search

kubernetes-sigs / cluster-api-provider-azure

Cluster API implementation for Microsoft Azure
https://capz.sigs.k8s.io/
Apache License 2.0
294 stars 423 forks source link

Adding AAD extensions for VMSS in AKS created by Cluster API #4701

Open mani3887 opened 5 months ago

mani3887 commented 5 months ago

What steps did you take and what happened?

We created a AKS cluster using Cluster API. Recently we tried adding AAD plugins on our VMSS. It was added successfully, but it was removed after few mins. We suspect this is happening because some other configuration is overwriting this and we suspect that this could be because of CapZ. When we inspect the CapZ azure machine pools, we do not see a spec for extensions. Can you please let us know whether this could be because of an incorrect configuration on CapZ?

What did you expect to happen?

AAD extensions getting added successfully in VMSS pools.

Cluster API version

https://doc.crds.dev/github.com/kubernetes-sigs/cluster-api/cluster.x-k8s.io/MachinePool/v1beta1@v1.3.2

Kubernetes version

No response

Anything else you would like to add?

No response

Label(s) to be applied

/kind bug One or more /area label. See https://github.com/kubernetes-sigs/cluster-api/labels?q=area for the list of labels.

k8s-ci-robot commented 5 months ago

This issue is currently awaiting triage.

CAPI contributors will take a look as soon as possible, apply one of the triage/* labels and provide further guidance.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
sbueringer commented 5 months ago

Heyho, I'll move this issue to CAPZ

/transfer cluster-api-provider-azure

jackfrancis commented 5 months ago

@mani3887 are the AAD extensions an AKS configuration (i.e., a configuration against an "agentPoolProfile"), or is this a VMSS-specific extension that you add after cluster creation to the VMSS in the "MC_" resource group?

mani3887 commented 5 months ago

@jackfrancis : Thanks for your response. This is for Azure VMSS specific extension that we need to add after the cluster creation. This is a self managed cluster created by Cluster API. We do not have the MC_resource group(as I have seen while creating AKS as a service). We have already created the cluster using Cluster API. On researching the cluster API -https://capz.sigs.k8s.io/topics/custom-vm-extensions, I saw there was a provision for configuring the AAD VM extensions, something like this on the azure machine pool: apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 kind: AzureMachinePool spec: template: vmExtensions:

willie-yao commented 5 months ago

On researching the cluster API -https://capz.sigs.k8s.io/topics/custom-vm-extensions, I saw there was a provision for configuring the AAD VM extensions, something like this on the azure machine pool:

Did specifying the AAD VM extension fix the problem, or is it still being overwritten? Specifying the extension in the spec should do the trick.

k8s-triage-robot commented 1 month ago

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

You can:

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot commented 2 weeks ago

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

You can:

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten