AKSCluster now only supports managed identities

Signed-off-by: Alper Rifat Ulucinar <[email protected]>

apis/compute/v1alpha3/types.go

@@ -81,6 +81,24 @@ type AKSClusterParameters struct {
 	// cluster.
 	// +optional
 	DisableRBAC bool `json:"disableRBAC,omitempty"`
+
+	// Identity is the managed identity configuration for the control-plane.
+	// +kubebuilder:validation:Required
+	Identity Identity `json:"identity"`
+}
+
+type Identity struct {
+	// Type specifies the type of the managed identity to be used by
+	// the control-plane. Allowed values are: `SystemAssigned` or
+	// `UserAssigned`.
+	// +required
+	// +kubebuilder:validation:Enum=SystemAssigned;UserAssigned
+	Type string `json:"type"`
+	// IdentityNames are the names of the user-assigned managed identity
+	// resources to be used by the control-plane.
+	// Required if Type is `UserAssigned`.
+	// +optional
+	IdentityNames []string `json:"identityNames,omitempty"`
 }
 
 // An AKSClusterSpec defines the desired state of a AKSCluster.

go.mod

@@ -4,7 +4,7 @@ go 1.16
 
 require (
 	github.com/Azure/azure-pipeline-go v0.2.2 // indirect
-	github.com/Azure/azure-sdk-for-go v61.4.0+incompatible
+	github.com/Azure/azure-sdk-for-go v62.3.0+incompatible
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v0.22.0
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v0.13.2
 	github.com/Azure/azure-storage-blob-go v0.7.0

go.sum

@@ -25,8 +25,8 @@ dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7
 github.com/Azure/azure-pipeline-go v0.2.1/go.mod h1:UGSo8XybXnIGZ3epmeBw7Jdz+HiUVpqIlpz/HKHylF4=
 github.com/Azure/azure-pipeline-go v0.2.2 h1:6oiIS9yaG6XCCzhgAgKFfIWyo4LLCiDhZot6ltoThhY=
 github.com/Azure/azure-pipeline-go v0.2.2/go.mod h1:4rQ/NZncSvGqNkkOsNpOU1tgoNuIlp9AfUH5G1tvCHc=
-github.com/Azure/azure-sdk-for-go v61.4.0+incompatible h1:BF2Pm3aQWIa6q9KmxyF1JYKYXtVw67vtvu2Wd54NGuY=
-github.com/Azure/azure-sdk-for-go v61.4.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
+github.com/Azure/azure-sdk-for-go v62.3.0+incompatible h1:Ctfsn9UoA/BB4HMYQlbPPgNXdX0tZ4tmb85+KFb2+RE=
+github.com/Azure/azure-sdk-for-go v62.3.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v0.21.0/go.mod h1:fBF9PQNqB8scdgpZ3ufzaLntG0AG7C1WjPMsiFOmfHM=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v0.22.0 h1:zBJcBJwte0x6PcPK7XaWDMvK2o2ZM2f1sMaqNNavQ5g=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v0.22.0/go.mod h1:fBF9PQNqB8scdgpZ3ufzaLntG0AG7C1WjPMsiFOmfHM=

package/crds/azure.crossplane.io_providerconfigs.yaml

@@ -45,6 +45,10 @@ spec:
           spec:
             description: A ProviderConfigSpec defines the desired state of a ProviderConfig.
             properties:
+              armEndpoint:
+                description: ARMEndpoint is the Azure Resource Manager endpoint to
+                  use. Defaults to ARM public cloud endpoint.
+                type: string
               clientID:
                 description: ClientID is the user-assigned managed identity's ID when
                   Credentials.Source is `InjectedIdentity`. If unset and Credentials.Source
@@ -103,6 +107,11 @@ spec:
                 required:
                 - source
                 type: object
+              subscriptionID:
+                description: SubscriptionID is the Azure subscription ID to be used.
+                  If unset, subscription ID from Credentials will be used. Required
+                  if Credentials.Source is not Secret.
+                type: string
             required:
             - credentials
             type: object

package/crds/compute.azure.crossplane.io_aksclusters.yaml

@@ -74,6 +74,28 @@ spec:
                   to the Kubernetes API when managing containers after creating the
                   cluster.
                 type: string
+              identity:
+                description: Identity is the managed identity configuration for the
+                  control-plane.
+                properties:
+                  identityNames:
+                    description: IdentityNames are the names of the user-assigned
+                      managed identity resources to be used by the control-plane.
+                      Required if Type is `UserAssigned`.
+                    items:
+                      type: string
+                    type: array
+                  type:
+                    description: 'Type specifies the type of the managed identity
+                      to be used by the control-plane. Allowed values are: `SystemAssigned`
+                      or `UserAssigned`.'
+                    enum:
+                    - SystemAssigned
+                    - UserAssigned
+                    type: string
+                required:
+                - type
+                type: object
               location:
                 description: Location is the Azure location that the cluster will
                   be created in
@@ -193,6 +215,7 @@ spec:
                 - namespace
                 type: object
             required:
+            - identity
             - location
             - version
             type: object