From 66b78d838a2afd561841b350fb7b61e44372b12a Mon Sep 17 00:00:00 2001 From: Ganga Mahesh Siddem Date: Tue, 2 Mar 2021 09:29:18 -0800 Subject: [PATCH 1/8] fix issue with crd status updates --- .../templates/omsagent-rbac.yaml | 2 +- source/plugins/ruby/arc_k8s_cluster_identity.rb | 15 +++++++++------ 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/charts/azuremonitor-containers/templates/omsagent-rbac.yaml b/charts/azuremonitor-containers/templates/omsagent-rbac.yaml index 5db5c2dab..c0a6e3722 100644 --- a/charts/azuremonitor-containers/templates/omsagent-rbac.yaml +++ b/charts/azuremonitor-containers/templates/omsagent-rbac.yaml @@ -28,7 +28,7 @@ rules: resources: ["healthstates"] verbs: ["get", "create", "patch"] - apiGroups: ["clusterconfig.azure.com"] - resources: ["azureclusteridentityrequests"] + resources: ["azureclusteridentityrequests", "azureclusteridentityrequests/status"] resourceNames: ["container-insights-clusteridentityrequest"] verbs: ["get", "create", "patch"] - nonResourceURLs: ["/metrics"] diff --git a/source/plugins/ruby/arc_k8s_cluster_identity.rb b/source/plugins/ruby/arc_k8s_cluster_identity.rb index 7824f3d4e..b7cafb9f9 100644 --- a/source/plugins/ruby/arc_k8s_cluster_identity.rb +++ b/source/plugins/ruby/arc_k8s_cluster_identity.rb @@ -141,20 +141,23 @@ def renew_near_expiry_token() cluster_identity_resource_namespace: @@cluster_identity_resource_namespace, cluster_identity_resource_name: @@cluster_identity_resource_name, } - crd_request_body = get_crd_request_body - crd_request_body_json = crd_request_body.to_json - update_request = Net::HTTP::Patch.new(crd_request_uri) + update_crd_request_body = { 'status': {'expirationTime': ''} } + update_crd_request_body_json = update_crd_request_body.to_json + update_crd_request_uri = crd_request_uri + "/status" + update_request = Net::HTTP::Patch.new(update_crd_request_uri) update_request["Content-Type"] = "application/merge-patch+json" update_request["Authorization"] = "Bearer #{@service_account_token}" - update_request.body = crd_request_body_json + update_request.body = update_crd_request_body_json update_response = @http_client.request(update_request) - @log.info "Got response of #{update_response.code} for PATCH #{crd_request_uri} @ #{Time.now.utc.iso8601}" + @log.info "Got response of #{update_response.code} for PATCH #{update_crd_request_uri} @ #{Time.now.utc.iso8601}" if update_response.code.to_i == 404 @log.info "since crd resource doesnt exist hence creating crd resource : #{@@cluster_identity_resource_name} @ #{Time.now.utc.iso8601}" create_request = Net::HTTP::Post.new(crd_request_uri) create_request["Content-Type"] = "application/json" create_request["Authorization"] = "Bearer #{@service_account_token}" - create_request.body = crd_request_body_json + create_crd_request_body = get_crd_request_body + create_crd_request_body_json = create_crd_request_body.to_json + create_request.body = create_crd_request_body_json create_response = @http_client.request(create_request) @log.info "Got response of #{create_response.code} for POST #{crd_request_uri} @ #{Time.now.utc.iso8601}" end From 88b30092e0b48e3981f1616e3ab404b3176ae21c Mon Sep 17 00:00:00 2001 From: Ganga Mahesh Siddem Date: Tue, 2 Mar 2021 12:41:34 -0800 Subject: [PATCH 2/8] handle renewal token delays --- .../plugins/ruby/arc_k8s_cluster_identity.rb | 30 +++++++++++++++---- 1 file changed, 24 insertions(+), 6 deletions(-) diff --git a/source/plugins/ruby/arc_k8s_cluster_identity.rb b/source/plugins/ruby/arc_k8s_cluster_identity.rb index b7cafb9f9..552dafb1f 100644 --- a/source/plugins/ruby/arc_k8s_cluster_identity.rb +++ b/source/plugins/ruby/arc_k8s_cluster_identity.rb @@ -26,6 +26,7 @@ def initialize @log.info "initialize start @ #{Time.now.utc.iso8601}" @token_expiry_time = Time.now @cached_access_token = String.new + @isLastTokenRenewalUpdatePending = false @token_file_path = "/var/run/secrets/kubernetes.io/serviceaccount/token" @cert_file_path = "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" @kube_api_server_url = KubernetesApiClient.getKubeAPIServerUrl @@ -41,14 +42,20 @@ def initialize def get_cluster_identity_token() begin - # get the cluster msi identity token either if its empty or near expirty. Token is valid 24 hrs. + # get the cluster msi identity token either if its empty or near expiry. Token is valid 24 hrs. if @cached_access_token.to_s.empty? || (Time.now + 60 * 60 > @token_expiry_time) # Refresh token 1 hr from expiration # renew the token if its near expiry if !@cached_access_token.to_s.empty? && (Time.now + 60 * 60 > @token_expiry_time) - @log.info "renewing the token since its near expiry @ #{Time.now.utc.iso8601}" - renew_near_expiry_token - # sleep 60 seconds to get the renewed token available - sleep 60 + if !@isLastTokenRenewalUpdatePending + @log.info "token expiry - @ #{@token_expiry_time}" + @log.info "renewing the token since token has near expiry @ #{Time.now.utc.iso8601}" + renew_near_expiry_token + # sleep 60 seconds to get the renewed token available + sleep 60 + @isLastTokenRenewalUpdatePending = true + else + @log.warn "last token renewal update still pending @ #{Time.now.utc.iso8601}" + end end @log.info "get token reference from crd @ #{Time.now.utc.iso8601}" tokenReference = get_token_reference_from_crd @@ -61,6 +68,7 @@ def get_cluster_identity_token() token = get_token_from_secret(token_secret_name, token_secret_data_name) if !token.nil? @cached_access_token = token + @isLastTokenRenewalUpdatePending = false else @log.warn "got token nil from secret: #{@token_secret_name}" end @@ -123,7 +131,17 @@ def get_token_reference_from_crd() tokenReference["expirationTime"] = status["expirationTime"] tokenReference["secretName"] = status["tokenReference"]["secretName"] tokenReference["dataName"] = status["tokenReference"]["dataName"] - end + elsif get_response.code.to_i == 404 # this might happen if the crd resource deleted by user accidently + @log.info "since crd resource doesnt exist hence creating crd resource : #{@@cluster_identity_resource_name} @ #{Time.now.utc.iso8601}" + crd_request_body = get_crd_request_body + crd_request_body_json = crd_request_body.to_json + create_request = Net::HTTP::Post.new(crd_request_uri) + create_request["Content-Type"] = "application/json" + create_request["Authorization"] = "Bearer #{@service_account_token}" + create_request.body = crd_request_body_json + create_response = @http_client.request(create_request) + @log.info "Got response of #{create_response.code} for POST #{crd_request_uri} @ #{Time.now.utc.iso8601}" + end rescue => err @log.warn "get_token_reference_from_crd call failed: #{err}" ApplicationInsightsUtility.sendExceptionTelemetry(err, { "FeatureArea" => "MDM" }) From 40724b28244770df2ecebf3094679a294ced9f60 Mon Sep 17 00:00:00 2001 From: Ganga Mahesh Siddem Date: Sun, 7 Mar 2021 18:19:12 -0800 Subject: [PATCH 3/8] add proxy contract --- .../templates/omsagent-secret.yaml | 12 +++++++++++- charts/azuremonitor-containers/values.yaml | 6 ++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/charts/azuremonitor-containers/templates/omsagent-secret.yaml b/charts/azuremonitor-containers/templates/omsagent-secret.yaml index 1a7f087ed..2b875e2e7 100644 --- a/charts/azuremonitor-containers/templates/omsagent-secret.yaml +++ b/charts/azuremonitor-containers/templates/omsagent-secret.yaml @@ -13,7 +13,17 @@ data: WSID: {{ required "A valid workspace id is required!" .Values.omsagent.secret.wsid | b64enc | quote }} KEY: {{ required "A valid workspace key is required!" .Values.omsagent.secret.key | b64enc | quote }} DOMAIN: {{ .Values.omsagent.domain | b64enc | quote }} - {{- if ne .Values.omsagent.proxy "" }} + {{- $httpsProxyDict := urlParse .Values.Azure.proxySettings.httpsProxy -}} + {{- $httpProxyDict := urlParse .Values.Azure.proxySettings.httpProxy -}} + {{- if and (and (.Values.Azure.proxySettings.isProxyEnabled) (.Values.Azure.proxySettings.httpsProxy)) ($httpsProxyDict.userinfo) }} + PROXY: {{ .Values.Azure.proxySettings.httpsProxy | b64enc | quote }} + {{- else if and (and (.Values.Azure.proxySettings.isProxyEnabled) (.Values.Azure.proxySettings.httpsProxy)) (empty $httpsProxyDict.userinfo) }} + PROXY: {{ urlJoin (dict "scheme" $httpsProxyDict.scheme "userinfo" "admin:secret" "host" $httpsProxyDict.host) | b64enc | quote }} + {{- else if and (and (.Values.Azure.proxySettings.isProxyEnabled) (.Values.Azure.proxySettings.httpProxy)) ($httpProxyDict.userinfo) }} + PROXY: {{ .Values.Azure.proxySettings.httpProxy | b64enc | quote }} + {{- else if and (and (.Values.Azure.proxySettings.isProxyEnabled) (.Values.Azure.proxySettings.httpProxy)) (empty $httpProxyDict.userinfo) }} + PROXY: {{ urlJoin (dict "scheme" $httpProxyDict.scheme "userinfo" "admin:secret" "host" $httpProxyDict.host) | b64enc | quote }} + {{- else if ne .Values.omsagent.proxy "" }} PROXY: {{ .Values.omsagent.proxy | b64enc | quote }} {{- end }} {{- end }} diff --git a/charts/azuremonitor-containers/values.yaml b/charts/azuremonitor-containers/values.yaml index 5831c9889..caf0217c3 100644 --- a/charts/azuremonitor-containers/values.yaml +++ b/charts/azuremonitor-containers/values.yaml @@ -12,6 +12,12 @@ Azure: Extension: Name: "" ResourceId: "" + proxySettings: + isProxyEnabled: false + httpProxy: "" + httpsProxy: "" + noProxy: "" + proxyCert: "" omsagent: image: repo: "mcr.microsoft.com/azuremonitor/containerinsights/ciprod" From e654b54e85868d00629c0bc446c65c665fdf5d9e Mon Sep 17 00:00:00 2001 From: Ganga Mahesh Siddem Date: Sun, 7 Mar 2021 19:57:41 -0800 Subject: [PATCH 4/8] updates for proxy cert for linux --- .../templates/omsagent-daemonset.yaml | 15 +++++++++++++++ .../templates/omsagent-deployment.yaml | 15 +++++++++++++++ .../templates/omsagent-secret.yaml | 15 +++++++++++++++ kubernetes/linux/main.sh | 6 ++++++ 4 files changed, 51 insertions(+) diff --git a/charts/azuremonitor-containers/templates/omsagent-daemonset.yaml b/charts/azuremonitor-containers/templates/omsagent-daemonset.yaml index 615cd0485..9e190d651 100644 --- a/charts/azuremonitor-containers/templates/omsagent-daemonset.yaml +++ b/charts/azuremonitor-containers/templates/omsagent-daemonset.yaml @@ -123,6 +123,14 @@ spec: - mountPath: /etc/config/settings/adx name: omsagent-adx-secret readOnly: true + {{- if and .Values.Azure.proxySettings.isProxyEnabled .Values.Azure.proxySettings.proxyCert }} + - name: ssl-certs + mountPath: /etc/ssl/certs/ + readOnly: false + - name: proxy-certstore + mountPath: /usr/local/share/ca-certificates/proxy-cert.crt + subPath: proxy-cert.crt + {{- end }} livenessProbe: exec: command: @@ -172,4 +180,11 @@ spec: secret: secretName: omsagent-adx-secret optional: true + {{- if and .Values.Azure.proxySettings.isProxyEnabled .Values.Azure.proxySettings.proxyCert }} + - name: proxy-certstore + secret: + secretName: omsagent-proxy-cert + - name: ssl-certs + emptyDir: {} + {{- end }} {{- end }} diff --git a/charts/azuremonitor-containers/templates/omsagent-deployment.yaml b/charts/azuremonitor-containers/templates/omsagent-deployment.yaml index 012dd2720..c18d57109 100644 --- a/charts/azuremonitor-containers/templates/omsagent-deployment.yaml +++ b/charts/azuremonitor-containers/templates/omsagent-deployment.yaml @@ -109,6 +109,14 @@ spec: - mountPath: /etc/config/settings/adx name: omsagent-adx-secret readOnly: true + {{- if and .Values.Azure.proxySettings.isProxyEnabled .Values.Azure.proxySettings.proxyCert }} + - name: ssl-certs + mountPath: /etc/ssl/certs/ + readOnly: false + - name: proxy-certstore + mountPath: /usr/local/share/ca-certificates/proxy-cert.crt + subPath: proxy-cert.crt + {{- end }} livenessProbe: exec: command: @@ -158,4 +166,11 @@ spec: secret: secretName: omsagent-adx-secret optional: true + {{- if and .Values.Azure.proxySettings.isProxyEnabled .Values.Azure.proxySettings.proxyCert }} + - name: proxy-certstore + secret: + secretName: omsagent-proxy-cert + - name: ssl-certs + emptyDir: {} + {{- end }} {{- end }} diff --git a/charts/azuremonitor-containers/templates/omsagent-secret.yaml b/charts/azuremonitor-containers/templates/omsagent-secret.yaml index 2b875e2e7..553044fd3 100644 --- a/charts/azuremonitor-containers/templates/omsagent-secret.yaml +++ b/charts/azuremonitor-containers/templates/omsagent-secret.yaml @@ -26,4 +26,19 @@ data: {{- else if ne .Values.omsagent.proxy "" }} PROXY: {{ .Values.omsagent.proxy | b64enc | quote }} {{- end }} +--- +{{- if and .Values.Azure.proxySettings.isProxyEnabled .Values.Azure.proxySettings.proxyCert }} +apiVersion: v1 +kind: Secret +metadata: + name: omsagent-proxy-cert + namespace: kube-system + labels: + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: + proxy-cert.crt: {{ .Values.Azure.proxySettings.proxyCert | b64enc | quote }} +{{- end }} {{- end }} diff --git a/kubernetes/linux/main.sh b/kubernetes/linux/main.sh index c4067f25e..0778f709d 100644 --- a/kubernetes/linux/main.sh +++ b/kubernetes/linux/main.sh @@ -107,6 +107,12 @@ if [ -e "/etc/omsagent-secret/WSID" ]; then else echo "successfully validated provided proxy endpoint is valid and expected format" fi + + # update ca-certs if proxy-cert is set + if [ -f "/usr/local/share/ca-certificates/proxy-cert.crt" ]; then + echo "Running update-ca-certificates since proxy-cert configured" + update-ca-certificates + fi fi if [ ! -z "$PROXY_ENDPOINT" ]; then From 55b4694ef2875dda716fdb09f17d5ef1d5a322c6 Mon Sep 17 00:00:00 2001 From: Ganga Mahesh Siddem Date: Tue, 9 Mar 2021 09:42:08 -0800 Subject: [PATCH 5/8] remove proxycert related changes --- .../templates/omsagent-daemonset.yaml | 15 --------------- .../templates/omsagent-deployment.yaml | 17 +---------------- .../templates/omsagent-secret.yaml | 15 --------------- kubernetes/linux/main.sh | 6 ------ 4 files changed, 1 insertion(+), 52 deletions(-) diff --git a/charts/azuremonitor-containers/templates/omsagent-daemonset.yaml b/charts/azuremonitor-containers/templates/omsagent-daemonset.yaml index 9e190d651..615cd0485 100644 --- a/charts/azuremonitor-containers/templates/omsagent-daemonset.yaml +++ b/charts/azuremonitor-containers/templates/omsagent-daemonset.yaml @@ -123,14 +123,6 @@ spec: - mountPath: /etc/config/settings/adx name: omsagent-adx-secret readOnly: true - {{- if and .Values.Azure.proxySettings.isProxyEnabled .Values.Azure.proxySettings.proxyCert }} - - name: ssl-certs - mountPath: /etc/ssl/certs/ - readOnly: false - - name: proxy-certstore - mountPath: /usr/local/share/ca-certificates/proxy-cert.crt - subPath: proxy-cert.crt - {{- end }} livenessProbe: exec: command: @@ -180,11 +172,4 @@ spec: secret: secretName: omsagent-adx-secret optional: true - {{- if and .Values.Azure.proxySettings.isProxyEnabled .Values.Azure.proxySettings.proxyCert }} - - name: proxy-certstore - secret: - secretName: omsagent-proxy-cert - - name: ssl-certs - emptyDir: {} - {{- end }} {{- end }} diff --git a/charts/azuremonitor-containers/templates/omsagent-deployment.yaml b/charts/azuremonitor-containers/templates/omsagent-deployment.yaml index c18d57109..e66a98920 100644 --- a/charts/azuremonitor-containers/templates/omsagent-deployment.yaml +++ b/charts/azuremonitor-containers/templates/omsagent-deployment.yaml @@ -109,14 +109,6 @@ spec: - mountPath: /etc/config/settings/adx name: omsagent-adx-secret readOnly: true - {{- if and .Values.Azure.proxySettings.isProxyEnabled .Values.Azure.proxySettings.proxyCert }} - - name: ssl-certs - mountPath: /etc/ssl/certs/ - readOnly: false - - name: proxy-certstore - mountPath: /usr/local/share/ca-certificates/proxy-cert.crt - subPath: proxy-cert.crt - {{- end }} livenessProbe: exec: command: @@ -165,12 +157,5 @@ spec: - name: omsagent-adx-secret secret: secretName: omsagent-adx-secret - optional: true - {{- if and .Values.Azure.proxySettings.isProxyEnabled .Values.Azure.proxySettings.proxyCert }} - - name: proxy-certstore - secret: - secretName: omsagent-proxy-cert - - name: ssl-certs - emptyDir: {} - {{- end }} + optional: true {{- end }} diff --git a/charts/azuremonitor-containers/templates/omsagent-secret.yaml b/charts/azuremonitor-containers/templates/omsagent-secret.yaml index 553044fd3..2b875e2e7 100644 --- a/charts/azuremonitor-containers/templates/omsagent-secret.yaml +++ b/charts/azuremonitor-containers/templates/omsagent-secret.yaml @@ -26,19 +26,4 @@ data: {{- else if ne .Values.omsagent.proxy "" }} PROXY: {{ .Values.omsagent.proxy | b64enc | quote }} {{- end }} ---- -{{- if and .Values.Azure.proxySettings.isProxyEnabled .Values.Azure.proxySettings.proxyCert }} -apiVersion: v1 -kind: Secret -metadata: - name: omsagent-proxy-cert - namespace: kube-system - labels: - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -type: Opaque -data: - proxy-cert.crt: {{ .Values.Azure.proxySettings.proxyCert | b64enc | quote }} -{{- end }} {{- end }} diff --git a/kubernetes/linux/main.sh b/kubernetes/linux/main.sh index 0778f709d..c4067f25e 100644 --- a/kubernetes/linux/main.sh +++ b/kubernetes/linux/main.sh @@ -107,12 +107,6 @@ if [ -e "/etc/omsagent-secret/WSID" ]; then else echo "successfully validated provided proxy endpoint is valid and expected format" fi - - # update ca-certs if proxy-cert is set - if [ -f "/usr/local/share/ca-certificates/proxy-cert.crt" ]; then - echo "Running update-ca-certificates since proxy-cert configured" - update-ca-certificates - fi fi if [ ! -z "$PROXY_ENDPOINT" ]; then From 78c88c5f0351f2126239f9cae2238fa2bc277cb8 Mon Sep 17 00:00:00 2001 From: Ganga Mahesh Siddem Date: Tue, 9 Mar 2021 09:49:16 -0800 Subject: [PATCH 6/8] fix whitespace issue --- .../azuremonitor-containers/templates/omsagent-deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/azuremonitor-containers/templates/omsagent-deployment.yaml b/charts/azuremonitor-containers/templates/omsagent-deployment.yaml index e66a98920..77eb17e63 100644 --- a/charts/azuremonitor-containers/templates/omsagent-deployment.yaml +++ b/charts/azuremonitor-containers/templates/omsagent-deployment.yaml @@ -157,5 +157,5 @@ spec: - name: omsagent-adx-secret secret: secretName: omsagent-adx-secret - optional: true + optional: true {{- end }} From e18a7f78456dfc63e1e38589cef1f862d9acf2f5 Mon Sep 17 00:00:00 2001 From: Ganga Mahesh Siddem Date: Tue, 9 Mar 2021 09:51:43 -0800 Subject: [PATCH 7/8] fix whitespace issue --- .../azuremonitor-containers/templates/omsagent-deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/azuremonitor-containers/templates/omsagent-deployment.yaml b/charts/azuremonitor-containers/templates/omsagent-deployment.yaml index 77eb17e63..37b8faacc 100644 --- a/charts/azuremonitor-containers/templates/omsagent-deployment.yaml +++ b/charts/azuremonitor-containers/templates/omsagent-deployment.yaml @@ -157,5 +157,5 @@ spec: - name: omsagent-adx-secret secret: secretName: omsagent-adx-secret - optional: true + optional: true {{- end }} From 91c1d8c40bd01303a1b5b3b4fc25c9c6af20aea8 Mon Sep 17 00:00:00 2001 From: Ganga Mahesh Siddem Date: Tue, 9 Mar 2021 17:33:56 -0800 Subject: [PATCH 8/8] remove proxy in arm template --- .../templates/omsagent-secret.yaml | 2 ++ .../arc-k8s-extension/existingClusterOnboarding.json | 12 ++---------- .../arc-k8s-extension/existingClusterParam.json | 3 --- 3 files changed, 4 insertions(+), 13 deletions(-) diff --git a/charts/azuremonitor-containers/templates/omsagent-secret.yaml b/charts/azuremonitor-containers/templates/omsagent-secret.yaml index 2b875e2e7..8c245338c 100644 --- a/charts/azuremonitor-containers/templates/omsagent-secret.yaml +++ b/charts/azuremonitor-containers/templates/omsagent-secret.yaml @@ -18,10 +18,12 @@ data: {{- if and (and (.Values.Azure.proxySettings.isProxyEnabled) (.Values.Azure.proxySettings.httpsProxy)) ($httpsProxyDict.userinfo) }} PROXY: {{ .Values.Azure.proxySettings.httpsProxy | b64enc | quote }} {{- else if and (and (.Values.Azure.proxySettings.isProxyEnabled) (.Values.Azure.proxySettings.httpsProxy)) (empty $httpsProxyDict.userinfo) }} + # adding arbitrary creds since omsagent expects arbitrary creds in case of no auth PROXY: {{ urlJoin (dict "scheme" $httpsProxyDict.scheme "userinfo" "admin:secret" "host" $httpsProxyDict.host) | b64enc | quote }} {{- else if and (and (.Values.Azure.proxySettings.isProxyEnabled) (.Values.Azure.proxySettings.httpProxy)) ($httpProxyDict.userinfo) }} PROXY: {{ .Values.Azure.proxySettings.httpProxy | b64enc | quote }} {{- else if and (and (.Values.Azure.proxySettings.isProxyEnabled) (.Values.Azure.proxySettings.httpProxy)) (empty $httpProxyDict.userinfo) }} + # adding arbitrary creds since omsagent expects arbitrary creds in case of no auth PROXY: {{ urlJoin (dict "scheme" $httpProxyDict.scheme "userinfo" "admin:secret" "host" $httpProxyDict.host) | b64enc | quote }} {{- else if ne .Values.omsagent.proxy "" }} PROXY: {{ .Values.omsagent.proxy | b64enc | quote }} diff --git a/scripts/onboarding/templates/arc-k8s-extension/existingClusterOnboarding.json b/scripts/onboarding/templates/arc-k8s-extension/existingClusterOnboarding.json index 8ebef232a..95e7ba5d0 100644 --- a/scripts/onboarding/templates/arc-k8s-extension/existingClusterOnboarding.json +++ b/scripts/onboarding/templates/arc-k8s-extension/existingClusterOnboarding.json @@ -13,14 +13,7 @@ "metadata": { "description": "Location of the Azure Arc Connected Cluster Resource e.g. \"eastus\"" } - }, - "proxyEndpointUrl": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "If the cluster behind forward proxy, then specify Proxy Endpoint URL in this format: http(s)://:@:" - } - }, + }, "workspaceResourceId": { "type": "string", "metadata": { @@ -114,8 +107,7 @@ }, "configurationProtectedSettings": { "omsagent.secret.wsid": "[reference(parameters('workspaceResourceId'), '2015-03-20').customerId]", - "omsagent.secret.key": "[listKeys(parameters('workspaceResourceId'), '2015-03-20').primarySharedKey]" , - "omsagent.proxy": "[if(equals(parameters('proxyEndpointUrl'), ''), '', parameters('proxyEndpointUrl'))]" + "omsagent.secret.key": "[listKeys(parameters('workspaceResourceId'), '2015-03-20').primarySharedKey]" }, "autoUpgradeMinorVersion": true, "releaseTrain": "Stable", diff --git a/scripts/onboarding/templates/arc-k8s-extension/existingClusterParam.json b/scripts/onboarding/templates/arc-k8s-extension/existingClusterParam.json index b74b5ac95..6829d3d05 100644 --- a/scripts/onboarding/templates/arc-k8s-extension/existingClusterParam.json +++ b/scripts/onboarding/templates/arc-k8s-extension/existingClusterParam.json @@ -8,9 +8,6 @@ "clusterRegion": { "value": "" }, - "proxyEndpointUrl": { - "value": "" - }, "workspaceResourceId": { "value": "/subscriptions//resourcegroups//providers/microsoft.operationalinsights/workspaces/" },