Skip to content
This repository has been archived by the owner on Jan 11, 2023. It is now read-only.

Commit

Permalink
Update vmss master EncryptionWithExternalKms with userassignedidentity
Browse files Browse the repository at this point in the history
  • Loading branch information
@ritazh
ritazh committed Oct 19, 2018
1 parent 2108ead commit 813e6a6
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 37 deletions.
48 changes: 11 additions & 37 deletions parts/k8s/kubernetesmasterresourcesvmss.t
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,3 @@
{{if and UseManagedIdentity (not UserAssignedIDEnabled)}}
{
"apiVersion": "[variables('apiVersionAuthorization')]",
"name": "[guid(concat('Microsoft.Compute/virtualMachineScaleSets/', variables('masterVMNamePrefix'), 'vmidentity'))]",
"type": "Microsoft.Authorization/roleAssignments",
"properties": {
"roleDefinitionId": "[variables('contributorRoleDefinitionId')]",
"principalId": "[reference(concat('Microsoft.Compute/virtualMachineScaleSets/', variables('masterVMNamePrefix'), 'vmss'), '2017-03-30', 'Full').identity.principalId]"
}
},
{{end}}
{{if EnableEncryptionWithExternalKms}}
{
"type": "Microsoft.Storage/storageAccounts",
Expand All @@ -27,44 +16,33 @@
{{ if UseManagedIdentity}}
"dependsOn":
[
"[concat('Microsoft.Compute/virtualMachineScaleSets/', variables('masterVMNamePrefix'), 'vmss')]",
"[concat('Microsoft.Authorization/roleAssignments/', guid(concat('Microsoft.Compute/virtualMachineScaleSets/', variables('masterVMNamePrefix'), 'vmidentity')))]",
"[concat('Microsoft.Compute/virtualMachineScaleSets/', variables('masterVMNamePrefix'), 'vmss')]"
{{if UserAssignedIDEnabled}}
,"[variables('userAssignedIDReference')]"
{{end}}
],
{{end}}
"properties": {
"enabledForDeployment": "false",
"enabledForDiskEncryption": "false",
"enabledForTemplateDeployment": "false",
"tenantId": "[variables('tenantID')]",
{{if UseManagedIdentity}}
"accessPolicies":
[
{
"objectId": "[reference(concat('Microsoft.Compute/virtualMachineScaleSets/', variables('masterVMNamePrefix'), 'vmss'), '2017-03-30', 'Full').identity.principalId]",
"permissions": {
"keys": [
"create",
"encrypt",
"decrypt",
"get",
"list"
]
},
"tenantId": "[variables('tenantID')]"
},
],
{{else}}
"accessPolicies":
[
{
"tenantId": "[variables('tenantID')]",
{{if UseManagedIdentity}}
{{if UserAssignedIDEnabled}}
"objectId": "[reference(variables('userAssignedIDReference'), variables('apiVersionManagedIdentity')).principalId]",
{{end}}
{{else}}
"objectId": "[parameters('servicePrincipalObjectId')]",
{{end}}
"permissions": {
"keys": ["create", "encrypt", "decrypt", "get", "list"]
}
}
],
{{end}}
"sku": {
"name": "[parameters('clusterKeyVaultSku')]",
"family": "A"
Expand Down Expand Up @@ -309,13 +287,9 @@
"identity": {
"type": "userAssigned",
"userAssignedIdentities": {
"[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities/', variables('userAssignedID'))]":{}
"[variables('userAssignedIDReference')]":{}
}
},
{{else}}
"identity": {
"type": "systemAssigned"
},
{{end}}
{{end}}
"sku": {
Expand Down
1 change: 1 addition & 0 deletions parts/k8s/kubernetesmastervarsvmss.t
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@
"useManagedIdentityExtension": "{{ UseManagedIdentity }}",
"userAssignedID": "{{UserAssignedID}}",
"userAssignedClientID": "{{UserAssignedClientID}}",
"userAssignedIDReference": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities/', variables('userAssignedID'))]",
"useInstanceMetadata": "{{ UseInstanceMetadata }}",
"loadBalancerSku": "{{ LoadBalancerSku }}",
"excludeMasterFromStandardLB": "{{ ExcludeMasterFromStandardLB }}",
Expand Down

0 comments on commit 813e6a6

Please sign in to comment.