-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcheckMsiCluster.sh
68 lines (48 loc) · 2.32 KB
/
checkMsiCluster.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
# Bash script to check that the kubelet identity of the AKS cluster is assigned to all node pools (prevent image pull failures from ACR, etc.)
#
# Usage:
# export clusterName=<clusterName>
# export resourceGroup=<resourceGroup>
# bash ./checkMsiCluster.sh
RED='\033[0;31m' # Red
GREEN='\033[0;32m' # Green
YELLOW='\033[1;33m' # Yellow
NC='\033[0m' # No Color
# clusterName=<clusterName>
# resourceGroup=<clusterResourceGroupName>
# subscriptionId=<notUsed>
# initialise variables from ARM
printf "${YELLOW}\n** Retrieving cluster details from ARM **\n\n${NC}"
kubeletIdentity=$(az aks show -n $clusterName -g $resourceGroup --query identityProfile.kubeletidentity.clientId -o tsv)
nodePools=$(az aks nodepool list -o tsv --cluster-name $clusterName -g $resourceGroup)
nodeResourceGroup=$(az aks show -o tsv -n $clusterName -g $resourceGroup --query nodeResourceGroup)
scalesets=$(az vmss list -o tsv --query "[].name" -g $nodeResourceGroup)
printf "${YELLOW}\n** Checking AKS cluster $clusterName in Resource Group $resourceGroup for kubelet MSI assignment issues **\n\n${NC}"
# Iterate through VMSSes in the Infrastructure Resource Group of AKS cluster
while read -r scaleset
do
identities=$(az vmss show -n $scaleset -g aks-msicluster-res --query "identity.userAssignedIdentities.*.clientId" -o tsv)
# Set found boolean to false
identityFound=0
printf -- "---------------------------------------------------------------\n"
printf "vmss name: $scaleset\n"
printf "kubelet identity: $kubeletIdentity\n"
# Iterate through the assigned identities on the current scaleset in the parent loop
while read -r identity
do
printf "identity: $identity\n"
# Check whether current identity in array matches the kubelet identity
if [[ "$identity" == "$kubeletIdentity" ]]
then
identityFound=1
fi
done <<<$identities
printf -- "---------------------------------------------------------------\n\n"
# Output summary per VMSS
if [ $identityFound -eq 1 ]
then
printf "${GREEN}Found kubelet identity $kubeletIdentity on agent pool VMSS $scaleset\n\n${NC}"
else
printf "${RED}Warning! Did not find kubelet identity $kubeletIdentity on agent pool VMSS $scaleset\n\n${NC}"
fi
done <<<$scalesets