIdentity { + if useManagedIdentityDisabled { if a.ServicePrincipalProfile == nil { return errors.Errorf("ServicePrincipalProfile must be specified with Orchestrator %s", a.OrchestratorProfile.OrchestratorType) } @@ -1001,44 +997,6 @@ func (a *Properties) validateServicePrincipalProfile() error { return nil } -func (a *Properties) validateManagedIdentity() error { - if a.OrchestratorProfile.OrchestratorType == Kubernetes { - useManagedIdentity := a.OrchestratorProfile.KubernetesConfig != nil && - a.OrchestratorProfile.KubernetesConfig.UseManagedIdentity - - if useManagedIdentity { - version := common.RationalizeReleaseAndVersion( - a.OrchestratorProfile.OrchestratorType, - a.OrchestratorProfile.OrchestratorRelease, - a.OrchestratorProfile.OrchestratorVersion, - false, - false, - false) - if version == "" { - return errors.Errorf("the following user supplied OrchestratorProfile configuration is not supported: OrchestratorType: %s, OrchestratorRelease: %s, OrchestratorVersion: %s. Please check supported Release or Version for this build of aks-engine", a.OrchestratorProfile.OrchestratorType, a.OrchestratorProfile.OrchestratorRelease, a.OrchestratorProfile.OrchestratorVersion) - } - sv, err := semver.Make(version) - if err != nil { - return errors.Errorf("could not validate version %s", version) - } - minVersion, err := semver.Make("1.12.0") - if err != nil { - return errors.New("could not validate version") - } - - if a.MasterProfile.IsVirtualMachineScaleSets() { - if sv.LT(minVersion) { - return errors.New("managed identity and VMSS masters can only be used with Kubernetes 1.12.0 or above. Please specify \"orchestratorRelease\": \"1.12\"") - } - } else if a.OrchestratorProfile.KubernetesConfig.UserAssignedID != "" && sv.LT(minVersion) { - return errors.New("user assigned identity can only be used with Kubernetes 1.12.0 or above. Please specify \"orchestratorRelease\": \"1.12\"") - } - - } - } - return nil -} - func (a *Properties) validateAADProfile() error { if profile := a.AADProfile; profile != nil { if a.OrchestratorProfile.OrchestratorType != Kubernetes { diff --git a/pkg/api/vlabs/validate_test.go b/pkg/api/vlabs/validate_test.go index a6e6af89c6..daaa863b29 100644 --- a/pkg/api/vlabs/validate_test.go +++ b/pkg/api/vlabs/validate_test.go @@ -1436,6 +1436,9 @@ func Test_ServicePrincipalProfile_ValidateSecretOrKeyvaultSecretRef(t *testing.T t.Run("ServicePrincipalProfile with secret should pass", func(t *testing.T) { t.Parallel() cs := getK8sDefaultContainerService(false) + cs.Properties.OrchestratorProfile.KubernetesConfig = &KubernetesConfig{ + UseManagedIdentity: to.BoolPtr(false), + } if err := cs.Validate(false); err != nil { t.Errorf("should not error %v", err) @@ -1451,6 +1454,9 @@ func Test_ServicePrincipalProfile_ValidateSecretOrKeyvaultSecretRef(t *testing.T SecretName: "secret-name", SecretVersion: "version", } + cs.Properties.OrchestratorProfile.KubernetesConfig = &KubernetesConfig{ + UseManagedIdentity: to.BoolPtr(false), + } if err := cs.Validate(false); err != nil { t.Errorf("should not error %v", err) } @@ -1464,6 +1470,9 @@ func Test_ServicePrincipalProfile_ValidateSecretOrKeyvaultSecretRef(t *testing.T VaultID: "/subscriptions/SUB-ID/resourceGroups/RG-NAME/providers/Microsoft.KeyVault/vaults/KV-NAME", SecretName: "secret-name", } + cs.Properties.OrchestratorProfile.KubernetesConfig = &KubernetesConfig{ + UseManagedIdentity: to.BoolPtr(false), + } if err := cs.Validate(false); err != nil { t.Errorf("should not error %v", err) @@ -1478,6 +1487,9 @@ func Test_ServicePrincipalProfile_ValidateSecretOrKeyvaultSecretRef(t *testing.T VaultID: "/subscriptions/SUB-ID/resourceGroups/RG-NAME/providers/Microsoft.KeyVault/vaults/KV-NAME", SecretName: "secret-name", } + cs.Properties.OrchestratorProfile.KubernetesConfig = &KubernetesConfig{ + UseManagedIdentity: to.BoolPtr(false), + } if err := cs.Validate(false); err == nil { t.Error("error should have occurred") @@ -1492,6 +1504,9 @@ func Test_ServicePrincipalProfile_ValidateSecretOrKeyvaultSecretRef(t *testing.T VaultID: "randomID", SecretName: "secret-name", } + cs.Properties.OrchestratorProfile.KubernetesConfig = &KubernetesConfig{ + UseManagedIdentity: to.BoolPtr(false), + } if err := cs.Validate(false); err == nil || err.Error() != "service principal client keyvault secret reference is of incorrect format" { t.Error("error should have occurred") @@ -2314,7 +2329,7 @@ func Test_Properties_ValidateAddons(t *testing.T) { ) } - p.OrchestratorProfile.KubernetesConfig.UseManagedIdentity = true + p.OrchestratorProfile.KubernetesConfig.UseManagedIdentity = to.BoolPtr(true) if err := p.validateAddons(); err != nil { t.Errorf( "should not error on azure-policy with managed identity", @@ -2581,7 +2596,7 @@ func Test_Properties_ValidateAddons(t *testing.T) { // Basic test with UseManagedIdentity p.OrchestratorProfile.KubernetesConfig = &KubernetesConfig{ NetworkPlugin: "azure", - UseManagedIdentity: true, + UseManagedIdentity: to.BoolPtr(true), Addons: []KubernetesAddon{ { Name: "appgw-ingress", @@ -3092,7 +3107,7 @@ func TestProperties_ValidateManagedIdentity(t *testing.T) { OrchestratorRelease: test.orchestratorRelease, OrchestratorType: Kubernetes, KubernetesConfig: &KubernetesConfig{ - UseManagedIdentity: test.useManagedIdentity, + UseManagedIdentity: to.BoolPtr(test.useManagedIdentity), UserAssignedID: test.userAssignedID, }, } diff --git a/pkg/armhelpers/azurestack/httpMockClientData/deployVMRequest.json b/pkg/armhelpers/azurestack/httpMockClientData/deployVMRequest.json index 074e08527e..31faf6dd2d 100644 --- a/pkg/armhelpers/azurestack/httpMockClientData/deployVMRequest.json +++ b/pkg/armhelpers/azurestack/httpMockClientData/deployVMRequest.json @@ -1492,7 +1492,7 @@ } ], "variables": { - "apiVersionAuthorizationSystem": "2018-01-01-preview", + "apiVersionAuthorizationSystem": "2018-09-01-preview", "apiVersionAuthorizationUser": "2018-09-01-preview", "apiVersionCompute": "2017-03-30", "apiVersionKeyVault": "2016-10-01", diff --git a/pkg/armhelpers/httpMockClientData/deployVMRequest.json b/pkg/armhelpers/httpMockClientData/deployVMRequest.json index d364ef69e4..d33990f71e 100644 --- a/pkg/armhelpers/httpMockClientData/deployVMRequest.json +++ b/pkg/armhelpers/httpMockClientData/deployVMRequest.json @@ -1458,7 +1458,7 @@ } ], "variables": { - "apiVersionAuthorizationSystem": "2018-01-01-preview", + "apiVersionAuthorizationSystem": "2018-09-01-preview", "apiVersionAuthorizationUser": "2018-09-01-preview", "apiVersionCompute": "2017-03-30", "apiVersionKeyVault": "2016-10-01", diff --git a/pkg/engine/armresources.go b/pkg/engine/armresources.go index 4c0404eb79..2048a2806a 100644 --- a/pkg/engine/armresources.go +++ b/pkg/engine/armresources.go @@ -32,7 +32,7 @@ func GenerateARMResources(cs *api.ContainerService) []interface{} { kubernetesConfig := cs.Properties.OrchestratorProfile.KubernetesConfig if kubernetesConfig != nil { - useManagedIdentity = kubernetesConfig.UseManagedIdentity + useManagedIdentity = to.Bool(kubernetesConfig.UseManagedIdentity) userAssignedIDEnabled = kubernetesConfig.UserAssignedIDEnabled() createNewUserAssignedIdentity = kubernetesConfig.ShouldCreateNewUserAssignedIdentity() } @@ -180,7 +180,7 @@ func createKubernetesAgentVMASResources(cs *api.ContainerService, profile *api.A agentVMASVM := createAgentAvailabilitySetVM(cs, profile) agentVMASResources = append(agentVMASResources, agentVMASVM) - useManagedIdentity := cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity + useManagedIdentity := to.Bool(cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity) userAssignedIDEnabled := cs.Properties.OrchestratorProfile.KubernetesConfig.UserAssignedIDEnabled() if useManagedIdentity && !userAssignedIDEnabled { diff --git a/pkg/engine/armresources_test.go b/pkg/engine/armresources_test.go index 0a49b6c7d1..55880cdf6e 100644 --- a/pkg/engine/armresources_test.go +++ b/pkg/engine/armresources_test.go @@ -508,7 +508,7 @@ func TestGenerateARMResourcesWithVMSSAgentPool(t *testing.T) { } // Now test with userAssignedID enabled and StorageAccount in agents - cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity = true + cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity = to.BoolPtr(true) cs.Properties.OrchestratorProfile.KubernetesConfig.UserAssignedID = "fooUserAssignedID" cs.Properties.AgentPoolProfiles[0].StorageProfile = api.StorageAccount userAssignedIDEnabled = true diff --git a/pkg/engine/armtype.go b/pkg/engine/armtype.go index 3fa87c0d18..26d55a99c0 100644 --- a/pkg/engine/armtype.go +++ b/pkg/engine/armtype.go @@ -112,7 +112,7 @@ type StorageAccountARM struct { storage.Account } -// SystemRoleAssignmentARM embeds the ARMResource type in authorization.SystemRoleAssignment(2018-01-01-preview). +// SystemRoleAssignmentARM embeds the ARMResource type in authorization.SystemRoleAssignment(2018-09-01-preview). type SystemRoleAssignmentARM struct { ARMResource authorization.RoleAssignment diff --git a/pkg/engine/armvariables.go b/pkg/engine/armvariables.go index 250651eb76..f3b18144bf 100644 --- a/pkg/engine/armvariables.go +++ b/pkg/engine/armvariables.go @@ -71,7 +71,7 @@ func getK8sMasterVars(cs *api.ContainerService) (map[string]interface{}, error) var useInstanceMetadata *bool var userAssignedIDReference string if kubernetesConfig != nil { - useManagedIdentity = kubernetesConfig.UseManagedIdentity + useManagedIdentity = to.Bool(kubernetesConfig.UseManagedIdentity) userAssignedID = kubernetesConfig.UserAssignedIDEnabled() userAssignedClientID = useManagedIdentity && kubernetesConfig.UserAssignedClientID != "" enableEncryptionWithExternalKms = to.Bool(kubernetesConfig.EnableEncryptionWithExternalKms) diff --git a/pkg/engine/armvariables_test.go b/pkg/engine/armvariables_test.go index 6bc53007bf..d818fab06b 100644 --- a/pkg/engine/armvariables_test.go +++ b/pkg/engine/armvariables_test.go @@ -86,7 +86,7 @@ func TestK8sVars(t *testing.T) { "agentpool1osImageResourceGroup": "[parameters('agentpool1osImageResourceGroup')]", "agentpool1osImageSKU": "[parameters('agentpool1osImageSKU')]", "agentpool1osImageVersion": "[parameters('agentpool1osImageVersion')]", - "apiVersionAuthorizationSystem": "2018-01-01-preview", + "apiVersionAuthorizationSystem": "2018-09-01-preview", "apiVersionAuthorizationUser": "2018-09-01-preview", "apiVersionCompute": "2019-07-01", "apiVersionDeployments": "2018-06-01", @@ -168,8 +168,8 @@ func TestK8sVars(t *testing.T) { "routeTableID": "[resourceId('Microsoft.Network/routeTables', variables('routeTableName'))]", "routeTableName": "[concat(variables('masterVMNamePrefix'),'routetable')]", "scope": "[resourceGroup().id]", - "servicePrincipalClientId": "[parameters('servicePrincipalClientId')]", - "servicePrincipalClientSecret": "[parameters('servicePrincipalClientSecret')]", + "servicePrincipalClientId": "msi", + "servicePrincipalClientSecret": "msi", "singleQuote": "'", "sshKeyPath": "[concat('/home/',parameters('linuxAdminUsername'),'/.ssh/authorized_keys')]", "sshNatPorts": []int{22, 2201, 2202, 2203, 2204}, @@ -180,7 +180,7 @@ func TestK8sVars(t *testing.T) { "tenantId": "[subscription().tenantId]", "truncatedResourceGroup": "[take(replace(replace(resourceGroup().name, '(', '-'), ')', '-'), 63)]", "useInstanceMetadata": "true", - "useManagedIdentityExtension": "false", + "useManagedIdentityExtension": "true", "userAssignedClientID": "", "userAssignedID": "", "userAssignedIDReference": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities/', variables('userAssignedID'))]", @@ -245,25 +245,7 @@ func TestK8sVars(t *testing.T) { t.Errorf("unexpected diff while expecting equal structs: %s", diff) } - // Test with MSI - cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity = true - varMap, err = GetKubernetesVariables(cs) - if err != nil { - t.Fatal(err) - } - - expectedMap["servicePrincipalClientId"] = "msi" - expectedMap["servicePrincipalClientSecret"] = "msi" - expectedMap["useManagedIdentityExtension"] = "true" - expectedMap["provisionScriptParametersCommon"] = "[concat('" + cs.GetProvisionScriptParametersCommon(api.ProvisionScriptParametersInput{Location: common.WrapAsARMVariable("location"), ResourceGroup: common.WrapAsARMVariable("resourceGroup"), TenantID: common.WrapAsARMVariable("tenantID"), SubscriptionID: common.WrapAsARMVariable("subscriptionId"), ClientID: common.WrapAsARMVariable("servicePrincipalClientId"), ClientSecret: common.WrapAsARMVariable("singleQuote") + common.WrapAsARMVariable("servicePrincipalClientSecret") + common.WrapAsARMVariable("singleQuote"), APIServerCertificate: common.WrapAsParameter("apiServerCertificate"), KubeletPrivateKey: common.WrapAsParameter("clientPrivateKey"), ClusterKeyVaultName: common.WrapAsARMVariable("clusterKeyVaultName")}) + "')]" - - diff = cmp.Diff(varMap, expectedMap) - - if diff != "" { - t.Errorf("unexpected diff while expecting equal structs: %s", diff) - } - - // Test with ubuntu 16.04 distro + // Test with ubuntu 16.04 distro and UseManagedIdentity disabled cs.Properties.OrchestratorProfile.KubernetesConfig.Addons = []api.KubernetesAddon{ { Name: common.PodSecurityPolicyAddonName, @@ -271,7 +253,7 @@ func TestK8sVars(t *testing.T) { }, } cs.Properties.AgentPoolProfiles[0].Distro = api.Ubuntu - cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity = false + cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity = to.BoolPtr(false) varMap, err = GetKubernetesVariables(cs) if err != nil { t.Fatal(err) @@ -524,7 +506,7 @@ func TestK8sVars(t *testing.T) { } // Test with HostedMaster + MSI - cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity = true + cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity = to.BoolPtr(true) varMap, err = GetKubernetesVariables(cs) if err != nil { t.Fatal(err) @@ -700,7 +682,7 @@ func TestK8sVars(t *testing.T) { "agentpool1osImageResourceGroup": "[parameters('agentpool1osImageResourceGroup')]", "agentpool1osImageSKU": "[parameters('agentpool1osImageSKU')]", "agentpool1osImageVersion": "[parameters('agentpool1osImageVersion')]", - "apiVersionAuthorizationSystem": "2018-01-01-preview", + "apiVersionAuthorizationSystem": "2018-09-01-preview", "apiVersionAuthorizationUser": "2018-09-01-preview", "apiVersionCompute": "2017-03-30", "apiVersionDeployments": "2018-06-01", @@ -964,7 +946,7 @@ func TestK8sVarsMastersOnly(t *testing.T) { } expectedMap := map[string]interface{}{ - "apiVersionAuthorizationSystem": "2018-01-01-preview", + "apiVersionAuthorizationSystem": "2018-09-01-preview", "apiVersionAuthorizationUser": "2018-09-01-preview", "apiVersionCompute": "2019-07-01", "apiVersionDeployments": "2018-06-01", @@ -1053,8 +1035,8 @@ func TestK8sVarsMastersOnly(t *testing.T) { "routeTableID": "[resourceId('Microsoft.Network/routeTables', variables('routeTableName'))]", "routeTableName": "[concat(variables('masterVMNamePrefix'),'routetable')]", "scope": "[resourceGroup().id]", - "servicePrincipalClientId": "[parameters('servicePrincipalClientId')]", - "servicePrincipalClientSecret": "[parameters('servicePrincipalClientSecret')]", + "servicePrincipalClientId": "msi", + "servicePrincipalClientSecret": "msi", "singleQuote": "'", "sshKeyPath": "[concat('/home/',parameters('linuxAdminUsername'),'/.ssh/authorized_keys')]", "sshNatPorts": []int{22, 2201, 2202, 2203, 2204}, @@ -1065,7 +1047,7 @@ func TestK8sVarsMastersOnly(t *testing.T) { "tenantId": "[subscription().tenantId]", "truncatedResourceGroup": "[take(replace(replace(resourceGroup().name, '(', '-'), ')', '-'), 63)]", "useInstanceMetadata": "true", - "useManagedIdentityExtension": "false", + "useManagedIdentityExtension": "true", "userAssignedClientID": "", "userAssignedID": "", "userAssignedIDReference": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities/', variables('userAssignedID'))]", diff --git a/pkg/engine/engine.go b/pkg/engine/engine.go index d48f854e47..4c317be76b 100644 --- a/pkg/engine/engine.go +++ b/pkg/engine/engine.go @@ -862,19 +862,19 @@ func getClusterAutoscalerAddonFuncMap(addon api.KubernetesAddon, cs *api.Contain return base64.StdEncoding.EncodeToString([]byte(cs.Properties.GetVMType())) }, "GetVolumeMounts": func() string { - if cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity { + if to.Bool(cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity) { return "\n - mountPath: /var/lib/waagent/\n name: waagent\n readOnly: true" } return "" }, "GetVolumes": func() string { - if cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity { + if to.Bool(cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity) { return "\n - hostPath:\n path: /var/lib/waagent/\n name: waagent" } return "" }, "GetHostNetwork": func() string { - if cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity { + if to.Bool(cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity) { return "\n hostNetwork: true" } return "" @@ -884,7 +884,7 @@ func getClusterAutoscalerAddonFuncMap(addon api.KubernetesAddon, cs *api.Contain return cloudSpecConfig.CloudName }, "UseManagedIdentity": func() string { - if cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity { + if to.Bool(cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity) { return "true" } return "false" diff --git a/pkg/engine/engine_test.go b/pkg/engine/engine_test.go index 2b0b6d6f36..396c6f8acf 100644 --- a/pkg/engine/engine_test.go +++ b/pkg/engine/engine_test.go @@ -1710,7 +1710,7 @@ func TestVerifyGetBase64EncodedGzippedCustomScriptIsTransparent(t *testing.T) { Enabled: to.BoolPtr(true), }, }, - UseManagedIdentity: true, + UseManagedIdentity: to.BoolPtr(true), }, }, AgentPoolProfiles: []*api.AgentPoolProfile{ @@ -1857,7 +1857,7 @@ func TestGetClusterAutoscalerAddonFuncMap(t *testing.T) { Enabled: to.BoolPtr(true), }, }, - UseManagedIdentity: true, + UseManagedIdentity: to.BoolPtr(true), }, }, AgentPoolProfiles: []*api.AgentPoolProfile{ @@ -1936,7 +1936,7 @@ func TestGetClusterAutoscalerAddonFuncMap(t *testing.T) { Enabled: to.BoolPtr(true), }, }, - UseManagedIdentity: true, + UseManagedIdentity: to.BoolPtr(true), }, }, AgentPoolProfiles: []*api.AgentPoolProfile{ @@ -2003,7 +2003,7 @@ func TestGetClusterAutoscalerAddonFuncMap(t *testing.T) { Enabled: to.BoolPtr(true), }, }, - UseManagedIdentity: true, + UseManagedIdentity: to.BoolPtr(true), }, }, AgentPoolProfiles: []*api.AgentPoolProfile{ diff --git a/pkg/engine/keyvaults.go b/pkg/engine/keyvaults.go index 99b7c764cd..f2e3871602 100644 --- a/pkg/engine/keyvaults.go +++ b/pkg/engine/keyvaults.go @@ -7,6 +7,7 @@ import ( "fmt" "github.com/Azure/aks-engine/pkg/api" + "github.com/Azure/go-autorest/autorest/to" ) func CreateKeyVaultVMAS(cs *api.ContainerService) map[string]interface{} { @@ -17,7 +18,7 @@ func CreateKeyVaultVMAS(cs *api.ContainerService) map[string]interface{} { "location": "[variables('location')]", } - useManagedIdentity := cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity + useManagedIdentity := to.Bool(cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity) userAssignedIDEnabled := cs.Properties.OrchestratorProfile.KubernetesConfig.UserAssignedIDEnabled() creatingNewUserAssignedIdentity := cs.Properties.OrchestratorProfile.KubernetesConfig.ShouldCreateNewUserAssignedIdentity() masterCount := cs.Properties.MasterProfile.Count @@ -103,7 +104,7 @@ func CreateKeyVaultVMSS(cs *api.ContainerService) map[string]interface{} { "location": "[variables('location')]", } - useManagedIdentity := cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity + useManagedIdentity := to.Bool(cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity) userAssignedIDEnabled := cs.Properties.OrchestratorProfile.KubernetesConfig.UserAssignedIDEnabled() creatingNewUserAssignedIdentity := cs.Properties.OrchestratorProfile.KubernetesConfig.ShouldCreateNewUserAssignedIdentity() diff --git a/pkg/engine/keyvaults_test.go b/pkg/engine/keyvaults_test.go index dace64b97a..90f2d2ebaa 100644 --- a/pkg/engine/keyvaults_test.go +++ b/pkg/engine/keyvaults_test.go @@ -9,6 +9,7 @@ import ( "github.com/google/go-cmp/cmp" "github.com/Azure/aks-engine/pkg/api" + "github.com/Azure/go-autorest/autorest/to" ) func TestCreateKeyVault(t *testing.T) { @@ -52,7 +53,7 @@ func TestCreateKeyVault(t *testing.T) { } //Test with UseManagedIdentityEnabled - cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity = true + cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity = to.BoolPtr(true) actual = CreateKeyVaultVMAS(cs) @@ -87,7 +88,7 @@ func TestCreateKeyVault(t *testing.T) { } //Test with UserAssignedID - cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity = true + cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity = to.BoolPtr(true) cs.Properties.OrchestratorProfile.KubernetesConfig.UserAssignedID = "fooID" actual = CreateKeyVaultVMAS(cs) @@ -164,7 +165,7 @@ func TestCreateKeyVaultVMSS(t *testing.T) { } //Test with UseManagedIdentityEnabled - cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity = true + cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity = to.BoolPtr(true) actual = CreateKeyVaultVMSS(cs) @@ -199,7 +200,7 @@ func TestCreateKeyVaultVMSS(t *testing.T) { } //Test with UserAssignedID - cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity = true + cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity = to.BoolPtr(true) cs.Properties.OrchestratorProfile.KubernetesConfig.UserAssignedID = "fooID" actual = CreateKeyVaultVMSS(cs) diff --git a/pkg/engine/masterarmresources.go b/pkg/engine/masterarmresources.go index fe62a579c2..259f193a59 100644 --- a/pkg/engine/masterarmresources.go +++ b/pkg/engine/masterarmresources.go @@ -109,7 +109,7 @@ func createKubernetesMasterResourcesVMAS(cs *api.ContainerService) []interface{} masterResources = append(masterResources, masterVM) var useManagedIdentity, userAssignedIDEnabled bool - useManagedIdentity = kubernetesConfig.UseManagedIdentity + useManagedIdentity = to.Bool(kubernetesConfig.UseManagedIdentity) userAssignedIDEnabled = kubernetesConfig.UserAssignedIDEnabled() if useManagedIdentity && !userAssignedIDEnabled { diff --git a/pkg/engine/params_k8s.go b/pkg/engine/params_k8s.go index 2ae6d842e4..a2e134ffb0 100644 --- a/pkg/engine/params_k8s.go +++ b/pkg/engine/params_k8s.go @@ -108,7 +108,7 @@ func assignKubernetesParameters(properties *api.Properties, parametersMap params } if kubernetesConfig == nil || - !kubernetesConfig.UseManagedIdentity || + !to.Bool(kubernetesConfig.UseManagedIdentity) || properties.IsHostedMasterProfile() { servicePrincipalProfile := properties.ServicePrincipalProfile @@ -128,7 +128,7 @@ func assignKubernetesParameters(properties *api.Properties, parametersMap params if kubernetesConfig.KeyVaultSku != "" { addValue(parametersMap, "clusterKeyVaultSku", kubernetesConfig.KeyVaultSku) } - if !kubernetesConfig.UseManagedIdentity && servicePrincipalProfile.ObjectID != "" { + if !to.Bool(kubernetesConfig.UseManagedIdentity) && servicePrincipalProfile.ObjectID != "" { addValue(parametersMap, "servicePrincipalObjectId", servicePrincipalProfile.ObjectID) } } diff --git a/pkg/engine/roleassignments.go b/pkg/engine/roleassignments.go index 981b01e11a..ca75cca8b3 100644 --- a/pkg/engine/roleassignments.go +++ b/pkg/engine/roleassignments.go @@ -44,7 +44,7 @@ func createKubernetesSpAppGIdentityOperatorAccessRoleAssignment(prop *api.Proper // determine objectId of the cluster identity used by the kubernetes cluster if prop.OrchestratorProfile != nil && prop.OrchestratorProfile.KubernetesConfig != nil && - prop.OrchestratorProfile.KubernetesConfig.UseManagedIdentity { + to.Bool(prop.OrchestratorProfile.KubernetesConfig.UseManagedIdentity) { kubernetesSpObjectID = "[reference(concat('Microsoft.ManagedIdentity/userAssignedIdentities/', variables('userAssignedID'))).principalId]" } else if prop.ServicePrincipalProfile.ObjectID != "" { kubernetesSpObjectID = prop.ServicePrincipalProfile.ObjectID diff --git a/pkg/engine/roleassignments_test.go b/pkg/engine/roleassignments_test.go index e953532b23..60771a4f47 100644 --- a/pkg/engine/roleassignments_test.go +++ b/pkg/engine/roleassignments_test.go @@ -104,7 +104,7 @@ func TestCreateKubernetesSpAppGIdentityOperatorAccessRoleAssignment(t *testing.T Properties: &api.Properties{ OrchestratorProfile: &api.OrchestratorProfile{ KubernetesConfig: &api.KubernetesConfig{ - UseManagedIdentity: true, + UseManagedIdentity: to.BoolPtr(true), }, }, }, diff --git a/pkg/engine/template_generator.go b/pkg/engine/template_generator.go index 61369054a9..1c4deeb498 100644 --- a/pkg/engine/template_generator.go +++ b/pkg/engine/template_generator.go @@ -373,7 +373,7 @@ func getContainerServiceFuncMap(cs *api.ContainerService) template.FuncMap { return cs.Properties.OrchestratorProfile.KubernetesConfig.PrivateJumpboxProvision() }, "UseManagedIdentity": func() bool { - return cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity + return to.Bool(cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity) }, "GetVNETSubnetDependencies": func() string { return getVNETSubnetDependencies(cs.Properties) diff --git a/pkg/engine/template_generator_test.go b/pkg/engine/template_generator_test.go index c5b6fb53ed..313fda29d5 100644 --- a/pkg/engine/template_generator_test.go +++ b/pkg/engine/template_generator_test.go @@ -707,7 +707,7 @@ func TestGetContainerServiceFuncMap(t *testing.T) { KubernetesConfig: &api.KubernetesConfig{ ContainerRuntime: api.Docker, KubernetesImageBaseType: common.KubernetesImageBaseTypeGCR, - UseManagedIdentity: true, + UseManagedIdentity: to.BoolPtr(true), }, }, AgentPoolProfiles: []*api.AgentPoolProfile{ diff --git a/pkg/engine/transform/transformtestfiles/k8s_slb_scale_template.json b/pkg/engine/transform/transformtestfiles/k8s_slb_scale_template.json index 4bfc7a04e5..1250efda25 100644 --- a/pkg/engine/transform/transformtestfiles/k8s_slb_scale_template.json +++ b/pkg/engine/transform/transformtestfiles/k8s_slb_scale_template.json @@ -1031,7 +1031,7 @@ "agentpool1osImageResourceGroup": "[parameters('agentpool1osImageResourceGroup')]", "agentpool1osImageSKU": "[parameters('agentpool1osImageSKU')]", "agentpool1osImageVersion": "[parameters('agentpool1osImageVersion')]", - "apiVersionAuthorizationSystem": "2018-01-01-preview", + "apiVersionAuthorizationSystem": "2018-09-01-preview", "apiVersionAuthorizationUser": "2018-09-01-preview", "apiVersionCompute": "2019-07-01", "apiVersionDeployments": "2018-06-01", diff --git a/pkg/engine/transform/transformtestfiles/k8s_slb_template.json b/pkg/engine/transform/transformtestfiles/k8s_slb_template.json index f7b364ee69..9286f97bf1 100644 --- a/pkg/engine/transform/transformtestfiles/k8s_slb_template.json +++ b/pkg/engine/transform/transformtestfiles/k8s_slb_template.json @@ -1031,7 +1031,7 @@ "agentpool1osImageResourceGroup": "[parameters('agentpool1osImageResourceGroup')]", "agentpool1osImageSKU": "[parameters('agentpool1osImageSKU')]", "agentpool1osImageVersion": "[parameters('agentpool1osImageVersion')]", - "apiVersionAuthorizationSystem": "2018-01-01-preview", + "apiVersionAuthorizationSystem": "2018-09-01-preview", "apiVersionAuthorizationUser": "2018-09-01-preview", "apiVersionCompute": "2019-07-01", "apiVersionDeployments": "2018-06-01", diff --git a/pkg/engine/transform/transformtestfiles/k8s_slb_vmss_scale_template.json b/pkg/engine/transform/transformtestfiles/k8s_slb_vmss_scale_template.json index 9e2a1de806..55bc0e8352 100644 --- a/pkg/engine/transform/transformtestfiles/k8s_slb_vmss_scale_template.json +++ b/pkg/engine/transform/transformtestfiles/k8s_slb_vmss_scale_template.json @@ -1029,7 +1029,7 @@ "agentpool1osImageResourceGroup": "[parameters('agentpool1osImageResourceGroup')]", "agentpool1osImageSKU": "[parameters('agentpool1osImageSKU')]", "agentpool1osImageVersion": "[parameters('agentpool1osImageVersion')]", - "apiVersionAuthorizationSystem": "2018-01-01-preview", + "apiVersionAuthorizationSystem": "2018-09-01-preview", "apiVersionAuthorizationUser": "2018-09-01-preview", "apiVersionCompute": "2019-07-01", "apiVersionDeployments": "2018-06-01", diff --git a/pkg/engine/transform/transformtestfiles/k8s_slb_vmss_template.json b/pkg/engine/transform/transformtestfiles/k8s_slb_vmss_template.json index 10ecd317ab..98c62ae64b 100644 --- a/pkg/engine/transform/transformtestfiles/k8s_slb_vmss_template.json +++ b/pkg/engine/transform/transformtestfiles/k8s_slb_vmss_template.json @@ -1029,7 +1029,7 @@ "agentpool1osImageResourceGroup": "[parameters('agentpool1osImageResourceGroup')]", "agentpool1osImageSKU": "[parameters('agentpool1osImageSKU')]", "agentpool1osImageVersion": "[parameters('agentpool1osImageVersion')]", - "apiVersionAuthorizationSystem": "2018-01-01-preview", + "apiVersionAuthorizationSystem": "2018-09-01-preview", "apiVersionAuthorizationUser": "2018-09-01-preview", "apiVersionCompute": "2019-07-01", "apiVersionDeployments": "2018-06-01", diff --git a/pkg/engine/transform/transformtestfiles/k8s_template_jumpbox.json b/pkg/engine/transform/transformtestfiles/k8s_template_jumpbox.json index 35ab6a2636..60a31800e1 100644 --- a/pkg/engine/transform/transformtestfiles/k8s_template_jumpbox.json +++ b/pkg/engine/transform/transformtestfiles/k8s_template_jumpbox.json @@ -1604,7 +1604,7 @@ "agentpool1osImageResourceGroup": "[parameters('agentpool1osImageResourceGroup')]", "agentpool1osImageSKU": "[parameters('agentpool1osImageSKU')]", "agentpool1osImageVersion": "[parameters('agentpool1osImageVersion')]", - "apiVersionAuthorizationSystem": "2018-01-01-preview", + "apiVersionAuthorizationSystem": "2018-09-01-preview", "apiVersionAuthorizationUser": "2018-09-01-preview", "apiVersionCompute": "2019-07-01", "apiVersionDeployments": "2018-06-01", diff --git a/pkg/engine/transform/transformtestfiles/k8s_upgrade_template_jumpbox.json b/pkg/engine/transform/transformtestfiles/k8s_upgrade_template_jumpbox.json index b8d121f682..74b888e6f2 100644 --- a/pkg/engine/transform/transformtestfiles/k8s_upgrade_template_jumpbox.json +++ b/pkg/engine/transform/transformtestfiles/k8s_upgrade_template_jumpbox.json @@ -1604,7 +1604,7 @@ "agentpool1osImageResourceGroup": "[parameters('agentpool1osImageResourceGroup')]", "agentpool1osImageSKU": "[parameters('agentpool1osImageSKU')]", "agentpool1osImageVersion": "[parameters('agentpool1osImageVersion')]", - "apiVersionAuthorizationSystem": "2018-01-01-preview", + "apiVersionAuthorizationSystem": "2018-09-01-preview", "apiVersionAuthorizationUser": "2018-09-01-preview", "apiVersionCompute": "2019-07-01", "apiVersionDeployments": "2018-06-01", diff --git a/pkg/engine/virtualmachines.go b/pkg/engine/virtualmachines.go index df1345a2c5..eb70a93a8e 100644 --- a/pkg/engine/virtualmachines.go +++ b/pkg/engine/virtualmachines.go @@ -22,7 +22,7 @@ func CreateMasterVM(cs *api.ContainerService) VirtualMachineARM { var useManagedIdentity, userAssignedIDEnabled bool if kubernetesConfig != nil { - useManagedIdentity = kubernetesConfig.UseManagedIdentity + useManagedIdentity = to.Bool(kubernetesConfig.UseManagedIdentity) userAssignedIDEnabled = kubernetesConfig.UserAssignedIDEnabled() } @@ -334,7 +334,7 @@ func createAgentAvailabilitySetVM(cs *api.ContainerService, profile *api.AgentPo var useManagedIdentity, userAssignedIDEnabled bool if kubernetesConfig != nil { - useManagedIdentity = kubernetesConfig.UseManagedIdentity + useManagedIdentity = to.Bool(kubernetesConfig.UseManagedIdentity) userAssignedIDEnabled = kubernetesConfig.UserAssignedIDEnabled() } diff --git a/pkg/engine/virtualmachines_test.go b/pkg/engine/virtualmachines_test.go index 7837cbd5cc..cfa4573182 100644 --- a/pkg/engine/virtualmachines_test.go +++ b/pkg/engine/virtualmachines_test.go @@ -127,7 +127,7 @@ func TestCreateVirtualMachines(t *testing.T) { // Now test with ManagedIdentity, Availability Zones, and StorageAccount cs.Properties.MasterProfile.CosmosEtcd = to.BoolPtr(false) - cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity = true + cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity = to.BoolPtr(true) cs.Properties.OrchestratorProfile.KubernetesConfig.UserAssignedID = "fooAssignedID" cs.Properties.MasterProfile.AvailabilityZones = []string{"barZone"} cs.Properties.MasterProfile.StorageProfile = api.StorageAccount diff --git a/pkg/engine/virtualmachinescalesets.go b/pkg/engine/virtualmachinescalesets.go index 37e5ed8f2c..4241c08eea 100644 --- a/pkg/engine/virtualmachinescalesets.go +++ b/pkg/engine/virtualmachinescalesets.go @@ -427,7 +427,7 @@ func CreateAgentVMSS(cs *api.ContainerService, profile *api.AgentPoolProfile) Vi var useManagedIdentity bool var userAssignedIdentityEnabled bool if k8sConfig != nil { - useManagedIdentity = k8sConfig.UseManagedIdentity + useManagedIdentity = to.Bool(k8sConfig.UseManagedIdentity) } if useManagedIdentity { userAssignedIdentityEnabled = k8sConfig.UserAssignedIDEnabled() diff --git a/pkg/engine/virtualmachinescalesets_test.go b/pkg/engine/virtualmachinescalesets_test.go index 26873f8da5..4e1b461df2 100644 --- a/pkg/engine/virtualmachinescalesets_test.go +++ b/pkg/engine/virtualmachinescalesets_test.go @@ -204,7 +204,7 @@ func TestCreateMasterVMSS(t *testing.T) { } // Test with managed Identity - cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity = true + cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity = to.BoolPtr(true) cs.Properties.OrchestratorProfile.KubernetesConfig.UserAssignedID = "fooAssignedID" userAssignedIDEnabled = true @@ -521,7 +521,7 @@ func TestCreateAgentVMSS(t *testing.T) { } // Test with windows and managed Identity - cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity = true + cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity = to.BoolPtr(true) cs.Properties.OrchestratorProfile.KubernetesConfig.UserAssignedID = "fooAssignedID" actual = CreateAgentVMSS(cs, cs.Properties.AgentPoolProfiles[0]) @@ -567,7 +567,7 @@ func TestCreateAgentVMSS(t *testing.T) { AutoUpgradeMinorVersion: to.BoolPtr(true), Settings: map[string]interface{}{}, ProtectedSettings: map[string]interface{}{ - "commandToExecute": `[concat('echo %DATE%,%TIME%,%COMPUTERNAME% && powershell.exe -ExecutionPolicy Unrestricted -command "', '$arguments = ', variables('singleQuote'),'-MasterIP ',variables('kubernetesAPIServerIP'),' -KubeDnsServiceIp ',parameters('kubeDnsServiceIp'),` + generateUserAssignedIdentityClientIDParameterForWindows(cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity) + `' -MasterFQDNPrefix ',variables('masterFqdnPrefix'),' -Location ',variables('location'),' -TargetEnvironment ',parameters('targetEnvironment'),' -AgentKey ',parameters('clientPrivateKey'),' -AADClientId ',variables('servicePrincipalClientId'),' -AADClientSecret ',variables('singleQuote'),variables('singleQuote'),base64(variables('servicePrincipalClientSecret')),variables('singleQuote'),variables('singleQuote'),' -NetworkAPIVersion ',variables('apiVersionNetwork'),' ',variables('singleQuote'), ' ; ', variables('windowsCustomScriptSuffix'), '" > %SYSTEMDRIVE%\AzureData\CustomDataSetupScript.log 2>&1 ; exit $LASTEXITCODE')]`, + "commandToExecute": `[concat('echo %DATE%,%TIME%,%COMPUTERNAME% && powershell.exe -ExecutionPolicy Unrestricted -command "', '$arguments = ', variables('singleQuote'),'-MasterIP ',variables('kubernetesAPIServerIP'),' -KubeDnsServiceIp ',parameters('kubeDnsServiceIp'),` + generateUserAssignedIdentityClientIDParameterForWindows(to.Bool(cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity)) + `' -MasterFQDNPrefix ',variables('masterFqdnPrefix'),' -Location ',variables('location'),' -TargetEnvironment ',parameters('targetEnvironment'),' -AgentKey ',parameters('clientPrivateKey'),' -AADClientId ',variables('servicePrincipalClientId'),' -AADClientSecret ',variables('singleQuote'),variables('singleQuote'),base64(variables('servicePrincipalClientSecret')),variables('singleQuote'),variables('singleQuote'),' -NetworkAPIVersion ',variables('apiVersionNetwork'),' ',variables('singleQuote'), ' ; ', variables('windowsCustomScriptSuffix'), '" > %SYSTEMDRIVE%\AzureData\CustomDataSetupScript.log 2>&1 ; exit $LASTEXITCODE')]`, }, }, }, @@ -608,7 +608,7 @@ func TestCreateAgentVMSS(t *testing.T) { // Test with ipv6 dual stack enabled cs.Properties.FeatureFlags = &api.FeatureFlags{EnableIPv6DualStack: true} - cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity = false + cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity = to.BoolPtr(false) cs.Properties.OrchestratorProfile.KubernetesConfig.UserAssignedID = "" cs.Properties.AgentPoolProfiles[0].OSType = "Linux" diff --git a/pkg/engine/vmextensions_test.go b/pkg/engine/vmextensions_test.go index 70be2050c5..9df20b17d4 100644 --- a/pkg/engine/vmextensions_test.go +++ b/pkg/engine/vmextensions_test.go @@ -20,7 +20,7 @@ func TestCreateAKSBillingExtension(t *testing.T) { Properties: &api.Properties{ OrchestratorProfile: &api.OrchestratorProfile{ KubernetesConfig: &api.KubernetesConfig{ - UseManagedIdentity: true, + UseManagedIdentity: to.BoolPtr(true), }, }, }, @@ -65,7 +65,7 @@ func TestCreateAKSBillingExtension(t *testing.T) { Properties: &api.Properties{ OrchestratorProfile: &api.OrchestratorProfile{ KubernetesConfig: &api.KubernetesConfig{ - UseManagedIdentity: false, + UseManagedIdentity: to.BoolPtr(false), }, }, }, @@ -90,7 +90,7 @@ func TestCreateAgentVMASAKSBillingExtension(t *testing.T) { Properties: &api.Properties{ OrchestratorProfile: &api.OrchestratorProfile{ KubernetesConfig: &api.KubernetesConfig{ - UseManagedIdentity: true, + UseManagedIdentity: to.BoolPtr(true), }, }, HostedMasterProfile: &api.HostedMasterProfile{ @@ -143,7 +143,7 @@ func TestCreateAgentVMASAKSBillingExtension(t *testing.T) { Properties: &api.Properties{ OrchestratorProfile: &api.OrchestratorProfile{ KubernetesConfig: &api.KubernetesConfig{ - UseManagedIdentity: true, + UseManagedIdentity: to.BoolPtr(true), }, }, MasterProfile: &api.MasterProfile{ @@ -165,7 +165,7 @@ func TestCreateAgentVMASAKSBillingExtension(t *testing.T) { Properties: &api.Properties{ OrchestratorProfile: &api.OrchestratorProfile{ KubernetesConfig: &api.KubernetesConfig{ - UseManagedIdentity: true, + UseManagedIdentity: to.BoolPtr(true), }, }, MasterProfile: &api.MasterProfile{ @@ -192,7 +192,7 @@ func TestCreateAgentVMASAKSBillingExtension(t *testing.T) { Properties: &api.Properties{ OrchestratorProfile: &api.OrchestratorProfile{ KubernetesConfig: &api.KubernetesConfig{ - UseManagedIdentity: true, + UseManagedIdentity: to.BoolPtr(true), }, }, HostedMasterProfile: &api.HostedMasterProfile{ @@ -480,7 +480,7 @@ func TestCreateAgentVMASCustomScriptExtension(t *testing.T) { // Test with Windows agent profile and managed Identity cs.Properties.OrchestratorProfile = &api.OrchestratorProfile{ KubernetesConfig: &api.KubernetesConfig{ - UseManagedIdentity: true, + UseManagedIdentity: to.BoolPtr(true), UserAssignedID: "fooAssignedID", }, } diff --git a/pkg/operations/kubernetesupgrade/upgradecluster_test.go b/pkg/operations/kubernetesupgrade/upgradecluster_test.go index b25e5d88eb..1c8edf697c 100644 --- a/pkg/operations/kubernetesupgrade/upgradecluster_test.go +++ b/pkg/operations/kubernetesupgrade/upgradecluster_test.go @@ -225,7 +225,7 @@ var _ = Describe("Upgrade Kubernetes cluster tests", func() { It("Should return error message when failing to delete role assignment during upgrade operation", func() { cs := api.CreateMockContainerService("testcluster", "1.18.9", 3, 2, false) cs.Properties.OrchestratorProfile.KubernetesConfig = &api.KubernetesConfig{} - cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity = true + cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity = to.BoolPtr(true) uc := UpgradeCluster{ Translator: &i18n.Translator{}, Logger: log.NewEntry(log.New()), @@ -619,7 +619,7 @@ var _ = Describe("Upgrade Kubernetes cluster tests", func() { It("Should leave platform fault domain count nil", func() { cs := api.CreateMockContainerService("testcluster", "1.18.9", 3, 2, false) cs.Properties.OrchestratorProfile.KubernetesConfig = &api.KubernetesConfig{} - cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity = true + cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity = to.BoolPtr(true) cs.Properties.MasterProfile.AvailabilityProfile = "AvailabilitySet" uc := UpgradeCluster{ Translator: &i18n.Translator{}, @@ -652,7 +652,7 @@ var _ = Describe("Upgrade Kubernetes cluster tests", func() { cs.Properties.AgentPoolProfiles[0].AvailabilityProfile = api.VirtualMachineScaleSets cs.Properties.AgentPoolProfiles[0].StorageProfile = "ManagedDisks" cs.Properties.OrchestratorProfile.KubernetesConfig = &api.KubernetesConfig{} - cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity = true + cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity = to.BoolPtr(true) uc := UpgradeCluster{ Translator: &i18n.Translator{}, Logger: log.NewEntry(log.New()), @@ -712,7 +712,7 @@ var _ = Describe("Upgrade Kubernetes cluster tests", func() { It("Should not fail if no managed identity is returned by azure during upgrade operation", func() { cs := api.CreateMockContainerService("testcluster", "1.18.9", 3, 2, false) cs.Properties.OrchestratorProfile.KubernetesConfig = &api.KubernetesConfig{} - cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity = true + cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity = to.BoolPtr(true) uc := UpgradeCluster{ Translator: &i18n.Translator{}, Logger: log.NewEntry(log.New()), diff --git a/test/e2e/azure/cli.go b/test/e2e/azure/cli.go index 5c256e6c57..73466ffeab 100644 --- a/test/e2e/azure/cli.go +++ b/test/e2e/azure/cli.go @@ -5,7 +5,6 @@ package azure import ( - "bytes" "context" "encoding/json" "fmt" @@ -290,16 +289,6 @@ func (a *Account) CreateDeployment(name string, e *engine.Engine) error { if err != nil { log.Printf("\nError from deployment for %s in resource group %s:%s\n", d.Name, a.ResourceGroup.Name, err) log.Printf("Command Output: %s\n", out) - if bytes.Contains(out, []byte("PrincipalNotFound")) { - for err != nil { - cmd = exec.Command("az", azArgsStringSlice...) - util.PrintCommand(cmd) - out, err = cmd.CombinedOutput() - if err != nil { - log.Printf("Command Output: %s\n", out) - } - } - } return err } quit <- true diff --git a/test/e2e/engine/template.go b/test/e2e/engine/template.go index e0d32e3498..38bf3d10d2 100644 --- a/test/e2e/engine/template.go +++ b/test/e2e/engine/template.go @@ -35,6 +35,7 @@ type Config struct { MasterDNSPrefix string `envconfig:"DNS_PREFIX" default:""` AgentDNSPrefix string `envconfig:"DNS_PREFIX" default:""` MSIUserAssignedID string `envconfig:"MSI_USER_ASSIGNED_ID" default:""` + UseManagedIdentity bool `envconfig:"USE_MANAGED_IDENTITY" default:""` PublicSSHKey string `envconfig:"PUBLIC_SSH_KEY" default:""` WindowsAdminPasssword string `envconfig:"WINDOWS_ADMIN_PASSWORD" default:""` WindowsNodeImageGallery string `envconfig:"WINDOWS_NODE_IMAGE_GALLERY" default:""` @@ -141,7 +142,20 @@ func Build(cfg *config.Config, masterSubnetID string, agentSubnetIDs []string, i isAzureStackCloud = true } - if config.ClientID != "" && config.ClientSecret != "" && !(prop.OrchestratorProfile.KubernetesConfig != nil && prop.OrchestratorProfile.KubernetesConfig.UseManagedIdentity) { + if prop.OrchestratorProfile.KubernetesConfig == nil { + prop.OrchestratorProfile.KubernetesConfig = &vlabs.KubernetesConfig{} + } + + if config.MSIUserAssignedID != "" { + prop.OrchestratorProfile.KubernetesConfig.UseManagedIdentity = to.BoolPtr(true) + prop.OrchestratorProfile.KubernetesConfig.UserAssignedID = config.MSIUserAssignedID + } + + if config.UseManagedIdentity { + prop.OrchestratorProfile.KubernetesConfig.UseManagedIdentity = to.BoolPtr(true) + } + + if config.ClientID != "" && config.ClientSecret != "" && !(prop.OrchestratorProfile.KubernetesConfig != nil && to.Bool(prop.OrchestratorProfile.KubernetesConfig.UseManagedIdentity)) { if !prop.IsAzureStackCloud() { prop.ServicePrincipalProfile = &vlabs.ServicePrincipalProfile{ ClientID: config.ClientID, @@ -160,10 +174,6 @@ func Build(cfg *config.Config, masterSubnetID string, agentSubnetIDs []string, i } } - if prop.OrchestratorProfile.KubernetesConfig == nil { - prop.OrchestratorProfile.KubernetesConfig = &vlabs.KubernetesConfig{} - } - if prop.LinuxProfile != nil { if config.PublicSSHKey != "" { prop.LinuxProfile.SSH.PublicKeys[0].KeyData = config.PublicSSHKey @@ -375,11 +385,6 @@ func Build(cfg *config.Config, masterSubnetID string, agentSubnetIDs []string, i } } - if config.MSIUserAssignedID != "" { - prop.OrchestratorProfile.KubernetesConfig.UseManagedIdentity = true - prop.OrchestratorProfile.KubernetesConfig.UserAssignedID = config.MSIUserAssignedID - } - if config.LinuxContainerdURL != "" { prop.OrchestratorProfile.KubernetesConfig.LinuxContainerdURL = config.LinuxContainerdURL } diff --git a/test/e2e/test_cluster_configs/availabilityset-standard-lb.json b/test/e2e/test_cluster_configs/availabilityset-standard-lb.json index b5aa42e5be..b31890ad25 100644 --- a/test/e2e/test_cluster_configs/availabilityset-standard-lb.json +++ b/test/e2e/test_cluster_configs/availabilityset-standard-lb.json @@ -34,10 +34,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/test/e2e/test_cluster_configs/availabilityset.json b/test/e2e/test_cluster_configs/availabilityset.json index 12c7e8bc13..bc5a8f3097 100644 --- a/test/e2e/test_cluster_configs/availabilityset.json +++ b/test/e2e/test_cluster_configs/availabilityset.json @@ -45,10 +45,6 @@ "adminPassword": "replacepassword1234$", "enableAutomaticUpdates": false, "sshEnabled": true - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } }, diff --git a/test/e2e/test_cluster_configs/base.json b/test/e2e/test_cluster_configs/base.json index 98d2e75295..63ee5f9525 100644 --- a/test/e2e/test_cluster_configs/base.json +++ b/test/e2e/test_cluster_configs/base.json @@ -51,10 +51,6 @@ "adminPassword": "replacepassword1234$", "enableAutomaticUpdates": false, "sshEnabled": true - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } }, diff --git a/test/e2e/test_cluster_configs/byo_infra.json b/test/e2e/test_cluster_configs/byo_infra.json index 8a48b448de..8b8904d9b4 100644 --- a/test/e2e/test_cluster_configs/byo_infra.json +++ b/test/e2e/test_cluster_configs/byo_infra.json @@ -37,10 +37,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/test/e2e/test_cluster_configs/cloud_controller_manager.json b/test/e2e/test_cluster_configs/cloud_controller_manager.json index 43e30ca9e6..b08e6fea38 100644 --- a/test/e2e/test_cluster_configs/cloud_controller_manager.json +++ b/test/e2e/test_cluster_configs/cloud_controller_manager.json @@ -48,10 +48,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/test/e2e/test_cluster_configs/cloud_controller_manager_zones.json b/test/e2e/test_cluster_configs/cloud_controller_manager_zones.json index d48dd3a81b..24aa522e8b 100644 --- a/test/e2e/test_cluster_configs/cloud_controller_manager_zones.json +++ b/test/e2e/test_cluster_configs/cloud_controller_manager_zones.json @@ -40,10 +40,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/test/e2e/test_cluster_configs/container_monitoring.json b/test/e2e/test_cluster_configs/container_monitoring.json index a9411ad98e..cd58d31fb3 100644 --- a/test/e2e/test_cluster_configs/container_monitoring.json +++ b/test/e2e/test_cluster_configs/container_monitoring.json @@ -1,7 +1,13 @@ { "env": {}, "options": { - "allowedOrchestratorVersions": ["1.15", "1.16", "1.17", "1.18", "1.19"] + "allowedOrchestratorVersions": [ + "1.15", + "1.16", + "1.17", + "1.18", + "1.19" + ] }, "apiModel": { "apiVersion": "vlabs", @@ -39,7 +45,7 @@ "vmSize": "Standard_D2_v3", "availabilityProfile": "VirtualMachineScaleSets", "osType": "Windows" - } + } ], "linuxProfile": { "adminUsername": "azureuser", @@ -51,15 +57,11 @@ ] } }, - "windowsProfile": { - "adminUsername": "azureuser", - "adminPassword": "replacepassword1234$", - "enableAutomaticUpdates": false, - "sshEnabled": true - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" + "windowsProfile": { + "adminUsername": "azureuser", + "adminPassword": "replacepassword1234$", + "enableAutomaticUpdates": false, + "sshEnabled": true } } } diff --git a/test/e2e/test_cluster_configs/custom_hyperkube.json b/test/e2e/test_cluster_configs/custom_hyperkube.json index 0d91cdcf9c..43fbdedd8c 100644 --- a/test/e2e/test_cluster_configs/custom_hyperkube.json +++ b/test/e2e/test_cluster_configs/custom_hyperkube.json @@ -36,10 +36,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/test/e2e/test_cluster_configs/flannel/containerd.json b/test/e2e/test_cluster_configs/flannel/containerd.json index 306086dd38..81328d12ad 100644 --- a/test/e2e/test_cluster_configs/flannel/containerd.json +++ b/test/e2e/test_cluster_configs/flannel/containerd.json @@ -39,10 +39,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/test/e2e/test_cluster_configs/flatcar/flatcar.json b/test/e2e/test_cluster_configs/flatcar/flatcar.json index 18d1bc5da4..23c2ffd653 100644 --- a/test/e2e/test_cluster_configs/flatcar/flatcar.json +++ b/test/e2e/test_cluster_configs/flatcar/flatcar.json @@ -52,10 +52,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/test/e2e/test_cluster_configs/network/kubenet.json b/test/e2e/test_cluster_configs/network/kubenet.json index bc5beb7ee4..9ae245fa94 100644 --- a/test/e2e/test_cluster_configs/network/kubenet.json +++ b/test/e2e/test_cluster_configs/network/kubenet.json @@ -34,10 +34,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/test/e2e/test_cluster_configs/network/kubenet_containerd.json b/test/e2e/test_cluster_configs/network/kubenet_containerd.json index 679d1e4302..ab353ba720 100644 --- a/test/e2e/test_cluster_configs/network/kubenet_containerd.json +++ b/test/e2e/test_cluster_configs/network/kubenet_containerd.json @@ -31,10 +31,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/test/e2e/test_cluster_configs/network_policy/antrea.json b/test/e2e/test_cluster_configs/network_policy/antrea.json index 99b375a3a3..2be68829e2 100644 --- a/test/e2e/test_cluster_configs/network_policy/antrea.json +++ b/test/e2e/test_cluster_configs/network_policy/antrea.json @@ -36,10 +36,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/test/e2e/test_cluster_configs/network_policy/antrea_azure.json b/test/e2e/test_cluster_configs/network_policy/antrea_azure.json index 5b09341866..7cfdf20b78 100644 --- a/test/e2e/test_cluster_configs/network_policy/antrea_azure.json +++ b/test/e2e/test_cluster_configs/network_policy/antrea_azure.json @@ -36,10 +36,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/test/e2e/test_cluster_configs/network_policy/azure.json b/test/e2e/test_cluster_configs/network_policy/azure.json index 81b4bf9907..87ea38fcc4 100644 --- a/test/e2e/test_cluster_configs/network_policy/azure.json +++ b/test/e2e/test_cluster_configs/network_policy/azure.json @@ -33,10 +33,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/test/e2e/test_cluster_configs/network_policy/calico.json b/test/e2e/test_cluster_configs/network_policy/calico.json index 6dda606ddb..6935dfdc73 100644 --- a/test/e2e/test_cluster_configs/network_policy/calico.json +++ b/test/e2e/test_cluster_configs/network_policy/calico.json @@ -45,10 +45,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/test/e2e/test_cluster_configs/network_policy/calico_azure.json b/test/e2e/test_cluster_configs/network_policy/calico_azure.json index f6fd88e516..b71ca99e3c 100644 --- a/test/e2e/test_cluster_configs/network_policy/calico_azure.json +++ b/test/e2e/test_cluster_configs/network_policy/calico_azure.json @@ -51,10 +51,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/test/e2e/test_cluster_configs/network_policy/cilium.json b/test/e2e/test_cluster_configs/network_policy/cilium.json index 2dec478776..abfa89de2d 100644 --- a/test/e2e/test_cluster_configs/network_policy/cilium.json +++ b/test/e2e/test_cluster_configs/network_policy/cilium.json @@ -37,10 +37,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/test/e2e/test_cluster_configs/no_outbound.json b/test/e2e/test_cluster_configs/no_outbound.json index d2b34a7de6..61f5b9b358 100644 --- a/test/e2e/test_cluster_configs/no_outbound.json +++ b/test/e2e/test_cluster_configs/no_outbound.json @@ -55,10 +55,6 @@ }, "featureFlags": { "BlockOutboundInternet": true - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/test/e2e/test_cluster_configs/sgx.json b/test/e2e/test_cluster_configs/sgx.json index 1fe63ba2e8..249986329b 100644 --- a/test/e2e/test_cluster_configs/sgx.json +++ b/test/e2e/test_cluster_configs/sgx.json @@ -33,10 +33,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/test/e2e/test_cluster_configs/vmss_master.json b/test/e2e/test_cluster_configs/vmss_master.json index 663a28e44b..755265a98a 100644 --- a/test/e2e/test_cluster_configs/vmss_master.json +++ b/test/e2e/test_cluster_configs/vmss_master.json @@ -30,10 +30,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/test/e2e/test_cluster_configs/windows/image_reference.json b/test/e2e/test_cluster_configs/windows/image_reference.json index 4e3de5e784..6109766989 100644 --- a/test/e2e/test_cluster_configs/windows/image_reference.json +++ b/test/e2e/test_cluster_configs/windows/image_reference.json @@ -50,10 +50,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/test/e2e/test_cluster_configs/windows/network_plugin/kubenet.json b/test/e2e/test_cluster_configs/windows/network_plugin/kubenet.json index 53fa23510c..216ef64afe 100644 --- a/test/e2e/test_cluster_configs/windows/network_plugin/kubenet.json +++ b/test/e2e/test_cluster_configs/windows/network_plugin/kubenet.json @@ -45,10 +45,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/test/e2e/test_cluster_configs/windows/sac/sac-1903.json b/test/e2e/test_cluster_configs/windows/sac/sac-1903.json index 70d6ac4b2a..96caef3fdd 100644 --- a/test/e2e/test_cluster_configs/windows/sac/sac-1903.json +++ b/test/e2e/test_cluster_configs/windows/sac/sac-1903.json @@ -49,10 +49,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/test/e2e/test_cluster_configs/windows/sac/sac-1909.json b/test/e2e/test_cluster_configs/windows/sac/sac-1909.json index a7e8a0b63d..fde32c8771 100644 --- a/test/e2e/test_cluster_configs/windows/sac/sac-1909.json +++ b/test/e2e/test_cluster_configs/windows/sac/sac-1909.json @@ -49,10 +49,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/test/e2e/test_cluster_configs/windows/sac/sac-2004.json b/test/e2e/test_cluster_configs/windows/sac/sac-2004.json index 093f296db2..fecaa2de93 100644 --- a/test/e2e/test_cluster_configs/windows/sac/sac-2004.json +++ b/test/e2e/test_cluster_configs/windows/sac/sac-2004.json @@ -49,10 +49,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/test/e2e/test_cluster_configs/windows/shared_image_gallery.json b/test/e2e/test_cluster_configs/windows/shared_image_gallery.json index 0574c2c2a0..ed7e91dc5f 100644 --- a/test/e2e/test_cluster_configs/windows/shared_image_gallery.json +++ b/test/e2e/test_cluster_configs/windows/shared_image_gallery.json @@ -53,10 +53,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } diff --git a/test/e2e/test_cluster_configs/windows/vhd_ahub.json b/test/e2e/test_cluster_configs/windows/vhd_ahub.json index 1f4ad9eb10..6110a96fbd 100644 --- a/test/e2e/test_cluster_configs/windows/vhd_ahub.json +++ b/test/e2e/test_cluster_configs/windows/vhd_ahub.json @@ -52,11 +52,7 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } } -} \ No newline at end of file +} diff --git a/test/e2e/test_cluster_configs/windows/vhd_url.json b/test/e2e/test_cluster_configs/windows/vhd_url.json index 520bd5fd8d..49e3441cd5 100644 --- a/test/e2e/test_cluster_configs/windows/vhd_url.json +++ b/test/e2e/test_cluster_configs/windows/vhd_url.json @@ -49,10 +49,6 @@ } ] } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" } } }