Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(kubelogin): add kubelogin azure ad auth #170

Merged
merged 4 commits into from
Dec 29, 2023
Merged

feat(kubelogin): add kubelogin azure ad auth #170

merged 4 commits into from
Dec 29, 2023

Conversation

haarchri
Copy link
Member

Description of your changes

initial work done in crossplane-contrib/provider-helm#205 by @erhancagirici

Enables configuring Azure AD authentication via kubelogin integration. Introduces the type AzureServicePrincipalCredentials in ProviderConfig .spec.identity section.

The specified Azure Service Principal credentials provided via Secret, for authenticating to AKS cluster by obtaining a token through kubelogin

An example ProviderConfig using AzurePrincipalCredentials as identity for authenticating to AzureAD

apiVersion: kubernetes.crossplane.io/v1alpha1
kind: ProviderConfig
metadata:
  name: kubernetes-provider
spec:
  credentials:
    source: Secret
    secretRef:
      namespace: crossplane-system
      name: cluster-config
      key: kubeconfig
  identity:
    type: AzureServicePrincipalCredentials
    source: Secret
    secretRef:
      name: azure-credentials
      namespace: crossplane-system
      key: credentials.json

Fixes #105

I have:

  • Read and followed Crossplane's contribution process.
  • Run make reviewable test to ensure this PR is ready for review.

How has this code been tested

test image: index.docker.io/haarchri/provider-kubernetes:v0.0.0-130.g8467c56

 kubectl get objects
NAME                   KIND             PROVIDERCONFIG   SYNCED   READY   AGE
test-aks-5qft5         ApplicationSet   test-aks         True     True    16m
test-aks-f6mcm-gqthg   Secret           default          True     True    14m

- apiVersion: kubernetes.crossplane.io/v1alpha1
  kind: ProviderConfig
  metadata:
    name: test-aks
  spec:
    credentials:
      secretRef:
        key: kubeconfig
        name: 3a02bacd-0d8a-40b2-8922-560ba4acf7ed-akscluster
        namespace: upbound-system
      source: Secret
    identity:
      secretRef:
        key: credentials
        name: azure-creds
        namespace: upbound-system
      source: Secret
      type: AzureServicePrincipalCredentials

- apiVersion: kubernetes.crossplane.io/v1alpha1
  kind: ProviderConfig
  metadata:
    name: default
  spec:
    credentials:
      source: InjectedIdentity

@haarchri
Copy link
Member Author

this error https://github.com/crossplane-contrib/provider-kubernetes/actions/runs/7267353656/job/19800977910?pr=170#step:11:1005 is related to: upbound/official-providers-ci#169

erhancagirici
erhancagirici reviewed Dec 19, 2023
View reviewed changes
Copy link
Collaborator

@erhancagirici erhancagirici left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left one comment, otherwise LGTM

internal/clients/azure/azure.go Show resolved Hide resolved
turkenh
turkenh approved these changes Dec 20, 2023
View reviewed changes
Copy link
Collaborator

@turkenh turkenh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @haarchri!

@turkenh turkenh merged commit c8a78af into crossplane-contrib:main Dec 29, 2023
8 checks passed
@patst patst mentioned this pull request Feb 28, 2024
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@erhancagirici erhancagirici erhancagirici left review comments

@turkenh turkenh turkenh approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Integrate kubelogin for Azure AD Authentication to AKS Clusters
3 participants
@haarchri @turkenh @erhancagirici