opensource/flux2
1
0
Fork 0
mirror of https://github.com/fluxcd/flux2.git synced 2025-11-03 11:21:57 +08:00
Code Issues Packages Projects Releases Wiki Activity

Template AzureIdentityBinding using $(AZ_IDENTITY_NAME) for integrations

Browse Source 
Signed-off-by: leigh capili <leigh@null.net>
This commit is contained in:
leigh capili
2021-06-01 10:31:01 -06:00
parent 1355962b3c
commit bd255800db
10 changed files with 42 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
manifests/integrations/eventhub-credentials-sync/_cronjobs/azure/az-identity.yaml
View File

@ -12,5 +12,5 @@ metadata:
name: lab name: lab
namespace: flux-system namespace: flux-system
spec: spec:
azureIdentity: lab azureIdentity: $(AZ_IDENTITY_NAME) # match the AzureIdentity name
selector: lab selector: $(AZ_IDENTITY_NAME) # match the AzureIdentity name

9
manifests/integrations/eventhub-credentials-sync/_cronjobs/azure/config-patches.yaml
View File

@ -23,15 +23,6 @@ spec:
clientID: 82d01fb0-7799-4d9d-92c7-21e7632c0000 clientID: 82d01fb0-7799-4d9d-92c7-21e7632c0000
resourceID: /subscriptions/82d01fb0-7799-4d9d-92c7-21e7632c0000/resourceGroups/stealthybox/providers/Microsoft.ManagedIdentity/userAssignedIdentities/eventhub-write resourceID: /subscriptions/82d01fb0-7799-4d9d-92c7-21e7632c0000/resourceGroups/stealthybox/providers/Microsoft.ManagedIdentity/userAssignedIdentities/eventhub-write
type: 0 type: 0
---
apiVersion: aadpodidentity.k8s.io/v1
kind: AzureIdentityBinding
metadata:
name: lab
namespace: flux-system
spec:
azureIdentity: jwt-lab
selector: jwt-lab
# Set the reconcile period + specify the pod-identity via the aadpodidbinding label # Set the reconcile period + specify the pod-identity via the aadpodidbinding label
--- ---

8
manifests/integrations/eventhub-credentials-sync/_cronjobs/azure/kustomizeconfig.yaml
View File

@ -1,3 +1,7 @@
varReference: varReference:
- path: spec/jobTemplate/spec/template/metadata/labels - path: spec/jobTemplate/spec/template/metadata/labels
kind: CronJob kind: CronJob
- path: spec/azureIdentity
kind: AzureIdentityBinding
- path: spec/selector
kind: AzureIdentityBinding

6
manifests/integrations/eventhub-credentials-sync/azure/az-identity.yaml
View File

@ -9,8 +9,8 @@ metadata:
apiVersion: aadpodidentity.k8s.io/v1 apiVersion: aadpodidentity.k8s.io/v1
kind: AzureIdentityBinding kind: AzureIdentityBinding
metadata: metadata:
name: lab name: lab # this can have a different name, but it's nice to keep them the same
namespace: flux-system namespace: flux-system
spec: spec:
azureIdentity: lab azureIdentity: $(AZ_IDENTITY_NAME) # match the AzureIdentity name
selector: lab selector: $(AZ_IDENTITY_NAME) # match the AzureIdentity name

9
manifests/integrations/eventhub-credentials-sync/azure/config-patches.yaml
View File

@ -24,15 +24,6 @@ spec:
clientID: 82d01fb0-7799-4d9d-92c7-21e7632c0000 clientID: 82d01fb0-7799-4d9d-92c7-21e7632c0000
resourceID: /subscriptions/82d01fb0-7799-4d9d-92c7-21e7632c0000/resourceGroups/stealthybox/providers/Microsoft.ManagedIdentity/userAssignedIdentities/eventhub-write resourceID: /subscriptions/82d01fb0-7799-4d9d-92c7-21e7632c0000/resourceGroups/stealthybox/providers/Microsoft.ManagedIdentity/userAssignedIdentities/eventhub-write
type: 0 type: 0
---
apiVersion: aadpodidentity.k8s.io/v1
kind: AzureIdentityBinding
metadata:
name: lab
namespace: flux-system
spec:
azureIdentity: jwt-lab
selector: jwt-lab
# Specify the pod-identity via the aadpodidbinding label # Specify the pod-identity via the aadpodidbinding label
--- ---

4
manifests/integrations/eventhub-credentials-sync/azure/kustomizeconfig.yaml
View File

@ -1,3 +1,7 @@
varReference: varReference:
- path: spec/template/metadata/labels - path: spec/template/metadata/labels
kind: Deployment kind: Deployment
- path: spec/azureIdentity
kind: AzureIdentityBinding
- path: spec/selector
kind: AzureIdentityBinding

9
manifests/integrations/registry-credentials-sync/_cronjobs/azure/az-identity.yaml
View File

@ -5,3 +5,12 @@ kind: AzureIdentity
metadata: metadata:
name: credentials-sync # if this is changed, also change in config-patches.yaml name: credentials-sync # if this is changed, also change in config-patches.yaml
namespace: flux-system namespace: flux-system
---
apiVersion: aadpodidentity.k8s.io/v1
kind: AzureIdentityBinding
metadata:
name: credentials-sync # this can have a different name, but it's nice to keep them the same
namespace: flux-system
spec:
azureIdentity: $(AZ_IDENTITY_NAME) # match the AzureIdentity name
selector: $(AZ_IDENTITY_NAME) # match the AzureIdentity name

6
manifests/integrations/registry-credentials-sync/_cronjobs/azure/kustomizeconfig.yaml
View File

@ -1,3 +1,7 @@
varReference: varReference:
- path: spec/jobTemplate/spec/template/metadata/labels - path: spec/jobTemplate/spec/template/metadata/labels
kind: Deployment kind: CronJob
- path: spec/azureIdentity
kind: AzureIdentityBinding
- path: spec/selector
kind: AzureIdentityBinding

9
manifests/integrations/registry-credentials-sync/azure/az-identity.yaml
View File

@ -5,3 +5,12 @@ kind: AzureIdentity
metadata: metadata:
name: credentials-sync # if this is changed, also change in config-patches.yaml name: credentials-sync # if this is changed, also change in config-patches.yaml
namespace: flux-system namespace: flux-system
---
apiVersion: aadpodidentity.k8s.io/v1
kind: AzureIdentityBinding
metadata:
name: credentials-sync # this can have a different name, but it's nice to keep them the same
namespace: flux-system
spec:
azureIdentity: $(AZ_IDENTITY_NAME) # match the AzureIdentity name
selector: $(AZ_IDENTITY_NAME) # match the AzureIdentity name

4
manifests/integrations/registry-credentials-sync/azure/kustomizeconfig.yaml
View File

@ -1,3 +1,7 @@
varReference: varReference:
- path: spec/template/metadata/labels - path: spec/template/metadata/labels
kind: Deployment kind: Deployment
- path: spec/azureIdentity
kind: AzureIdentityBinding
- path: spec/selector
kind: AzureIdentityBinding