Azure Service Operator enables users to provision and deprovision various Azure services using a Kubernetes Operator.
This Helm chart contains certificates that depend on cert-manager to be installed. Install cert-manager prior to installing chart:
kubectl create namespace cert-manager
kubectl label namespace cert-manager cert-manager.io/disable-validation=true
kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.12.0/cert-manager.yaml
Install the latest (3.x+) Helm on your machine.
Add the helm repo:
helm repo add azureserviceoperator https://raw.githubusercontent.com/Azure/azure-service-operator/master/charts --username <github username> --password <github personal access token>
Copy the values.yaml
file from this directory and in the following steps fill in the requisite values.
First, set the following variables to your Azure Tenant ID and Subscription ID:
azureTenantID: 00000000-0000-0000-0000-000000000000
azureSubscriptionID: 00000000-0000-0000-0000-000000000000
Next, choose one of the following authentication methods, and set its appropriate variables.
Set the following variables to your client ID and secret values:
azureClientID: 00000000-0000-0000-0000-000000000000
azureClientSecret: 00000000-0000-0000-0000-000000000000
Set the following Helm Chart values:
azureUseMI: True
aad-pod-identity:
azureIdentity:
resourceID: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/<rg>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<identity>"
clientID: "00000000-0000-0000-0000-000000000000"
Follow the instructions here to create an identity and assign it the correct permissions.
By default, secrets will be stored as Kubernetes secrets. If you wish to store them in KeyVault instead, follow the instructions here.
Then, set the following chart value to your KeyVault name:
azureOperatorKeyvault: OperatorSecretKeyVault
If you are deploying into an already created namespace, be sure to set the following variable to false:
createNamespace: False
and specify the namespace name:
namespace: your-namespace
Finally, install the chart with your added values. The chart can be installed by using a values file or environment variables.
helm upgrade --install aso azureserviceoperator/azure-service-operator -f values.yaml
helm upgrade --install aso azureserviceoperator/azure-service-operator \
--set azureSubscriptionID=$AZURE_SUBSCRIPTION_ID \
--set azureTenantID=$AZURE_TENANT_ID \
--set azureClientID=$AZURE_CLIENT_ID \
--set azureClientSecret=$AZURE_CLIENT_SECRET \
--set azureUseMI=$AZURE_USE_MI \
--set azureOperatorKeyvault=$AZURE_OPERATOR_KEYVAULT \
--set createNamespace=False
The following table lists the configurable parameters of the azure-service-operator chart and its dependency chart, aad-pod-identity.
Parameter | Description | Default |
---|---|---|
azureSubscriptionID |
Azure Subscription ID | `` |
azureTenantID |
Azure Tenant ID | `` |
azureClientID |
Azure Service Principal Client ID | `` |
azureClientSecret |
Azure Service Principal Client Secret | `` |
azureUseMI |
Set to True if using Managed Identity for authentication | False |
azureOperatorKeyvault |
Set this value with the name of your Azure Key Vault resource if you prefer to store secrets in Key Vault rather than as Kubernetes secrets (default) | `` |
image.repository |
Image repository | mcr.microsoft.com/k8s/azure-service-operator:0.0.20258 |
cloudEnvironment |
Set the cloud environment, possible values include: AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud | AzurePublicCloud |
createNamespace |
Set to True if you would like the namespace autocreated, otherwise False if you have an existing namespace. If using an existing namespace, the namespace field must also be updated |
True |
namespace |
Configure a custom namespace to deploy the operator into | azureoperator-system |
aad-pod-identity.azureIdentity.resourceID |
The resource ID for your managed identity | `` |
aad-pod-identity.azureIdentity.clientID |
The client ID for your managed identity | `` |