v2.10.0 Breaking Changes
MachineLearningServices/WorkspacesCompute properties marked as a SecretReference
The below properties on WorkspacesCompute
has been changed from a string to a SecretReference
We always try to avoid breaking changes, but in this case, allowing raw passwords in the spec is a security problem and as such we’ve
decided to make a break to correct this issue.
Affected Properties:
- SslConfiguration.Key
- SslConfiguration.Cert
- VirtualMachineSshCredentials.PrivateKeyData
- VirtualMachineSshCredentials.PublicKeyData
- DatabricksProperties.DatabricksAccessToken
Action required: If the MachineLearningServices/WorkspacesCompute
resource is used in your cluster and any of the above property is set, do the following before upgrading ASO:
- Annotate the resource with
serviceoperator.azure.com/reconcile-policy: skip
to prevent ASO from trying to reconcile the resource while you are upgrading. - Download the current YAML for the resource using
kubectl
if you don’t have it elsewhere. - Create a kubernetes secret containing the value for the affected property.
- Edit downloaded YAML in step 2, and add a secret key and name reference. Example here.
- Delete the resource from your cluster using
kubectl delete
. Your Azure resource will be left untouched because of thereconcile-policy
annotation you added above. - Upgrade ASO in your cluster.
- Apply the updated YAML to your cluster using
kubectl apply
. If any errors occur, address them. - If the
reconcile-policy
annotation is still present, remove it from the resource.