VMware Tanzu Application Platform

 View Only
Expand all | Collapse all

Unable to find cluster configuration to enable and use User managed identity on Azure cloud while cluster provisioning for TKG

  • 1.  Unable to find cluster configuration to enable and use User managed identity on Azure cloud while cluster provisioning for TKG

    Posted Jun 28, 2024 11:03 AM

    Hi, we are trying to provision TKG cluster into our Azure Pipeline using User managed identity for authentication. We have assigned each VM with User managed Identity and looking to set Cluster config file with Identity as well. We don't find any configuration parameters in the VMWare TKG document to use user managed identity for Azure cloud. Earlier we have been using Service Principals for authentication. Can VMWare add support to use Managed Identities to their cluster as well? Or if there is any existing way to use this in the current documentation and can you provide some context on it?

    Thanks for consideration!

    This is the contents of cluster-config.yaml file we have been using to provision a TKG cluster along with service principals

    AZURE_CLIENT_ID: $AZ_CLIENT_ID_PROV
    AZURE_CLIENT_SECRET: $AZ_CLIENT_SECRET_PROV
    AZURE_CONTROL_PLANE_MACHINE_TYPE: $TKG_MACHINE_TYPE
    AZURE_CONTROL_PLANE_SUBNET_CIDR: 10.0.0.0/24
    AZURE_CONTROL_PLANE_SUBNET_NAME: tkg-cp-subnet-master
    AZURE_ENABLE_PRIVATE_CLUSTER: ""
    AZURE_ENVIRONMENT: AzurePublicCloud
    AZURE_FRONTEND_PRIVATE_IP: ""
    AZURE_LOCATION: eastus
    AZURE_NODE_MACHINE_TYPE: $TKG_MACHINE_TYPE
    AZURE_NODE_SUBNET_CIDR: 10.0.1.0/24
    AZURE_NODE_SUBNET_NAME: tkg-cp-subnet-worker
    AZURE_RESOURCE_GROUP: $RESOURCE_GROUP_TKG
    AZURE_SUBSCRIPTION_ID: $AZ_SUBSCRIPTION_ID_PROV
    AZURE_TENANT_ID: $AZ_TENANT_ID_PROV
    AZURE_VNET_CIDR: 10.0.0.0/16
    AZURE_VNET_NAME: arc-conformance-tkg-vnet
    AZURE_VNET_RESOURCE_GROUP: $RESOURCE_GROUP_TKG
    CLUSTER_ANNOTATIONS: ''
    CLUSTER_CIDR: 100.96.0.0/11
    CLUSTER_NAME: conformance-tkg-mgnt-cluster
    CLUSTER_PLAN: $TKG_CLUSTER_PLAN
    ENABLE_AUDIT_LOGGING: ""
    ENABLE_CEIP_PARTICIPATION: "true"
    ENABLE_MHC: "false"
    IDENTITY_MANAGEMENT_TYPE: none
    INFRASTRUCTURE_PROVIDER: azure
    LDAP_BIND_DN: ""
    LDAP_BIND_PASSWORD: ""
    LDAP_GROUP_SEARCH_BASE_DN: ""
    LDAP_GROUP_SEARCH_FILTER: ""
    LDAP_GROUP_SEARCH_GROUP_ATTRIBUTE: ""
    LDAP_GROUP_SEARCH_NAME_ATTRIBUTE: cn
    LDAP_GROUP_SEARCH_USER_ATTRIBUTE: DN
    LDAP_HOST: ""
    LDAP_ROOT_CA_DATA_B64: ""
    LDAP_USER_SEARCH_BASE_DN: ""
    LDAP_USER_SEARCH_FILTER: ""
    LDAP_USER_SEARCH_NAME_ATTRIBUTE: ""
    LDAP_USER_SEARCH_USERNAME: userPrincipalName
    OIDC_IDENTITY_PROVIDER_CLIENT_ID: ""
    OIDC_IDENTITY_PROVIDER_CLIENT_SECRET: ""
    OIDC_IDENTITY_PROVIDER_GROUPS_CLAIM: ""
    OIDC_IDENTITY_PROVIDER_ISSUER_URL: ""
    OIDC_IDENTITY_PROVIDER_NAME: ""
    OIDC_IDENTITY_PROVIDER_SCOPES: ""
    OIDC_IDENTITY_PROVIDER_USERNAME_CLAIM: ""
    OS_ARCH: amd64
    OS_NAME: ubuntu
    OS_VERSION: "20.04"
    SERVICE_CIDR: 100.64.0.0/13
    TKG_HTTP_PROXY_ENABLED: "false"


  • 2.  RE: Unable to find cluster configuration to enable and use User managed identity on Azure cloud while cluster provisioning for TKG

    Posted Jul 22, 2024 10:20 AM

    Hi, we are blocked to provision the TKG infrastructure due unavailability of managed identity authentication method with TKG cluster. Please can this feature be added soon in your releases?