Skip to content

Commit

Permalink
aks: add enableCustomCATrust in v20220402-preview api-version (#18830)
Browse files Browse the repository at this point in the history 
* aks: add enableCustomCATrust in v20220402-preview api-version

* aks: add description of CustomCATrust

* aks: fix typo, add DaemonSet to custom words list

Co-authored-by: Mikolaj Umanski <mumanski@microsoft.com>
  • Loading branch information
@UtheMan
UtheMan and Mikolaj Umanski authored May 3, 2022
1 parent 216a5b2 commit f66907c
Show file tree
Hide file tree
Showing 4 changed files with 322 additions and 0 deletions.
1 change: 1 addition & 0 deletions custom-words.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -484,6 +484,7 @@ CVEs
CVSS
Cyrl
dacl
DaemonSet
dailyforecast
dailyhistorical
dapr
Expand Down
54 changes: 54 additions & 0 deletions ...inerService/preview/2022-04-02-preview/examples/AgentPoolsCreate_EnableCustomCATrust.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
{
"parameters": {
"api-version": "2022-04-02-preview",
"subscriptionId": "subid1",
"resourceGroupName": "rg1",
"resourceName": "clustername1",
"agentPoolName": "agentpool1",
"parameters": {
"properties": {
"orchestratorVersion": "",
"count": 3,
"vmSize": "Standard_DS2_v2",
"osType": "Linux",
"enableCustomCATrust": true
}
}
},
"responses": {
"200": {
"body": {
"id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1/agentPools/agentpool1",
"type": "Microsoft.ContainerService/managedClusters/agentPools",
"name": "agentpool1",
"properties": {
"provisioningState": "Succeeded",
"orchestratorVersion": "1.19.6",
"currentOrchestratorVersion": "1.19.6",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"enableCustomCATrust": true
}
}
},
"201": {
"body": {
"id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1/agentPools/agentpool1",
"type": "Microsoft.ContainerService/managedClusters/agentPools",
"name": "agentpool1",
"properties": {
"provisioningState": "Creating",
"orchestratorVersion": "1.19.6",
"currentOrchestratorVersion": "1.19.6",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"enableCustomCATrust": true
}
}
}
}
}
256 changes: 256 additions & 0 deletions ...ervice/preview/2022-04-02-preview/examples/ManagedClustersCreate_EnableCustomCATrust.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,256 @@
{
"parameters": {
"api-version": "2022-04-02-preview",
"subscriptionId": "subid1",
"resourceGroupName": "rg1",
"resourceName": "clustername1",
"parameters": {
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"enableCustomCATrust": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"addonProfiles": {},
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"enablePodSecurityPolicy": true
}
}
},
"responses": {
"200": {
"body": {
"id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"enableCustomCATrust": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"enablePodSecurityPolicy": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"dockerBridgeCidr": "172.17.0.1/16",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
},
"201": {
"body": {
"id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"enableCustomCATrust": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"enablePodSecurityPolicy": true,
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"dockerBridgeCidr": "172.17.0.1/16",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
}
}
}
11 changes: 11 additions & 0 deletions ...source-manager/Microsoft.ContainerService/preview/2022-04-02-preview/managedClusters.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -593,6 +593,9 @@
},
"Create Managed Cluster with Dedicated Host Group": {
"$ref": "./examples/ManagedClustersCreate_DedicatedHostGroup.json"
},
"Create Managed Cluster with CustomCATrust enabled": {
"$ref": "./examples/ManagedClustersCreate_EnableCustomCATrust.json"
}
}
},
Expand Down Expand Up @@ -1097,6 +1100,9 @@
},
"Create Agent Pool with Dedicated Host Group": {
"$ref": "./examples/AgentPoolsCreate_DedicatedHostGroup.json"
},
"Create Agent Pool with CustomCATrust enabled": {
"$ref": "./examples/AgentPoolsCreate_EnableCustomCATrust.json"
}
}
},
Expand Down Expand Up @@ -3278,6 +3284,11 @@
"title": "Whether each node is allocated its own public IP.",
"description": "Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine to minimize hops. For more information see [assigning a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The default is false."
},
"enableCustomCATrust": {
"type": "boolean",
"title": "Whether to enable Custom CA Trust feature.",
"description": "When set to true, AKS deploys a daemonset and host services to sync custom certificate authorities from a user-provided config map into node trust stores. Defaults to false."
},
"nodePublicIPPrefixID": {
"type": "string",
"title": "The public IP prefix ID which VM nodes should use IPs from.",
Expand Down

0 comments on commit f66907c

Please sign in to comment.