Add data plane MIs to the Azure HostedCluster API

Add MSI client IDs related to the data plane to the Azure HostedCluster API for image registry, cloud network config controller, CSI, and ingress. Signed-off-by: Bryan Cox <[email protected]>
openshift · Nov 11, 2024 · 0bf8c04 · 0bf8c04
1 parent bfe9149
commit 0bf8c04
Show file tree

Hide file tree

Showing 41 changed files with 274 additions and 94,371 deletions.
diff --git a/api/hypershift/v1beta1/azure.go b/api/hypershift/v1beta1/azure.go
@@ -460,7 +460,11 @@ type AzureResourceManagedIdentities struct {
 	// +kubebuilder:validation:Required
 	ControlPlane ControlPlaneManagedIdentities `json:"controlPlane"`
 
-	// Future placeholder - DataPlaneMIs * DataPlaneManagedIdentities
+	// dataPlane contains the client IDs of all the managed identities on the data plane needing to authenticate with
+	// Azure's API.
+	//
+	// +kubebuilder:validation:Required
+	DataPlane DataPlaneManagedIdentities `json:"dataPlane"`
 }
 
 // ManagedIdentity contains the client ID, and its certificate name, of a managed identity. This managed identity is
@@ -535,6 +539,32 @@ type ControlPlaneManagedIdentities struct {
 	File ManagedIdentity `json:"file"`
 }
 
+// DataPlaneManagedIdentities contains the client IDs of all the managed identities on the data plane needing to
+// authenticate with Azure's API.
+type DataPlaneManagedIdentities struct {
+	// imageRegistryMSIClientID is the client ID of a pre-existing managed identity ID associated with the image
+	//registry controller.
+	//
+	// +kubebuilder:validation:Required
+	ImageRegistryMSIClientID string `json:"imageRegistryMSIClientID"`
+
+	// diskMSIClientID is the client ID of a pre-existing managed identity ID associated with the CSI Disk driver.
+	//
+	// +kubebuilder:validation:Required
+	DiskMSIClientID string `json:"diskMSIClientID"`
+
+	// fileMSIClientID is the client ID of a pre-existing managed identity ID associated with the CSI File driver.
+	//
+	// +kubebuilder:validation:Required
+	FileMSIClientID string `json:"fileMSIClientID"`
+
+	// cloudNetworkConfigMSIClientID is the client ID of a pre-existing managed identity ID associated with the cloud
+	// network config controller.
+	//
+	// +kubebuilder:validation:Required
+	CloudNetworkConfigMSIClientID string `json:"cloudNetworkConfigMSIClientID"`
+}
+
 // AzureKMSSpec defines metadata about the configuration of the Azure KMS Secret Encryption provider using Azure key vault
 type AzureKMSSpec struct {
 	// ActiveKey defines the active key used to encrypt new secrets

diff --git a/api/hypershift/v1beta1/zz_generated.deepcopy.go b/api/hypershift/v1beta1/zz_generated.deepcopy.go
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests.yaml