diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index a4c42a4c62a..af8972572a5 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -21,6 +21,14 @@ rules: - namespaces verbs: - list +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -33,6 +41,14 @@ rules: - patch - update - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch - apiGroups: - authentication.k8s.io resources: @@ -48,8 +64,7 @@ rules: - apiGroups: - bootstrap.cluster.x-k8s.io resources: - - kubeadmconfigs - - kubeadmconfigs/status + - '*' verbs: - get - list @@ -128,14 +143,6 @@ rules: - get - list - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch - apiGroups: - infrastructure.cluster.x-k8s.io resources: diff --git a/spectro/base/kustomization.yaml b/spectro/base/kustomization.yaml index f2d2e66abdb..800971f93c9 100644 --- a/spectro/base/kustomization.yaml +++ b/spectro/base/kustomization.yaml @@ -6,6 +6,7 @@ namePrefix: capz- resources: - ../../config/manager +- ../../config/rbac @@ -16,13 +17,6 @@ labels: pairs: cluster.x-k8s.io/provider: infrastructure-azure patches: -- path: patch_service_account.yaml - target: - group: apps - kind: Deployment - name: controller-manager - namespace: system - version: v1 - path: patch_healthcheck.yaml target: group: apps diff --git a/spectro/base/patch_service_account.yaml b/spectro/base/patch_service_account.yaml deleted file mode 100644 index 99d7e697b56..00000000000 --- a/spectro/base/patch_service_account.yaml +++ /dev/null @@ -1,2 +0,0 @@ -- op: remove - path: "/spec/template/spec/serviceAccountName" \ No newline at end of file diff --git a/spectro/generated/core-base.yaml b/spectro/generated/core-base.yaml index 09ecefeafbd..fbd954fdf99 100644 --- a/spectro/generated/core-base.yaml +++ b/spectro/generated/core-base.yaml @@ -1,3 +1,354 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-manager + namespace: capz-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-leader-election-role + namespace: capz-system +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + cluster.x-k8s.io/aggregate-to-capz-manager: "true" + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-base-manager-role +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - list +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - bootstrap.cluster.x-k8s.io + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + verbs: + - create + - get + - list + - patch + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters/status + verbs: + - get + - list + - patch + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinepools + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinepools/status + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machines + - machines/status + verbs: + - delete + - get + - list + - watch +- apiGroups: + - containerservice.azure.com + resources: + - fleetsmembers + - managedclusters + - managedclustersagentpools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - fleetsmembers/status + - managedclusters/status + - managedclustersagentpools/status + verbs: + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azureasomanagedclusters + - azureasomanagedcontrolplanes + - azureasomanagedmachinepools + - azureclusteridentities + - azureclusteridentities/status + - azureclusters + - azuremachinepoolmachines + - azuremachinepools + - azuremachines + - azuremanagedclusters + - azuremanagedcontrolplanes + - azuremanagedmachinepools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azureasomanagedclusters/finalizers + - azureasomanagedcontrolplanes/finalizers + - azureasomanagedmachinepools/finalizers + verbs: + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azureasomanagedclusters/status + - azureasomanagedcontrolplanes/status + - azureasomanagedmachinepools/status + - azureclusters/status + - azuremachinepoolmachines/status + - azuremachinepools/status + - azuremachines/status + - azuremanagedclusters/status + - azuremanagedcontrolplanes/status + - azuremanagedmachinepools/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremachinetemplates + - azuremachinetemplates/status + verbs: + - get + - list + - watch +- apiGroups: + - kubernetesconfiguration.azure.com + resources: + - extensions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - kubernetesconfiguration.azure.com + resources: + - extensions/status + verbs: + - get + - list + - watch +- apiGroups: + - network.azure.com + resources: + - bastionhosts + - natgateways + - privateendpoints + - virtualnetworks + - virtualnetworkssubnets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - bastionhosts/status + - natgateways/status + - privateendpoints/status + - virtualnetworks/status + - virtualnetworkssubnets/status + verbs: + - get + - list + - watch +- apiGroups: + - resources.azure.com + resources: + - resourcegroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - resources.azure.com + resources: + - resourcegroups/status + verbs: + - get + - list + - watch +--- +aggregationRule: + clusterRoleSelectors: + - matchLabels: + cluster.x-k8s.io/aggregate-to-capz-manager: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-manager-role +rules: [] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-leader-election-rolebinding + namespace: capz-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: capz-leader-election-role +subjects: +- kind: ServiceAccount + name: capz-manager + namespace: capz-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: capz-manager-role +subjects: +- kind: ServiceAccount + name: capz-manager + namespace: capz-system +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -80,6 +431,7 @@ spec: runAsNonRoot: true seccompProfile: type: RuntimeDefault + serviceAccountName: capz-manager terminationGracePeriodSeconds: 10 tolerations: - effect: NoSchedule diff --git a/spectro/generated/core-global.yaml b/spectro/generated/core-global.yaml index 98de595535a..ca190d0d887 100644 --- a/spectro/generated/core-global.yaml +++ b/spectro/generated/core-global.yaml @@ -1822,6 +1822,11 @@ spec: description: PrivateDNSZoneName defines the zone name for the Azure Private DNS. type: string + privateDNSZoneResourceGroup: + description: |- + PrivateDNSZoneResourceGroup defines the resource group to be used for Azure Private DNS Zone. + If not specified, the resource group of the cluster will be used to create the Azure Private DNS Zone. + type: string subnets: description: Subnets is the configuration for the control-plane subnet and the node subnet. @@ -2962,6 +2967,11 @@ spec: description: PrivateDNSZoneName defines the zone name for the Azure Private DNS. type: string + privateDNSZoneResourceGroup: + description: |- + PrivateDNSZoneResourceGroup defines the resource group to be used for Azure Private DNS Zone. + If not specified, the resource group of the cluster will be used to create the Azure Private DNS Zone. + type: string subnets: description: Subnets is the configuration for the control-plane subnet and the node subnet. @@ -7859,6 +7869,461 @@ spec: storage: true subresources: status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + description: AzureManagedControlPlane is the Schema for the azuremanagedcontrolplanes + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: AzureManagedControlPlaneSpec defines the desired state of + AzureManagedControlPlane. + properties: + aadProfile: + description: AadProfile is Azure Active Directory configuration to + integrate with AKS for aad authentication. + properties: + adminGroupObjectIDs: + description: AdminGroupObjectIDs - AAD group object IDs that will + have admin role of the cluster. + items: + type: string + type: array + managed: + description: Managed - Whether to enable managed AAD. + type: boolean + required: + - adminGroupObjectIDs + - managed + type: object + additionalTags: + additionalProperties: + type: string + description: |- + AdditionalTags is an optional set of tags to add to Azure resources managed by the Azure provider, in addition to the + ones added by default. + type: object + addonProfiles: + description: AddonProfiles are the profiles of managed cluster add-on. + items: + properties: + config: + additionalProperties: + type: string + description: Config - Key-value pairs for configuring an add-on. + type: object + enabled: + description: Enabled - Whether the add-on is enabled or not. + type: boolean + name: + description: Name- The name of managed cluster add-on. + type: string + required: + - enabled + - name + type: object + type: array + apiServerAccessProfile: + description: APIServerAccessProfile is the access profile for AKS + API server. + properties: + authorizedIPRanges: + description: AuthorizedIPRanges - Authorized IP Ranges to kubernetes + API server. + items: + type: string + type: array + enablePrivateCluster: + description: EnablePrivateCluster - Whether to create the cluster + as a private cluster or not. + type: boolean + enablePrivateClusterPublicFQDN: + description: EnablePrivateClusterPublicFQDN - Whether to create + additional public FQDN for private cluster or not. + type: boolean + privateDNSZone: + description: PrivateDNSZone - Private dns zone mode for private + cluster. + type: string + type: object + autoUpgradeProfile: + description: AutoUpgradeProfile - Profile of auto upgrade configuration. + properties: + upgradeChannel: + description: 'UpgradeChannel - upgrade channel for auto upgrade. + Possible values include: "node-image","none","patch","rapid","stable"' + enum: + - node-image + - none + - patch + - rapid + - stable + type: string + required: + - upgradeChannel + type: object + azureEnvironment: + description: |- + AzureEnvironment is the name of the AzureCloud to be used. + The default value that would be used by most users is "AzurePublicCloud", other values are: + - ChinaCloud: "AzureChinaCloud" + - PublicCloud: "AzurePublicCloud" + - USGovernmentCloud: "AzureUSGovernmentCloud" + type: string + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + disableLocalAccounts: + description: DisableLocalAccounts - If set to true, getting static + credential will be disabled for this cluster. Expected to only be + used for AAD clusters. + type: boolean + dnsPrefix: + description: DNSPrefix - DNS prefix specified when creating the managed + cluster. + type: string + dnsServiceIP: + description: |- + DNSServiceIP is an IP address assigned to the Kubernetes DNS service. + It must be within the Kubernetes service address range specified in serviceCidr. + type: string + dockerBridgeCidr: + description: DockerBridgeCidr - A CIDR notation IP range assigned + to the Docker bridge network. It must not overlap with any Subnet + IP ranges or the Kubernetes service address range. + type: string + fqdnSubdomain: + description: FqdnSubdomain - FQDN subdomain specified when creating + private cluster with custom private dns zone. + type: string + identityRef: + description: IdentityRef is a reference to a AzureClusterIdentity + to be used when reconciling this cluster + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + loadBalancerProfile: + description: LoadBalancerProfile is the profile of the cluster load + balancer. + properties: + allocatedOutboundPorts: + description: AllocatedOutboundPorts - Desired number of allocated + SNAT ports per VM. Allowed values must be in the range of 0 + to 64000 (inclusive). The default value is 0 which results in + Azure dynamically allocating ports. + format: int32 + type: integer + idleTimeoutInMinutes: + description: IdleTimeoutInMinutes - Desired outbound flow idle + timeout in minutes. Allowed values must be in the range of 4 + to 120 (inclusive). The default value is 30 minutes. + format: int32 + type: integer + managedOutboundIPs: + description: ManagedOutboundIPs - Desired managed outbound IPs + for the cluster load balancer. + format: int32 + type: integer + outboundIPPrefixes: + description: OutboundIPPrefixes - Desired outbound IP Prefix resources + for the cluster load balancer. + items: + type: string + type: array + outboundIPs: + description: OutboundIPs - Desired outbound IP resources for the + cluster load balancer. + items: + type: string + type: array + type: object + loadBalancerSKU: + description: LoadBalancerSKU is the SKU of the loadBalancer to be + provisioned. + enum: + - Basic + - Standard + type: string + location: + description: 'Location is a string matching one of the canonical Azure + region names. Examples: "westus2", "eastus".' + type: string + networkPlugin: + description: NetworkPlugin used for building Kubernetes network. + enum: + - azure + - kubenet + type: string + networkPolicy: + description: NetworkPolicy used for building Kubernetes network. + enum: + - azure + - calico + type: string + nodeResourceGroupName: + description: |- + NodeResourceGroupName is the name of the resource group + containing cluster IaaS resources. Will be populated to default + in webhook. + type: string + outboundType: + description: Outbound configuration used by Nodes. + enum: + - loadBalancer + - managedNATGateway + - userAssignedNATGateway + - userDefinedRouting + type: string + resourceGroupName: + description: ResourceGroupName is the name of the Azure resource group + for this AKS Cluster. + type: string + sku: + description: SKU is the SKU of the AKS to be provisioned. + properties: + tier: + description: Tier - Tier of a managed cluster SKU. + enum: + - Free + - Paid + type: string + required: + - tier + type: object + sshPublicKey: + description: SSHPublicKey is a string literal containing an ssh public + key base64 encoded. + type: string + subscriptionID: + description: SubscriptionID is the GUID of the Azure subscription + to hold this cluster. + type: string + userAssignedIdentities: + description: UserAssignedIdentities is a list of standalone Azure + identities provided by the user to assign the cluster + items: + description: |- + UserAssignedIdentity defines the user-assigned identities provided + by the user to be assigned to Azure resources. + properties: + providerID: + description: |- + ProviderID is the identification ID of the user-assigned Identity, the format of an identity is: + 'azure:///subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}' + type: string + required: + - providerID + type: object + type: array + version: + description: Version defines the desired Kubernetes version. + minLength: 2 + type: string + virtualNetwork: + description: VirtualNetwork describes the vnet for the AKS cluster. + Will be created if it does not exist. + properties: + cidrBlock: + type: string + name: + type: string + resourceGroupName: + description: ResourceGroupName is the name of the Azure resource + group for the VNet and Subnet. + type: string + subnet: + description: ManagedControlPlaneSubnet describes a subnet for + an AKS cluster. + properties: + cidrBlock: + type: string + name: + type: string + required: + - cidrBlock + - name + type: object + required: + - cidrBlock + - name + type: object + required: + - location + - resourceGroupName + - sshPublicKey + - version + type: object + status: + description: AzureManagedControlPlaneStatus defines the observed state + of AzureManagedControlPlane. + properties: + autoUpgradeVersion: + description: AutoUpgradeVersion is the Kubernetes version populated + after autoupgrade based on the upgrade channel. + minLength: 2 + type: string + conditions: + description: Conditions defines current service state of the AzureManagedControlPlane. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + A human readable message indicating details about the transition. + This field may be empty. + type: string + reason: + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may be empty. + type: string + severity: + description: |- + severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + initialized: + description: |- + Initialized is true when the control plane is available for initial contact. + This may occur before the control plane is fully ready. + In the AzureManagedControlPlane implementation, these are identical. + type: boolean + longRunningOperationStates: + description: |- + LongRunningOperationStates saves the states for Azure long-running operations so they can be continued on the + next reconciliation loop. + items: + description: Future contains the data needed for an Azure long-running + operation to continue across reconcile loops. + properties: + data: + description: Data is the base64 url encoded json Azure AutoRest + Future. + type: string + name: + description: |- + Name is the name of the Azure resource. + Together with the service name, this forms the unique identifier for the future. + type: string + resourceGroup: + description: ResourceGroup is the Azure resource group for the + resource. + type: string + serviceName: + description: |- + ServiceName is the name of the Azure service. + Together with the name of the resource, this forms the unique identifier for the future. + type: string + type: + description: Type describes the type of future, such as update, + create, delete, etc. + type: string + required: + - data + - name + - serviceName + - type + type: object + type: array + ready: + description: Ready is true when the provider resource is ready. + type: boolean + type: object + type: object + served: true + storage: false --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -8849,6 +9314,9 @@ spec: - jsonPath: .spec.mode name: Mode type: string + - jsonPath: .spec.mode + name: Mode + type: string name: v1beta1 schema: openAPIV3Schema: @@ -9541,6 +10009,247 @@ spec: storage: true subresources: status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + description: AzureManagedMachinePool is the Schema for the azuremanagedmachinepools + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: AzureManagedMachinePoolSpec defines the desired state of + AzureManagedMachinePool. + properties: + availabilityZones: + description: AvailabilityZones - Availability zones for nodes. Must + use VirtualMachineScaleSets AgentPoolType. + items: + type: string + type: array + enableUltraSSD: + description: EnableUltraSSD enables the storage type UltraSSD_LRS + for the agent pool. + type: boolean + maxPods: + description: MaxPods specifies the kubelet --max-pods configuration + for the node pool. + format: int32 + type: integer + mode: + description: 'Mode - represents mode of an agent pool. Possible values + include: System, User.' + enum: + - System + - User + type: string + name: + description: Name - name of the agent pool. If not specified, CAPZ + uses the name of the CR as the agent pool name. + type: string + nodeLabels: + additionalProperties: + type: string + description: Node labels - labels for all of the nodes present in + node pool + type: object + osDiskSizeGB: + description: |- + OSDiskSizeGB is the disk size for every machine in this agent pool. + If you specify 0, it will apply the default osDisk size according to the vmSize specified. + format: int32 + type: integer + osDiskType: + default: Managed + description: OsDiskType specifies the OS disk type for each node in + the pool. Allowed values are 'Ephemeral' and 'Managed'. + enum: + - Ephemeral + - Managed + type: string + osType: + description: 'OSType specifies the virtual machine operating system. + Default to Linux. Possible values include: ''Linux'', ''Windows''' + enum: + - Linux + - Windows + type: string + providerIDList: + description: ProviderIDList is the unique identifier as specified + by the cloud provider. + items: + type: string + type: array + scaling: + description: Scaling specifies the autoscaling parameters for the + node pool. + properties: + maxSize: + format: int32 + type: integer + minSize: + format: int32 + type: integer + type: object + sku: + description: SKU is the size of the VMs in the node pool. + type: string + subnetName: + description: SubnetName selects the Subnet where the MachinePool will + be placed + type: string + taints: + description: Taints specifies the taints for nodes present in this + agent pool. + items: + properties: + effect: + description: Effect specifies the effect for the taint + enum: + - NoSchedule + - NoExecute + - PreferNoSchedule + type: string + key: + description: Key is the key of the taint + type: string + value: + description: Value is the value of the taint + type: string + required: + - effect + - key + - value + type: object + type: array + required: + - mode + - sku + type: object + status: + description: AzureManagedMachinePoolStatus defines the observed state + of AzureManagedMachinePool. + properties: + conditions: + description: Conditions defines current service state of the AzureManagedControlPlane. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + A human readable message indicating details about the transition. + This field may be empty. + type: string + reason: + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may be empty. + type: string + severity: + description: |- + severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + errorMessage: + description: |- + Any transient errors that occur during the reconciliation of Machines + can be added as events to the Machine object and/or logged in the + controller's output. + type: string + errorReason: + description: |- + Any transient errors that occur during the reconciliation of Machines + can be added as events to the Machine object and/or logged in the + controller's output. + type: string + longRunningOperationStates: + description: |- + LongRunningOperationStates saves the states for Azure long-running operations so they can be continued on the + next reconciliation loop. + items: + description: Future contains the data needed for an Azure long-running + operation to continue across reconcile loops. + properties: + data: + description: Data is the base64 url encoded json Azure AutoRest + Future. + type: string + name: + description: |- + Name is the name of the Azure resource. + Together with the service name, this forms the unique identifier for the future. + type: string + resourceGroup: + description: ResourceGroup is the Azure resource group for the + resource. + type: string + serviceName: + description: |- + ServiceName is the name of the Azure service. + Together with the name of the resource, this forms the unique identifier for the future. + type: string + type: + description: Type describes the type of future, such as update, + create, delete, etc. + type: string + required: + - data + - name + - serviceName + - type + type: object + type: array + ready: + description: Ready is true when the provider resource is ready. + type: boolean + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + type: object + type: object + served: true + storage: false --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -66079,52 +66788,35 @@ metadata: cluster.x-k8s.io/provider: infrastructure-azure name: capz-aad-pod-id-nmi-role rules: - - apiGroups: - - cluster.x-k8s.io - resources: - - clusters - verbs: - - get - - list - - watch - - apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - - azuremanagedclusters - - azuremanagedcontrolplanes - - azuremanagedmachinepools - - azureclusters - verbs: - - '*' - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - apiGroups: - - aadpodidentity.k8s.io - resources: - - azureidentitybindings - - azureidentities - - azurepodidentityexceptions - verbs: - - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get +- apiGroups: + - aadpodidentity.k8s.io + resources: + - azureidentitybindings + - azureidentities + - azurepodidentityexceptions + verbs: + - '*' --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -70618,12 +71310,12 @@ metadata: name: capz-aso-controller-settings namespace: capi-webhook-system stringData: - AZURE_AUTHORITY_HOST: "" + AZURE_AUTHORITY_HOST: ${AZURE_AUTHORITY_HOST:=""} AZURE_CLIENT_ID: "" - AZURE_RESOURCE_MANAGER_AUDIENCE: "" - AZURE_RESOURCE_MANAGER_ENDPOINT: "" + AZURE_RESOURCE_MANAGER_AUDIENCE: ${AZURE_RESOURCE_MANAGER_AUDIENCE:=""} + AZURE_RESOURCE_MANAGER_ENDPOINT: ${AZURE_RESOURCE_MANAGER_ENDPOINT:=""} AZURE_SUBSCRIPTION_ID: "" - AZURE_SYNC_PERIOD: 1h + AZURE_SYNC_PERIOD: ${AZURE_SYNC_PERIOD:=""} AZURE_TENANT_ID: "" AZURE_USER_AGENT_SUFFIX: cluster-api-provider-azure/main type: Opaque