Skip to content

Commit 2b68d2f

Browse files
aramasearamase
authored
ci: use msi to authenticate with keyvault (cleanup) (#379)
- PR to cleanup references to `AZURE_CLIENT_ID` and `AZURE_CLIENT_SECRET` in the pipelines. - Also using this to validate pipelines work as expected after removing the client id and secret variables from library. Signed-off-by: Anish Ramasekar <[email protected]>
1 parent 0204d02 commit 2b68d2f

File tree

4 files changed

+5
-19
lines changed

4 files changed

+5
-19
lines changed

.pipelines/templates/e2e-kind-template.yml

Lines changed: 2 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -16,12 +16,11 @@ jobs:
1616
- name: KIND_NETWORK
1717
value: kind
1818
# contains the following environment variables:
19-
# - AZURE_CLIENT_ID
20-
# - AZURE_CLIENT_SECRET
2119
# - AZURE_TENANT_ID
2220
# - KEYVAULT_NAME
2321
# - KEY_NAME
2422
# - KEY_VERSION
23+
# - USER_ASSIGNED_IDENTITY_ID
2524
- group: kubernetes-kms
2625
strategy:
2726
matrix:
@@ -48,8 +47,6 @@ jobs:
4847
KUBERNETES_VERSION: $(KUBERNETES_VERSION)
4948
KIND_CLUSTER_NAME: $(KIND_CLUSTER_NAME)
5049
KIND_NETWORK: $(KIND_NETWORK)
51-
AZURE_CLIENT_ID: $(AZURE_CLIENT_ID)
52-
AZURE_CLIENT_SECRET: $(AZURE_CLIENT_SECRET)
5350
- template: cluster-health-template.yml
5451
- template: kind-debug-template.yml
5552
- script: make e2e-test
@@ -72,12 +69,11 @@ jobs:
7269
- name: KIND_NETWORK
7370
value: kind
7471
# contains the following environment variables:
75-
# - AZURE_CLIENT_ID
76-
# - AZURE_CLIENT_SECRET
7772
# - AZURE_TENANT_ID
7873
# - KEYVAULT_NAME
7974
# - KEY_NAME
8075
# - KEY_VERSION
76+
# - USER_ASSIGNED_IDENTITY_ID
8177
- group: kubernetes-kms
8278
strategy:
8379
matrix:
@@ -98,8 +94,6 @@ jobs:
9894
KUBERNETES_VERSION: $(KUBERNETES_VERSION)
9995
KIND_CLUSTER_NAME: $(KIND_CLUSTER_NAME)
10096
KIND_NETWORK: $(KIND_NETWORK)
101-
AZURE_CLIENT_ID: $(AZURE_CLIENT_ID)
102-
AZURE_CLIENT_SECRET: $(AZURE_CLIENT_SECRET)
10397
- template: cluster-health-template.yml
10498
- template: kind-debug-template.yml
10599
- script: make e2e-kmsv2-test

.pipelines/templates/e2e-upgrade-template.yml

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -16,12 +16,11 @@ jobs:
1616
- name: KIND_NETWORK
1717
value: kind
1818
# contains the following environment variables:
19-
# - AZURE_CLIENT_ID
20-
# - AZURE_CLIENT_SECRET
2119
# - AZURE_TENANT_ID
2220
# - KEYVAULT_NAME
2321
# - KEY_NAME
2422
# - KEY_VERSION
23+
# - USER_ASSIGNED_IDENTITY_ID
2524
- group: kubernetes-kms
2625

2726
steps:

.pipelines/templates/manifest-template.yml

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,3 @@ steps:
1717
echo "##vso[task.setvariable variable=REGISTRY]${{ parameters.registry }}"
1818
echo "##vso[task.setvariable variable=IMAGE_NAME]${{ parameters.imageName }}"
1919
displayName: "Generate Manifests"
20-
env:
21-
AZURE_CLIENT_ID: $(AZURE_CLIENT_ID)
22-
AZURE_CLIENT_SECRET: $(AZURE_CLIENT_SECRET)

.pipelines/templates/unit-tests-template.yml

Lines changed: 2 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -6,12 +6,11 @@ jobs:
66
clean: all
77
variables:
88
# contains the following environment variables:
9-
# - AZURE_CLIENT_ID
10-
# - AZURE_CLIENT_SECRET
119
# - AZURE_TENANT_ID
1210
# - KEYVAULT_NAME
1311
# - KEY_NAME
1412
# - KEY_VERSION
13+
# - USER_ASSIGNED_IDENTITY_ID
1514
- group: kubernetes-kms
1615

1716
steps:
@@ -26,12 +25,9 @@ jobs:
2625
displayName: Check binary version
2726
- script: |
2827
sudo mkdir /etc/kubernetes
29-
echo -e '{\n "tenantId": "'$AZURE_TENANT_ID'",\n "aadClientId": "'$AZURE_CLIENT_ID'",\n "aadClientSecret": "'$AZURE_CLIENT_SECRET'",\n}' | sudo tee --append /etc/kubernetes/azure.json > /dev/null
28+
echo -e '{\n "tenantId": "'$AZURE_TENANT_ID'",\n "useManagedIdentityExtension": true,\n "userAssignedIdentityID": "'$USER_ASSIGNED_IDENTITY_ID'",\n}' | sudo tee --append /etc/kubernetes/azure.json > /dev/null
3029
sudo chown root:root /etc/kubernetes/azure.json && sudo chmod 600 /etc/kubernetes/azure.json
3130
displayName: Setup azure.json on host
32-
env:
33-
AZURE_CLIENT_ID: $(AZURE_CLIENT_ID)
34-
AZURE_CLIENT_SECRET: $(AZURE_CLIENT_SECRET)
3531
- script: |
3632
sudo ./_output/kubernetes-kms --keyvault-name $KEYVAULT_NAME --key-name $KEY_NAME --key-version $KEY_VERSION --listen-addr "unix:///opt/azurekms.sock" > /dev/null &
3733
echo Waiting 2 seconds for the server to start

0 commit comments

Comments
 (0)