in pkg/engine/armresources.go [16:118]
func GenerateARMResources(cs *api.ContainerService) []interface{} {
var armResources []interface{}
deploymentTelemetryEnabled := cs.Properties.FeatureFlags.IsFeatureEnabled("EnableTelemetry")
isAzureStack := cs.Properties.IsAzureStackCloud()
azureTelemetryPID := cs.GetCloudSpecConfig().KubernetesSpecConfig.AzureTelemetryPID
if deploymentTelemetryEnabled {
if isAzureStack {
deploymentResource := createAzureStackTelemetry(azureTelemetryPID)
armResources = append(armResources, deploymentResource)
}
}
var useManagedIdentity, userAssignedIDEnabled, createNewUserAssignedIdentity bool
kubernetesConfig := cs.Properties.OrchestratorProfile.KubernetesConfig
if kubernetesConfig != nil {
useManagedIdentity = to.Bool(kubernetesConfig.UseManagedIdentity)
userAssignedIDEnabled = kubernetesConfig.UserAssignedIDEnabled()
createNewUserAssignedIdentity = kubernetesConfig.ShouldCreateNewUserAssignedIdentity()
}
if userAssignedIDEnabled {
if createNewUserAssignedIdentity {
userAssignedID := createUserAssignedIdentities()
armResources = append(armResources, userAssignedID)
}
msiRoleAssignment := createMSIRoleAssignment(IdentityContributorRole)
armResources = append(armResources, msiRoleAssignment)
}
// Create the Standard Load Balancer resource spec, so long as:
// - we are not in an AKS template generation flow
// - there are no node pools configured with LoadBalancerBackendAddressPoolIDs
// - i.e., user-provided LoadBalancerBackendAddressPoolIDs is not compatible w/ this Standard LB spec,
// which assumes *all vms in all node pools* as backend pool members
if cs.Properties.OrchestratorProfile.KubernetesConfig.LoadBalancerSku == api.StandardLoadBalancerSku &&
!cs.Properties.AnyAgentHasLoadBalancerBackendAddressPoolIDs() {
var publicIPAddresses []PublicIPAddressARM
numIps := 1
if cs.Properties.OrchestratorProfile.KubernetesConfig.LoadBalancerOutboundIPs != nil {
numIps = *cs.Properties.OrchestratorProfile.KubernetesConfig.LoadBalancerOutboundIPs
}
ipAddressNamePrefix := "agentPublicIPAddressName"
for i := 1; i <= numIps; i++ {
name := ipAddressNamePrefix
if i > 1 {
name += strconv.Itoa(i)
}
publicIPAddresses = append(publicIPAddresses, CreatePublicIPAddressForNodePools(name))
}
loadBalancer := CreateStandardLoadBalancerForNodePools(cs.Properties, true)
for _, publicIPAddress := range publicIPAddresses {
armResources = append(armResources, publicIPAddress)
}
armResources = append(armResources, loadBalancer)
}
profiles := cs.Properties.AgentPoolProfiles
for _, profile := range profiles {
if profile.IsWindows() {
if cs.Properties.WindowsProfile.HasCustomImage() {
// Create Image resource from VHD if requestesd
armResources = append(armResources, createWindowsImage(profile))
}
}
if profile.IsVirtualMachineScaleSets() {
if useManagedIdentity && !userAssignedIDEnabled {
armResources = append(armResources, createAgentVMSSSysRoleAssignment(profile))
}
armResources = append(armResources, CreateAgentVMSS(cs, profile))
} else {
agentVMASResources := createKubernetesAgentVMASResources(cs, profile)
armResources = append(armResources, agentVMASResources...)
}
}
isMasterVMSS := cs.Properties.MasterProfile != nil && cs.Properties.MasterProfile.IsVirtualMachineScaleSets()
var masterResources []interface{}
if !isMasterVMSS {
masterResources = createKubernetesMasterResourcesVMAS(cs)
}
armResources = append(armResources, masterResources...)
if cs.Properties.OrchestratorProfile.KubernetesConfig.IsAddonEnabled(common.AppGwIngressAddonName) {
armResources = append(armResources, createAppGwPublicIPAddress())
armResources = append(armResources, createAppGwUserAssignedIdentities())
armResources = append(armResources, createApplicationGateway(cs.Properties))
armResources = append(armResources, createAppGwIdentityApplicationGatewayWriteSysRoleAssignment())
armResources = append(armResources, createKubernetesSpAppGIdentityOperatorAccessRoleAssignment(cs.Properties))
armResources = append(armResources, createAppGwIdentityResourceGroupReadSysRoleAssignment())
}
return armResources
}