in pkg/agent/params.go [179:240]
func assignKubernetesParameters(properties *datamodel.Properties, parametersMap paramsMap,
cloudSpecConfig *datamodel.AzureEnvironmentSpecConfig,
k8sComponents *datamodel.K8sComponents,
config *datamodel.NodeBootstrappingConfiguration) {
orchestratorProfile := properties.OrchestratorProfile
if orchestratorProfile.IsKubernetes() {
k8sVersion := orchestratorProfile.OrchestratorVersion
addValue(parametersMap, "kubernetesVersion", k8sVersion)
assignKubernetesParametersfromKubernetesConfig(properties, parametersMap, cloudSpecConfig, k8sComponents, config)
servicePrincipalProfile := properties.ServicePrincipalProfile
if servicePrincipalProfile != nil {
addValue(parametersMap, "servicePrincipalClientId", servicePrincipalProfile.ClientID)
encodedServicePrincipalClientSecret := base64.StdEncoding.EncodeToString([]byte(servicePrincipalProfile.Secret))
addValue(parametersMap, "servicePrincipalClientSecret", servicePrincipalProfile.Secret)
// base64 encoding is to escape special characters like quotes in service principal
// reference: https://github.com/Azure/aks-engine/pull/1174
addValue(parametersMap, "encodedServicePrincipalClientSecret", encodedServicePrincipalClientSecret)
}
/**
The following parameters could be either a plain text, or referenced to a secret in a keyvault:
- apiServerCertificate
- clientCertificate
- clientPrivateKey
- kubeConfigCertificate
- kubeConfigPrivateKey
- servicePrincipalClientSecret
To refer to a keyvault secret, the value of the parameter in the api model file should be formatted as:
"<PARAMETER>": "/subscriptions/<SUB_ID>/resourceGroups/<RG_NAME>/providers/Microsoft.KeyVault/vaults/<KV_NAME>/secrets/<NAME>[/<VERSION>]"
where:
<SUB_ID> is the subscription ID of the keyvault
<RG_NAME> is the resource group of the keyvault
<KV_NAME> is the name of the keyvault
<NAME> is the name of the secret.
<VERSION> (optional) is the version of the secret (default: the latest version)
This will generate a reference block in the parameters file:
"reference": {
"keyVault": {
"id": "/subscriptions/<SUB_ID>/resourceGroups/<RG_NAME>/providers/Microsoft.KeyVault/vaults/<KV_NAME>"
},
"secretName": "<NAME>"
"secretVersion": "<VERSION>"
}
**/
certificateProfile := properties.CertificateProfile
if certificateProfile != nil {
addSecret(parametersMap, "apiServerCertificate", certificateProfile.APIServerCertificate, true)
addSecret(parametersMap, "caCertificate", certificateProfile.CaCertificate, true)
addSecret(parametersMap, "clientCertificate", certificateProfile.ClientCertificate, true)
addSecret(parametersMap, "clientPrivateKey", certificateProfile.ClientPrivateKey, true)
}
}
}