Skip to content

Commit 3d53f80

Browse files
ZeroMagicZeroMagic
authored
aks: add azure keyvault secrets provider addon spec (#13331)
Signed-off-by: Ji An Liu <[email protected]>
1 parent 197c913 commit 3d53f80

File tree

2 files changed

+261
-0
lines changed

2 files changed

+261
-0
lines changed

specification/containerservice/resource-manager/Microsoft.ContainerService/stable/2021-02-01/examples/ManagedClustersCreate_AzureKeyvaultSecretsProvider.json

Lines changed: 258 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,258 @@
1+
{
2+
"parameters": {
3+
"api-version": "2021-02-01",
4+
"subscriptionId": "subid1",
5+
"resourceGroupName": "rg1",
6+
"resourceName": "clustername1",
7+
"parameters": {
8+
"location": "location1",
9+
"tags": {
10+
"tier": "production",
11+
"archv2": ""
12+
},
13+
"sku": {
14+
"name": "Basic",
15+
"tier": "Free"
16+
},
17+
"properties": {
18+
"kubernetesVersion": "",
19+
"dnsPrefix": "dnsprefix1",
20+
"agentPoolProfiles": [
21+
{
22+
"name": "nodepool1",
23+
"count": 3,
24+
"vmSize": "Standard_DS2_v2",
25+
"osType": "Linux",
26+
"type": "VirtualMachineScaleSets",
27+
"enableNodePublicIP": true,
28+
"mode": "System"
29+
}
30+
],
31+
"linuxProfile": {
32+
"adminUsername": "azureuser",
33+
"ssh": {
34+
"publicKeys": [
35+
{
36+
"keyData": "keydata"
37+
}
38+
]
39+
}
40+
},
41+
"networkProfile": {
42+
"loadBalancerSku": "standard",
43+
"outboundType": "loadBalancer",
44+
"loadBalancerProfile": {
45+
"managedOutboundIPs": {
46+
"count": 2
47+
}
48+
}
49+
},
50+
"autoScalerProfile": {
51+
"scan-interval": "20s",
52+
"scale-down-delay-after-add": "15m"
53+
},
54+
"windowsProfile": {
55+
"adminUsername": "azureuser",
56+
"adminPassword": "replacePassword1234$"
57+
},
58+
"servicePrincipalProfile": {
59+
"clientId": "clientid",
60+
"secret": "secret"
61+
},
62+
"addonProfiles": {
63+
"azureKeyvaultSecretsProvider": {
64+
"enabled": true,
65+
"config": {
66+
"enableSecretRotation": "true"
67+
}
68+
}
69+
},
70+
"enableRBAC": true,
71+
"diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
72+
"enablePodSecurityPolicy": true
73+
}
74+
}
75+
},
76+
"responses": {
77+
"200": {
78+
"body": {
79+
"id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
80+
"location": "location1",
81+
"name": "clustername1",
82+
"tags": {
83+
"archv2": "",
84+
"tier": "production"
85+
},
86+
"type": "Microsoft.ContainerService/ManagedClusters",
87+
"properties": {
88+
"provisioningState": "Succeeded",
89+
"maxAgentPools": 1,
90+
"kubernetesVersion": "1.9.6",
91+
"dnsPrefix": "dnsprefix1",
92+
"agentPoolProfiles": [
93+
{
94+
"name": "nodepool1",
95+
"count": 3,
96+
"vmSize": "Standard_DS2_v2",
97+
"maxPods": 110,
98+
"osType": "Linux",
99+
"provisioningState": "Succeeded",
100+
"orchestratorVersion": "1.9.6",
101+
"type": "VirtualMachineScaleSets",
102+
"enableNodePublicIP": true,
103+
"mode": "System",
104+
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
105+
"enableEncryptionAtHost": true
106+
}
107+
],
108+
"linuxProfile": {
109+
"adminUsername": "azureuser",
110+
"ssh": {
111+
"publicKeys": [
112+
{
113+
"keyData": "keydata"
114+
}
115+
]
116+
}
117+
},
118+
"windowsProfile": {
119+
"adminUsername": "azureuser"
120+
},
121+
"servicePrincipalProfile": {
122+
"clientId": "clientid"
123+
},
124+
"addonProfiles": {
125+
"azureKeyvaultSecretsProvider": {
126+
"enabled": true,
127+
"config": {
128+
"enableSecretRotation": "true"
129+
}
130+
}
131+
},
132+
"nodeResourceGroup": "MC_rg1_clustername1_location1",
133+
"enableRBAC": true,
134+
"diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
135+
"enablePodSecurityPolicy": true,
136+
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
137+
"networkProfile": {
138+
"loadBalancerSku": "basic",
139+
"networkPlugin": "kubenet",
140+
"podCidr": "10.244.0.0/16",
141+
"serviceCidr": "10.0.0.0/16",
142+
"dnsServiceIP": "10.0.0.10",
143+
"dockerBridgeCidr": "172.17.0.1/16",
144+
"outboundType": "loadBalancer",
145+
"loadBalancerProfile": {
146+
"allocatedOutboundPorts": 2000,
147+
"idleTimeoutInMinutes": 10,
148+
"managedOutboundIPs": {
149+
"count": 2
150+
},
151+
"effectiveOutboundIPs": [
152+
{
153+
"id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
154+
},
155+
{
156+
"id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
157+
}
158+
]
159+
}
160+
},
161+
"autoScalerProfile": {
162+
"scan-interval": "20s",
163+
"scale-down-delay-after-add": "15m"
164+
}
165+
}
166+
}
167+
},
168+
"201": {
169+
"body": {
170+
"id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
171+
"location": "location1",
172+
"name": "clustername1",
173+
"tags": {
174+
"archv2": "",
175+
"tier": "production"
176+
},
177+
"type": "Microsoft.ContainerService/ManagedClusters",
178+
"properties": {
179+
"provisioningState": "Creating",
180+
"maxAgentPools": 1,
181+
"kubernetesVersion": "1.9.6",
182+
"dnsPrefix": "dnsprefix1",
183+
"agentPoolProfiles": [
184+
{
185+
"name": "nodepool1",
186+
"count": 3,
187+
"vmSize": "Standard_DS2_v2",
188+
"maxPods": 110,
189+
"osType": "Linux",
190+
"provisioningState": "Creating",
191+
"orchestratorVersion": "1.9.6",
192+
"type": "VirtualMachineScaleSets",
193+
"enableNodePublicIP": true,
194+
"mode": "System",
195+
"enableEncryptionAtHost": true
196+
}
197+
],
198+
"linuxProfile": {
199+
"adminUsername": "azureuser",
200+
"ssh": {
201+
"publicKeys": [
202+
{
203+
"keyData": "keydata"
204+
}
205+
]
206+
}
207+
},
208+
"windowsProfile": {
209+
"adminUsername": "azureuser"
210+
},
211+
"servicePrincipalProfile": {
212+
"clientId": "clientid"
213+
},
214+
"addonProfiles": {
215+
"azureKeyvaultSecretsProvider": {
216+
"enabled": true,
217+
"config": {
218+
"enableSecretRotation": "true"
219+
}
220+
}
221+
},
222+
"nodeResourceGroup": "MC_rg1_clustername1_location1",
223+
"enableRBAC": true,
224+
"diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
225+
"enablePodSecurityPolicy": true,
226+
"networkProfile": {
227+
"networkPlugin": "kubenet",
228+
"podCidr": "10.244.0.0/16",
229+
"serviceCidr": "10.0.0.0/16",
230+
"dnsServiceIP": "10.0.0.10",
231+
"dockerBridgeCidr": "172.17.0.1/16",
232+
"loadBalancerSku": "standard",
233+
"outboundType": "loadBalancer",
234+
"loadBalancerProfile": {
235+
"allocatedOutboundPorts": 2000,
236+
"idleTimeoutInMinutes": 10,
237+
"managedOutboundIPs": {
238+
"count": 2
239+
},
240+
"effectiveOutboundIPs": [
241+
{
242+
"id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
243+
},
244+
{
245+
"id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
246+
}
247+
]
248+
}
249+
},
250+
"autoScalerProfile": {
251+
"scan-interval": "20s",
252+
"scale-down-delay-after-add": "15m"
253+
}
254+
}
255+
}
256+
}
257+
}
258+
}

specification/containerservice/resource-manager/Microsoft.ContainerService/stable/2021-02-01/managedClusters.json

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -488,6 +488,9 @@
488488
},
489489
"Create Managed Cluster with Node Public IP Prefix": {
490490
"$ref": "./examples/ManagedClustersCreate_NodePublicIPPrefix.json"
491+
},
492+
"Create Managed Cluster with Azure KeyVault Secrets Provider Addon": {
493+
"$ref": "./examples/ManagedClustersCreate_AzureKeyvaultSecretsProvider.json"
491494
}
492495
}
493496
},

0 commit comments

Comments
 (0)