mount mc-secret

charts/member-agent/templates/deployment.yaml

@@ -93,6 +93,9 @@ spec:
           - name: cloud-provider-config
             mountPath: /etc/kubernetes/provider
             readOnly: true
+          - name: managed-cluster-info
+            mountPath: /etc/kubernetes/secrets
+            readOnly: true
           {{- end }}
         {{- end }}
         {{- if not .Values.useCAAuth }}
@@ -125,6 +128,9 @@ spec:
       - name: cloud-provider-config
         secret:
           secretName: cloud-config
+      - name: managed-cluster-info
+        secret:
+          secretName: mc-secret
       {{- end }}
       {{- end }}
       {{- with .Values.nodeSelector }}

charts/member-agent/templates/mcsecret.yaml

@@ -0,0 +1,10 @@
+{{- if eq .Values.propertyProvider "azure" }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: mc-secret
+  namespace: {{ .Values.namespace }}
+type: Opaque
+data:
+  data: {{ .Values.azure.mcSecretData | quote }}
+{{- end }}

charts/member-agent/values.yaml

@@ -55,6 +55,7 @@ secret:
 
 azure:
   clientid: <member_cluster_clientID>
+  mcSecretData: "CgJ1c2VyEgdwYXNzd29yZA==" # TODO: Replace with the base64 encoded secret data using github secret
 
 tlsClientInsecure: true #TODO should be false in the production
 useCAAuth: false