From 8ca2a9a7d542417050d6c49efc6d6abbd617e54e Mon Sep 17 00:00:00 2001 From: Mike Dziedziela Date: Thu, 25 Jun 2020 23:35:30 +0200 Subject: [PATCH] added azure_cloud parameter to Azure's cloud_config (#6321) --- docs/azure.md | 7 +++++++ inventory/sample/group_vars/all/azure.yml | 1 + roles/kubernetes/node/defaults/main.yml | 2 ++ .../tasks/cloud-credentials/azure-credential-check.yml | 5 +++++ .../node/templates/cloud-configs/azure-cloud-config.j2 | 1 + 5 files changed, 16 insertions(+) diff --git a/docs/azure.md b/docs/azure.md index de2e007d0..d1baccc18 100644 --- a/docs/azure.md +++ b/docs/azure.md @@ -13,6 +13,13 @@ Before creating the instances you must first set the `azure_` variables in the ` All of the values can be retrieved using the azure cli tool which can be downloaded here: After installation you have to run `az login` to get access to your account. +### azure_cloud + +Azure Stack has different API endpoints, depending on the Azure Stack deployment. These need to be provided to the Azure SDK. +Possible values are: `AzureChinaCloud`, `AzureGermanCloud`, `AzurePublicCloud` and `AzureUSGovernmentCloud`. +The full list of existing settings for the AzureChinaCloud, AzureGermanCloud, AzurePublicCloud and AzureUSGovernmentCloud +is available in the source code [here](https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/docs/cloud-provider-config.md) + ### azure\_tenant\_id + azure\_subscription\_id run `az account show` to retrieve your subscription id and tenant id: diff --git a/inventory/sample/group_vars/all/azure.yml b/inventory/sample/group_vars/all/azure.yml index 02ea0f91a..b9daeb91a 100644 --- a/inventory/sample/group_vars/all/azure.yml +++ b/inventory/sample/group_vars/all/azure.yml @@ -1,6 +1,7 @@ ## When azure is used, you need to also set the following variables. ## see docs/azure.md for details on how to get these values +# azure_cloud: # azure_tenant_id: # azure_subscription_id: # azure_aad_client_id: diff --git a/roles/kubernetes/node/defaults/main.yml b/roles/kubernetes/node/defaults/main.yml index 28a72e365..a529327b1 100644 --- a/roles/kubernetes/node/defaults/main.yml +++ b/roles/kubernetes/node/defaults/main.yml @@ -143,3 +143,5 @@ azure_exclude_master_from_standard_lb: true azure_disable_outbound_snat: false # use instance metadata service where possible azure_use_instance_metadata: true +# use specific Azure API endpoints +azure_cloud: AzurePublicCloud diff --git a/roles/kubernetes/node/tasks/cloud-credentials/azure-credential-check.yml b/roles/kubernetes/node/tasks/cloud-credentials/azure-credential-check.yml index f16a90b79..62337fc29 100644 --- a/roles/kubernetes/node/tasks/cloud-credentials/azure-credential-check.yml +++ b/roles/kubernetes/node/tasks/cloud-credentials/azure-credential-check.yml @@ -75,3 +75,8 @@ fail: msg: "azure_vmtype is missing. Supported values are 'standard' or 'vmss'" when: azure_vmtype is not defined or not azure_vmtype + +- name: check azure_cloud value + fail: + msg: "azure_cloud has an invalid value '{{ azure_cloud }}'. Supported values are 'AzureChinaCloud', 'AzureGermanCloud', 'AzurePublicCloud', 'AzureUSGovernmentCloud'." + when: azure_cloud not in ["AzureChinaCloud", "AzureGermanCloud", "AzurePublicCloud", "AzureUSGovernmentCloud"] diff --git a/roles/kubernetes/node/templates/cloud-configs/azure-cloud-config.j2 b/roles/kubernetes/node/templates/cloud-configs/azure-cloud-config.j2 index 9def9ea3b..ffb792612 100644 --- a/roles/kubernetes/node/templates/cloud-configs/azure-cloud-config.j2 +++ b/roles/kubernetes/node/templates/cloud-configs/azure-cloud-config.j2 @@ -1,4 +1,5 @@ { + "cloud": "{{ azure_cloud }}" "tenantId": "{{ azure_tenant_id }}", "subscriptionId": "{{ azure_subscription_id }}", "aadClientId": "{{ azure_aad_client_id }}",