aks-manifest bicep module fixes

this PR adresses the following bugs in the aks-manifest module and its usage for serviceaccount placement * `ServiceAccount` are now generated with their correct `metadata.name`. previously the `uamiName` was used instead of the `serviceAccountName` * the aks-manifest can now handle non-namespaced manifests * the aks-manifest deploymentjobs are now re-executed when the manifests to apply change. Signed-off-by: Gerd Oberlechner <[email protected]>
Azure · May 14, 2024 · dd28057 · dd28057
1 parent a92fb2b
commit dd28057
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 4 deletions.
diff --git a/dev-infrastructure/modules/aks-cluster-base.bicep b/dev-infrastructure/modules/aks-cluster-base.bicep
@@ -395,7 +395,7 @@ module serviceAccounts './aks-manifest.bicep' = {
         apiVersion: 'v1'
         kind: 'ServiceAccount'
         metadata: {
-          name: workloadIdentities[i].value.uamiName
+          name: workloadIdentities[i].value.serviceAccountName
           namespace: workloadIdentities[i].value.namespace
           annotations: {
             'azure.workload.identity/client-id': uami[i].properties.clientId

diff --git a/dev-infrastructure/modules/aks-manifest.bicep b/dev-infrastructure/modules/aks-manifest.bicep
@@ -3,15 +3,18 @@ param aksClusterName string
 param location string
 param aksManagedIdentityId string
 param manifests array
+param forceUpdateTag string = guid(string(manifests))
 
-var namespaces = [for manifest in manifests: manifest.metadata.namespace]
+var namespaces = [
+  for manifest in filter(manifests, m => contains(m.metadata, 'namespace')): manifest.metadata.namespace
+]
 var uniqueNamespaces = union(namespaces, [])
 var namespaceManifests = [
-  for i in range(0, length(uniqueNamespaces)): {
+  for ns in uniqueNamespaces: {
     apiVersion: 'v1'
     kind: 'Namespace'
     metadata: {
-      name: uniqueNamespaces[i]
+      name: ns
     }
   }
 ]
@@ -54,6 +57,7 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@2023-08-01' = {
     // * avoid the need for a network path to the cluster
     //
     // right now az aks command invoke fails with `MissingAADClusterToken` when run within a deploymentscript
+    forceUpdateTag: forceUpdateTag
     environmentVariables: [
       {
         name: 'AKS_CLUSTER_RG'