Merge pull request #3 from nellyk/main

Update to latest kubernetes version supported & update CAPZ to latest version

Author: ams0

.github/workflows/helm-release.yml

@@ -0,0 +1,32 @@
+name: Release Charts
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  release:
+    # depending on default permission settings for your org (contents being read-only or read-write for workloads), you will have to add permissions
+    # see: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "[email protected]"
+
+      - name: Install Helm
+        uses: azure/setup-helm@v3
+
+      - name: Run chart-releaser
+        uses: helm/[email protected]
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

README.md

@@ -70,43 +70,52 @@ Create a KIND cluster:
 kind create cluster --name capi-helm
 ```
 
+Identity: Two ways to authenticate to Azure, using a Service Principal or Managed Identity. 
+
+use a Service Principal:
+
 Create a secret to include the password of the Service Principal identity created in Azure
 This secret will be referenced by the AzureClusterIdentity used by the AzureCluster
 
 ```bash
 kubectl create secret generic "${AZURE_CLUSTER_IDENTITY_SECRET_NAME}" --from-literal=clientSecret="${AZURE_CLIENT_SECRET}"
 ```
 
-Initialize Cluster API and install Azure CAPZ provider version 0.5.3(uses alphav4 capi)
+Use Managed Identity(recommended):
+
+- Follow the steps on this link to create a managed identity and assign it to the AKS cluster resource group <https://capz.sigs.k8s.io/topics/identities#user-assigned-managed-identity>
+
+Initialize Cluster API and install Azure CAPZ provider version v1.13.1(uses v1beta1 capi)
 
 ```bash
-clusterctl init --infrastructure azure:v0.5.3
+clusterctl init --infrastructure azure
 ```
 
 Deploy a cluster with Helm (please customize parameters as required)
 
-Requirement: SSH public key~/.ssh/id_rsa.pub, to create a key use command "ssh-keygen -t rsa"
+**Using Service Principal:**
 
 ```bash
 helm install capz1 charts/azure-managed-cluster/  \
 --namespace default \
 --set subscriptionID="${AZURE_SUBSCRIPTION_ID}" \
 --set identity.clientId="${AZURE_CLIENT_ID}" \
+--set identity.clientSecret="${AZURE_CLIENT_SECRET}" \
+--set identity.type=ServicePrincipal \
 --set identity.tenantId="${AZURE_TENANT_ID}" \
 --set cluster.resourceGroupName=aksclusters \
 --set cluster.nodeResourceGroupName=capz1 \
 --set cluster.name=aks1 \
---set controlplane.sshPublicKey="$(cat ~/.ssh/id_rsa.pub)" \
---set agentpools[0].name=capz1np0 \
---set agentpools[0].mode=System \
---set agentpools[0].nodecount=1 \
---set agentpools[0].sku=Standard_B2s \
---set agentpools[0].osDiskSizeGB=100 \
---set agentpools[1].name=capz1np1 \
---set agentpools[1].mode=User \
---set agentpools[1].nodecount=1 \
---set agentpools[1].sku=Standard_B2s \
---set agentpools[1].osDiskSizeGB=100
+--set agentpools.0.name=capz1np0 \
+--set agentpools.0.nodecount=1 \
+--set agentpools.0.sku=Standard_B4ms \
+--set agentpools.0.osDiskSizeGB=100 \
+--set agentpools.0.mode=System \
+--set agentpools.1.name=capz1np1 \
+--set agentpools.1.nodecount=1 \
+--set agentpools.1.sku=Standard_B4ms \
+--set agentpools.1.osDiskSizeGB=10 \
+--set agentpools.1.mode=User 
 ```
 
 or more simply (after you edit the values file with your own values):
@@ -116,10 +125,29 @@ helm install capz1 charts/azure-managed-cluster/ --values aks1.yaml \
 --namespace default \
 --set controlplane.sshPublicKey="$(cat ~/.ssh/id_rsa.pub)" \
 --set subscriptionID="${AZURE_SUBSCRIPTION_ID}" \
---set identity.clientId="${AZURE_CLIENT_ID}" \
---set identity.tenantId="${AZURE_TENANT_ID}"
+--set identity.clientID="${AZURE_CLIENT_ID}" \
+--set identity.tenantID="${AZURE_TENANT_ID}" \
+--set identity.clientSecret="${AZURE_CLIENT_SECRET}" \
+--set identity.type=ServicePrincipal 
 ```
 
+**Using Managed Identity**
+
+NB: Ensure the AZURE_USER_ASSIGNED_IDENTITY_RESOURCE_ID is set by getting the resource id of the managed identity created in Azure
+
+
+```bash
+
+helm install capz1 charts/azure-managed-cluster/  \
+--namespace default \
+--set subscriptionID="${AZURE_SUBSCRIPTION_ID}" \
+--set identity.clientID="${AZURE_CLIENT_ID}" \
+--set identity.tenantID="${AZURE_TENANT_ID}" \
+--set identity.type=UserAssignedMSI \
+--set identity.resourceID="${AZURE_USER_ASSIGNED_IDENTITY_RESOURCE_ID}" 
+
+
+
 Check the status with:
 ```
 kubectl get cluster-api
@@ -129,7 +157,7 @@ kubectl  logs -n capz-system -l control-plane=capz-controller-manager -c manager
 Get the credentials
 
 ```
-kubectl get secret {cluster-name}-kubeconfig -o yaml -o jsonpath={.data.value} | base64 --decode > aks1.kubeconfig
+kubectl get secret capi-helm-kubeconfig -o yaml -o jsonpath={.data.value} | base64 --decode > aks1.kubeconfig
 ```
 
 Test the cluster!
@@ -148,22 +176,22 @@ kubectl create namespace default2
 helm install capz2 charts/azure-managed-cluster/  \
 --namespace default2 \
 --set subscriptionID="${AZURE_SUBSCRIPTION_ID}" \
---set identity.clientId="${AZURE_CLIENT_ID}" \
---set identity.tenantId="${AZURE_TENANT_ID}" \
+--set identity.clientID="${AZURE_CLIENT_ID}" \
+--set identity.tenantID="${AZURE_TENANT_ID}" \]=
 --set cluster.resourceGroupName=aksclusters \
 --set cluster.nodeResourceGroupName=capz2 \
 --set cluster.name=aks2 \
 --set controlplane.sshPublicKey="$(cat ~/.ssh/id_rsa.pub)" \
---set agentpools[0].name=capz2np0 \
---set agentpools[0].mode=System \
---set agentpools[0].nodecount=1 \
---set agentpools[0].sku=Standard_B2s \
---set agentpools[0].osDiskSizeGB=100 \
---set agentpools[1].name=capz2np1 \
---set agentpools[1].mode=User \
---set agentpools[1].nodecount=1 \
---set agentpools[1].sku=Standard_B2s \
---set agentpools[1].osDiskSizeGB=100
+--set agentpools.0.name=capz2np0 \
+--set agentpools.0.nodecount=1 \
+--set agentpools.0.sku=Standard_B2s \
+--set agentpools.0.osDiskSizeGB=100 \
+--set agentpools.0.mode=System \
+--set agentpools.1.name=capz2np1 \
+--set agentpools.1.nodecount=1 \
+--set agentpools.1.sku=Standard_B2s \
+--set agentpools.1.osDiskSizeGB=10 \
+--set agentpools.1.mode=User 
 ```
 
 or more simply (after you edit the values file with your own values):
@@ -173,8 +201,8 @@ helm install capz2 charts/azure-managed-cluster/ --values aks2.yaml \
 --namespace default2 \
 --set controlplane.sshPublicKey="$(cat ~/.ssh/id_rsa.pub)" \
 --set subscriptionID="${AZURE_SUBSCRIPTION_ID}" \
---set identity.clientId="${AZURE_CLIENT_ID}" \
---set identity.tenantId="${AZURE_TENANT_ID}"
+--set identity.clientID="${AZURE_CLIENT_ID}" \
+--set identity.tenantID"${AZURE_TENANT_ID}" 
 ```
 
 Clean up:
@@ -184,5 +212,6 @@ helm delete capz1
 helm delete capz2 -n default2
 kubectl delete namespace default2
 
+kind delete clusters capi
 kind delete clusters capi-helm
 ```

aks1.yaml

@@ -30,7 +30,7 @@ controlplane:
   sshPublicKey: ""
 
   ## Kubernetes version
-  kubernetes_version: "v1.21.2"
+  kubernetes_version: "v1.28.3"
 
   ## Network policy, "calico" (for kubenet and azurecni) or "azure" (for azureCNI)
   networkPolicy: "calico"

aks2.yaml

@@ -30,7 +30,7 @@ controlplane:
   sshPublicKey: ""
 
   ## Kubernetes version
-  kubernetes_version: "v1.21.2"
+  kubernetes_version: "v1.28.3"
 
   ## Network policy, "calico" (for kubenet and azurecni) or "azure" (for azureCNI)
   networkPolicy: "calico"

article.md

@@ -35,17 +35,22 @@ Ready to roll! Deploy your first cluster with Helm:
     helm install capz1 charts/azure-managed-cluster/  \
     --set subscriptionID=12c7e9d6-967e-40c8-8b3e-4659a4ada3ef \
     --set cluster.resourceGroupName=aksclusters \
+    --set cluster.location=westeurope \
+    --set cluster.kubernetesVersion=v1.28.3 \
     --set cluster.nodeResourceGroupName=capz1 \
     --set cluster.name=aks1 \
     --set controlplane.sshPublicKey="$(cat ~/.ssh/id_rsa.pub)" \
-    --set agentpools[0].name=capz1np0 \
-    --set agentpools[0].nodecount=1 \
-    --set agentpools[0].sku=Standard_B4ms \
-    --set agentpools[0].osDiskSizeGB=100 \
-    --set agentpools[1].name=capz1np1 \
-    --set agentpools[1].nodecount=1 \
-    --set agentpools[1].sku=Standard_B4ms \
-    --set agentpools[1].osDiskSizeGB=10
+    --set agentpools.0.name=capz1np0 \
+    --set agentpools.0.nodecount=1 \
+    --set agentpools.0.sku=Standard_B4ms \
+    --set agentpools.0.osDiskSizeGB=100 \
+    --set agentpools.0.mode=System \
+    --set agentpools.1.name=capz1np1 \
+    --set agentpools.1.nodecount=1 \
+    --set agentpools.1.sku=Standard_B4ms \
+    --set agentpools.1.osDiskSizeGB=10 \
+    --set agentpools.1.mode=User 
+
 
 If you like you can use a values.yaml file:
 

charts/azure-managed-cluster/templates/AzureClusterIdentity.yaml

@@ -1,14 +1,17 @@
-apiVersion: infrastructure.cluster.x-k8s.io/v1alpha4
+apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
 kind: AzureClusterIdentity
 metadata:
   labels:
     clusterctl.cluster.x-k8s.io/move-hierarchy: "true"
   name: {{ $.Values.identity.clusterIdentityName }} 
 spec:
-  allowedNamespaces: {}
-  clientID: {{ $.Values.identity.clientId }} 
+  allowedNamespaces: 
+    list: 
+    - {{ $.Values.identity.clusterIdentitySecretNamespace }}
   clientSecret:
     name: {{ $.Values.identity.clusterIdentitySecretName }} 
     namespace: {{ $.Values.identity.clusterIdentitySecretNamespace }}
-  tenantID: {{ $.Values.identity.tenantId }}
-  type: ServicePrincipal
+  clientID: {{ $.Values.identity.clientID }} 
+  tenantID: {{ $.Values.identity.tenantID }}
+  type: {{ $.Values.identity.type }}
+  resourceID: {{ $.Values.identity.resourceID }}

charts/azure-managed-cluster/templates/agentpool.yaml

@@ -1,14 +1,53 @@
 {{- range $agentpools := .Values.agentpools }}
-apiVersion: infrastructure.cluster.x-k8s.io/v1alpha4
+apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
 kind: AzureManagedMachinePool
 metadata:
   name: {{ $agentpools.name }}
 spec:
-  mode: {{ $agentpools.mode }}
+  name: {{ $agentpools.name }}
+  scaling:
+    minSize: {{ $agentpools.scaling.minSize }}
+    maxSize: {{ $agentpools.scaling.maxSize }}
+  additionalTags:  
+    {{- range $additionalTags := $agentpools.additionalTags }}
+    {{ $additionalTags.key }}: {{ $additionalTags.value }}
+    {{- end }}
   osDiskSizeGB: {{ $agentpools.osDiskSizeGB }}
   sku: {{ $agentpools.sku }}
+  availabilityZones:
+      {{- range $agentpools.availabilityZones }}
+      - {{ .  | quote }}
+      {{- end }}    
+  nodeLabels: 
+   {{- range $nodeLabels := $agentpools.nodeLabels }}
+    {{ $nodeLabels.key }}: {{ $nodeLabels.value }}
+   {{- end }}
+  taints: 
+   {{- range $taints := $agentpools.taints }}
+    - key: {{ $taints.key }}
+      value: {{ $taints.value }}
+      effect: {{ $taints.effect }}
+   {{- end }}
+  mode: {{ $agentpools.mode }}
+  maxPods: {{ $agentpools.maxPods }}
+  osDiskType : {{ $agentpools.osDiskType }}
+  enableUltraSSD : {{ $agentpools.enableUltraSSD }}
+  osType : {{ $agentpools.osType }}
+  enableNodePublicIP : {{ $agentpools.enableNodePublicIP }}
+  nodePublicIPPrefixID : {{ $agentpools.nodePublicIPPrefixID }}
+  scaleSetPriority : {{ $agentpools.scaleSetPriority }}
+  scaleDownMode : {{ $agentpools.scaleDownMode }}
+  spotMaxPrice : {{ $agentpools.spotMaxPrice }}
+  kubeletConfig : {{ $agentpools.kubeletConfig }}
+  kubeletDiskType : {{ $agentpools.kubeletDiskType }}
+  linuxOSConfig : {{ $agentpools.linuxOSConfig }}
+  subnetName : {{ $agentpools.subnetName }}
+  enableFIPS : {{ $agentpools.enableFIPS }}
+  enableEncryptionAtHost : {{ $agentpools.enableEncryptionAtHost }}
+
+  
 ---
-apiVersion: cluster.x-k8s.io/v1alpha4
+apiVersion: cluster.x-k8s.io/v1beta1
 kind: MachinePool
 metadata:
   name: {{ $agentpools.name }}
@@ -22,10 +61,11 @@ spec:
         dataSecretName: ""
       clusterName: {{ $.Values.cluster.name }}
       infrastructureRef:
-        apiVersion: infrastructure.cluster.x-k8s.io/v1alpha4
+        apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
         kind: AzureManagedMachinePool
         name: {{ $agentpools.name }}
         namespace: {{ $.Release.Namespace }}
       version: {{ $.Values.controlplane.kubernetes_version }}
 ---
-{{- end }}
+{{- end }}
+