update aks-aso chart (#26)

mboersma · Aug 28, 2024 · c3c4dd0 · c3c4dd0
1 parent ffd80c6
commit c3c4dd0
Show file tree

Hide file tree

Showing 5 changed files with 38 additions and 32 deletions.
diff --git a/charts/azure-aks-aso/Chart.yaml b/charts/azure-aks-aso/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: azure-aks-aso
 description: A chart describing an AKS cluster for CAPZ using the ASO API
 type: application
-version: 0.2.0
+version: 0.3.0
 appVersion: 0.1.0
 maintainers:
   - name: mboersma

diff --git a/charts/azure-aks-aso/README.md b/charts/azure-aks-aso/README.md
@@ -7,6 +7,8 @@ This Helm chart is used to deploy an Azure Kubernetes Service (AKS) Cluster usin
 Create a Kubernetes cluster to serve as a Cluster API management cluster. (For example, with `kind`.) Install the Cluster API Provider Azure (CAPZ) components on it with:
 
 ```shell
+export EXP_MACHINE_POOL=true
+export CLUSTER_TOPOLOGY=true
 clusterctl init --infrastructure azure
 ```
 
@@ -18,36 +20,36 @@ helm repo add capi https://mboersma.github.io/cluster-api-charts
 
 ## Specify values for the CAPZ AKS-ASO chart
 
-Create a `values.yaml` file to specify credentials and other values for the CAPZ AKS-ASO chart. It can look like the following:
+Create a `values.yaml` file to specify credentials and other values for the CAPZ AKS-ASO chart. This populates the [ASO configuration values](https://azure.github.io/azure-service-operator/guide/aso-controller-settings-options/) scoped to the management cluster resource.  To set global ASO credentials, modify the global ASO secret installed with CAPZ via `kubectl edit secrets aso-controller-settings -n capz-system`.
+
+It can look like the following:
 
 ```yaml
 credentialSecretName: "aso-credentials"
 createCredentials: true
 subscriptionID: ""
 tenantID: ""
 clientID: ""
+# Leave clientSecret blank if using WorkloadIdentity
 clientSecret: ""
-authMode: ""
+# set to podIdentity for managed identity or service principal even if NOT using pod identity
+authMode: "workloadIdentity"
 
 # clusterName defaults to the name of the Helm release
 clusterName: ""
-location: eastus
-clusterNetwork: null
-kubernetesVersion: v1.28.9
-subscriptionID: <subscription-id>
-identity:
-  clientID: <client-id>
-  tenantID: <tenant-id>
-  type: WorkloadIdentity
-cluster:
-  location: eastus
-  cidrBlocks:
-  - 192.168.0.0/16
-controlplane:
-  sshPublicKey: <ssh-public-key>
-  networkPolicy: "calico"
-  networkPlugin: "kubenet"
-  networkPluginMode: null
+location: westus3
+
+managedMachinePoolSpecs:
+  pool0:
+    count: 1
+    mode: System
+    vmSize: Standard_DS2_v2
+    type: VirtualMachineScaleSets
+  pool1:
+    count: 1
+    mode: User
+    vmSize: Standard_DS2_v2
+    type: VirtualMachineScaleSets
 ```
 
 ## Install the CAPZ AKS-ASO Helm chart
@@ -61,3 +63,5 @@ helm install <name> capi/azure-aks-aso -f values.yaml
 ```bash
 helm uninstall <name>
 ```
+
+> Note: there are a number of AKSASO* resources which will say have not been deleted. This is by design to ensure proper complete cleanup.  The root cluster object will be deleted and that will cascade down to delete all the resources provisioned by the helm chart.  The only thing which will remain is the credentials secret and that can be found in the namespace where the chart provisioned.
diff --git a/charts/azure-aks-aso/templates/clusterclass.yaml b/charts/azure-aks-aso/templates/clusterclass.yaml
@@ -8,12 +8,12 @@ metadata:
 spec:
   controlPlane:
     ref:
-      apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+      apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1
       kind: AzureASOManagedControlPlaneTemplate
       name: {{ .Values.clusterClassName | quote }}
   infrastructure:
     ref:
-      apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+      apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1
       kind: AzureASOManagedClusterTemplate
       name: {{ .Values.clusterClassName | quote }}
   workers:
@@ -36,7 +36,7 @@ spec:
   - name: azureasomanagedcluster-spec
     definitions:
     - selector:
-        apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+        apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1
         kind: AzureASOManagedClusterTemplate
         matchResources:
           infrastructureCluster: true
@@ -49,7 +49,7 @@ spec:
   - name: azureasomanagedcontrolplane-spec
     definitions:
     - selector:
-        apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+        apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1
         kind: AzureASOManagedControlPlaneTemplate
         matchResources:
           controlPlane: true
@@ -63,7 +63,7 @@ spec:
   - name: azureasomanagedmachinepool-{{ $mpName }}-spec
     definitions:
     - selector:
-        apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+        apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1
         kind: AzureASOManagedMachinePoolTemplate
         matchResources:
           machinePoolClass:
@@ -77,7 +77,7 @@ spec:
             {{- include "capz.azureASOManagedMachinePoolSpec" (list $ "{{ .builtin.cluster.name }}" $mpName $mp) | nindent 12 }}
   {{- end }}
 ---
-apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1
 kind: AzureASOManagedClusterTemplate
 metadata:
   name: {{ .Values.clusterClassName | quote }}
@@ -89,7 +89,7 @@ spec:
   template:
     spec: {} # this gets patched in by the ClusterClass
 ---
-apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1
 kind: AzureASOManagedControlPlaneTemplate
 metadata:
   name: {{ .Values.clusterClassName | quote }}
@@ -108,7 +108,7 @@ spec:
     spec: {}
 {{- range $mpName, $mp := .Values.managedMachinePoolSpecs }}
 ---
-apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1
 kind: AzureASOManagedMachinePoolTemplate
 metadata:
   name: {{ printf "%s-%s" $.Values.clusterClassName $mpName | quote }}

diff --git a/charts/azure-aks-aso/templates/credentials.yaml b/charts/azure-aks-aso/templates/credentials.yaml
@@ -7,7 +7,7 @@ metadata:
     {{- include "capz.commonLabels" . | nindent 4 }}
   annotations:
     helm.sh/resource-policy: keep # credentials have to be available throughout a delete operation
-stringData:
+stringData: # https://azure.github.io/azure-service-operator/guide/authentication/credential-format/
   {{- if .Values.subscriptionID }}
   AZURE_SUBSCRIPTION_ID: {{ .Values.subscriptionID | quote }}
   {{- end }}

diff --git a/charts/azure-aks-aso/values.yaml b/charts/azure-aks-aso/values.yaml
@@ -3,12 +3,14 @@ createCredentials: true
 subscriptionID: ""
 tenantID: ""
 clientID: ""
+# Leave clientSecret blank if using WorkloadIdentity
 clientSecret: ""
-authMode: ""
+# Set to podIdentity for managed identity or service principal even if NOT using pod identity
+authMode: "workloadIdentity"
 
 # clusterName defaults to the name of the Helm release
 clusterName: ""
-location: eastus
+location: westus3
 clusterNetwork: null
 kubernetesVersion: v1.30.3
 
@@ -32,6 +34,6 @@ managedMachinePoolSpecs:
     vmSize: Standard_DS2_v2
     type: VirtualMachineScaleSets
 
-clusterClassName: ""
+clusterClassName: "aksasoclass"
 withClusterClass: false
 withClusterTopology: false