security: Move E2E clusters to user assigned managed identity (#241)

Author: christinalau0

.github/workflows/release.yaml

@@ -90,6 +90,8 @@ jobs:
           CLIENT_SECRET: ${{ secrets.TEST_AZURE_SP_PW }}
           LOCATION: "eastus"
           TENANT_ID: ${{ secrets.TEST_AZURE_TENANT_ID }}
+          USE_MANAGED_IDENTITY: true
+          MSI_USER_ASSIGNED_ID: ${{ secrets.MSI_USER_ASSIGNED_ID_AKS_ENGINE_E2E }}
           CREATE_VNET: true
           CLEANUP_ON_EXIT: true
           CLEANUP_IF_FAIL: true
@@ -112,6 +114,8 @@ jobs:
           CLIENT_SECRET: ${{ secrets.TEST_AZURE_SP_PW }}
           LOCATION: "eastus"
           TENANT_ID: ${{ secrets.TEST_AZURE_TENANT_ID }}
+          USE_MANAGED_IDENTITY: true
+          MSI_USER_ASSIGNED_ID: ${{ secrets.MSI_USER_ASSIGNED_ID_AKS_ENGINE_E2E }}
           CREATE_VNET: true
           CLEANUP_ON_EXIT: true
           CLEANUP_IF_FAIL: true

.github/workflows/test-upgrade.yaml

@@ -66,6 +66,8 @@ jobs:
           CLIENT_SECRET: ${{ secrets.TEST_AZURE_SP_PW }}
           LOCATION: "eastus"
           TENANT_ID: ${{ secrets.TEST_AZURE_TENANT_ID }}
+          USE_MANAGED_IDENTITY: true
+          MSI_USER_ASSIGNED_ID: ${{ secrets.MSI_USER_ASSIGNED_ID_AKS_ENGINE_E2E }}
           CLEANUP_ON_EXIT: false
           CLEANUP_IF_FAIL: true
           SKIP_LOGS_COLLECTION: true
@@ -117,6 +119,8 @@ jobs:
           CLIENT_SECRET: ${{ secrets.TEST_AZURE_SP_PW }}
           LOCATION: "eastus"
           TENANT_ID: ${{ secrets.TEST_AZURE_TENANT_ID }}
+          USE_MANAGED_IDENTITY: true
+          MSI_USER_ASSIGNED_ID: ${{ secrets.MSI_USER_ASSIGNED_ID_AKS_ENGINE_E2E }}
           CLEANUP_ON_EXIT: true
           CLEANUP_IF_FAIL: true
           SKIP_LOGS_COLLECTION: true
@@ -138,6 +142,8 @@ jobs:
           CLIENT_SECRET: ${{ secrets.TEST_AZURE_SP_PW }}
           LOCATION: "eastus"
           TENANT_ID: ${{ secrets.TEST_AZURE_TENANT_ID }}
+          USE_MANAGED_IDENTITY: true
+          MSI_USER_ASSIGNED_ID: ${{ secrets.MSI_USER_ASSIGNED_ID_AKS_ENGINE_E2E }}
           CLEANUP_ON_EXIT: true
           CLEANUP_IF_FAIL: true
           SKIP_LOGS_COLLECTION: true

.github/workflows/test-vhd-no-egress.yaml

@@ -66,6 +66,8 @@ jobs:
           CLIENT_SECRET: ${{ secrets.TEST_AZURE_SP_PW }}
           LOCATION: "eastus"
           TENANT_ID: ${{ secrets.TEST_AZURE_TENANT_ID }}
+          USE_MANAGED_IDENTITY: true
+          MSI_USER_ASSIGNED_ID: ${{ secrets.MSI_USER_ASSIGNED_ID_AKS_ENGINE_E2E }}
           CLEANUP_ON_EXIT: false
           CLEANUP_IF_FAIL: true
           SKIP_LOGS_COLLECTION: true
@@ -118,6 +120,8 @@ jobs:
           CLIENT_SECRET: ${{ secrets.TEST_AZURE_SP_PW }}
           LOCATION: "eastus"
           TENANT_ID: ${{ secrets.TEST_AZURE_TENANT_ID }}
+          USE_MANAGED_IDENTITY: true
+          MSI_USER_ASSIGNED_ID: ${{ secrets.MSI_USER_ASSIGNED_ID_AKS_ENGINE_E2E }}
           CLEANUP_ON_EXIT: true
           CLEANUP_IF_FAIL: true
           SKIP_LOGS_COLLECTION: true
@@ -140,6 +144,8 @@ jobs:
           CLIENT_SECRET: ${{ secrets.TEST_AZURE_SP_PW }}
           LOCATION: "eastus"
           TENANT_ID: ${{ secrets.TEST_AZURE_TENANT_ID }}
+          USE_MANAGED_IDENTITY: true
+          MSI_USER_ASSIGNED_ID: ${{ secrets.MSI_USER_ASSIGNED_ID_AKS_ENGINE_E2E }}
           CLEANUP_ON_EXIT: true
           CLEANUP_IF_FAIL: true
           SKIP_LOGS_COLLECTION: true

.pipelines/e2e-job-template.yaml

@@ -41,6 +41,7 @@ jobs:
       SKIP_TEST: ${{ parameters.skipTest }}
       GINKGO_SKIP: ${{ parameters.skipTests }}
       RETAIN_SSH: false
+      USE_MANAGED_IDENTITY: true
       MSI_USER_ASSIGNED_ID: ${{ parameters.msiId }}
       ENABLE_KMS_ENCRYPTION: ${{ parameters.enableKMSEncryption }}
       CONTAINER_RUNTIME: ${{ parameters.containerRuntime }}

examples/no_outbound.json

@@ -4,6 +4,7 @@
         "orchestratorProfile": {
             "kubernetesConfig": {
                 "useCloudControllerManager": true,
+                "useManagedIdentity": true,
                 "containerRuntime": "containerd",
                 "addons": [
                     {