Fixed traefik routing when placed in its own namespace (#66)

* Deleted duplicate managedIdentityOperatorRole2 * Fixed Traefik * Fixed traefik routing when placed in a separate namespace
2022-08-30 06:52:12 -07:00 · 2022-08-30 06:52:12 -07:00 · 553fd6a0b6
--- a/IaC/bicep/rg-spoke/cluster.bicep
+++ b/IaC/bicep/rg-spoke/cluster.bicep
@ -814,22 +814,6 @@ module managedIdentityOperatorRole2 '../CARML/Microsoft.Resources/resourceGroups
  }
 }

-module managedIdentityOperatorRole2 '../CARML/Microsoft.Resources/resourceGroups/.bicep/nested_rbac.bicep' = {
-  name: 'managedIdentityOperatorRole2'
-  scope: resourceGroup(resourceGroupName)
-  dependsOn: [
-    cluster
-    rg
-  ]
-  params: {
-    resourceId: resourceGroupName
-    principalIds: [
-      cluster.outputs.kubeletidentityObjectId
-    ]
-    roleDefinitionIdOrName: 'Managed Identity Operator'
-  }
-}
-
 module monitoringMetricsPublisherRole '../CARML/Microsoft.ContainerService/managedClusters/.bicep/nested_rbac.bicep' = {
  name: 'monitoringMetricsPublisherRole'
  params: {
--- a/shared-services/README.md
+++ b/shared-services/README.md
@ -52,9 +52,13 @@ To deploy traefik into your cluster through GitOps using flux follow these steps
  * ${ACR_NAME_AKS_BASELINE}

 Note that most of the parameters requested above will only be available to you after the deployment of your cluster.
+
 ## Kured

 Kured is included as a solution to handle occasional required reboots from daily OS patching. No customization is required for this service to get it started.
-This open-source software component is only needed if you require a managed rebooting solution between weekly [node image upgrades](https://docs.microsoft.com/azure/aks/node-image-upgrade). Building a process around deploying node image upgrades [every week](https://github.com/Azure/AKS/releases) satisfies most organizational weekly patching cadence requirements. Combined with most security patches on Linux not requiring reboots often, this leaves your cluster in a well supported state. If weekly node image upgrades satisfies your business requirements, then remove Kured from this solution by deleting [`kured.yaml`](./cluster-baseline-settings/kured.yaml). If however weekly patching using node image upgrades is not sufficient and you need to respond to daily security updates that mandate a reboot ASAP, then using a solution like Kured will help you achieve that objective. **Kured is not supported by Microsoft Support.**
+This open-source software component is only needed if you require a managed rebooting solution between weekly [node image upgrades](https://docs.microsoft.com/azure/aks/node-image-upgrade). Building a process around deploying node image upgrades [every week](https://github.com/Azure/AKS/releases) satisfies most organizational weekly patching cadence requirements. Combined with most security patches on Linux not requiring reboots often, this leaves your cluster in a well supported state. If weekly node image upgrades satisfies your business requirements, then remove Kured from this solution by deleting [`kured.yaml`](./cluster-baseline-settings/kured.yaml). If however weekly patching using node image upgrades is not sufficient and you need to respond to daily security updates that mandate a reboot ASAP, then using a solution like Kured will help you achieve that objective. 
+
+Note that the image for kured is sourced from a public registry and should be changed to your local registry in the **kured.yaml** file prior to use in your environment. 
+


--- a/shared-services/namespaces/traefik/traefik.yaml.template
+++ b/shared-services/namespaces/traefik/traefik.yaml.template
@ -117,7 +117,7 @@ data:
      # and derives the corresponding dynamic configuration from it. https://kubernetes.io/docs/concepts/services-networking/ingress/
      [providers.kubernetesingress]
        ingressClass = "traefik-internal"
-        namespaces = ["traefik"]
+        namespaces = ["a0008"]
        [providers.kubernetesIngress.ingressEndpoint]
          publishedService = "traefik/traefik-ingress-service"
    # Enable gzip compression
@ -232,7 +232,7 @@ spec:
        # image: <your-acr-instance-name>.azurecr.io/library/traefik:v2.5.3
        # in order to use the public image, replace the image setting with the following line
        # - image: docker.io/library/traefik:v2.5.3
-      - image: ${ACR_NAME_AKS_BASELINE}.azurecr.io/library/traefik:v2.5.3
+      - image: ${ACR_NAME_AKS_BASELINE}.azurecr.io/library/traefik:v2.8.1
        name: traefik-ingress-controller
        resources:
          requests: