From 33a0fcc65b490aab553eadb5662c19983ea9f36f Mon Sep 17 00:00:00 2001 From: Amit Lichtenberg Date: Thu, 7 Mar 2024 10:35:25 +0200 Subject: [PATCH] Add azure IAM code samples --- .../code-examples/azure-iam-aks/client.yaml | 32 +++++++++++++++++++ .../azure-iam-aks/clientintents.yaml | 13 ++++++++ 2 files changed, 45 insertions(+) create mode 100644 static/code-examples/azure-iam-aks/client.yaml create mode 100644 static/code-examples/azure-iam-aks/clientintents.yaml diff --git a/static/code-examples/azure-iam-aks/client.yaml b/static/code-examples/azure-iam-aks/client.yaml new file mode 100644 index 000000000..28928e218 --- /dev/null +++ b/static/code-examples/azure-iam-aks/client.yaml @@ -0,0 +1,32 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: otterize-tutorial-azure-iam +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: client + namespace: otterize-tutorial-azure-iam +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: client + namespace: otterize-tutorial-azure-iam +spec: + selector: + matchLabels: + app: client + template: + metadata: + labels: + app: client + credentials-operator.otterize.com/create-azure-role-assignment: "true" + spec: + serviceAccountName: client + containers: + - name: client + image: mcr.microsoft.com/azure-cli + command: [ "/bin/sh", "-c", "--" ] + args: [ "while true; do az login --federated-token \"$(cat $AZURE_FEDERATED_TOKEN_FILE)\" --service-principal -u $AZURE_CLIENT_ID -t $AZURE_TENANT_ID; az storage blob list --container test --account-name amitlichttest --auth-mode login; sleep 1; echo 'Client - The time is:'; curl -v --silent google.com 2>&1 | grep 'Date:'; sleep 2; done" ] \ No newline at end of file diff --git a/static/code-examples/azure-iam-aks/clientintents.yaml b/static/code-examples/azure-iam-aks/clientintents.yaml new file mode 100644 index 000000000..ba6330ef9 --- /dev/null +++ b/static/code-examples/azure-iam-aks/clientintents.yaml @@ -0,0 +1,13 @@ +apiVersion: k8s.otterize.com/v1alpha3 +kind: ClientIntents +metadata: + name: client + namespace: otterize-tutorial-azure-iam +spec: + service: + name: client + calls: + - name: "/subscriptions/ef54c90c-5351-4c8f-a126-16a6d789104f/resourceGroups/myResourceGroup/providers/Microsoft.Storage/storageAccounts/amitlichttest/blobServices/default/containers/test" + type: azure + azureRoles: # pre-existing (preset or custom) role by name + - "Storage Blob Data Contributor"