renames

aks-node-controller/parser/helper.go

@@ -178,7 +178,7 @@ func getEnableTLSBootstrap(bootstrapConfig *aksnodeconfigv1.TLSBootstrappingConf
 
 func getEnableSecureTLSBootstrap(bootstrapConfig *aksnodeconfigv1.TLSBootstrappingConfig) bool {
 	// TODO: Change logic to default to false once Secure TLS Bootstrapping is complete
-	return bootstrapConfig.GetBootstrappingAuthMethod() == aksnodeconfigv1.BootstrappingAuthMethod_SecureTlsBootstrapping
+	return bootstrapConfig.GetBootstrappingAuthMethod() == aksnodeconfigv1.TLSBootstrappingConfig_SecureTlsBootstrapping
 }
 
 func getTLSBootstrapToken(bootstrapConfig *aksnodeconfigv1.TLSBootstrappingConfig) string {

pkg/proto/aksnodeconfig/v1/bootstrappingconfig.proto

@@ -0,0 +1,43 @@
+syntax = "proto3";
+package aksnodeconfig.v1;
+
+message BootstrappingConfig {
+  // Method to authenticate the node to the API server
+  BootstrappingAuthMethod bootstrapping_auth_method = 1;
+
+  // how the node should join and communicate with the API server after authentication
+  ClusterJoinMethod cluster_join_method = 2;
+
+  // Only required until Secure TLS bootstrapping in place. Would use kubelet identity after that.
+  optional string tls_bootstrapping_token = 3;
+
+  // Only used when secure TLS bootstrapping is enabled or one of the Azure/Arc methods. This is the appserver appid that the node will use to bootstrap.
+  optional string custom_aad_resource = 4;
+
+  // Only used when one of the Azure/Arc methods is enabled. This is the client ID of the MSI that the node will use to bootstrap.
+  optional string custom_aad_client_id = 5;
+
+  enum BootstrappingAuthMethod  {
+    // This is the default K8s bootstrap authentication method - a time limited bootstrap token. It's stored as a secret
+    // with a particular type in the API server.
+    //nolint:gosec // this is a const string to use in switch statements, not hardcoded credentials
+    BOOTSTRAP_TOKEN = 0;
+    // Secure TLS bootstrapping is a process where the node can use signed metadata from the Azure IMDS service to authenticate
+    // against the api server
+    SECURE_TLS_BOOTSTRAPPING = 1;
+    // Nodes running outside Azure can use the Azure Arc MSI to authenticate to an API server. This only works when the cluster is
+    //  using AAD authentication.
+    ARC_MSI = 2;
+    // Nodes running inside Azure can use the Azure Arc MSI to authenticate to an API server. This only works when the cluster is
+    // using AAD authentication.
+    AZURE_MSI = 3;
+  }
+
+  enum ClusterJoinMethod  {
+    // The default behaviour is for the node to make a certificate signing request (CSR) and then
+    // use that CSR for ongoing communication.
+    GENERATE_CSR = 0;
+    // In some cases, the node will use the bootstrapping auth to register itself as a node and for ongoing communications.
+    USE_BOOTSTRAPPING_AUTH = 1;
+  }
+}

pkg/proto/aksnodeconfig/v1/config.proto

@@ -14,7 +14,7 @@ import "pkg/proto/aksnodeconfig/v1/teleportconfig.proto";
 import "pkg/proto/aksnodeconfig/v1/runcconfig.proto";
 import "pkg/proto/aksnodeconfig/v1/customcloudconfig.proto";
 import "pkg/proto/aksnodeconfig/v1/apiserverconfig.proto";
-import "pkg/proto/aksnodeconfig/v1/tlsbootstrappingconfig.proto";
+import "pkg/proto/aksnodeconfig/v1/bootstrappingconfig.proto";
 import "pkg/proto/aksnodeconfig/v1/clusterconfig.proto";
 import "pkg/proto/aksnodeconfig/v1/networkconfig.proto";
 import "pkg/proto/aksnodeconfig/v1/imdsrestrictionconfig.proto";
@@ -42,7 +42,7 @@ message Configuration {
   ClusterConfig cluster_config = 5;
 
   // TLS bootstrap config 
-  TLSBootstrappingConfig tls_bootstrapping_config = 6;
+  BootstrappingConfig bootstrapping_config = 6;
 
   // Authentication configuration
   AuthConfig auth_config = 7;

pkg/proto/aksnodeconfig/v1/helper.go

@@ -31,7 +31,7 @@ func ensureConfigsNonNil(nBC *Configuration) {
 	initializeIfNil(&nBC.ClusterConfig.ClusterNetworkConfig)
 	initializeIfNil(&nBC.GpuConfig)
 	initializeIfNil(&nBC.NetworkConfig)
-	initializeIfNil(&nBC.TlsBootstrappingConfig)
+	initializeIfNil(&nBC.BootstrappingConfig)
 	initializeIfNil(&nBC.KubeletConfig)
 	initializeIfNil(&nBC.RuncConfig)
 	initializeIfNil(&nBC.ContainerdConfig)

pkg/proto/aksnodeconfig/v1/helper_test.go

@@ -18,13 +18,13 @@ func TestNewNBContractBuilder(t *testing.T) {
 			LoadBalancerConfig:   &LoadBalancerConfig{},
 			ClusterNetworkConfig: &ClusterNetworkConfig{},
 		},
-		GpuConfig:              &GPUConfig{},
-		NetworkConfig:          &NetworkConfig{},
-		TlsBootstrappingConfig: &TLSBootstrappingConfig{},
-		KubeletConfig:          &KubeletConfig{},
-		RuncConfig:             &RuncConfig{},
-		ContainerdConfig:       &ContainerdConfig{},
-		TeleportConfig:         &TeleportConfig{},
+		GpuConfig:           &GPUConfig{},
+		NetworkConfig:       &NetworkConfig{},
+		BootstrappingConfig: &BootstrappingConfig{},
+		KubeletConfig:       &KubeletConfig{},
+		RuncConfig:          &RuncConfig{},
+		ContainerdConfig:    &ContainerdConfig{},
+		TeleportConfig:      &TeleportConfig{},
 		CustomLinuxOsConfig: &CustomLinuxOSConfig{
 			SysctlConfig: &SysctlConfig{},
 			UlimitConfig: &UlimitConfig{},
@@ -64,13 +64,13 @@ func TestNBContractBuilder_ApplyConfiguration(t *testing.T) {
 			LoadBalancerConfig:   &LoadBalancerConfig{},
 			ClusterNetworkConfig: &ClusterNetworkConfig{},
 		},
-		GpuConfig:              &GPUConfig{},
-		NetworkConfig:          &NetworkConfig{},
-		TlsBootstrappingConfig: &TLSBootstrappingConfig{},
-		KubeletConfig:          &KubeletConfig{},
-		RuncConfig:             &RuncConfig{},
-		ContainerdConfig:       &ContainerdConfig{},
-		TeleportConfig:         &TeleportConfig{},
+		GpuConfig:           &GPUConfig{},
+		NetworkConfig:       &NetworkConfig{},
+		BootstrappingConfig: &BootstrappingConfig{},
+		KubeletConfig:       &KubeletConfig{},
+		RuncConfig:          &RuncConfig{},
+		ContainerdConfig:    &ContainerdConfig{},
+		TeleportConfig:      &TeleportConfig{},
 		CustomLinuxOsConfig: &CustomLinuxOSConfig{
 			SysctlConfig: &SysctlConfig{},
 			UlimitConfig: &UlimitConfig{},