Workload Identity (feature flagged) (#363)
* added Workload Identity Signed-off-by: Gordonby <gordon.byers@microsoft.com> * added deploy param Signed-off-by: Gordonby <gordon.byers@microsoft.com> * typos Signed-off-by: Gordonby <gordon.byers@microsoft.com> Signed-off-by: Gordonby <gordon.byers@microsoft.com>
This commit is contained in:
Родитель
0aa37c3c5c
Коммит
cf6317e47b
|
@ -890,6 +890,9 @@ param natGwIdleTimeout int = 30
|
||||||
@description('Configures the cluster as an OIDC issuer for use with Workload Identity')
|
@description('Configures the cluster as an OIDC issuer for use with Workload Identity')
|
||||||
param oidcIssuer bool = false
|
param oidcIssuer bool = false
|
||||||
|
|
||||||
|
@description('Installs Azure Workload Identity into the cluster')
|
||||||
|
param workloadIdentity bool = false
|
||||||
|
|
||||||
@description('System Pool presets are derived from the recommended system pool specs')
|
@description('System Pool presets are derived from the recommended system pool specs')
|
||||||
var systemPoolPresets = {
|
var systemPoolPresets = {
|
||||||
CostOptimised : {
|
CostOptimised : {
|
||||||
|
@ -1090,6 +1093,11 @@ var aksProperties = union({
|
||||||
oidcIssuerProfile: {
|
oidcIssuerProfile: {
|
||||||
enabled: oidcIssuer
|
enabled: oidcIssuer
|
||||||
}
|
}
|
||||||
|
securityProfile: {
|
||||||
|
workloadIdentity: {
|
||||||
|
enabled: workloadIdentity
|
||||||
|
}
|
||||||
|
}
|
||||||
},
|
},
|
||||||
aksOutboundTrafficType == 'managedNATGateway' ? managedNATGatewayProfile : {},
|
aksOutboundTrafficType == 'managedNATGateway' ? managedNATGatewayProfile : {},
|
||||||
defenderForContainers && createLaw ? azureDefenderSecurityProfile : {}
|
defenderForContainers && createLaw ? azureDefenderSecurityProfile : {}
|
||||||
|
|
|
@ -7,6 +7,7 @@ import { adv_stackstyle, hasError, getError } from './common'
|
||||||
export default function ({ tabValues, updateFn, featureFlag, invalidArray }) {
|
export default function ({ tabValues, updateFn, featureFlag, invalidArray }) {
|
||||||
const { addons, net } = tabValues
|
const { addons, net } = tabValues
|
||||||
const osmFeatureFlag = featureFlag.includes('osm')
|
const osmFeatureFlag = featureFlag.includes('osm')
|
||||||
|
const wiFeatureFlag = featureFlag.includes('workloadId')
|
||||||
return (
|
return (
|
||||||
<Stack tokens={{ childrenGap: 15 }} styles={adv_stackstyle}>
|
<Stack tokens={{ childrenGap: 15 }} styles={adv_stackstyle}>
|
||||||
|
|
||||||
|
@ -369,6 +370,19 @@ export default function ({ tabValues, updateFn, featureFlag, invalidArray }) {
|
||||||
<Checkbox styles={{ root: { marginLeft: '50px' } }} inputProps={{ "data-testid": "addons-osm-Checkbox"}} checked={addons.openServiceMeshAddon} onChange={(ev, v) => updateFn("openServiceMeshAddon", v)} label="Install the Open Service Mesh AddOn" />
|
<Checkbox styles={{ root: { marginLeft: '50px' } }} inputProps={{ "data-testid": "addons-osm-Checkbox"}} checked={addons.openServiceMeshAddon} onChange={(ev, v) => updateFn("openServiceMeshAddon", v)} label="Install the Open Service Mesh AddOn" />
|
||||||
</Stack.Item>
|
</Stack.Item>
|
||||||
|
|
||||||
|
{ wiFeatureFlag &&
|
||||||
|
<>
|
||||||
|
<Separator className="notopmargin" />
|
||||||
|
|
||||||
|
<Stack.Item align="start">
|
||||||
|
<Label required={true}>
|
||||||
|
Workload Identity : Enable Azure Workload Identity on the AKS Cluster
|
||||||
|
(<a target="_new" href="https://github.com/Azure/azure-workload-identity">project</a>)
|
||||||
|
</Label>
|
||||||
|
<Checkbox styles={{ root: { marginLeft: '50px' } }} inputProps={{ "data-testid": "addons-workloadIdentity-Checkbox"}} checked={addons.workloadIdentity} onChange={(ev, v) => updateFn("workloadIdentity", v)} label="Install Workload Identity" />
|
||||||
|
</Stack.Item>
|
||||||
|
</>}
|
||||||
|
|
||||||
<Separator className="notopmargin" />
|
<Separator className="notopmargin" />
|
||||||
|
|
||||||
<Stack.Item align="start">
|
<Stack.Item align="start">
|
||||||
|
|
|
@ -115,6 +115,7 @@ export default function DeployTab({ defaults, updateFn, tabValues, invalidArray,
|
||||||
})
|
})
|
||||||
}),
|
}),
|
||||||
...(defaults.addons.kedaAddon !== addons.kedaAddon && {kedaAddon: addons.kedaAddon }),
|
...(defaults.addons.kedaAddon !== addons.kedaAddon && {kedaAddon: addons.kedaAddon }),
|
||||||
|
...(defaults.addons.workloadIdentity !== addons.workloadIdentity && {workloadIdentity: addons.workloadIdentity }),
|
||||||
...(urlParams.getAll('feature').includes('defender') && cluster.DefenderForContainers !== defaults.cluster.DefenderForContainers && { DefenderForContainers: cluster.DefenderForContainers })
|
...(urlParams.getAll('feature').includes('defender') && cluster.DefenderForContainers !== defaults.cluster.DefenderForContainers && { DefenderForContainers: cluster.DefenderForContainers })
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -56,6 +56,7 @@
|
||||||
"networkPolicy": "none",
|
"networkPolicy": "none",
|
||||||
"kedaAddon": false,
|
"kedaAddon": false,
|
||||||
"openServiceMeshAddon": false,
|
"openServiceMeshAddon": false,
|
||||||
|
"workloadIdentity": false,
|
||||||
"denydefaultNetworkPolicy": false,
|
"denydefaultNetworkPolicy": false,
|
||||||
"azurepolicy": "none",
|
"azurepolicy": "none",
|
||||||
"azurePolicyInitiative": "Baseline",
|
"azurePolicyInitiative": "Baseline",
|
||||||
|
|
Загрузка…
Ссылка в новой задаче