diff --git a/pkg/asset/machines/azure/machines.go b/pkg/asset/machines/azure/machines.go index 09d32789c6f..234b9ded6f9 100644 --- a/pkg/asset/machines/azure/machines.go +++ b/pkg/asset/machines/azure/machines.go @@ -102,7 +102,7 @@ func provider(platform *azure.Platform, mpool *azure.MachinePool, osImage string } managedIdentity := fmt.Sprintf("%s-identity", clusterID) - if platform.IsARO() { + if platform.IsARO() || platform.CloudName == azure.StackCloud { managedIdentity = "" } diff --git a/pkg/asset/manifests/azure/cloudproviderconfig.go b/pkg/asset/manifests/azure/cloudproviderconfig.go index 65ed9222313..ac7ad609e98 100644 --- a/pkg/asset/manifests/azure/cloudproviderconfig.go +++ b/pkg/asset/manifests/azure/cloudproviderconfig.go @@ -12,6 +12,8 @@ type CloudProviderConfig struct { CloudName azure.CloudEnvironment TenantID string SubscriptionID string + AADClientID string + AADClientSecret string ResourceGroupName string GroupLocation string ResourcePrefix string @@ -19,23 +21,20 @@ type CloudProviderConfig struct { NetworkSecurityGroupName string VirtualNetworkName string SubnetName string + ResourceManagerEndpoint string ARO bool } // JSON generates the cloud provider json config for the azure platform. // managed resource names are matching the convention defined by capz func (params CloudProviderConfig) JSON() (string, error) { - useManagedIdentityExtension := true - if params.ARO { - useManagedIdentityExtension = false - } config := config{ authConfig: authConfig{ Cloud: params.CloudName.Name(), TenantID: params.TenantID, SubscriptionID: params.SubscriptionID, - UseManagedIdentityExtension: useManagedIdentityExtension, + UseManagedIdentityExtension: true, // The cloud provider needs the clientID which is only known after terraform has run. // When left empty, the existing managed identity on the VM will be used. // By leaving it empty, we don't have to create the identity before running the installer. @@ -62,6 +61,20 @@ func (params CloudProviderConfig) JSON() (string, error) { // https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-tcp-reset LoadBalancerSku: "standard", } + + if params.ARO { + config.authConfig.UseManagedIdentityExtension = false + } + + if params.CloudName == azure.StackCloud { + config.authConfig.AADClientID = params.AADClientID + config.authConfig.AADClientSecret = params.AADClientSecret + config.authConfig.ResourceManagerEndpoint = params.ResourceManagerEndpoint + config.authConfig.UseManagedIdentityExtension = false + config.LoadBalancerSku = "basic" + config.UseInstanceMetadata = false + } + buff := &bytes.Buffer{} encoder := json.NewEncoder(buff) encoder.SetIndent("", "\t") diff --git a/pkg/asset/manifests/azure/types.go b/pkg/asset/manifests/azure/types.go index 8f0212cf2f3..c16ae0a36b3 100644 --- a/pkg/asset/manifests/azure/types.go +++ b/pkg/asset/manifests/azure/types.go @@ -1,6 +1,7 @@ package azure //authConfig is part of the CloudProviderConfig as defined in https://github.com/kubernetes/kubernetes/blob/v1.13.5/pkg/cloudprovider/providers/azure/auth/azure_auth.go#L32 +//resourceManagerEndpoint has been added based on https://github.com/kubernetes-sigs/cloud-provider-azure/blob/v1.0.3/pkg/auth/azure_auth.go type authConfig struct { // The cloud environment identifier. Takes values from https://github.com/Azure/go-autorest/blob/ec5f4903f77ed9927ac95b19ab8e44ada64c1356/autorest/azure/environments.go#L13 Cloud string `json:"cloud" yaml:"cloud"` @@ -22,6 +23,9 @@ type authConfig struct { UserAssignedIdentityID string `json:"userAssignedIdentityID" yaml:"userAssignedIdentityID"` // The ID of the Azure Subscription that the cluster is deployed in SubscriptionID string `json:"subscriptionId" yaml:"subscriptionId"` + // ResourceManagerEndpoint is the cloud's resource manager endpoint. If set, cloud provider queries this endpoint + // in order to generate an autorest.Environment instance instead of using one of the pre-defined Environments. + ResourceManagerEndpoint string `json:"resourceManagerEndpoint,omitempty" yaml:"resourceManagerEndpoint,omitempty"` } //config is the cloud provider config as defined in https://github.com/kubernetes/kubernetes/blob/v1.13.5/pkg/cloudprovider/providers/azure/azure.go#L81 diff --git a/pkg/asset/manifests/cloudproviderconfig.go b/pkg/asset/manifests/cloudproviderconfig.go index 909cd9c7892..6b8c1ef903a 100644 --- a/pkg/asset/manifests/cloudproviderconfig.go +++ b/pkg/asset/manifests/cloudproviderconfig.go @@ -2,6 +2,7 @@ package manifests import ( "context" + "encoding/json" "fmt" "path/filepath" @@ -39,6 +40,7 @@ var ( const ( cloudProviderConfigDataKey = "config" cloudProviderConfigCABundleDataKey = "ca-bundle.pem" + cloudProviderEndpointsKey = "endpoints" ) // CloudProviderConfig generates the cloud-provider-config.yaml files. @@ -133,16 +135,27 @@ func (cpc *CloudProviderConfig) Generate(dependencies asset.Parents) error { ResourcePrefix: clusterID.InfraID, SubscriptionID: session.Credentials.SubscriptionID, TenantID: session.Credentials.TenantID, + AADClientID: session.Credentials.ClientID, + AADClientSecret: session.Credentials.ClientSecret, NetworkResourceGroupName: nrg, NetworkSecurityGroupName: nsg, VirtualNetworkName: vnet, SubnetName: subnet, + ResourceManagerEndpoint: installConfig.Config.Azure.ARMEndpoint, ARO: installConfig.Config.Azure.IsARO(), }.JSON() if err != nil { return errors.Wrap(err, "could not create cloud provider config") } cm.Data[cloudProviderConfigDataKey] = azureConfig + + if installConfig.Azure.CloudName == azuretypes.StackCloud { + b, err := json.Marshal(session.Environment) + if err != nil { + return errors.Wrap(err, "could not serialize Azure Stack endpoints") + } + cm.Data[cloudProviderEndpointsKey] = string(b) + } case gcptypes.Name: subnet := fmt.Sprintf("%s-worker-subnet", clusterID.InfraID) if installConfig.Config.GCP.ComputeSubnet != "" {