Template AzureIdentityBinding using $(AZ_IDENTITY_NAME) for integrations

Signed-off-by: leigh capili <leigh@null.net>
2025-11-02 10:48:03 +08:00 · 2021-06-01 10:31:01 -06:00
parent 1355962b3c
commit bd255800db
10 changed files with 42 additions and 26 deletions
--- a/manifests/integrations/eventhub-credentials-sync/_cronjobs/azure/az-identity.yaml
+++ b/manifests/integrations/eventhub-credentials-sync/_cronjobs/azure/az-identity.yaml
@ -12,5 +12,5 @@ metadata:
  name: lab
  namespace: flux-system
 spec:
-  azureIdentity: lab
-  selector: lab
+  azureIdentity: $(AZ_IDENTITY_NAME) # match the AzureIdentity name
+  selector: $(AZ_IDENTITY_NAME) # match the AzureIdentity name
--- a/manifests/integrations/eventhub-credentials-sync/_cronjobs/azure/config-patches.yaml
+++ b/manifests/integrations/eventhub-credentials-sync/_cronjobs/azure/config-patches.yaml
@ -23,15 +23,6 @@ spec:
  clientID: 82d01fb0-7799-4d9d-92c7-21e7632c0000
  resourceID: /subscriptions/82d01fb0-7799-4d9d-92c7-21e7632c0000/resourceGroups/stealthybox/providers/Microsoft.ManagedIdentity/userAssignedIdentities/eventhub-write
  type: 0
---
-apiVersion: aadpodidentity.k8s.io/v1
-kind: AzureIdentityBinding
-metadata:
-  name: lab
-  namespace: flux-system
-spec:
-  azureIdentity: jwt-lab
-  selector: jwt-lab

 # Set the reconcile period + specify the pod-identity via the aadpodidbinding label
 ---
--- a/manifests/integrations/eventhub-credentials-sync/_cronjobs/azure/kustomizeconfig.yaml
+++ b/manifests/integrations/eventhub-credentials-sync/_cronjobs/azure/kustomizeconfig.yaml
@ -1,3 +1,7 @@
 varReference:
-  - path: spec/jobTemplate/spec/template/metadata/labels
-    kind: CronJob
+- path: spec/jobTemplate/spec/template/metadata/labels
+  kind: CronJob
+- path: spec/azureIdentity
+  kind: AzureIdentityBinding
+- path: spec/selector
+  kind: AzureIdentityBinding
--- a/manifests/integrations/eventhub-credentials-sync/azure/az-identity.yaml
+++ b/manifests/integrations/eventhub-credentials-sync/azure/az-identity.yaml
@ -9,8 +9,8 @@ metadata:
 apiVersion: aadpodidentity.k8s.io/v1
 kind: AzureIdentityBinding
 metadata:
-  name: lab
+  name: lab # this can have a different name, but it's nice to keep them the same
  namespace: flux-system
 spec:
-  azureIdentity: lab
-  selector: lab
+  azureIdentity: $(AZ_IDENTITY_NAME) # match the AzureIdentity name
+  selector: $(AZ_IDENTITY_NAME) # match the AzureIdentity name
--- a/manifests/integrations/eventhub-credentials-sync/azure/config-patches.yaml
+++ b/manifests/integrations/eventhub-credentials-sync/azure/config-patches.yaml
@ -24,15 +24,6 @@ spec:
  clientID: 82d01fb0-7799-4d9d-92c7-21e7632c0000
  resourceID: /subscriptions/82d01fb0-7799-4d9d-92c7-21e7632c0000/resourceGroups/stealthybox/providers/Microsoft.ManagedIdentity/userAssignedIdentities/eventhub-write
  type: 0
---
-apiVersion: aadpodidentity.k8s.io/v1
-kind: AzureIdentityBinding
-metadata:
-  name: lab
-  namespace: flux-system
-spec:
-  azureIdentity: jwt-lab
-  selector: jwt-lab

 # Specify the pod-identity via the aadpodidbinding label
 ---
--- a/manifests/integrations/eventhub-credentials-sync/azure/kustomizeconfig.yaml
+++ b/manifests/integrations/eventhub-credentials-sync/azure/kustomizeconfig.yaml
@ -1,3 +1,7 @@
 varReference:
 - path: spec/template/metadata/labels
  kind: Deployment
+- path: spec/azureIdentity
+  kind: AzureIdentityBinding
+- path: spec/selector
+  kind: AzureIdentityBinding
--- a/manifests/integrations/registry-credentials-sync/_cronjobs/azure/az-identity.yaml
+++ b/manifests/integrations/registry-credentials-sync/_cronjobs/azure/az-identity.yaml
@ -5,3 +5,12 @@ kind: AzureIdentity
 metadata:
  name: credentials-sync  # if this is changed, also change in config-patches.yaml
  namespace: flux-system
+---
+apiVersion: aadpodidentity.k8s.io/v1
+kind: AzureIdentityBinding
+metadata:
+  name: credentials-sync  # this can have a different name, but it's nice to keep them the same
+  namespace: flux-system
+spec:
+  azureIdentity: $(AZ_IDENTITY_NAME) # match the AzureIdentity name
+  selector: $(AZ_IDENTITY_NAME) # match the AzureIdentity name
--- a/manifests/integrations/registry-credentials-sync/_cronjobs/azure/kustomizeconfig.yaml
+++ b/manifests/integrations/registry-credentials-sync/_cronjobs/azure/kustomizeconfig.yaml
@ -1,3 +1,7 @@
 varReference:
 - path: spec/jobTemplate/spec/template/metadata/labels
-  kind: Deployment
+  kind: CronJob
+- path: spec/azureIdentity
+  kind: AzureIdentityBinding
+- path: spec/selector
+  kind: AzureIdentityBinding
--- a/manifests/integrations/registry-credentials-sync/azure/az-identity.yaml
+++ b/manifests/integrations/registry-credentials-sync/azure/az-identity.yaml
@ -5,3 +5,12 @@ kind: AzureIdentity
 metadata:
  name: credentials-sync  # if this is changed, also change in config-patches.yaml
  namespace: flux-system
+---
+apiVersion: aadpodidentity.k8s.io/v1
+kind: AzureIdentityBinding
+metadata:
+  name: credentials-sync  # this can have a different name, but it's nice to keep them the same
+  namespace: flux-system
+spec:
+  azureIdentity: $(AZ_IDENTITY_NAME) # match the AzureIdentity name
+  selector: $(AZ_IDENTITY_NAME) # match the AzureIdentity name
--- a/manifests/integrations/registry-credentials-sync/azure/kustomizeconfig.yaml
+++ b/manifests/integrations/registry-credentials-sync/azure/kustomizeconfig.yaml
@ -1,3 +1,7 @@
 varReference:
 - path: spec/template/metadata/labels
  kind: Deployment
+- path: spec/azureIdentity
+  kind: AzureIdentityBinding
+- path: spec/selector
+  kind: AzureIdentityBinding