mboersma · dtzar · May 14, 2024 · May 13, 2024
diff --git a/charts/azure-managed-cluster/Chart.yaml b/charts/azure-managed-cluster/Chart.yaml
@@ -5,5 +5,5 @@ type: application
 maintainers:
 - email: jt572@cornell.edu
   name: Jont828
-version: 0.2.0
+version: 0.2.1
 appVersion: 1.16.0
diff --git a/charts/azure-managed-cluster/README.md b/charts/azure-managed-cluster/README.md
@@ -0,0 +1,55 @@
+# Cluster API Provider Azure Managed Cluster Helm Chart
+
+This Helm chart is used to deploy a CAPZ Managed Cluster to a Cluster API Management Cluster.
+
+## 1. Prerequisites
+
+Create a Kubernetes cluster with a resource like kind and install the Cluster API Provider Azure (CAPZ) components with
+
+```bash
+clusterctl init --infrastructure azure
+```
+
+## 2. Add the repo for the CAPZ Managed Cluster Helm Chart
+
+```bash
+helm repo add capi https://mboersma.github.io/cluster-api-charts
+```
+
+## 3. Specify values for the CAPZ Managed Cluster Helm Chart
+
+Create a `values.yaml` to specify credentials and other values for the CAPZ Managed Cluster Helm Chart. It can look like the following:
+
+```yaml
+subscriptionID: <subscription-id>
+identity:
+  clientID: <client-id>
+  tenantID: <tenant-id>
+  type: WorkloadIdentity
+cluster:
+  location: eastus
+  cidrBlocks:
+  - 192.168.0.0/16
+controlplane:
+  sshPublicKey: <ssh-public-key>
+  networkPolicy: "calico"
+  networkPlugin: "kubenet"
+  networkPluginMode: null
+
+```
+
+## 4. Install the CAPZ Managed Cluster Helm Chart
+
+```bash
+helm install <name> capi/azure-managed-cluster -f values.yaml
+```
+
+## 5. Uninstall the CAPZ Managed Cluster Helm Chart
+
+```bash
+helm uninstall <name>
+```
+
+**Note:** Uninstall currently is bugged as it fails with `Error: failed to delete release`.
+
+**Note:** the AzureClusterIdentity and cluster identity secret are not deleted when the chart is uninstalled since deleting them would remove the credentials needed to delete the Azure resources.
diff --git a/charts/azure-managed-cluster/templates/azureclusteridentity.yaml b/charts/azure-managed-cluster/templates/azureclusteridentity.yaml
@@ -1,21 +1,21 @@
-{{- if not (lookup "infrastructure.cluster.x-k8s.io/v1beta1" "AzureClusterIdentity" .Values.identity.clusterIdentityNamespace .Values.identity.clusterIdentityName) }}
+{{- if not (lookup "infrastructure.cluster.x-k8s.io/v1beta1" "AzureClusterIdentity" .Release.Namespace .Values.identity.clusterIdentityName) }}
 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
 kind: AzureClusterIdentity
 metadata:
   labels:
     clusterctl.cluster.x-k8s.io/move-hierarchy: "true"
   annotations:
     helm.sh/resource-policy: keep
-  name: {{ $.Values.identity.clusterIdentityName }} 
+  name: {{ .Values.identity.clusterIdentityName }} 
 spec:
   allowedNamespaces: 
     list: 
-    - {{ $.Values.identity.clusterIdentitySecretNamespace }}
+    - {{ .Release.Namespace }}
   clientSecret:
-    name: {{ $.Values.identity.clusterIdentitySecretName }} 
-    namespace: {{ $.Values.identity.clusterIdentitySecretNamespace }}
-  clientID: {{ $.Values.identity.clientID }}
-  tenantID: {{ $.Values.identity.tenantID }}
-  type: {{ $.Values.identity.type }}
-  resourceID: {{ $.Values.identity.resourceID }}
-{{- end }}
+    name: {{ .Values.identity.clusterIdentitySecretName }} 
+    namespace: {{ .Release.Namespace }}
+  clientID: {{ .Values.identity.clientID }}
+  tenantID: {{ .Values.identity.tenantID }}
+  type: {{ .Values.identity.type }}
+  resourceID: {{ .Values.identity.resourceID }}
+{{- end }}
diff --git a/charts/azure-managed-cluster/templates/azuremanagedccontrolplane.yaml b/charts/azure-managed-cluster/templates/azuremanagedccontrolplane.yaml
@@ -8,7 +8,7 @@ spec:
     kind: AzureClusterIdentity
     name: {{ $.Values.identity.clusterIdentityName }} 
   location: {{ $.Values.cluster.location }}
-  resourceGroupName: {{ $.Values.cluster.resourceGroupName }}
+  resourceGroupName: {{ $.Values.cluster.resourceGroupName | default .Release.Name }}
   nodeResourceGroupName: {{ $.Values.cluster.nodeResourceGroupName | default (printf "%snodes" .Release.Name) }}
   sshPublicKey: {{ $.Values.controlplane.sshPublicKey | b64enc }}
   subscriptionID: {{ $.Values.subscriptionID }}
@@ -94,7 +94,7 @@ spec:
         name: {{ $.Values.cluster.name | default .Release.Name }}-fleets
         group: {{ $.Values.cluster.name | default .Release.Name }}
         managerName : {{ $.Values.cluster.name | default .Release.Name }}-fleets-manager
-        managerResourceGroup: {{ $.Values.cluster.resourceGroupName }}-fleets 
+        managerResourceGroup: {{ $.Values.cluster.resourceGroupName | default .Release.Name }}-fleets 
     {{- end }}
   sku:
    tier: {{ $.Values.controlplane.sku.tier }}
diff --git a/charts/azure-managed-cluster/templates/secret.yaml b/charts/azure-managed-cluster/templates/secret.yaml
@@ -1,13 +1,14 @@
-{{- if .Values.identity.clusterIdentitySecretValueB64 }}
+{{- if .Values.identity.clusterIdentitySecretValue }}
+{{- if not (lookup "v1" "Secret" .Release.Namespace .Values.identity.clusterIdentitySecretName) }}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ $.Values.identity.clusterIdentitySecretName }} 
-  namespace: {{ $.Values.identity.clusterIdentitySecretNamespace }}
+  name: {{ .Values.identity.clusterIdentitySecretName }} 
   annotations:
     clusterctl.cluster.x-k8s.io/move-hierarchy: "true"
     helm.sh/resource-policy: keep
 type: Opaque
 data:
-  clientSecret: {{ $.Values.identity.clusterIdentitySecretValueB64 }}
+  clientSecret: {{ .Values.identity.clusterIdentitySecretValue | b64enc}}
+{{- end }}
 {{- end }}
diff --git a/charts/azure-managed-cluster/values.yaml b/charts/azure-managed-cluster/values.yaml
@@ -6,14 +6,13 @@
 
 cluster:
   ## The name of the cluster
-  name: ''
+  name: ""
 
   ## The resource group for the AKS cluster object
-  resourceGroupName: ''
+  resourceGroupName: ""
 
   ## The resource group name for the nodes
-  nodeResourceGroupName: ''
-  # nodeResourceGroupName: "{{ tpl .Values.cluster.name . }}nodes"
+  nodeResourceGroupName: ""
 
   ## The location of the cluster
   location: eastus
@@ -27,15 +26,13 @@ cluster:
 
 
 ## The subscription ID
-subscriptionID: ''
+subscriptionID: ""
 identity:
-  clientID: ''
-  tenantID: ''
+  clientID: ""
+  tenantID: ""
   clusterIdentityName: cluster-identity
-  clusterIdentityNamespace: default
   clusterIdentitySecretName: cluster-identity-secret
-  clusterIdentitySecretNamespace: default
-  clusterIdentitySecretValueB64: ''
+  clusterIdentitySecretValue: ""
   resourceID: ""
   type: ServicePrincipal
 
@@ -44,7 +41,7 @@ controlplane:
   ## SSH public key (must be valid)
 
   ## Kubernetes version
-  kubernetes_version: "v1.28.5"
+  kubernetes_version: "v1.28.9"
 
   ## Network policy, "calico" (for kubenet and azurecni) or "azure" (for azureCNI)
   networkPolicy: "calico"
@@ -101,21 +98,19 @@ controlplane:
   azureEnvironment: "AzurePublicCloud"
   kubeletUserAssignedIdentity: ""
   oidcIssuerProfile: ""
-  # disableLocalAccounts: false
   additionalTags:
   - key: test
     value: test
   dnsPrefix: ""
   virtualNetwork: {}
   disableLocalAccounts: false
-  # Only 1 Nodepool of mode System is allowed
 
 agentPools: []
 
 defaults:
   agentPool:
     mode: User
-    # TODO: should mode be set or required?
+    # Note: Only 1 Nodepool of mode System is allowed so we default to User.
     sku: Standard_DS4_v2
     nodecount: 1
     osDiskSizeGB: 32