Fix aks multi-environment support

mjura · Jul 14, 2022 · 41a68e8 · 41a68e8
1 parent f991112
commit 41a68e8
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 7 deletions.
diff --git a/README.md b/README.md
@@ -31,11 +31,11 @@ Rancher aks-operator is a new service, which takes care about Azure Kubernetes S
 
 `vim examples/create-aks.yaml`
 
-### 5. Create AKS secret with clientID and clientSecret
+### 5. Create AKS secret with clientID, clientSecret and azureEnvironment
 
 `export REPLACE_WITH_K8S_SECRETS_NAME=aks-secret`
 
-`kubectl create secret generic $REPLACE_WITH_K8S_SECRETS_NAME --from-literal=azurecredentialConfig-subscriptionId=<REPLACE_WITH_SUBSCRIPTIONID> --from-literal=azurecredentialConfig-clientId=<REPLACE_WITH_CLIENTID> --from-literal=azurecredentialConfig-clientSecret=<REPLACE_WITH_CLIENTSECRET>`
+`kubectl create secret generic $REPLACE_WITH_K8S_SECRETS_NAME --from-literal=azurecredentialConfig-subscriptionId=<REPLACE_WITH_SUBSCRIPTIONID> --from-literal=azurecredentialConfig-clientId=<REPLACE_WITH_CLIENTID> --from-literal=azurecredentialConfig-clientSecret=<REPLACE_WITH_CLIENTSECRET> --from-literal=azurecredentialConfig-environment=<REPLACE_WITH_AZURE_ENVIRONMENT>`
 
 ### 6. Start aks-operator
 

diff --git a/controller/aks-cluster-config-handler.go b/controller/aks-cluster-config-handler.go
@@ -601,6 +601,10 @@ func BuildUpstreamClusterState(ctx context.Context, secretsCache wranglerv1.Secr
 		upstreamSpec.Tags = to.StringMap(clusterState.Tags)
 	}
 
+	// set BaseURL && AuthBaseURL
+	upstreamSpec.AuthBaseURL = credentials.AuthBaseURL
+	upstreamSpec.BaseURL = credentials.BaseURL
+
 	// set AgentPool profile
 	for _, np := range *clusterState.AgentPoolProfiles {
 		var upstreamNP aksv1.AKSNodePool

diff --git a/pkg/aks/client.go b/pkg/aks/client.go
@@ -123,6 +123,8 @@ func GetSecrets(secretsCache wranglerv1.SecretCache, secretClient wranglerv1.Sec
 	subscriptionIDBytes := secret.Data["azurecredentialConfig-subscriptionId"]
 	clientIDBytes := secret.Data["azurecredentialConfig-clientId"]
 	clientSecretBytes := secret.Data["azurecredentialConfig-clientSecret"]
+	clientEnvironment := string(secret.Data["azurecredentialConfig-environment"])
+	azureEnvironment := GetEnvironment(clientEnvironment)
 
 	cannotBeNilError := "field [azurecredentialConfig-%s] must be provided in cloud credential"
 	if subscriptionIDBytes == nil {
@@ -139,11 +141,11 @@ func GetSecrets(secretsCache wranglerv1.SecretCache, secretClient wranglerv1.Sec
 	cred.SubscriptionID = string(subscriptionIDBytes)
 	cred.ClientID = string(clientIDBytes)
 	cred.ClientSecret = string(clientSecretBytes)
-	cred.AuthBaseURL = spec.AuthBaseURL
-	cred.BaseURL = spec.BaseURL
+	cred.AuthBaseURL = &azureEnvironment.ActiveDirectoryEndpoint
+	cred.BaseURL = &azureEnvironment.ResourceManagerEndpoint
 
 	if cred.TenantID == "" {
-		cred.TenantID, err = GetCachedTenantID(secretClient, cred.SubscriptionID, secret)
+		cred.TenantID, err = GetCachedTenantID(secretClient, cred.SubscriptionID, secret, azureEnvironment)
 		if err != nil {
 			return nil, err
 		}
@@ -156,7 +158,7 @@ type secretClient interface {
 	Update(*v1.Secret) (*v1.Secret, error)
 }
 
-func GetCachedTenantID(secretClient secretClient, subscriptionID string, secret *v1.Secret) (string, error) {
+func GetCachedTenantID(secretClient secretClient, subscriptionID string, secret *v1.Secret, azureEnvironment azure.Environment) (string, error) {
 	annotations := secret.GetAnnotations()
 	tenantAnno, timestamp := annotations[tenantIDAnnotation], annotations[tenantIDTimestampAnnotation]
 	if tenantAnno != "" && timestamp != "" {
@@ -171,7 +173,7 @@ func GetCachedTenantID(secretClient secretClient, subscriptionID string, secret
 	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
 	defer cancel()
 	logrus.Debugf("retrieving tenant ID from Azure public cloud")
-	tenantID, err := azureutil.FindTenantID(ctx, azure.PublicCloud, subscriptionID)
+	tenantID, err := azureutil.FindTenantID(ctx, azureEnvironment, subscriptionID)
 	if err != nil {
 		return "", err
 	}
@@ -186,3 +188,16 @@ func GetCachedTenantID(secretClient secretClient, subscriptionID string, secret
 	}
 	return tenantID, err
 }
+
+func GetEnvironment(env string) azure.Environment {
+	switch env {
+	case "AzureGermanCloud":
+		return azure.GermanCloud
+	case "AzureChinaCloud":
+		return azure.ChinaCloud
+	case "AzureUSGovernmentCloud":
+		return azure.USGovernmentCloud
+	default:
+		return azure.PublicCloud
+	}
+}