-
Notifications
You must be signed in to change notification settings - Fork 76
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
use MSI for az login #116
base: master
Are you sure you want to change the base?
use MSI for az login #116
Conversation
…ClientSecret is empty
Thanks for the PR, can you please create an issue in |
@superseb issue was created 2 days ago |
@superseb would you be able to review this PR? |
cloud-provider.sh
Outdated
@@ -32,8 +33,12 @@ set_azure_config() { | |||
az cloud set --name ${azure_cloud} | |||
|
|||
# login to Azure | |||
az login --service-principal -u ${azure_client_id} -p ${azure_client_secret} --tenant ${azure_tenant_id} 2>&1 > /dev/null | |||
|
|||
if [ "$az_managed_identity_extension" = "true" ] && [ "${azure_client_secret}" = "" ]; then |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can you add the curly braces on az_managed_identity_extension
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
couldnt we also make this easier with no param and just say if azure_client_secret is empty to fall back on an az login --idtentity
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this would also work for usecase where az_managed_identity_extension
is true however want to use different credentials for azure_client_secret
you are going going to need to add the same functionality to the powershell windows file: https://github.com/rancher/rke-tools/blob/master/windows/cloud-provider.psm1 |
…ClientSecret is empty for windows
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
don't have powershell / windows to test, feel free to criticize / update / suggest changes
cloud-provider.sh
Outdated
@@ -32,8 +33,12 @@ set_azure_config() { | |||
az cloud set --name ${azure_cloud} | |||
|
|||
# login to Azure | |||
az login --service-principal -u ${azure_client_id} -p ${azure_client_secret} --tenant ${azure_tenant_id} 2>&1 > /dev/null | |||
|
|||
if [ "$az_managed_identity_extension" = "true" ] && [ "${azure_client_secret}" = "" ]; then |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this would also work for usecase where az_managed_identity_extension
is true however want to use different credentials for azure_client_secret
Please rebase on master so we don't run CI on removed Windows versions |
Done |
Does this PR still need reviews? It's been over 6 months since it was updated. |
I'm confused on why this PR has never been implemented. You either use managed identity or a Service Principals not both...? We're having similar issues with Linux + Windows Nodes. Please assist. |
Windows support for RKE1 was stopped September 1 2022. I don't believe this will be addressed anymore. @aiyengar2 @HarrisonWAffel I believe we can close this? |
Although I agree for windows node, it should at least be done for Linux images |
@Sartigan My bad, I agree. I will put it in the queue |
rancher/rke#2413
use MSI for az login if useManagedIdentityExtension=true and aaClientSecret is empty