Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

support aad-pod-identity auth #51

Merged
merged 1 commit into from Jun 9, 2020
Merged

support aad-pod-identity auth #51

merged 1 commit into from Jun 9, 2020

Conversation

skriss
Copy link
Member

@skriss skriss commented Jun 2, 2020

Signed-off-by: Steve Kriss krisss@vmware.com

updates/replaces #29

closes #11
closes #12

@skriss skriss mentioned this pull request Jun 2, 2020
Merged
@skriss skriss self-assigned this Jun 2, 2020
@skriss skriss mentioned this pull request Jun 2, 2020
Closed
@skriss skriss changed the title support aad-pod-identity and certificate auth support aad-pod-identity auth Jun 2, 2020
@skriss
Copy link
Member Author

skriss commented Jun 4, 2020
edited

cross-posting from the original PR:

@ezYakaEagle442 if you have bandwidth to test, I pushed two images: steveheptio/velero:aad-pod-identity and steveheptio/velero-plugin-for-microsoft-azure:aad-pod-identity. The former is only needed if you're using the restic integration. I did a quick test with them and it seems to be working properly, but I'd love to get more eyes and I still need to regression-test with SP auth.

I used a similar setup process to your script, but I used the following role assignment (based on our existing docs for SP auth):
--role "Contributor" --scopes /subscriptions/$AZURE_SUBSCRIPTION_ID

And then I manually added the aadpodidbinding label to the Velero pods (via the deployment & daemonset's pod template spec)

@skriss
Copy link
Member Author

skriss commented Jun 4, 2020

OK, I've successfully tested both aad-pod-identity auth and service principal auth using this code (including full backup and restore). This is now ready for review.

@ezYakaEagle442 I'm still very interested in having you test this as well.

@skriss skriss marked this pull request as ready for review June 4, 2020 20:09
@ezYakaEagle442
Copy link

@skriss hi, I was off a few days, I have a couple of priorities to manage first but I would be happy to help, I will do my best to test it asap, I will let you know my results

@skriss @gitirabassi
support aad-pod-identity and certificate auth
c22efaf 
Signed-off-by: Steve Kriss <krisss@vmware.com>
Co-authored-by: gitirabassi <giacomo@tirabassi.eu>
@skriss
Copy link
Member Author

skriss commented Jun 9, 2020

@carlisia @nrb PTAL (related to already-merged vmware-tanzu/velero#2602)

@nrb nrb merged commit 15b36f1 into vmware-tanzu:master Jun 9, 2020
@adamrushuk adamrushuk mentioned this pull request Aug 9, 2020
Closed
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nrb nrb nrb approved these changes

@ashish-amarnath ashish-amarnath ashish-amarnath approved these changes

@carlisia carlisia Awaiting requested review from carlisia

Assignees

@skriss skriss

Labels
None yet
Projects
None yet
Milestone
No milestone
4 participants
@skriss @ezYakaEagle442 @nrb @ashish-amarnath