Azure cfcr support #223
Azure cfcr support #223
Conversation
|
Hey andyliuliming! Thanks for submitting this pull request! I'm here to inform the recipients of the pull request that you and the commit authors have already signed the CLA. |
|
We have created an issue in Pivotal Tracker to manage this: https://www.pivotaltracker.com/story/show/158532476 The labels on this github issue will be updated when the story is started. |
|
this pr depends on this pr: cloudfoundry/bosh-agent#174 |
|
Thanks for the PR. Currently Azure is not a priority in our backlog and we would also have to wait on the bosh-agent PR for this to be merged. We'll keep you updated if and when we have news. |
|
@mordebites the bosh-agent pr is merged which this pr depends on. please help review : ) and this have relation to the pr cloudfoundry-incubator/kubo-deployment#320 |
|
Maintaining a fork here https://github.com/svrc-pivotal/azure-kubo-release |
2. remove the cifs-utils for now.
andyliuliming
force-pushed the
andyliuliming:azure_cfcr_support
branch
from
3dbe8a3
to
cd230cb
| elsif provider_type == 'azure' | ||
| cloud_config['cloud'] = cloud_provider.p('cloud-provider.azure.cloud') | ||
| cloud_config['tenantId'] = cloud_provider.p('cloud-provider.azure.tenant-id') | ||
| cloud_config['aadClientId'] = cloud_provider.p('cloud-provider.azure.service-principal-id') |
alex-slynko
Oct 8, 2018
Member
@andyliuliming do we need to provide service-principal ID and secret for workers as well?
If yes, can we limit credentials for worker to some very specific minimal actions?
@andyliuliming do we need to provide service-principal ID and secret for workers as well?
If yes, can we limit credentials for worker to some very specific minimal actions?
andyliuliming
Oct 10, 2018
Author
Contributor
yes, the principal id is created by customer. the customer can restrict the rights of it to only the resource groups or any resource it required only.
yes, the principal id is created by customer. the customer can restrict the rights of it to only the resource groups or any resource it required only.
|
@alex-slynko FYI the azure cloud provider supports the equivalent of IAM roles but the Azure CPI doesn’t yet from what I can tell Also I added a fix to this PR in my fork: There needs to be a broader conversation about DNS handling for Bring Your Own DNS server for this PR. I’m not sure if it’s realistic to expect enterprises to turn on DDNS hostname registration. This might require a BOSH dns feature. |
What this PR does / why we need it:
This PR added the support for the cfcr running in azure.
How can this PR be verified?
follow the docs/terraform/azure/README.md to do the test.
and here's comformance test result file https://opensourcerelease.blob.core.windows.net/alphareleases/sonobuoy.tgz
Is there any change in kubo-deployment?
yes
Is there any change in kubo-ci?
no.
Does this affect upgrade, or is there any migration required?
no.
Which issue(s) this PR fixes:
Release note: