cluster-api-provider-azure icon indicating copy to clipboard operation
cluster-api-provider-azure copied to clipboard

Published 20 hours ago verified publisher icon kubernetes-sigs

Add OIDCIssuerProfile configuration option

Open nijave opened this issue 3 years ago • 5 comments

/kind feature

Describe the solution you'd like In order to enable Azure Workload Identity, the OIDC issuer needs to be enabled on new clusters. Add a field AzureManagedControlPlane for enabling OIDC issuer.

Anything else you would like to add: Basically just a configuration option that does the same as this cli command https://docs.microsoft.com/en-us/azure/aks/cluster-configuration#update-an-aks-cluster-with-oidc-issuer

Environment:

  • cluster-api-provider-azure version: v1.4.0
  • Kubernetes version: (use kubectl version): v1.22
  • OS (e.g. from /etc/os-release):

nijave avatar Jul 22 '22 14:07 nijave

/help

CecileRobertMichon avatar Jul 22 '22 18:07 CecileRobertMichon

@CecileRobertMichon: This request has been marked as needing help from a contributor.

Guidelines

Please ensure that the issue body includes answers to the following questions:

  • Why are we solving this issue?
  • To address this issue, are there any code changes? If there are code changes, what needs to be done in the code and what places can the assignee treat as reference points?
  • Does this issue have zero to low barrier of entry?
  • How can the assignee reach out to you for help?

For more details on the requirements of such an issue, please see here and ensure that they are met.

If this request no longer meets these requirements, the label can be removed by commenting with the /remove-help command.

In response to this:

/help

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

k8s-ci-robot avatar Jul 22 '22 18:07 k8s-ci-robot

/area managedclusters

CecileRobertMichon avatar Jul 22 '22 18:07 CecileRobertMichon

/assign

nojnhuh avatar Sep 01 '22 17:09 nojnhuh

Since we haven't added any AKS preview features yet to CAPZ, there's some work we need to do yet to determine how those should be implemented generally which is being tracked in #2625. Once that's done, this looks like it would be a great first preview feature to implement!

/unassign

nojnhuh avatar Sep 02 '22 18:09 nojnhuh

The Kubernetes project currently lacks enough contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

  • Mark this PR as fresh with /remove-lifecycle stale
  • Close this PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Feb 08 '23 02:02 k8s-triage-robot

/remove-lifecycle stale

nijave avatar Feb 08 '23 12:02 nijave

+1 for this feature.

mjnovice avatar Apr 13 '23 17:04 mjnovice

Workload Identity is now Merged in CAPZ and GA in Azure and since AAD Pod Identity is getting deprecated, this feature is mandatory. Is there a guide on how to enable this?

andreipantelimon avatar Jul 25 '23 12:07 andreipantelimon

@mboersma @nojnhuh this is one where we need either ASO (#3529) or SDK v2 (#3409) to be able to unblock it

CecileRobertMichon avatar Jul 25 '23 17:07 CecileRobertMichon

I'd really love to have it. Do you have any estimate on when it should be ready? Even on main branch.

maciaszczykm avatar Aug 25 '23 08:08 maciaszczykm

/assign

nojnhuh avatar Sep 07 '23 20:09 nojnhuh