From 7f56517a2b7f003b6693d65dee4edb0e5bb503c9 Mon Sep 17 00:00:00 2001 From: James Sturtevant Date: Thu, 23 May 2024 13:50:41 -0700 Subject: [PATCH] Add envs for AKS networking Signed-off-by: James Sturtevant --- capz/run-capz-e2e.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/capz/run-capz-e2e.sh b/capz/run-capz-e2e.sh index ea42981e..10bd830e 100755 --- a/capz/run-capz-e2e.sh +++ b/capz/run-capz-e2e.sh @@ -181,6 +181,12 @@ create_cluster(){ az aks get-credentials --resource-group "${CLUSTER_NAME}" --name "${CLUSTER_NAME}" --overwrite-existing + # some scenarios require knowing the vnet configuration of the management cluster in order to work in a restricted networking environment + aks_infra_rg_name=$(az aks show -g "${CLUSTER_NAME}" --name "${CLUSTER_NAME}" --query nodeResourceGroup --output tsv) + ask_vnet=$(az network vnet list -g "$aks_infra_rg_name" --query "[?starts_with(name, 'aks-vnet-')].name | [0]" --output tsv) + export AKS_INFRA_RG_NAME="${aks_infra_rg_name}" + export AKS_VNET_NAME="${ask_vnet}" + # In a prod set up we probably would want a seperate identity for this operation but for ease of use we are re-using the one created by AKS for kubelet log "applying role assignment to management cluster identity to have permissions to create workload cluster" MANAGEMENT_IDENTITY=$(az aks show -n "${CLUSTER_NAME}" -g "${CLUSTER_NAME}" --output json | jq -r '.identityProfile.kubeletidentity.clientId')