diff --git a/api/v1beta1/azuremanagedcontrolplane_types.go b/api/v1beta1/azuremanagedcontrolplane_types.go index 28f6fa16317..c1723cdf69e 100644 --- a/api/v1beta1/azuremanagedcontrolplane_types.go +++ b/api/v1beta1/azuremanagedcontrolplane_types.go @@ -192,6 +192,18 @@ type AzureManagedControlPlaneSpec struct { // - ChinaCloud: "AzureChinaCloud" // - PublicCloud: "AzurePublicCloud" // - USGovernmentCloud: "AzureUSGovernmentCloud" + // + // Note that values other than the default must also be accompanied by corresponding changes to the + // aso-controller-settings Secret to configure ASO to refer to the non-Public cloud. ASO currently does + // not support referring to multiple different clouds in a single installation. The following fields must + // be defined in the Secret: + // - AZURE_AUTHORITY_HOST + // - AZURE_RESOURCE_MANAGER_ENDPOINT + // - AZURE_RESOURCE_MANAGER_AUDIENCE + // + // See the [ASO docs] for more details. + // + // [ASO docs]: https://azure.github.io/azure-service-operator/guide/aso-controller-settings-options/ // +optional AzureEnvironment string `json:"azureEnvironment,omitempty"` diff --git a/api/v1beta1/types_class.go b/api/v1beta1/types_class.go index 6bc37d840e2..155673c40e7 100644 --- a/api/v1beta1/types_class.go +++ b/api/v1beta1/types_class.go @@ -46,6 +46,18 @@ type AzureClusterClassSpec struct { // - GermanCloud: "AzureGermanCloud" // - PublicCloud: "AzurePublicCloud" // - USGovernmentCloud: "AzureUSGovernmentCloud" + // + // Note that values other than the default must also be accompanied by corresponding changes to the + // aso-controller-settings Secret to configure ASO to refer to the non-Public cloud. ASO currently does + // not support referring to multiple different clouds in a single installation. The following fields must + // be defined in the Secret: + // - AZURE_AUTHORITY_HOST + // - AZURE_RESOURCE_MANAGER_ENDPOINT + // - AZURE_RESOURCE_MANAGER_AUDIENCE + // + // See the [ASO docs] for more details. + // + // [ASO docs]: https://azure.github.io/azure-service-operator/guide/aso-controller-settings-options/ // +optional AzureEnvironment string `json:"azureEnvironment,omitempty"` diff --git a/config/aso/credentials.yaml b/config/aso/credentials.yaml deleted file mode 100644 index f04fbbf30c6..00000000000 --- a/config/aso/credentials.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: aso-controller-settings -type: Opaque -data: - # Per-resource Secrets will be created based on a Cluster's AzureClusterIdentity. - AZURE_SUBSCRIPTION_ID: "" - AZURE_TENANT_ID: "" - AZURE_CLIENT_ID: "" diff --git a/config/aso/kustomization.yaml b/config/aso/kustomization.yaml index cbc9fe86663..7bca6307be6 100644 --- a/config/aso/kustomization.yaml +++ b/config/aso/kustomization.yaml @@ -4,7 +4,7 @@ namespace: capz-system resources: - https://github.com/Azure/azure-service-operator/releases/download/v2.3.0/azureserviceoperator_v2.3.0.yaml - crds.yaml -- credentials.yaml +- settings.yaml patches: - patch: |- # default kustomization includes a namespace already diff --git a/config/aso/settings.yaml b/config/aso/settings.yaml new file mode 100644 index 00000000000..a62f63fd658 --- /dev/null +++ b/config/aso/settings.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Secret +metadata: + name: aso-controller-settings +type: Opaque +stringData: + AZURE_AUTHORITY_HOST: ${AZURE_AUTHORITY_HOST:=""} + AZURE_RESOURCE_MANAGER_ENDPOINT: ${AZURE_RESOURCE_MANAGER_ENDPOINT:=""} + AZURE_RESOURCE_MANAGER_AUDIENCE: ${AZURE_RESOURCE_MANAGER_AUDIENCE:=""} + AZURE_SYNC_PERIOD: ${AZURE_SYNC_PERIOD:=""} + # Per-resource Secrets will be created based on a Cluster's AzureClusterIdentity. + AZURE_SUBSCRIPTION_ID: "" + AZURE_TENANT_ID: "" + AZURE_CLIENT_ID: "" diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_azureclusters.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_azureclusters.yaml index 83967b1d889..63ecd27f4d6 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_azureclusters.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_azureclusters.yaml @@ -81,11 +81,17 @@ spec: added by default. type: object azureEnvironment: - description: 'AzureEnvironment is the name of the AzureCloud to be - used. The default value that would be used by most users is "AzurePublicCloud", - other values are: - ChinaCloud: "AzureChinaCloud" - GermanCloud: - "AzureGermanCloud" - PublicCloud: "AzurePublicCloud" - USGovernmentCloud: - "AzureUSGovernmentCloud"' + description: "AzureEnvironment is the name of the AzureCloud to be + used. The default value that would be used by most users is \"AzurePublicCloud\", + other values are: - ChinaCloud: \"AzureChinaCloud\" - GermanCloud: + \"AzureGermanCloud\" - PublicCloud: \"AzurePublicCloud\" - USGovernmentCloud: + \"AzureUSGovernmentCloud\" \n Note that values other than the default + must also be accompanied by corresponding changes to the aso-controller-settings + Secret to configure ASO to refer to the non-Public cloud. ASO currently + does not support referring to multiple different clouds in a single + installation. The following fields must be defined in the Secret: + - AZURE_AUTHORITY_HOST - AZURE_RESOURCE_MANAGER_ENDPOINT - AZURE_RESOURCE_MANAGER_AUDIENCE + \n See the [ASO docs] for more details. \n [ASO docs]: https://azure.github.io/azure-service-operator/guide/aso-controller-settings-options/" type: string bastionSpec: description: BastionSpec encapsulates all things related to the Bastions diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_azureclustertemplates.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_azureclustertemplates.yaml index 33cd31b0eea..2c89d1005be 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_azureclustertemplates.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_azureclustertemplates.yaml @@ -54,11 +54,19 @@ spec: addition to the ones added by default. type: object azureEnvironment: - description: 'AzureEnvironment is the name of the AzureCloud + description: "AzureEnvironment is the name of the AzureCloud to be used. The default value that would be used by most - users is "AzurePublicCloud", other values are: - ChinaCloud: - "AzureChinaCloud" - GermanCloud: "AzureGermanCloud" - PublicCloud: - "AzurePublicCloud" - USGovernmentCloud: "AzureUSGovernmentCloud"' + users is \"AzurePublicCloud\", other values are: - ChinaCloud: + \"AzureChinaCloud\" - GermanCloud: \"AzureGermanCloud\" + - PublicCloud: \"AzurePublicCloud\" - USGovernmentCloud: + \"AzureUSGovernmentCloud\" \n Note that values other than + the default must also be accompanied by corresponding changes + to the aso-controller-settings Secret to configure ASO to + refer to the non-Public cloud. ASO currently does not support + referring to multiple different clouds in a single installation. + The following fields must be defined in the Secret: - AZURE_AUTHORITY_HOST + - AZURE_RESOURCE_MANAGER_ENDPOINT - AZURE_RESOURCE_MANAGER_AUDIENCE + \n See the [ASO docs] for more details. \n [ASO docs]: https://azure.github.io/azure-service-operator/guide/aso-controller-settings-options/" type: string bastionSpec: description: BastionSpec encapsulates all things related to diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedcontrolplanes.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedcontrolplanes.yaml index 566e9fd3094..124f09e2c1e 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedcontrolplanes.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedcontrolplanes.yaml @@ -218,10 +218,17 @@ spec: type: string type: object azureEnvironment: - description: 'AzureEnvironment is the name of the AzureCloud to be - used. The default value that would be used by most users is "AzurePublicCloud", - other values are: - ChinaCloud: "AzureChinaCloud" - PublicCloud: - "AzurePublicCloud" - USGovernmentCloud: "AzureUSGovernmentCloud"' + description: "AzureEnvironment is the name of the AzureCloud to be + used. The default value that would be used by most users is \"AzurePublicCloud\", + other values are: - ChinaCloud: \"AzureChinaCloud\" - PublicCloud: + \"AzurePublicCloud\" - USGovernmentCloud: \"AzureUSGovernmentCloud\" + \n Note that values other than the default must also be accompanied + by corresponding changes to the aso-controller-settings Secret to + configure ASO to refer to the non-Public cloud. ASO currently does + not support referring to multiple different clouds in a single installation. + The following fields must be defined in the Secret: - AZURE_AUTHORITY_HOST + - AZURE_RESOURCE_MANAGER_ENDPOINT - AZURE_RESOURCE_MANAGER_AUDIENCE + \n See the [ASO docs] for more details. \n [ASO docs]: https://azure.github.io/azure-service-operator/guide/aso-controller-settings-options/" type: string controlPlaneEndpoint: description: ControlPlaneEndpoint represents the endpoint used to diff --git a/docs/book/src/topics/aso.md b/docs/book/src/topics/aso.md index 6cb8ea27ffc..93854c1311b 100644 --- a/docs/book/src/topics/aso.md +++ b/docs/book/src/topics/aso.md @@ -36,6 +36,19 @@ the resource will not be deleted in Azure. Additionally, BYO resources may include ASO resources managed by the user. CAPZ will not modify or delete such resources. Note that `clusterctl move` will not move user-managed ASO resources. +## Configuration with Environment Variables + +These environment variables are passed through to the `aso-controller-settings` Secret to configure ASO when +CAPZ is installed and are consumed by `clusterctl init`. They may also be modified directly in the Secret +after installing ASO with CAPZ: + +- `AZURE_AUTHORITY_HOST` +- `AZURE_RESOURCE_MANAGER_AUDIENCE` +- `AZURE_RESOURCE_MANAGER_ENDPOINT` +- `AZURE_SYNC_PERIOD` + +More details on each can be found in [ASO's documentation](https://azure.github.io/azure-service-operator/guide/aso-controller-settings-options/). + ## Using ASO for non-CAPZ resources CAPZ's installation of ASO can be used directly to manage Azure resources outside the domain of