Skip to content

Commit

Permalink
Add multi-environment support for AKS
Browse files Browse the repository at this point in the history 
Fixes: rancher#98

(cherry picked from commit 41a68e8)
  • Loading branch information
@smallteeths @mjura
smallteeths authored and mjura committed Feb 24, 2023
1 parent f7689be commit d95dafb
Show file tree
Hide file tree
Showing 3 changed files with 33 additions and 4 deletions.
2 changes: 1 addition & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ Edit the CRD
Create AKS secret with clientID and clientSecret

export REPLACE_WITH_K8S_SECRETS_NAME=aks-secret
kubectl create secret generic $REPLACE_WITH_K8S_SECRETS_NAME --from-literal=azurecredentialConfig-subscriptionId=<REPLACE_WITH_SUBSCRIPTIONID> --from-literal=azurecredentialConfig-clientId=<REPLACE_WITH_CLIENTID> --from-literal=azurecredentialConfig-clientSecret=<REPLACE_WITH_CLIENTSECRET>
kubectl create secret generic $REPLACE_WITH_K8S_SECRETS_NAME --from-literal=azurecredentialConfig-subscriptionId=<REPLACE_WITH_SUBSCRIPTIONID> --from-literal=azurecredentialConfig-clientId=<REPLACE_WITH_CLIENTID> --from-literal=azurecredentialConfig-clientSecret=<REPLACE_WITH_CLIENTSECRET> --from-literal=azurecredentialConfig-environment=<REPLACE_WITH_AZURE_ENVIRONMENT>

Start the AKS operator

Expand Down
4 changes: 4 additions & 0 deletions controller/aks-cluster-config-handler.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -596,6 +596,10 @@ func BuildUpstreamClusterState(ctx context.Context, secretsCache wranglerv1.Secr
upstreamSpec.Tags = to.StringMap(clusterState.Tags)
}

// set BaseURL && AuthBaseURL
upstreamSpec.AuthBaseURL = credentials.AuthBaseURL
upstreamSpec.BaseURL = credentials.BaseURL

// set AgentPool profile
for _, np := range *clusterState.AgentPoolProfiles {
var upstreamNP aksv1.AKSNodePool
Expand Down
31 changes: 28 additions & 3 deletions pkg/aks/client.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,11 @@ func GetSecrets(secretsCache wranglerv1.SecretCache, secretClient wranglerv1.Sec
subscriptionIDBytes := secret.Data["azurecredentialConfig-subscriptionId"]
clientIDBytes := secret.Data["azurecredentialConfig-clientId"]
clientSecretBytes := secret.Data["azurecredentialConfig-clientSecret"]
clientEnvironment := ""
if secret.Data["azurecredentialConfig-environment"] != nil {
clientEnvironment = string(secret.Data["azurecredentialConfig-environment"])
}
azureEnvironment := GetEnvironment(clientEnvironment)

cannotBeNilError := "field [azurecredentialConfig-%s] must be provided in cloud credential"
if subscriptionIDBytes == nil {
Expand All @@ -89,8 +94,8 @@ func GetSecrets(secretsCache wranglerv1.SecretCache, secretClient wranglerv1.Sec
cred.SubscriptionID = string(subscriptionIDBytes)
cred.ClientID = string(clientIDBytes)
cred.ClientSecret = string(clientSecretBytes)
cred.AuthBaseURL = spec.AuthBaseURL
cred.BaseURL = spec.BaseURL
cred.AuthBaseURL = &azureEnvironment.ActiveDirectoryEndpoint
cred.BaseURL = &azureEnvironment.ResourceManagerEndpoint

if cred.TenantID == "" {
cred.TenantID, err = GetCachedTenantID(secretClient, cred.SubscriptionID, secret)
Expand Down Expand Up @@ -124,7 +129,14 @@ func GetCachedTenantID(secretClient secretClient, subscriptionID string, secret
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
defer cancel()
logrus.Debugf("retrieving tenant ID from Azure public cloud")
tenantID, err := azureutil.FindTenantID(ctx, azure.PublicCloud, subscriptionID)

clientEnvironment := ""
if secret.Data["azurecredentialConfig-environment"] != nil {
clientEnvironment = string(secret.Data["azurecredentialConfig-environment"])
}
azureEnvironment := GetEnvironment(clientEnvironment)

tenantID, err := azureutil.FindTenantID(ctx, azureEnvironment, subscriptionID)
if err != nil {
return "", err
}
Expand Down Expand Up @@ -152,3 +164,16 @@ func NewClusterClient(cred *Credentials) (*containerservice.ManagedClustersClien

return &client, nil
}

func GetEnvironment(env string) azure.Environment {
switch env {
case "AzureGermanCloud":
return azure.GermanCloud
case "AzureChinaCloud":
return azure.ChinaCloud
case "AzureUSGovernmentCloud":
return azure.USGovernmentCloud
default:
return azure.PublicCloud
}
}

0 comments on commit d95dafb

Please sign in to comment.