Skip to content
This repository has been archived by the owner on Oct 24, 2023. It is now read-only.

Commit

Permalink
fix: update MSI (#185)
Browse files Browse the repository at this point in the history
  • Loading branch information
@ritazh @jackfrancis
ritazh authored and jackfrancis committed Jan 2, 2019
1 parent 6a0fe58 commit 96ab041
Show file tree
Hide file tree
Showing 10 changed files with 59 additions and 169 deletions.
2 changes: 1 addition & 1 deletion packer/install-dependencies.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -152,7 +152,7 @@ for NGINX_VERSION in ${NGINX_VERSIONS}; do
pullContainerImage "docker" "nginx:${NGINX_VERSION}"
done

KMS_PLUGIN_VERSIONS="0.0.7"
KMS_PLUGIN_VERSIONS="0.0.8"
for KMS_PLUGIN_VERSION in ${KMS_PLUGIN_VERSIONS}; do
pullContainerImage "docker" "microsoft/k8s-azure-kms:v${KMS_PLUGIN_VERSION}"
done
Expand Down
2 changes: 1 addition & 1 deletion parts/k8s/artifacts/kubernetesazurekms.service
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ ExecStart=/usr/bin/docker run \
--volume=/etc/kubernetes:/etc/kubernetes \
--volume=/etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt \
--volume=/var/lib/waagent:/var/lib/waagent \
microsoft/k8s-azure-kms:v0.0.7
microsoft/k8s-azure-kms:v0.0.8

[Install]
WantedBy=multi-user.target
52 changes: 9 additions & 43 deletions parts/k8s/kubernetesagentresourcesvmas.t
View file
Original file line number Diff line number Diff line change
Expand Up @@ -146,18 +146,18 @@
"location": "[variables('location')]",
"name": "[concat(variables('{{.Name}}VMNamePrefix'), copyIndex(variables('{{.Name}}Offset')))]",
{{if UseManagedIdentity}}
{{if UserAssignedIDEnabled}}
{{if UserAssignedIDEnabled}}
"identity": {
"type": "userAssigned",
"userAssignedIdentities": {
"[variables('userAssignedIDReference')]":{}
}
},
{{else}}
{{else}}
"identity": {
"type": "systemAssigned"
},
{{end}}
{{end}}
{{end}}
"properties": {
"availabilitySet": {
Expand Down Expand Up @@ -224,10 +224,9 @@
},
"type": "Microsoft.Compute/virtualMachines"
},
{{if UseManagedIdentity}}
{{if (not UserAssignedIDEnabled)}}
{{if and UseManagedIdentity (not UserAssignedIDEnabled)}}
{
"apiVersion": "[variables('apiVersionAuthorization')]",
"apiVersion": "[variables('apiVersionAuthorizationSystem')]",
"copy": {
"count": "[sub(variables('{{.Name}}Count'), variables('{{.Name}}Offset'))]",
"name": "vmLoopNode"
Expand All @@ -237,53 +236,20 @@
"properties": {
"roleDefinitionId": "[variables('readerRoleDefinitionId')]",
"principalId": "[reference(concat('Microsoft.Compute/virtualMachines/', variables('{{.Name}}VMNamePrefix'), copyIndex(variables('{{.Name}}Offset'))), '2017-03-30', 'Full').identity.principalId]"
}
},
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/', variables('{{.Name}}VMNamePrefix'), copyIndex(variables('{{.Name}}Offset')))]"
]
},
{{end}}
{
"type": "Microsoft.Compute/virtualMachines/extensions",
"name": "[concat(variables('{{.Name}}VMNamePrefix'), copyIndex(variables('{{.Name}}Offset')), '/ManagedIdentityExtension')]",
"copy": {
"count": "[sub(variables('{{.Name}}Count'), variables('{{.Name}}Offset'))]",
"name": "vmLoopNode"
},
"apiVersion": "[variables('apiVersionCompute')]",
"location": "[resourceGroup().location]",
{{if UserAssignedIDEnabled}}
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/', variables('{{.Name}}VMNamePrefix'), copyIndex(variables('{{.Name}}Offset')))]",
"[concat('Microsoft.Authorization/roleAssignments/',guid(concat(variables('userAssignedID'), 'roleAssignment', resourceGroup().id)))]"
],
{{else}}
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/', variables('{{.Name}}VMNamePrefix'), copyIndex(variables('{{.Name}}Offset')))]",
"[concat('Microsoft.Authorization/roleAssignments/', guid(concat('Microsoft.Compute/virtualMachines/', variables('{{.Name}}VMNamePrefix'), copyIndex(variables('{{.Name}}Offset')), 'vmidentity')))]"
],
{{end}}
"properties": {
"publisher": "Microsoft.ManagedIdentity",
"type": "ManagedIdentityExtensionForLinux",
"typeHandlerVersion": "1.0",
"autoUpgradeMinorVersion": true,
"settings": {
"port": 50343
},
"protectedSettings": {}
}
},
{{end}}
{
"apiVersion": "[variables('apiVersionCompute')]",
"copy": {
"count": "[sub(variables('{{.Name}}Count'), variables('{{.Name}}Offset'))]",
"name": "vmLoopNode"
},
"dependsOn": [
{{if UseManagedIdentity}}
"[concat('Microsoft.Compute/virtualMachines/', variables('{{.Name}}VMNamePrefix'), copyIndex(variables('{{.Name}}Offset')), '/extensions/ManagedIdentityExtension')]"
{{else}}
"[concat('Microsoft.Compute/virtualMachines/', variables('{{.Name}}VMNamePrefix'), copyIndex(variables('{{.Name}}Offset')))]"
{{end}}
],
"location": "[variables('location')]",
"type": "Microsoft.Compute/virtualMachines/extensions",
Expand Down
28 changes: 8 additions & 20 deletions parts/k8s/kubernetesagentresourcesvmss.t
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,15 @@
{{if and UseManagedIdentity (not UserAssignedIDEnabled)}}
{
"apiVersion": "[variables('apiVersionAuthorization')]",
"apiVersion": "[variables('apiVersionAuthorizationSystem')]",
"name": "[guid(concat('Microsoft.Compute/virtualMachineScaleSets/', variables('{{.Name}}VMNamePrefix'), 'vmidentity'))]",
"type": "Microsoft.Authorization/roleAssignments",
"properties": {
"roleDefinitionId": "[variables('readerRoleDefinitionId')]",
"principalId": "[reference(concat('Microsoft.Compute/virtualMachineScaleSets/', variables('{{.Name}}VMNamePrefix')), '2017-03-30', 'Full').identity.principalId]"
}
},
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachineScaleSets/', variables('{{.Name}}VMNamePrefix'))]"
]
},
{{end}}
{
Expand All @@ -31,18 +34,18 @@
{{ end }}
"name": "[variables('{{.Name}}VMNamePrefix')]",
{{if UseManagedIdentity}}
{{if UserAssignedIDEnabled}}
{{if UserAssignedIDEnabled}}
"identity": {
"type": "userAssigned",
"userAssignedIdentities": {
"[variables('userAssignedIDReference')]":{}
}
},
{{else}}
{{else}}
"identity": {
"type": "systemAssigned"
},
{{end}}
{{end}}
{{end}}
"sku": {
"tier": "Standard",
Expand Down Expand Up @@ -172,21 +175,6 @@
}
}
{{end}}
{{if UseManagedIdentity}}
,{
"name": "managedIdentityExtension",
"properties": {
"publisher": "Microsoft.ManagedIdentity",
"type": "ManagedIdentityExtensionForLinux",
"typeHandlerVersion": "1.0",
"autoUpgradeMinorVersion": true,
"settings": {
"port": 50343
},
"protectedSettings": {}
}
}
{{end}}
]
}
}
Expand Down
2 changes: 1 addition & 1 deletion parts/k8s/kubernetesbase.t
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@
"location": "[variables('location')]"
},
{
"apiVersion": "[variables('apiVersionAuthorization')]",
"apiVersion": "[variables('apiVersionAuthorizationUser')]",
"type": "Microsoft.Authorization/roleAssignments",
"name": "[guid(concat(variables('userAssignedID'), 'roleAssignment', resourceGroup().id))]",
"properties": {
Expand Down
45 changes: 7 additions & 38 deletions parts/k8s/kubernetesmasterresources.t
View file
Original file line number Diff line number Diff line change
Expand Up @@ -828,18 +828,18 @@
"zones": "[split(string(parameters('availabilityZones')[mod(copyIndex(variables('masterOffset')), length(parameters('availabilityZones')))]), ',')]",
{{end}}
{{if UseManagedIdentity}}
{{if UserAssignedIDEnabled}}
{{if UserAssignedIDEnabled}}
"identity": {
"type": "userAssigned",
"userAssignedIdentities": {
"[variables('userAssignedIDReference')]":{}
}
},
{{else}}
{{else}}
"identity": {
"type": "systemAssigned"
},
{{end}}
{{end}}
{{end}}
"properties": {
{{if not .MasterProfile.HasAvailabilityZones}}
Expand Down Expand Up @@ -921,10 +921,9 @@
},
"type": "Microsoft.Compute/virtualMachines"
},
{{if UseManagedIdentity}}
{{if (not UserAssignedIDEnabled)}}
{{if and UseManagedIdentity (not UserAssignedIDEnabled)}}
{
"apiVersion": "[variables('apiVersionAuthorization')]",
"apiVersion": "[variables('apiVersionAuthorizationSystem')]",
"copy": {
"count": "[variables('masterCount')]",
"name": "vmLoopNode"
Expand All @@ -937,46 +936,16 @@
}
},
{{end}}
{
"type": "Microsoft.Compute/virtualMachines/extensions",
"name": "[concat(variables('masterVMNamePrefix'), copyIndex(), '/ManagedIdentityExtension')]",
"copy": {
"count": "[variables('masterCount')]",
"name": "vmLoopNode"
},
"apiVersion": "[variables('apiVersionCompute')]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/', variables('masterVMNamePrefix'), copyIndex())]",
{{if UserAssignedIDEnabled}}
"[concat('Microsoft.Authorization/roleAssignments/',guid(concat(variables('userAssignedID'), 'roleAssignment', resourceGroup().id)))]"
{{else}}
"[concat('Microsoft.Authorization/roleAssignments/', guid(concat('Microsoft.Compute/virtualMachines/', variables('masterVMNamePrefix'), copyIndex(), 'vmidentity')))]"
{{end}}
],
"properties": {
"publisher": "Microsoft.ManagedIdentity",
"type": "ManagedIdentityExtensionForLinux",
"typeHandlerVersion": "1.0",
"autoUpgradeMinorVersion": true,
"settings": {
"port": 50343
},
"protectedSettings": {}
}
},
{{end}}
{
"apiVersion": "[variables('apiVersionCompute')]",
"copy": {
"count": "[sub(variables('masterCount'), variables('masterOffset'))]",
"name": "vmLoopNode"
},
"dependsOn": [
{{if UseManagedIdentity}}
"[concat('Microsoft.Compute/virtualMachines/', variables('masterVMNamePrefix'), copyIndex(variables('masterOffset')), '/extensions/ManagedIdentityExtension')]"
{{else}}
"[concat('Microsoft.Compute/virtualMachines/', variables('masterVMNamePrefix'), copyIndex(variables('masterOffset')))]"
{{if EnableEncryptionWithExternalKms}}
,"[concat('Microsoft.KeyVault/vaults/', variables('clusterKeyVaultName'))]"
{{end}}
],
"location": "[variables('location')]",
Expand Down
15 changes: 0 additions & 15 deletions parts/k8s/kubernetesmasterresourcesvmss.t
View file
Original file line number Diff line number Diff line change
Expand Up @@ -477,21 +477,6 @@
},
"extensionProfile": {
"extensions": [
{{if UseManagedIdentity}}
{
"name": "[concat(variables('masterVMNamePrefix'), 'vmss-ManagedIdentityExtension')]",
"properties": {
"publisher": "Microsoft.ManagedIdentity",
"type": "ManagedIdentityExtensionForLinux",
"typeHandlerVersion": "1.0",
"autoUpgradeMinorVersion": true,
"settings": {
"port": 50343
},
"protectedSettings": {}
}
},
{{end}}
{
"name": "[concat(variables('masterVMNamePrefix'), 'vmssCSE')]",
"properties": {
Expand Down
3 changes: 2 additions & 1 deletion parts/k8s/kubernetesmastervars.t
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,8 @@
"apiVersionKeyVault": "2018-02-14",
"apiVersionNetwork": "2018-08-01",
"apiVersionManagedIdentity": "2015-08-31-preview",
"apiVersionAuthorization": "2018-09-01-preview",
"apiVersionAuthorizationUser": "2018-09-01-preview",
"apiVersionAuthorizationSystem": "2018-01-01-preview",
"locations": [
"[resourceGroup().location]",
"[parameters('location')]"
Expand Down
46 changes: 15 additions & 31 deletions parts/k8s/kuberneteswinagentresourcesvmas.t
View file
Original file line number Diff line number Diff line change
Expand Up @@ -154,9 +154,18 @@
"location": "[variables('location')]",
"name": "[concat(variables('{{.Name}}VMNamePrefix'), copyIndex(variables('{{.Name}}Offset')))]",
{{if UseManagedIdentity}}
{{if UserAssignedIDEnabled}}
"identity": {
"type": "userAssigned",
"userAssignedIdentities": {
"[variables('userAssignedIDReference')]":{}
}
},
{{else}}
"identity": {
"type": "systemAssigned"
},
{{end}}
{{end}}
"properties": {
"availabilitySet": {
Expand Down Expand Up @@ -207,9 +216,9 @@
},
"type": "Microsoft.Compute/virtualMachines"
},
{{if UseManagedIdentity}}
{{if and UseManagedIdentity (not UserAssignedIDEnabled)}}
{
"apiVersion": "[variables('apiVersionAuthorization')]",
"apiVersion": "[variables('apiVersionAuthorizationSystem')]",
"copy": {
"count": "[sub(variables('{{.Name}}Count'), variables('{{.Name}}Offset'))]",
"name": "vmLoopNode"
Expand All @@ -219,32 +228,11 @@
"properties": {
"roleDefinitionId": "[variables('readerRoleDefinitionId')]",
"principalId": "[reference(concat('Microsoft.Compute/virtualMachines/', variables('{{.Name}}VMNamePrefix'), copyIndex(variables('{{.Name}}Offset'))), '2017-03-30', 'Full').identity.principalId]"
}
},
{
"type": "Microsoft.Compute/virtualMachines/extensions",
"name": "[concat(variables('{{.Name}}VMNamePrefix'), copyIndex(variables('{{.Name}}Offset')), '/ManagedIdentityExtension')]",
"copy": {
"count": "[sub(variables('{{.Name}}Count'), variables('{{.Name}}Offset'))]",
"name": "vmLoopNode"
},
"apiVersion": "[variables('apiVersionCompute')]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/', variables('{{.Name}}VMNamePrefix'), copyIndex(variables('{{.Name}}Offset')))]",
"[concat('Microsoft.Authorization/roleAssignments/', guid(concat('Microsoft.Compute/virtualMachines/', variables('{{.Name}}VMNamePrefix'), copyIndex(variables('{{.Name}}Offset')), 'vmidentity')))]"
],
"properties": {
"publisher": "Microsoft.ManagedIdentity",
"type": "ManagedIdentityExtensionForWindows",
"typeHandlerVersion": "1.0",
"autoUpgradeMinorVersion": true,
"settings": {
"port": 50343
},
"protectedSettings": {}
}
},
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/', variables('{{.Name}}VMNamePrefix'), copyIndex(variables('{{.Name}}Offset')))]"
]
},
{{end}}
{
"apiVersion": "[variables('apiVersionCompute')]",
Expand All @@ -253,11 +241,7 @@
"name": "vmLoopNode"
},
"dependsOn": [
{{if UseManagedIdentity}}
"[concat('Microsoft.Compute/virtualMachines/', variables('{{.Name}}VMNamePrefix'), copyIndex(variables('{{.Name}}Offset')), '/extensions/ManagedIdentityExtension')]"
{{else}}
"[concat('Microsoft.Compute/virtualMachines/', variables('{{.Name}}VMNamePrefix'), copyIndex(variables('{{.Name}}Offset')))]"
{{end}}
],
"location": "[variables('location')]",
"type": "Microsoft.Compute/virtualMachines/extensions",
Expand Down
Loading

0 comments on commit 96ab041

Please sign in to comment.