[Azure] Optimize VK Setup in ACS/AKS (#85)

* Read ACS Credentials for Azure Authentication Supprt a new environment variable: ACS_CREDENTIAL_LOCATION Expect the value to be the ACS credential filepath, which is the /etc/kubernetes/azure.json file generated on the ACS nodes. If the ACS_CREDENTIAL_LOCATION is specified and loaded, create the Azure Authentication class from its values. If the AZURE_AUTHENTICATION_LOCATION is specified and loaded, its values will overwrite the value above. Refactor the ACI provider and ACI client to be able to override the SPN by environment variable
2018-02-13 19:07:27 -08:00
parent d23ac6679c
commit f4ebbfc7a3
15 changed files with 399 additions and 86 deletions
--- a/charts/virtual-kubelet-for-aks-0.1.3.tgz
+++ b/charts/virtual-kubelet-for-aks-0.1.3.tgz
--- a/charts/virtual-kubelet-for-aks/Chart.yaml
+++ b/charts/virtual-kubelet-for-aks/Chart.yaml
@@ -0,0 +1,8 @@
+name: virtual-kubelet-for-aks
+version: 0.1.3
+description: a Helm chart to install virtual kubelet in an AKS or ACS cluster.
+sources:
+  - https://github.com/virtual-kubelet/virtual-kubelet
+maintainers:
+  - name: Robbie Zhang
+    email: junjiez@microsoft.com
--- a/charts/virtual-kubelet-for-aks/templates/NOTES.txt
+++ b/charts/virtual-kubelet-for-aks/templates/NOTES.txt
@@ -0,0 +1,5 @@
+The virtual kubelet is getting deployed on your cluster.
+
+To verify that virtual kubelet has started, run:
+
+  kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "fullname" . }}"
--- a/charts/virtual-kubelet-for-aks/templates/_helpers.tpl
+++ b/charts/virtual-kubelet-for-aks/templates/_helpers.tpl
@@ -0,0 +1,16 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 24 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "fullname" -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
--- a/charts/virtual-kubelet-for-aks/templates/deployment.yaml
+++ b/charts/virtual-kubelet-for-aks/templates/deployment.yaml
@@ -0,0 +1,57 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: {{ template "fullname" . }}
+spec:
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: {{ template "fullname" . }}
+    spec:
+      containers:
+      - name: {{ template "fullname" . }}
+        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        env:
+        - name: KUBELET_PORT
+          value: "10250"
+        - name: ACS_CREDENTIAL_LOCATION
+          value: /etc/virtual-kubelet/acs.json
+        - name: AZURE_TENANT_ID
+          value: {{ .Values.env.azureTenantId }}
+        - name: AZURE_SUBSCRIPTION_ID
+          value: {{ .Values.env.azureSubscriptionId }}
+        - name: AZURE_CLIENT_ID
+          value: {{ .Values.env.azureClientId }}
+        - name: AZURE_CLIENT_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: {{ template "fullname" . }}
+              key: clientSecret
+        - name: ACI_RESOURCE_GROUP
+          value: {{ .Values.env.aciResourceGroup }}
+        - name: ACI_REGION
+          value: {{ default "westus" .Values.env.aciRegion }}
+        - name: APISERVER_CERT_LOCATION
+          value: /etc/virtual-kubelet/cert.pem
+        - name: APISERVER_KEY_LOCATION
+          value: /etc/virtual-kubelet/key.pem
+        - name: VKUBELET_POD_IP
+          valueFrom:
+            fieldRef:
+              fieldPath: status.podIP
+        volumeMounts:
+        - name: credentials
+          mountPath: "/etc/virtual-kubelet"
+        - name: acs-credential
+          mountPath: "/etc/virtual-kubelet/acs.json"
+        command: ["virtual-kubelet"]
+        args: ["--provider", "azure", "--namespace", "default", "--nodename", {{ default "virtual-kubelet" .Values.env.nodeName | quote }} , "--os", {{ default "Linux" .Values.env.nodeOsType | quote }}, "--taint", {{ default "azure.com/aci" .Values.env.nodeTaint | quote }}]
+      volumes:
+      - name: credentials
+        secret:
+          secretName: {{ template "fullname" . }}
+      - name: acs-credential
+        hostPath:
+          path: /etc/kubernetes/azure.json
--- a/charts/virtual-kubelet-for-aks/templates/secrets.yaml
+++ b/charts/virtual-kubelet-for-aks/templates/secrets.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "fullname" . }}
+type: Opaque
+data:
+  cert.pem: {{ (default "TUlTU0lORw==" .Values.env.apiserverCert) | quote }}
+  key.pem: {{ (default "TUlTU0lORw==" .Values.env.apiserverKey) | quote }}
+  clientSecret: {{ default "" .Values.env.azureClientKey | b64enc | quote }}
--- a/charts/virtual-kubelet-for-aks/values.yaml
+++ b/charts/virtual-kubelet-for-aks/values.yaml
@@ -0,0 +1,16 @@
+image:
+  repository: microsoft/virtual-kubelet
+  tag: 0.2-beta-6
+  pullPolicy: Always
+env:
+  azureClientId: 
+  azureClientKey: 
+  azureTenantId: 
+  azureSubscriptionId: 
+  aciResourceGroup: 
+  aciRegion: 
+  nodeName: 
+  nodeTaint: 
+  nodeOsType: 
+  apiserverCert: 
+  apiserverKey: