Make the cloudName configurable in the SecretProviderClass (#234)

* Make the cloudName configurable in the SecretProviderClass * Update chartvalues.md Add documentation about what cloud values are allowed in the chart. Note this change doesn't enable USNat/USSec
Azure · Aug 22, 2022 · c30525f · c30525f
1 parent b1b985b
commit c30525f
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 2 deletions.
diff --git a/...deploy/chart/prometheus-collector/templates/prometheus-collector-secretProviderClass.yaml b/...deploy/chart/prometheus-collector/templates/prometheus-collector-secretProviderClass.yaml
@@ -24,7 +24,7 @@ spec:
     {{- end }}
     {{- end }}
     keyvaultName: {{ required "azureKeyVault.name is required" .Values.azureKeyVault.name | toString | quote }} # [CHANGE AS APPROPRIATE][REQUIRED] the name of the KeyVault (also provide tenantid of this KeyVault in the 'tanantId' field below)
-    cloudName: ""                              # [OPTIONAL available for version > 0.0.4] if not provided, azure environment will default to AzurePublicCloud
+    cloudName: {{ .Values.azureKeyVault.cloudName | toString | quote }}   # [OPTIONAL available for version > 0.0.4] if not provided, azure environment will default to AzurePublicCloud
     cloudEnvFileName: ""                       # [OPTIONAL available for version > 0.0.7] use to define path to file for populating azure environment
     objects:  |
       # provide PFX certificate information per account in the below array

diff --git a/otelcollector/deploy/chart/prometheus-collector/values-template.yaml b/otelcollector/deploy/chart/prometheus-collector/values-template.yaml
@@ -64,6 +64,8 @@ azureKeyVault:
   name: "" #required
   # -- tenantid for the azure key vault resource
   tenantId: "" #required
+  # -- cloudName for the azure key vault resource
+  cloudName: "" # optional for public cloud.
   # -- clientid for a service principal that has access to read the Pfx certificates from keyvault specified above
   clientId: "" #required when using service principal to access keyvault
   # -- client secret for the above service principal

diff --git a/otelcollector/docs/eng.ms/chartvalues.md b/otelcollector/docs/eng.ms/chartvalues.md
@@ -7,6 +7,7 @@
 | azureKeyVault.clientSecret | string | Optional | `""` | client secret for the above service principal. Required when using service principal |
 | azureKeyVault.pfxCertNames | list of comma seperated strings | <mark>`Required`</mark> | `"{}"` | name of the Pfx certificate(s) - one per metric account |
 | azureKeyVault.tenantId | string | <mark>`Required`</mark> | `""` | tenantid for the azure key vault resource |
+| azureKeyVault.cloudName | string | Optional | `""` | The cloud name the keyvault exists in. The default empty string will use `AzurePublicCloud`. Other values include `AzureChinaCloud`, `AzureUSGovernment`, and `AzureGermanCloud`. |
 | azureKeyVault.useManagedIdentity | string | Optional | `false` | enable/disable managed identity to access keyvault |
 | azureKeyVault.aad-pod-identity | string | Optional | `""` | name of the azure pod managed identity to access keyvault, requires useManagedIdentity true |
 | azureKeyVault.userAssignedIdentityID | string | Optional | `""` | used when useManagedIdentity parameter is set to true. This specifies which user assigned managed identity to use when acccesing keyvault. If you are using a user assigned identity as managed identity, then specify the identity's client id. If empty, AND 'useManagedIdentity' is true, then defaults to use the system assigned identity on the VM |
@@ -53,4 +54,4 @@
 | kube-state-metrics.metricAnnotationsAllowList | [string] | Optional | `{}` | `requires scrapeTargets.kubeState` - adds annotations as scrape labels to kube-state-metrics comma separated list of `objects\=\[annotation1\,annotation1\,...\]` (*note `=`,`[`, `]`,`,` for each item need to be escaped) use `*` for all(has perf impact), example `{pods\=annotation1\,annotation2\],namespaces\=\[*\]}` [annotations are subject to coercion](https://github.com/kubernetes/kube-state-metrics#conflict-resolution-in-label-names) |
 | kube-state-metrics.metricLabelsAllowlist | [string] | Optional | `{}` | `requires scrapeTargets.kubeState` - adds labels as scrape labels to kube-state-metrics comma separated list of `objects\=\[label1\,label2\,...\]` (*note `=`,`[`, `]`,`,` for each item need to be escaped, however not between items) use `*` for all(has perf impact), example `{pods\=label1\,label2\],namespaces\=\[*\]}` [labels are subject to coercion](https://github.com/kubernetes/kube-state-metrics#conflict-resolution-in-label-names) |
 
-----------------------------------------------
+----------------------------------------------