diff --git a/IaC/bicep/rg-spoke/cluster.bicep b/IaC/bicep/rg-spoke/cluster.bicep index 21ee890..c21dcaf 100644 --- a/IaC/bicep/rg-spoke/cluster.bicep +++ b/IaC/bicep/rg-spoke/cluster.bicep @@ -814,22 +814,6 @@ module managedIdentityOperatorRole2 '../CARML/Microsoft.Resources/resourceGroups } } -module managedIdentityOperatorRole2 '../CARML/Microsoft.Resources/resourceGroups/.bicep/nested_rbac.bicep' = { - name: 'managedIdentityOperatorRole2' - scope: resourceGroup(resourceGroupName) - dependsOn: [ - cluster - rg - ] - params: { - resourceId: resourceGroupName - principalIds: [ - cluster.outputs.kubeletidentityObjectId - ] - roleDefinitionIdOrName: 'Managed Identity Operator' - } -} - module monitoringMetricsPublisherRole '../CARML/Microsoft.ContainerService/managedClusters/.bicep/nested_rbac.bicep' = { name: 'monitoringMetricsPublisherRole' params: { diff --git a/shared-services/README.md b/shared-services/README.md index 8415690..a858f25 100644 --- a/shared-services/README.md +++ b/shared-services/README.md @@ -52,9 +52,13 @@ To deploy traefik into your cluster through GitOps using flux follow these steps * ${ACR_NAME_AKS_BASELINE} Note that most of the parameters requested above will only be available to you after the deployment of your cluster. + ## Kured Kured is included as a solution to handle occasional required reboots from daily OS patching. No customization is required for this service to get it started. -This open-source software component is only needed if you require a managed rebooting solution between weekly [node image upgrades](https://docs.microsoft.com/azure/aks/node-image-upgrade). Building a process around deploying node image upgrades [every week](https://github.com/Azure/AKS/releases) satisfies most organizational weekly patching cadence requirements. Combined with most security patches on Linux not requiring reboots often, this leaves your cluster in a well supported state. If weekly node image upgrades satisfies your business requirements, then remove Kured from this solution by deleting [`kured.yaml`](./cluster-baseline-settings/kured.yaml). If however weekly patching using node image upgrades is not sufficient and you need to respond to daily security updates that mandate a reboot ASAP, then using a solution like Kured will help you achieve that objective. **Kured is not supported by Microsoft Support.** +This open-source software component is only needed if you require a managed rebooting solution between weekly [node image upgrades](https://docs.microsoft.com/azure/aks/node-image-upgrade). Building a process around deploying node image upgrades [every week](https://github.com/Azure/AKS/releases) satisfies most organizational weekly patching cadence requirements. Combined with most security patches on Linux not requiring reboots often, this leaves your cluster in a well supported state. If weekly node image upgrades satisfies your business requirements, then remove Kured from this solution by deleting [`kured.yaml`](./cluster-baseline-settings/kured.yaml). If however weekly patching using node image upgrades is not sufficient and you need to respond to daily security updates that mandate a reboot ASAP, then using a solution like Kured will help you achieve that objective. + +Note that the image for kured is sourced from a public registry and should be changed to your local registry in the **kured.yaml** file prior to use in your environment. + diff --git a/shared-services/namespaces/traefik/traefik.yaml.template b/shared-services/namespaces/traefik/traefik.yaml.template index 69d9058..625334f 100644 --- a/shared-services/namespaces/traefik/traefik.yaml.template +++ b/shared-services/namespaces/traefik/traefik.yaml.template @@ -117,7 +117,7 @@ data: # and derives the corresponding dynamic configuration from it. https://kubernetes.io/docs/concepts/services-networking/ingress/ [providers.kubernetesingress] ingressClass = "traefik-internal" - namespaces = ["traefik"] + namespaces = ["a0008"] [providers.kubernetesIngress.ingressEndpoint] publishedService = "traefik/traefik-ingress-service" # Enable gzip compression @@ -232,7 +232,7 @@ spec: # image: .azurecr.io/library/traefik:v2.5.3 # in order to use the public image, replace the image setting with the following line # - image: docker.io/library/traefik:v2.5.3 - - image: ${ACR_NAME_AKS_BASELINE}.azurecr.io/library/traefik:v2.5.3 + - image: ${ACR_NAME_AKS_BASELINE}.azurecr.io/library/traefik:v2.8.1 name: traefik-ingress-controller resources: requests: