diff --git a/deployment/arc-k8s-extension/ServiceGroupRoot/Parameters/ContainerInsightsExtension.Parameters.json b/deployment/arc-k8s-extension/ServiceGroupRoot/Parameters/ContainerInsightsExtension.Parameters.json index a8a99e9f6..69e1bcf35 100644 --- a/deployment/arc-k8s-extension/ServiceGroupRoot/Parameters/ContainerInsightsExtension.Parameters.json +++ b/deployment/arc-k8s-extension/ServiceGroupRoot/Parameters/ContainerInsightsExtension.Parameters.json @@ -31,26 +31,6 @@ "name": "RELEASE_STAGE", "value": "__RELEASE_STAGE__" }, - { - "name": "ACR_APP_ID", - "reference": { - "provider": "AzureKeyVault", - "parameters": { - "secretId": "https://cibuildandreleasekv.vault.azure.net/secrets/ciprodacrappid/e8f47bf7505741ebaf65a4db16ff9fa7" - } - }, - "asSecureValue": "true" - }, - { - "name": "ACR_APP_SECRET", - "reference": { - "provider": "AzureKeyVault", - "parameters": { - "secretId": "https://cibuildandreleasekv.vault.azure.net/secrets/ciprodacrappsecret/8718afcdac114accb8b26f613cef1e1e" - } - }, - "asSecureValue": "true" - }, { "name": "ACR_NAME", "value": "__ACR_NAME__" @@ -59,8 +39,14 @@ "name": "CHART_VERSION", "value": "__CHART_VERSION__" } - ] + ], + "identity": { + "type": "userAssigned", + "userAssignedIdentities": [ + "__MANAGED_IDENTITY__" + ] + } } } ] -} +} \ No newline at end of file diff --git a/deployment/arc-k8s-extension/ServiceGroupRoot/RolloutSpecs/Public.Canary.RolloutSpec.json b/deployment/arc-k8s-extension/ServiceGroupRoot/RolloutSpecs/Public.Canary.RolloutSpec.json index cde103633..2d0149e24 100644 --- a/deployment/arc-k8s-extension/ServiceGroupRoot/RolloutSpecs/Public.Canary.RolloutSpec.json +++ b/deployment/arc-k8s-extension/ServiceGroupRoot/RolloutSpecs/Public.Canary.RolloutSpec.json @@ -26,4 +26,4 @@ "dependsOn": [ ] } ] -} +} \ No newline at end of file diff --git a/deployment/arc-k8s-extension/ServiceGroupRoot/ScopeBindings/Public.ScopeBindings.json b/deployment/arc-k8s-extension/ServiceGroupRoot/ScopeBindings/Public.ScopeBindings.json index 516eba3e2..bf61ab7fd 100644 --- a/deployment/arc-k8s-extension/ServiceGroupRoot/ScopeBindings/Public.ScopeBindings.json +++ b/deployment/arc-k8s-extension/ServiceGroupRoot/ScopeBindings/Public.ScopeBindings.json @@ -16,6 +16,10 @@ { "find": "__CHART_VERSION__", "replaceWith": "$(ChartVersion)" + }, + { + "find": "__MANAGED_IDENTITY__", + "replaceWith": "$(ManagedIdentity)" } ] }, @@ -33,6 +37,10 @@ { "find": "__CHART_VERSION__", "replaceWith": "$(ChartVersion)" + }, + { + "find": "__MANAGED_IDENTITY__", + "replaceWith": "$(ManagedIdentity)" } ] }, @@ -50,6 +58,10 @@ { "find": "__CHART_VERSION__", "replaceWith": "$(ChartVersion)" + }, + { + "find": "__MANAGED_IDENTITY__", + "replaceWith": "$(ManagedIdentity)" } ] }, @@ -67,6 +79,10 @@ { "find": "__CHART_VERSION__", "replaceWith": "$(ChartVersion)" + }, + { + "find": "__MANAGED_IDENTITY__", + "replaceWith": "$(ManagedIdentity)" } ] }, @@ -84,6 +100,10 @@ { "find": "__CHART_VERSION__", "replaceWith": "$(ChartVersion)" + }, + { + "find": "__MANAGED_IDENTITY__", + "replaceWith": "$(ManagedIdentity)" } ] }, @@ -101,6 +121,10 @@ { "find": "__CHART_VERSION__", "replaceWith": "$(ChartVersion)" + }, + { + "find": "__MANAGED_IDENTITY__", + "replaceWith": "$(ManagedIdentity)" } ] }, @@ -118,8 +142,12 @@ { "find": "__CHART_VERSION__", "replaceWith": "$(ChartVersion)" + }, + { + "find": "__MANAGED_IDENTITY__", + "replaceWith": "$(ManagedIdentity)" } ] } ] -} +} \ No newline at end of file diff --git a/deployment/arc-k8s-extension/ServiceGroupRoot/Scripts/pushChartToAcr.sh b/deployment/arc-k8s-extension/ServiceGroupRoot/Scripts/pushChartToAcr.sh index 520557592..99421b122 100644 --- a/deployment/arc-k8s-extension/ServiceGroupRoot/Scripts/pushChartToAcr.sh +++ b/deployment/arc-k8s-extension/ServiceGroupRoot/Scripts/pushChartToAcr.sh @@ -106,8 +106,24 @@ echo "START - Release stage : ${RELEASE_STAGE}" echo "Using acr : ${ACR_NAME}" echo "Using acr repo type: ${REPO_TYPE}" +#Login to az cli and authenticate to acr +echo "Login cli using managed identity" +az login --identity +if [ $? -eq 0 ]; then + echo "Logged in successfully" +else + echo "-e error az login with managed identity credentials failed. Please review the Ev2 pipeline logs for more details on the error." + exit 1 +fi + +ACCESS_TOKEN=$(az acr login --name ${ACR_NAME} --expose-token --output tsv --query accessToken) +if [ $? -ne 0 ]; then + echo "-e error az acr login failed. Please review the Ev2 pipeline logs for more details on the error." + exit 1 +fi + echo "login to acr:${ACR_NAME} using helm ..." -echo $ACR_APP_SECRET | helm registry login $ACR_NAME --username $ACR_APP_ID --password-stdin +echo $ACCESS_TOKEN | helm registry login $ACR_NAME -u 00000000-0000-0000-0000-000000000000 --password-stdin if [ $? -eq 0 ]; then echo "login to acr:${ACR_NAME} using helm completed successfully." else @@ -178,4 +194,4 @@ case $RELEASE_STAGE in ;; esac -echo "END - Release stage : ${RELEASE_STAGE}" +echo "END - Release stage : ${RELEASE_STAGE}" \ No newline at end of file diff --git a/deployment/arc-k8s-extension/ServiceGroupRoot/ServiceModels/Public.ServiceModel.json b/deployment/arc-k8s-extension/ServiceGroupRoot/ServiceModels/Public.ServiceModel.json index 71081661a..6f565d4c4 100644 --- a/deployment/arc-k8s-extension/ServiceGroupRoot/ServiceModels/Public.ServiceModel.json +++ b/deployment/arc-k8s-extension/ServiceGroupRoot/ServiceModels/Public.ServiceModel.json @@ -33,7 +33,7 @@ "AzureResourceGroupName": "ContainerInsightsExtension-Canary-Release", "Location": "eastus2", "InstanceOf": "ARC-Extension-ServiceResourceGroupDefinition", - "AzureSubscriptionId": "5fab7b6f-6150-42fe-89e1-0f07a0a9a46f", + "AzureSubscriptionId": "30c56c3a-54da-46ea-b004-06eb33432687", "ScopeTags": [ { "Name": "Canary" @@ -51,7 +51,7 @@ "AzureResourceGroupName": "ContainerInsightsExtension-Pilot-Release", "Location": "eastus2", "InstanceOf": "ARC-Extension-ServiceResourceGroupDefinition", - "AzureSubscriptionId": "5fab7b6f-6150-42fe-89e1-0f07a0a9a46f", + "AzureSubscriptionId": "30c56c3a-54da-46ea-b004-06eb33432687", "ScopeTags": [ { "Name": "Pilot" @@ -69,7 +69,7 @@ "AzureResourceGroupName": "ContainerInsightsExtension-LightLoad-Release", "Location": "eastus2", "InstanceOf": "ARC-Extension-ServiceResourceGroupDefinition", - "AzureSubscriptionId": "5fab7b6f-6150-42fe-89e1-0f07a0a9a46f", + "AzureSubscriptionId": "30c56c3a-54da-46ea-b004-06eb33432687", "ScopeTags": [ { "Name": "LightLoad" @@ -87,7 +87,7 @@ "AzureResourceGroupName": "ContainerInsightsExtension-MediumLoad-Release", "Location": "eastus2", "InstanceOf": "ARC-Extension-ServiceResourceGroupDefinition", - "AzureSubscriptionId": "5fab7b6f-6150-42fe-89e1-0f07a0a9a46f", + "AzureSubscriptionId": "30c56c3a-54da-46ea-b004-06eb33432687", "ScopeTags": [ { "Name": "MediumLoad" @@ -105,7 +105,7 @@ "AzureResourceGroupName": "ContainerInsightsExtension-HighLoad-Release", "Location": "eastus2", "InstanceOf": "ARC-Extension-ServiceResourceGroupDefinition", - "AzureSubscriptionId": "5fab7b6f-6150-42fe-89e1-0f07a0a9a46f", + "AzureSubscriptionId": "30c56c3a-54da-46ea-b004-06eb33432687", "ScopeTags": [ { "Name": "HighLoad" @@ -123,7 +123,7 @@ "AzureResourceGroupName": "ContainerInsightsExtension-FF-Release", "Location": "eastus2", "InstanceOf": "ARC-Extension-ServiceResourceGroupDefinition", - "AzureSubscriptionId": "5fab7b6f-6150-42fe-89e1-0f07a0a9a46f", + "AzureSubscriptionId": "30c56c3a-54da-46ea-b004-06eb33432687", "ScopeTags": [ { "Name": "FF" @@ -141,7 +141,7 @@ "AzureResourceGroupName": "ContainerInsightsExtension-MC-Release", "Location": "eastus2", "InstanceOf": "ARC-Extension-ServiceResourceGroupDefinition", - "AzureSubscriptionId": "5fab7b6f-6150-42fe-89e1-0f07a0a9a46f", + "AzureSubscriptionId": "30c56c3a-54da-46ea-b004-06eb33432687", "ScopeTags": [ { "Name": "MC" @@ -156,4 +156,4 @@ ] } ] - } + } \ No newline at end of file