Workload Identity (feature flagged) (#363)

* added Workload Identity

Signed-off-by: Gordonby <gordon.byers@microsoft.com>

* added deploy param

Signed-off-by: Gordonby <gordon.byers@microsoft.com>

* typos

Signed-off-by: Gordonby <gordon.byers@microsoft.com>

Signed-off-by: Gordonby <gordon.byers@microsoft.com>
This commit is contained in:
Gordon Byers 2022-09-05 16:16:01 +01:00 коммит произвёл GitHub
Родитель 0aa37c3c5c
Коммит cf6317e47b
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
4 изменённых файлов: 24 добавлений и 0 удалений

Просмотреть файл

@ -890,6 +890,9 @@ param natGwIdleTimeout int = 30
@description('Configures the cluster as an OIDC issuer for use with Workload Identity') @description('Configures the cluster as an OIDC issuer for use with Workload Identity')
param oidcIssuer bool = false param oidcIssuer bool = false
@description('Installs Azure Workload Identity into the cluster')
param workloadIdentity bool = false
@description('System Pool presets are derived from the recommended system pool specs') @description('System Pool presets are derived from the recommended system pool specs')
var systemPoolPresets = { var systemPoolPresets = {
CostOptimised : { CostOptimised : {
@ -1090,6 +1093,11 @@ var aksProperties = union({
oidcIssuerProfile: { oidcIssuerProfile: {
enabled: oidcIssuer enabled: oidcIssuer
} }
securityProfile: {
workloadIdentity: {
enabled: workloadIdentity
}
}
}, },
aksOutboundTrafficType == 'managedNATGateway' ? managedNATGatewayProfile : {}, aksOutboundTrafficType == 'managedNATGateway' ? managedNATGatewayProfile : {},
defenderForContainers && createLaw ? azureDefenderSecurityProfile : {} defenderForContainers && createLaw ? azureDefenderSecurityProfile : {}

Просмотреть файл

@ -7,6 +7,7 @@ import { adv_stackstyle, hasError, getError } from './common'
export default function ({ tabValues, updateFn, featureFlag, invalidArray }) { export default function ({ tabValues, updateFn, featureFlag, invalidArray }) {
const { addons, net } = tabValues const { addons, net } = tabValues
const osmFeatureFlag = featureFlag.includes('osm') const osmFeatureFlag = featureFlag.includes('osm')
const wiFeatureFlag = featureFlag.includes('workloadId')
return ( return (
<Stack tokens={{ childrenGap: 15 }} styles={adv_stackstyle}> <Stack tokens={{ childrenGap: 15 }} styles={adv_stackstyle}>
@ -369,6 +370,19 @@ export default function ({ tabValues, updateFn, featureFlag, invalidArray }) {
<Checkbox styles={{ root: { marginLeft: '50px' } }} inputProps={{ "data-testid": "addons-osm-Checkbox"}} checked={addons.openServiceMeshAddon} onChange={(ev, v) => updateFn("openServiceMeshAddon", v)} label="Install the Open Service Mesh AddOn" /> <Checkbox styles={{ root: { marginLeft: '50px' } }} inputProps={{ "data-testid": "addons-osm-Checkbox"}} checked={addons.openServiceMeshAddon} onChange={(ev, v) => updateFn("openServiceMeshAddon", v)} label="Install the Open Service Mesh AddOn" />
</Stack.Item> </Stack.Item>
{ wiFeatureFlag &&
<>
<Separator className="notopmargin" />
<Stack.Item align="start">
<Label required={true}>
Workload Identity : Enable Azure Workload Identity on the AKS Cluster
(<a target="_new" href="https://github.com/Azure/azure-workload-identity">project</a>)
</Label>
<Checkbox styles={{ root: { marginLeft: '50px' } }} inputProps={{ "data-testid": "addons-workloadIdentity-Checkbox"}} checked={addons.workloadIdentity} onChange={(ev, v) => updateFn("workloadIdentity", v)} label="Install Workload Identity" />
</Stack.Item>
</>}
<Separator className="notopmargin" /> <Separator className="notopmargin" />
<Stack.Item align="start"> <Stack.Item align="start">

Просмотреть файл

@ -115,6 +115,7 @@ export default function DeployTab({ defaults, updateFn, tabValues, invalidArray,
}) })
}), }),
...(defaults.addons.kedaAddon !== addons.kedaAddon && {kedaAddon: addons.kedaAddon }), ...(defaults.addons.kedaAddon !== addons.kedaAddon && {kedaAddon: addons.kedaAddon }),
...(defaults.addons.workloadIdentity !== addons.workloadIdentity && {workloadIdentity: addons.workloadIdentity }),
...(urlParams.getAll('feature').includes('defender') && cluster.DefenderForContainers !== defaults.cluster.DefenderForContainers && { DefenderForContainers: cluster.DefenderForContainers }) ...(urlParams.getAll('feature').includes('defender') && cluster.DefenderForContainers !== defaults.cluster.DefenderForContainers && { DefenderForContainers: cluster.DefenderForContainers })
} }

Просмотреть файл

@ -56,6 +56,7 @@
"networkPolicy": "none", "networkPolicy": "none",
"kedaAddon": false, "kedaAddon": false,
"openServiceMeshAddon": false, "openServiceMeshAddon": false,
"workloadIdentity": false,
"denydefaultNetworkPolicy": false, "denydefaultNetworkPolicy": false,
"azurepolicy": "none", "azurepolicy": "none",
"azurePolicyInitiative": "Baseline", "azurePolicyInitiative": "Baseline",