Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow full kustomisation of aad-msi-binding.yaml #279

Merged
merged 1 commit into from
Dec 8, 2021
Merged

Allow full kustomisation of aad-msi-binding.yaml #279

merged 1 commit into from
Dec 8, 2021

Conversation

brk3
Copy link
Contributor

@brk3 brk3 commented Nov 18, 2021
edited

Currently the name of the AzureIdentity / AzureIdentityBinding objects
created as part of the aad-pod-identity lz addon have hardcoded names.
This made it not possible to create more than one pair for one MSI.

This patch applies kustomise to each field allowing for more
customisation.

It also adds a new 'selector' argument in the case the user doesn't want
the name of the MSI used in this field:

managed_identities = {
  ingress_msi = {
    lz_key = "aks"
    aadpodidentity_selector = "ingress"
    msi_keys = [
      "ingress",
    ]
  }
}

If aadpodidentity_selector is not specified the MSI name is used as
before.

PR Checklist

  • I have updated the documentation accordingly.
  • I have added tests to cover my changes.
  • All new and existing tests passed.
  • My code follows the code style of this project.
  • I ran lint checks locally prior to submission.
  • Have you checked to ensure there aren't other open Pull Requests for the same update/change?

Description

Does this introduce a breaking change

  • YES
  • NO

Testing

@brk3
Allow full kustomisation of aad-msi-binding.yaml
e125497 
Currently the name of the AzureIdentity/AzureIdentityBinding objects
created as part of the aad-pod-identity lz addon have hardcoded names.
This made it not possible to create more than one pair for one MSI.

This patch applies kustomise to each field allowing for more
customisation.

It also adds a new 'selector' argument in the case the user doesn't want
the name of the MSI used in this field:

managed_identities = {
  ingress_msi = {
    lz_key = "aks"
    aadpodidentity_selector = "ingress"
    msi_keys = [
      "ingress",
    ]
  }
}

If aadpodidentity_selector is not specified the MSI name is used as
before.
@brk3 brk3 changed the title Support custom aadpodidentity selector Allow full kustomisation of aad-msi-binding.yaml Nov 23, 2021
hieumoscow
hieumoscow approved these changes Dec 7, 2021
View reviewed changes
Copy link
Contributor

@hieumoscow hieumoscow left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks @brk3
Before we did allow to specify selector value but tfvar was quite verbose. I like this approach as msi name might contains weird characters that breaks the creation of azureidentity & azureidentitybinding. Cheers

@LaurentLesle LaurentLesle changed the base branch from master to 2112.int December 8, 2021 05:53
@LaurentLesle LaurentLesle merged commit 5f8f241 into Azure:2112.int Dec 8, 2021
@arnaudlh arnaudlh added the enhancement New feature or request label Dec 8, 2021
@arnaudlh arnaudlh added this to the 2112 milestone Dec 8, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@LaurentLesle LaurentLesle LaurentLesle approved these changes

@hieumoscow hieumoscow hieumoscow approved these changes

Assignees

@brk3 brk3

Labels
enhancement New feature or request
Projects
None yet
Milestone
2112
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@brk3 @LaurentLesle @hieumoscow @arnaudlh