diff --git a/manifests/integrations/eventhub-credentials-sync/_cronjobs/azure/az-identity.yaml b/manifests/integrations/eventhub-credentials-sync/_cronjobs/azure/az-identity.yaml index 1591126b0bdf40e58d5b4b1e8ce04ffa82352b20..38fa05ff7a1ae1eca927f94b93fd33cc43b40ab3 100644 --- a/manifests/integrations/eventhub-credentials-sync/_cronjobs/azure/az-identity.yaml +++ b/manifests/integrations/eventhub-credentials-sync/_cronjobs/azure/az-identity.yaml @@ -12,5 +12,5 @@ metadata: name: lab namespace: flux-system spec: - azureIdentity: lab - selector: lab + azureIdentity: $(AZ_IDENTITY_NAME) # match the AzureIdentity name + selector: $(AZ_IDENTITY_NAME) # match the AzureIdentity name diff --git a/manifests/integrations/eventhub-credentials-sync/_cronjobs/azure/config-patches.yaml b/manifests/integrations/eventhub-credentials-sync/_cronjobs/azure/config-patches.yaml index 3d0ffac40991ba338a3abba5ad13c55f2c0925d2..8e8bc3a35abc0a1a21f1c5837b2c783a7b8c764f 100644 --- a/manifests/integrations/eventhub-credentials-sync/_cronjobs/azure/config-patches.yaml +++ b/manifests/integrations/eventhub-credentials-sync/_cronjobs/azure/config-patches.yaml @@ -23,15 +23,6 @@ spec: clientID: 82d01fb0-7799-4d9d-92c7-21e7632c0000 resourceID: /subscriptions/82d01fb0-7799-4d9d-92c7-21e7632c0000/resourceGroups/stealthybox/providers/Microsoft.ManagedIdentity/userAssignedIdentities/eventhub-write type: 0 ---- -apiVersion: aadpodidentity.k8s.io/v1 -kind: AzureIdentityBinding -metadata: - name: lab - namespace: flux-system -spec: - azureIdentity: jwt-lab - selector: jwt-lab # Set the reconcile period + specify the pod-identity via the aadpodidbinding label --- diff --git a/manifests/integrations/eventhub-credentials-sync/_cronjobs/azure/kustomizeconfig.yaml b/manifests/integrations/eventhub-credentials-sync/_cronjobs/azure/kustomizeconfig.yaml index 175f04a29544d00c2c0000493fb7cea43434a163..09c76747588935004f084252252f075062c7db0c 100644 --- a/manifests/integrations/eventhub-credentials-sync/_cronjobs/azure/kustomizeconfig.yaml +++ b/manifests/integrations/eventhub-credentials-sync/_cronjobs/azure/kustomizeconfig.yaml @@ -1,3 +1,7 @@ varReference: - - path: spec/jobTemplate/spec/template/metadata/labels - kind: CronJob +- path: spec/jobTemplate/spec/template/metadata/labels + kind: CronJob +- path: spec/azureIdentity + kind: AzureIdentityBinding +- path: spec/selector + kind: AzureIdentityBinding diff --git a/manifests/integrations/eventhub-credentials-sync/azure/az-identity.yaml b/manifests/integrations/eventhub-credentials-sync/azure/az-identity.yaml index 1591126b0bdf40e58d5b4b1e8ce04ffa82352b20..32d8b5742e68a501cd9f085fbe46f6f44319a836 100644 --- a/manifests/integrations/eventhub-credentials-sync/azure/az-identity.yaml +++ b/manifests/integrations/eventhub-credentials-sync/azure/az-identity.yaml @@ -9,8 +9,8 @@ metadata: apiVersion: aadpodidentity.k8s.io/v1 kind: AzureIdentityBinding metadata: - name: lab + name: lab # this can have a different name, but it's nice to keep them the same namespace: flux-system spec: - azureIdentity: lab - selector: lab + azureIdentity: $(AZ_IDENTITY_NAME) # match the AzureIdentity name + selector: $(AZ_IDENTITY_NAME) # match the AzureIdentity name diff --git a/manifests/integrations/eventhub-credentials-sync/azure/config-patches.yaml b/manifests/integrations/eventhub-credentials-sync/azure/config-patches.yaml index c285ed2c426234657943754ed84436f6b8d49e1e..3967cbb795a706e51883a49c5e76cb6684999b96 100644 --- a/manifests/integrations/eventhub-credentials-sync/azure/config-patches.yaml +++ b/manifests/integrations/eventhub-credentials-sync/azure/config-patches.yaml @@ -24,15 +24,6 @@ spec: clientID: 82d01fb0-7799-4d9d-92c7-21e7632c0000 resourceID: /subscriptions/82d01fb0-7799-4d9d-92c7-21e7632c0000/resourceGroups/stealthybox/providers/Microsoft.ManagedIdentity/userAssignedIdentities/eventhub-write type: 0 ---- -apiVersion: aadpodidentity.k8s.io/v1 -kind: AzureIdentityBinding -metadata: - name: lab - namespace: flux-system -spec: - azureIdentity: jwt-lab - selector: jwt-lab # Specify the pod-identity via the aadpodidbinding label --- diff --git a/manifests/integrations/eventhub-credentials-sync/azure/kustomizeconfig.yaml b/manifests/integrations/eventhub-credentials-sync/azure/kustomizeconfig.yaml index afd68fe5de0524199549ab8c094377089ffbec79..da4d902df75ff83ac0c18ec7878ca54507040328 100644 --- a/manifests/integrations/eventhub-credentials-sync/azure/kustomizeconfig.yaml +++ b/manifests/integrations/eventhub-credentials-sync/azure/kustomizeconfig.yaml @@ -1,3 +1,7 @@ varReference: - path: spec/template/metadata/labels kind: Deployment +- path: spec/azureIdentity + kind: AzureIdentityBinding +- path: spec/selector + kind: AzureIdentityBinding diff --git a/manifests/integrations/registry-credentials-sync/_cronjobs/azure/az-identity.yaml b/manifests/integrations/registry-credentials-sync/_cronjobs/azure/az-identity.yaml index c3c6be81e3ac83dae8d3f4173f100d3212e2f64d..8b365507c733797204becf225c56cb90b133aa42 100644 --- a/manifests/integrations/registry-credentials-sync/_cronjobs/azure/az-identity.yaml +++ b/manifests/integrations/registry-credentials-sync/_cronjobs/azure/az-identity.yaml @@ -5,3 +5,12 @@ kind: AzureIdentity metadata: name: credentials-sync # if this is changed, also change in config-patches.yaml namespace: flux-system +--- +apiVersion: aadpodidentity.k8s.io/v1 +kind: AzureIdentityBinding +metadata: + name: credentials-sync # this can have a different name, but it's nice to keep them the same + namespace: flux-system +spec: + azureIdentity: $(AZ_IDENTITY_NAME) # match the AzureIdentity name + selector: $(AZ_IDENTITY_NAME) # match the AzureIdentity name diff --git a/manifests/integrations/registry-credentials-sync/_cronjobs/azure/kustomizeconfig.yaml b/manifests/integrations/registry-credentials-sync/_cronjobs/azure/kustomizeconfig.yaml index 22524c1d750ffdcbce997314084ea91337d482af..09c76747588935004f084252252f075062c7db0c 100644 --- a/manifests/integrations/registry-credentials-sync/_cronjobs/azure/kustomizeconfig.yaml +++ b/manifests/integrations/registry-credentials-sync/_cronjobs/azure/kustomizeconfig.yaml @@ -1,3 +1,7 @@ varReference: - path: spec/jobTemplate/spec/template/metadata/labels - kind: Deployment + kind: CronJob +- path: spec/azureIdentity + kind: AzureIdentityBinding +- path: spec/selector + kind: AzureIdentityBinding diff --git a/manifests/integrations/registry-credentials-sync/azure/az-identity.yaml b/manifests/integrations/registry-credentials-sync/azure/az-identity.yaml index c3c6be81e3ac83dae8d3f4173f100d3212e2f64d..8b365507c733797204becf225c56cb90b133aa42 100644 --- a/manifests/integrations/registry-credentials-sync/azure/az-identity.yaml +++ b/manifests/integrations/registry-credentials-sync/azure/az-identity.yaml @@ -5,3 +5,12 @@ kind: AzureIdentity metadata: name: credentials-sync # if this is changed, also change in config-patches.yaml namespace: flux-system +--- +apiVersion: aadpodidentity.k8s.io/v1 +kind: AzureIdentityBinding +metadata: + name: credentials-sync # this can have a different name, but it's nice to keep them the same + namespace: flux-system +spec: + azureIdentity: $(AZ_IDENTITY_NAME) # match the AzureIdentity name + selector: $(AZ_IDENTITY_NAME) # match the AzureIdentity name diff --git a/manifests/integrations/registry-credentials-sync/azure/kustomizeconfig.yaml b/manifests/integrations/registry-credentials-sync/azure/kustomizeconfig.yaml index afd68fe5de0524199549ab8c094377089ffbec79..da4d902df75ff83ac0c18ec7878ca54507040328 100644 --- a/manifests/integrations/registry-credentials-sync/azure/kustomizeconfig.yaml +++ b/manifests/integrations/registry-credentials-sync/azure/kustomizeconfig.yaml @@ -1,3 +1,7 @@ varReference: - path: spec/template/metadata/labels kind: Deployment +- path: spec/azureIdentity + kind: AzureIdentityBinding +- path: spec/selector + kind: AzureIdentityBinding