Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Managed Identity support for Image Pull #240

Open
wants to merge 116 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
116 commits
Select commit Hold shift + click to select a range
e979e99
ignore helm init and pod specs example
t-ysalazar Jun 7, 2022
bdf2cc1
Revert "ignore helm init and pod specs example"
t-ysalazar Jun 13, 2022
1cc644e
MI for image pull and mock test endpoint
fnuarnav Jun 20, 2022
6264659
add defualt image server when nothing is provided
fnuarnav Jun 20, 2022
a0530aa
added unit tests for MI
fnuarnav Jun 20, 2022
7216493
fix error; remove print statements
fnuarnav Jun 20, 2022
1a4ed8f
removed unused pod identity object
fnuarnav Jun 20, 2022
df701e1
use pointer variable for ContainerGroup.Identity
fnuarnav Jun 20, 2022
d846f64
added comments to describe types
fnuarnav Jun 21, 2022
ec26969
update comments
fnuarnav Jun 21, 2022
14c2f04
only add image reigstry creds for acr servernames
fnuarnav Jun 23, 2022
4f9b1e2
Merge branch 'virtual-kubelet:master' into master
t-ysalazar Jul 7, 2022
3c9d25a
Merge branch 'virtual-kubelet:master' into master
t-ysalazar Jul 11, 2022
b29a7c8
Merge branch 'fnuarnav/feature/mi-for-image-pull' into t-ysalazar/mi-…
t-ysalazar Jul 11, 2022
3b86b2f
rebase with master
t-ysalazar Jul 11, 2022
8adcb62
e2e 1, create cluster
t-ysalazar Jul 12, 2022
c9cda56
E2E delete cluster after test
t-ysalazar Jul 12, 2022
cc98532
e2e get client secret
t-ysalazar Jul 12, 2022
2039759
e2e add managed-identity
t-ysalazar Jul 13, 2022
48fa251
e2e get masterURI
t-ysalazar Jul 13, 2022
8189ffa
e2e helm
t-ysalazar Jul 13, 2022
e2aa4d1
e2e fix miURL
t-ysalazar Jul 14, 2022
e9eb315
e2e fix miURL
t-ysalazar Jul 14, 2022
e890b06
e2e mi pull pod
t-ysalazar Jul 14, 2022
03ca373
TestImagePullUsingKubeletIdentityAndSecrets
t-ysalazar Jul 14, 2022
fc2226e
e2e test TestImagePullUsingKubeletIdentityAndSecrets assign role MI
t-ysalazar Jul 15, 2022
4eabd8e
deployments_test const
t-ysalazar Jul 18, 2022
bfb5706
factorize TestImagePullUsingKubeletIdentity
t-ysalazar Jul 18, 2022
5f441ec
fix delete cluster
t-ysalazar Jul 18, 2022
d69ed08
e2e TestImagePull_KubeletIdentityInAKSCLuster/virtual_node_with_manag…
t-ysalazar Jul 19, 2022
ec1c281
e2e TestAKSDeployment_attachACR
t-ysalazar Jul 19, 2022
38e454f
TestImagePull_KubeletIdentityInAKSCLuster/virtual_node_with_no_secrets
t-ysalazar Jul 20, 2022
fe5cbd1
Merge branch 'virtual-kubelet:master' into master
t-ysalazar Jul 20, 2022
a823e5f
TestImagePull_KubeletIdentityInAKSCLuster
t-ysalazar Jul 20, 2022
884c479
fix merge conflict
t-ysalazar Jul 20, 2022
583d23d
Merge pull request #2 from t-ysalazar/t-ysalazar/mi-for-image-pull
suselva Jul 20, 2022
186a6fb
remove comment
suselva Jul 20, 2022
43df01a
Merge branch 'virtual-kubelet:master' into suselva/mi-image-pull
suselva Jul 21, 2022
d935e7c
update regex string escape
suselva Jul 21, 2022
093ca98
fix compatibility
t-ysalazar Jul 21, 2022
797c58e
parallelization
t-ysalazar Jul 21, 2022
a0ed92a
comments
t-ysalazar Jul 22, 2022
80e7dee
Merge branch 'virtual-kubelet:master' into t-ysalazar/mi-for-image-pull
t-ysalazar Jul 22, 2022
d6693be
Merge pull request #3 from t-ysalazar/t-ysalazar/mi-for-image-pull
t-ysalazar Jul 22, 2022
f9bfbec
Merge branch 't-ysalazar/mi-for-image-pull' of https://github.com/t-y…
t-ysalazar Jul 25, 2022
8545cad
e2e fix node assignation
t-ysalazar Jul 25, 2022
bed4401
Merge pull request #4 from t-ysalazar/t-ysalazar/mi-for-image-pull
t-ysalazar Jul 25, 2022
1ad2fdc
Merge branch 'master' into suselva/mi-image-pull
ryanzhang-oss Jul 27, 2022
c2d3e42
dynamic values in mi-image-pull podspecs
t-ysalazar Aug 4, 2022
f10e459
Merge pull request #5 from t-ysalazar/t-ysalazar/mi-for-image-pull
t-ysalazar Aug 4, 2022
b93be3d
add RG and location to helm; add azure dns ip to aci request
fnuarnav Aug 5, 2022
8a9a647
refractor types.go
suselva Aug 8, 2022
f75d623
acr name may contain numbers
fnuarnav Aug 17, 2022
3826ec7
updated readme for using MI for image pull
fnuarnav Aug 17, 2022
571672c
updated readme
fnuarnav Aug 17, 2022
5c441fd
comment explanation for AzureDnsIp; don't fail when cluster details n…
fnuarnav Aug 17, 2022
3ad9e34
Merge branch 'virtual-kubelet:master' into suselva/mi-image-pull
suselva Aug 19, 2022
0e4734a
lint updates
suselva Aug 23, 2022
d29d133
Merge branch 'master' into suselva/mi-image-pull
suselva Aug 23, 2022
2c14f20
merge changes from master
fnuarnav Aug 30, 2022
965f9f7
merge changes from upstream/master
fnuarnav Sep 6, 2022
3ef7bcf
simplified e2e/deployments_test.go
fnuarnav Sep 6, 2022
a3ce27e
removed unused code
fnuarnav Sep 6, 2022
3f4853b
removed unused import
fnuarnav Sep 6, 2022
a36f2b6
wqMerge branch 'master' into suselva/mi-image-pull
fnuarnav Sep 7, 2022
87a65ab
use correct container name
fnuarnav Sep 7, 2022
1b824ac
use simple command in yaml
fnuarnav Sep 8, 2022
8cde356
ignore yaml created by envsubst
fnuarnav Sep 8, 2022
ff2dcec
merged changes from upstream/master
fnuarnav Sep 9, 2022
9e0e2f6
Merge branch 'master' into suselva/mi-image-pull
fnuarnav Sep 9, 2022
ef82131
Adding print statements to hack script
suselva Sep 9, 2022
ff2a10c
Merge branch 'suselva/mi-image-pull' of https://github.com/suselva/az…
suselva Sep 9, 2022
3805c7b
Fix merge conflict change
suselva Sep 9, 2022
705f196
removed unnecessary comment
fnuarnav Sep 12, 2022
8b19ebf
only create acr in one place
fnuarnav Sep 12, 2022
1f7213d
Merge branch 'master' into suselva/mi-image-pull
fnuarnav Sep 12, 2022
cb28310
merge changes from master
fnuarnav Oct 17, 2022
0a7f3f5
added azidentity and armmsi adk
fnuarnav Oct 28, 2022
4cdd3b1
use managed identity to pull images from ACR
fnuarnav Oct 28, 2022
0926639
added unit test for getImageServerNames method
fnuarnav Oct 28, 2022
8d46c25
added unit tests for getManagedIdentityImageRegistryCredentials
fnuarnav Oct 28, 2022
b6cabe1
removed duplicate test
fnuarnav Oct 31, 2022
1ab605f
Merge remote-tracking branch 'upstream/master' into suselva/mi-image-…
fnuarnav Oct 31, 2022
4179703
added armcontainerservice sdk
fnuarnav Oct 31, 2022
dece820
handle non default resource group and agent pool identity
fnuarnav Oct 31, 2022
cc0c0dc
removed MI from old cold without sdk
fnuarnav Nov 9, 2022
cbfae3a
moved funcs to pkg/provider/identity.go file
fnuarnav Nov 9, 2022
0873ddb
merge with upstream/master
fnuarnav Nov 9, 2022
003b90e
error should start with lowercase
fnuarnav Nov 9, 2022
eeb525d
error should be lowercase
fnuarnav Nov 9, 2022
92e395b
Merge remote-tracking branch 'upstream/master' into suselva/mi-image-…
fnuarnav Nov 10, 2022
3103aa6
cover more cases for finding cluster and kublet identity
fnuarnav Nov 19, 2022
19ed975
merge changes from master
fnuarnav Nov 19, 2022
a31e328
filter by fqdn instead of name since pod.ClusterName is not always pr…
fnuarnav Nov 19, 2022
94de42d
merge changes from master
fnuarnav Jan 3, 2023
25a4c2e
add envsubst statement to aks-addon.sh to use correct acr
fnuarnav Jan 3, 2023
8f6c7bf
add alpine image to the acr to test image pull
fnuarnav Jan 3, 2023
57f5c40
add ManagedIdentityPullFeature to featureflag
fnuarnav Jan 8, 2023
735ac08
skip e2e test if MI feature flag is not set
fnuarnav Jan 8, 2023
7759db4
merge changes from master
fnuarnav Mar 19, 2023
fa28280
updated MI unit tests
fnuarnav Mar 19, 2023
ffd61ed
removed from main
fnuarnav Mar 21, 2023
f37fe30
add alpine image to acr
fnuarnav Mar 21, 2023
e671ca5
Merge branch 'master' into suselva/mi-image-pull
fnuarnav Mar 22, 2023
2b235c4
import ctx
fnuarnav Mar 22, 2023
faecc2c
fix lint error
fnuarnav Mar 22, 2023
89633db
merge changes from master
fnuarnav Mar 30, 2023
64a7e37
merge changes from master
fnuarnav Jul 19, 2023
d8fd3e8
update variable name
fnuarnav Aug 24, 2023
356feeb
update function call
fnuarnav Aug 24, 2023
3d06794
update aks version to 1.26.6 in makefile
fnuarnav Aug 24, 2023
8278fa7
authenticate clients correctly; move readme to docs/; update unit test
fnuarnav Sep 1, 2023
f6624ec
only import image to acr when E2E_TARGET=pr
fnuarnav Sep 1, 2023
34a45ca
fix link in readme
fnuarnav Sep 1, 2023
84bb117
fix lint errors
fnuarnav Sep 1, 2023
e531a87
merge changes from master
fnuarnav Oct 5, 2023
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
use pointer variable for ContainerGroup.Identity
  • Loading branch information
fnuarnav committed Jun 20, 2022
commit df701e19ab77d11a91e8fc1e570585f263b8a26d
2 changes: 1 addition & 1 deletion client/aci/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,7 @@ type ContainerGroup struct {
Location string `json:"location,omitempty"`
Tags map[string]string `json:"tags,omitempty"`
ContainerGroupProperties `json:"properties,omitempty"`
Identity ACIContainerGroupIdentity `json:"identity,omitempty"`
Identity *ACIContainerGroupIdentity `json:"identity,omitempty"`
}

// ContainerGroupProperties is
Expand Down
2 changes: 1 addition & 1 deletion provider/aci.go
Original file line number Diff line number Diff line change
Expand Up @@ -1414,7 +1414,7 @@ func (p *ACIProvider) setContainerGroupIdentity(ctx context.Context, identity *a
Type: identityType,
UserAssignedIdentities: identityList,
}
containerGroup.Identity = cgIdentity
containerGroup.Identity = &cgIdentity
}

func makeRegistryCredential(server string, authConfig AuthConfig) (*aci.ImageRegistryCredential, error) {
Expand Down
2 changes: 2 additions & 0 deletions provider/aci_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -1426,6 +1426,7 @@ func TestCreatePodManagedIdentity(t *testing.T) {
assert.Check(t, is.Equal(1.0, cg.ContainerGroupProperties.Containers[0].Resources.Requests.CPU), "Request CPU is not expected")
assert.Check(t, is.Equal(1.5, cg.ContainerGroupProperties.Containers[0].Resources.Requests.MemoryInGB), "Request Memory is not expected")
assert.Check(t, is.Nil(cg.ContainerGroupProperties.Containers[0].Resources.Limits), "Limits should be nil")
assert.Check(t, cg.Identity != nil, "Container group identity should not be nil")
assert.Check(t, is.Equal(len(cg.Identity.UserAssignedIdentities), 1), "Container group identity should be set")
assert.Check(t, is.Equal(len(cg.ContainerGroupProperties.ImageRegistryCredentials), 1), "Image registry credentials should be set")
assert.Check(t, is.Equal(cg.ContainerGroupProperties.ImageRegistryCredentials[0].Server, serverName), "Server name should be docker.io by default")
Expand Down Expand Up @@ -1479,6 +1480,7 @@ func TestCreatePodManagedIdentityWithServerName(t *testing.T) {
assert.Check(t, is.Equal(1.0, cg.ContainerGroupProperties.Containers[0].Resources.Requests.CPU), "Request CPU is not expected")
assert.Check(t, is.Equal(1.5, cg.ContainerGroupProperties.Containers[0].Resources.Requests.MemoryInGB), "Request Memory is not expected")
assert.Check(t, is.Nil(cg.ContainerGroupProperties.Containers[0].Resources.Limits), "Limits should be nil")
assert.Check(t, cg.Identity != nil, "Container group identity should not be nil")
assert.Check(t, is.Equal(len(cg.Identity.UserAssignedIdentities), 1), "Container group identity should be set")
assert.Check(t, is.Equal(len(cg.ContainerGroupProperties.ImageRegistryCredentials), 1), "Image registry credentials should be set")
assert.Check(t, is.Equal(cg.ContainerGroupProperties.ImageRegistryCredentials[0].Server, serverName), "Server name should be set correctly")
Expand Down