From 455adeac7633f9e369886afdae9b44bb87bc10fe Mon Sep 17 00:00:00 2001 From: Charlie McBride <33269602+charliedmcb@users.noreply.github.com> Date: Fri, 5 Jan 2024 23:28:54 +0000 Subject: [PATCH] plug in the needed make commands and update acr perms for workload id --- Makefile-az.mk | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Makefile-az.mk b/Makefile-az.mk index 81441f211..c1e2dcf6b 100755 --- a/Makefile-az.mk +++ b/Makefile-az.mk @@ -15,7 +15,7 @@ KARPENTER_SERVICE_ACCOUNT_NAME ?= karpenter-sa AZURE_KARPENTER_USER_ASSIGNED_IDENTITY_NAME ?= karpentermsi KARPENTER_FEDERATED_IDENTITY_CREDENTIAL_NAME ?= KARPENTER_FID -az-all: az-login az-mkaks-cilium az-perm az-patch-skaffold-azureoverlay az-build az-run az-run-sample ## Provision the infra (ACR,AKS); build and deploy Karpenter; deploy sample Provisioner and workload +az-all: az-login az-mkaks-cilium az-create-karpenter-msi az-create-federate-creds az-perm az-perm-acr az-patch-skaffold-azureoverlay az-build az-run az-run-sample ## Provision the infra (ACR,AKS); build and deploy Karpenter; deploy sample Provisioner and workload az-all-savm: az-login az-mkaks-savm az-perm az-patch-skaffold-azure az-build az-run az-run-sample ## Provision the infra (ACR,AKS); build and deploy Karpenter; deploy sample Provisioner and workload - StandaloneVirtualMachines az-login: ## Login into Azure @@ -119,9 +119,9 @@ az-perm: ## Create role assignments to let Karpenter manage VMs and Network @echo Consider "make az-patch-skaffold"! az-perm-acr: - $(eval AZURE_CLIENT_ID=$(shell az aks show --name $(AZURE_CLUSTER_NAME) --resource-group $(AZURE_RESOURCE_GROUP) | jq -r ".identityProfile.kubeletidentity.clientId")) + $(eval KARPENTER_USER_ASSIGNED_CLIENT_ID=$(shell az identity show --resource-group "${AZURE_RESOURCE_GROUP}" --name "${AZURE_KARPENTER_USER_ASSIGNED_IDENTITY_NAME}" --query 'clientId' -otsv)) $(eval AZURE_ACR_ID=$(shell az acr show --name $(AZURE_ACR_NAME) --resource-group $(AZURE_RESOURCE_GROUP) | jq -r ".id")) - az role assignment create --assignee $(AZURE_CLIENT_ID) --scope $(AZURE_ACR_ID) --role "AcrPull" + az role assignment create --assignee $(KARPENTER_USER_ASSIGNED_CLIENT_ID) --scope $(AZURE_ACR_ID) --role "AcrPull" az-aks-check-acr: az aks check-acr --name $(AZURE_CLUSTER_NAME) --resource-group $(AZURE_RESOURCE_GROUP) --acr $(AZURE_ACR_NAME)