diff --git a/.github/workflows/build-publish-image.yml b/.github/workflows/build-publish-image.yml index eb430341f..b72c9fd11 100644 --- a/.github/workflows/build-publish-image.yml +++ b/.github/workflows/build-publish-image.yml @@ -1,10 +1,9 @@ name: Create, Scan and Publish KAITO image on: - pull_request: - branches: - - main - - release-** - types: [ closed ] + workflow_run: + workflows: [ "Push image to ACR" ] + types: [ completed ] + branches: [ release-** ] permissions: contents: write @@ -16,35 +15,24 @@ env: IMAGE_NAME: 'workspace' jobs: - export-registry: - if: github.event.pull_request.merged == true && contains(github.event.pull_request.title, 'update manifest and helm charts') - runs-on: ubuntu-20.04 + publish-images: + if: ${{ github.event.workflow_run.conclusion == 'success' }} + runs-on: ubuntu-latest environment: preset-env - outputs: - registry: ${{ steps.export.outputs.registry }} steps: - - id: export + - id: get-registry run: | # registry must be in lowercase - echo "registry=$(echo "${{ env.REGISTRY }}/${{ github.repository }}" | tr [:upper:] [:lower:])" >> $GITHUB_OUTPUT - - publish-images: - if: github.event.pull_request.merged == true && contains(github.event.pull_request.title, 'update manifest and helm charts') - needs: - - export-registry - env: - REGISTRY: ${{ needs.export-registry.outputs.registry }} - runs-on: ubuntu-20.04 - environment: preset-env - steps: + echo " b=$(echo "${{ env.REGISTRY }}/${{ github.repository }}" | tr [:upper:] [:lower:])" >> $GITHUB_ENV - id: get-tag name: Get tag - run: echo "IMG_TAG=$(echo ${{ github.event.pull_request.head.ref }} | tr -d release-)" >> $GITHUB_ENV - - uses: actions/checkout@v4 + run: echo "RELEASE_VERSION=$(echo ${{ github.event.pull_request.head.ref }} | tr -d release-)" >> $GITHUB_ENV + + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: submodules: true fetch-depth: 0 - ref: ${{ env.IMG_TAG }} + ref: ${{ env.RELEASE_VERSION }} - name: Login to ${{ env.REGISTRY }} uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d @@ -52,15 +40,17 @@ jobs: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Set Image tag run: | - ver=${{ env.IMG_TAG }} + ver=${{ env.RELEASE_VERSION }} echo "IMG_TAG=${ver#"v"}" >> $GITHUB_ENV + - name: Build image run: | OUTPUT_TYPE=type=registry make docker-build-kaito env: - VERSION: ${{ env.IMG_TAG }} + VERSION: ${{ env.RELEASE_VERSION }} - name: Scan ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.IMG_TAG }} uses: aquasecurity/trivy-action@master @@ -76,9 +66,23 @@ jobs: TRIVY_USERNAME: ${{ github.actor }} TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} + - uses: ./.github/workflows/e2e-workflow.yml + with: + git_sha: {{ github.event.pull_request.head.ref }} + isRelease: true + registry: ${{ env.REGISTRY }} + tag: ${{ env.RELEASE_VERSION }} + secrets: + E2E_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + E2E_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + E2E_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + E2E_AMRT_SECRET_NAME: ${{ secrets.AMRT_SECRET_NAME }} + E2E_ACR_AMRT_USERNAME: ${{ secrets.ACR_AMRT_USERNAME }} + E2E_ACR_AMRT_PASSWORD: ${{ secrets.ACR_AMRT_PASSWORD }} + - name: 'Dispatch release tag' uses: peter-evans/repository-dispatch@v3 with: token: ${{ secrets.GITHUB_TOKEN }} - event-type: release-tag - client-payload: '{"isRelease": true,"registry": "$${{ env.REGISTRY }}","tag": "v${{ env.IMG_TAG }}"}' + event-type: create-release + client-payload: '{"tag": "v${{ env.IMG_TAG }}"}' diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index b918270bc..1651267c0 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -18,7 +18,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: submodules: true fetch-depth: 0 diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 935a88779..71f530adc 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -1,8 +1,7 @@ name: Create release on: repository_dispatch: - types: [ release-tag ] - branches: [ release-** ] + types: [ create-release ] permissions: id-token: write @@ -14,18 +13,20 @@ env: jobs: create-release: - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest steps: - name: Harden Runner uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 with: egress-policy: audit + - name: Set up Go ${{ env.GO_VERSION }} uses: actions/setup-go@v5 with: go-version: ${{ env.GO_VERSION }} + - name: Checkout the repository at the given SHA from the artifact - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: submodules: true fetch-depth: 0 @@ -38,3 +39,4 @@ jobs: args: release --rm-dist --timeout 60m --debug env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GORELEASER_CURRENT_TAG: ${{ github.event.client_payload.tag }} diff --git a/.github/workflows/kaito-e2e.yaml b/.github/workflows/e2e-workflow.yml similarity index 62% rename from .github/workflows/kaito-e2e.yaml rename to .github/workflows/e2e-workflow.yml index 120df9f80..86979b41a 100644 --- a/.github/workflows/kaito-e2e.yaml +++ b/.github/workflows/e2e-workflow.yml @@ -1,40 +1,66 @@ -name: e2e-test - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true +name: kaito-e2e-workflow on: - push: - branches: [main] - paths-ignore: ['docs/**', '**.md', '**.mdx', '**.png', '**.jpg'] - pull_request: - branches: [main] - paths-ignore: ['docs/**', '**.md', '**.mdx', '**.png', '**.jpg'] - repository_dispatch: - types: [ release-tag ] - branches: [ release-** ] - -env: - GO_VERSION: "1.20" + workflow_call: + inputs: + git_sha: + type: string + required: true + tag: + type: string + isRelease: + type: boolean + default: false + registry: + type: string + region: + type: string + description: "the azure location to run the e2e test in" + default: "eastus" + k8s_version: + type: string + default: "1.27" + secrets: + E2E_CLIENT_ID: + required: true + E2E_TENANT_ID: + required: true + E2E_SUBSCRIPTION_ID: + required: true + E2E_AMRT_SECRET_NAME: + required: true + E2E_ACR_AMRT_USERNAME: + required: true + E2E_ACR_AMRT_PASSWORD: + required: true permissions: - id-token: write # This is required for requesting the JWT contents: read # This is required for actions/checkout jobs: e2e-tests: runs-on: ubuntu-latest + permissions: + contents: read + id-token: write # This is required for requesting the JWT environment: e2e-test + env: + GO_VERSION: "1.20" + steps: - - name: Shorten SHA - if: ${{ !github.event.client_payload.isRelease }} - id: vars - run: echo "pr_sha_short=$(git rev-parse --short ${{ github.event.pull_request.head.sha }})" >> $GITHUB_OUTPUT + - name: Harden Runner + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + with: + egress-policy: audit + + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + ref: ${{ inputs.git_sha }} - name: Set e2e Resource and Cluster Name run: | - rand=${{ steps.vars.outputs.pr_sha_short }} + rand=$(git rev-parse --short ${{ inputs.git_sha }}) if [ "$rand" = "" ]; then rand=$RANDOM @@ -46,36 +72,22 @@ jobs: echo "REGISTRY=kaito${rand}.azurecr.io" >> $GITHUB_ENV - name: Set Registry - if: ${{ github.event.client_payload.isRelease }} + if: ${{ inputs.isRelease }} run: | - echo "REGISTRY=${{ github.event.client_payload.registry }}" >> $GITHUB_ENV - echo "VERSION=$(echo ${{ github.event.client_payload.tag }} | tr -d v)" >> $GITHUB_ENV + echo "REGISTRY=${{ inputs.registry }}" >> $GITHUB_ENV + echo "VERSION=$(echo ${{ inputs.tag }} | tr -d v)" >> $GITHUB_ENV - name: Set up Go ${{ env.GO_VERSION }} uses: actions/setup-go@v5 with: go-version: ${{ env.GO_VERSION }} - - name: Checkout - if: ${{ !github.event.client_payload.isRelease }} - uses: actions/checkout@v4 - with: - submodules: true - fetch-depth: 0 - - - name: Checkout - uses: actions/checkout@v4 - if: ${{ github.event.client_payload.isRelease }} - with: - fetch-depth: 0 - submodules: true - ref: ${{ env.REPO_TAG }} - - - uses: azure/login@v1.6.1 + - name: Az login + uses: azure/login@8c334a195cbb38e46038007b304988d888bf676a # v2.0.0 with: - client-id: ${{ secrets.AZURE_CLIENT_ID }} - tenant-id: ${{ secrets.AZURE_TENANT_ID }} - subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + client-id: ${{ secrets.E2E_CLIENT_ID }} + tenant-id: ${{ secrets.E2E_TENANT_ID }} + subscription-id: ${{ secrets.E2E_SUBSCRIPTION_ID }} - uses: azure/setup-helm@v4 with: @@ -104,7 +116,7 @@ jobs: az identity create --name gpuIdentity --resource-group ${{ env.CLUSTER_NAME }} - name: build KAITO image - if: ${{ !github.event.client_payload.isRelease }} + if: ${{ !inputs.isRelease }} shell: bash run: | make docker-build-kaito @@ -120,6 +132,8 @@ jobs: AZURE_ACR_NAME: ${{ env.CLUSTER_NAME }} AZURE_RESOURCE_GROUP: ${{ env.CLUSTER_NAME }} AZURE_CLUSTER_NAME: ${{ env.CLUSTER_NAME }} + AZURE_LOCATION: ${{ inputs.region }} + AKS_K8S_VERSION: ${{ inputs.k8s_version }} - name: Install gpu-provisioner helm chart shell: bash @@ -130,18 +144,18 @@ jobs: AZURE_RESOURCE_GROUP: ${{ env.CLUSTER_NAME }} AZURE_CLUSTER_NAME: ${{ env.CLUSTER_NAME }} - - uses: azure/login@v1.6.1 + - uses: azure/login@8c334a195cbb38e46038007b304988d888bf676a # v2.0.0 with: - client-id: ${{ secrets.AZURE_CLIENT_ID }} - tenant-id: ${{ secrets.AZURE_TENANT_ID }} - subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + client-id: ${{ secrets.E2E_CLIENT_ID }} + tenant-id: ${{ secrets.E2E_TENANT_ID }} + subscription-id: ${{ secrets.E2E_SUBSCRIPTION_ID }} - name: Create Role Assignment uses: azure/CLI@v1.0.9 with: inlineScript: | IDENTITY_PRINCIPAL_ID="$(az identity show --name gpuIdentity --resource-group ${{ env.CLUSTER_NAME }} --query 'principalId' -otsv)" - az role assignment create --assignee ${IDENTITY_PRINCIPAL_ID} --scope "/subscriptions/${{ secrets.AZURE_SUBSCRIPTION_ID }}/resourceGroups/${{ env.CLUSTER_NAME }}" --role "Contributor" + az role assignment create --assignee ${IDENTITY_PRINCIPAL_ID} --scope "/subscriptions/${{ secrets.E2E_SUBSCRIPTION_ID }}/resourceGroups/${{ env.CLUSTER_NAME }}" --role "Contributor" - name: Create Azure Federated Identity uses: azure/CLI@v1.0.9 @@ -164,10 +178,10 @@ jobs: - name: Add Secret Credentials run: | - kubectl create secret docker-registry ${{secrets.AMRT_SECRET_NAME}} \ - --docker-server=${{secrets.ACR_AMRT_USERNAME}}.azurecr.io \ - --docker-username=${{secrets.ACR_AMRT_USERNAME}} \ - --docker-password=${{secrets.ACR_AMRT_PASSWORD}} + kubectl create secret docker-registry ${{ secrets.E2E_AMRT_SECRET_NAME }} \ + --docker-server=${{ secrets.E2E_ACR_AMRT_USERNAME }}.azurecr.io \ + --docker-username=${{ secrets.E2E_ACR_AMRT_USERNAME }} \ + --docker-password=${{ secrets.E2E_ACR_AMRT_PASSWORD }} - name: Log kaito-workspace run: | @@ -179,8 +193,8 @@ jobs: env: AZURE_CLUSTER_NAME: ${{ env.CLUSTER_NAME }} RUN_LLAMA_13B: ${{ env.RUN_LLAMA_13B }} - AI_MODELS_REGISTRY: ${{secrets.ACR_AMRT_USERNAME}}.azurecr.io - AI_MODELS_REGISTRY_SECRET: ${{secrets.AMRT_SECRET_NAME}} + AI_MODELS_REGISTRY: ${{ secrets.E2E_ACR_AMRT_USERNAME }}.azurecr.io + AI_MODELS_REGISTRY_SECRET: ${{ secrets.E2E_AMRT_SECRET_NAME }} - name: Cleanup e2e resources if: ${{ always() }} diff --git a/.github/workflows/helm-chart.yml b/.github/workflows/helm-chart.yml index 2666cd92f..5eec55ea3 100644 --- a/.github/workflows/helm-chart.yml +++ b/.github/workflows/helm-chart.yml @@ -1,10 +1,8 @@ name: publish_helm_chart on: - workflow_run: - workflows: [ "Create, Scan and Publish KAITO image" ] - types: [ completed ] - branches: [ release-** ] + repository_dispatch: + types: [ create-release ] permissions: id-token: write # This is required for requesting the JWT @@ -17,13 +15,13 @@ permissions: jobs: release: runs-on: ubuntu-latest - if: ${{ github.event.workflow_run.conclusion == 'success' }} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: submodules: true fetch-depth: 0 + ref: ${{ github.event.client_payload.tag }} - name: Publish Workspace Helm chart uses: stefanprodan/helm-gh-pages@v1.7.0 diff --git a/.github/workflows/kaito-e2e.yml b/.github/workflows/kaito-e2e.yml new file mode 100644 index 000000000..6d3d58467 --- /dev/null +++ b/.github/workflows/kaito-e2e.yml @@ -0,0 +1,45 @@ +name: pr-e2e-test + +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + +on: + pull_request: + branches: [main] + paths: [ '.github/workflows/e2e-workflow.yml', '.github/workflows/kaito-e2e.yml' ] + paths-ignore: ['docs/**', '**.md', '**.mdx', '**.png', '**.jpg'] + +env: + GO_VERSION: "1.20" + +permissions: + id-token: write # This is required for requesting the JWT + contents: read # This is required for actions/checkout + +jobs: + run-e2e: + runs-on: ubuntu-latest + environment: e2e-test + steps: + - name: Harden Runner + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + with: + egress-policy: audit + + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + submodules: true + fetch-depth: 0 + + - uses: ./.github/workflows/e2e-workflow.yml + with: + git_sha: ${{ github.event.pull_request.head.sha }} + secrets: + E2E_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + E2E_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + E2E_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + E2E_AMRT_SECRET_NAME: ${{ secrets.AMRT_SECRET_NAME }} + E2E_ACR_AMRT_USERNAME: ${{ secrets.ACR_AMRT_USERNAME }} + E2E_ACR_AMRT_PASSWORD: ${{ secrets.ACR_AMRT_PASSWORD }} diff --git a/.github/workflows/lint-go.yaml b/.github/workflows/lint-go.yml similarity index 69% rename from .github/workflows/lint-go.yaml rename to .github/workflows/lint-go.yml index 50b1d90b6..6e8371137 100644 --- a/.github/workflows/lint-go.yaml +++ b/.github/workflows/lint-go.yml @@ -17,14 +17,20 @@ env: jobs: build: - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest permissions: contents: read steps: - - uses: actions/checkout@v4 + - name: Harden Runner + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + with: + egress-policy: audit + + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: submodules: true fetch-depth: 0 + - name: Set up Go ${{ env.GO_VERSION }} uses: actions/setup-go@v5 with: diff --git a/.github/workflows/markdown-link-check.yml b/.github/workflows/markdown-link-check.yml index 92c438985..00e6c44f7 100644 --- a/.github/workflows/markdown-link-check.yml +++ b/.github/workflows/markdown-link-check.yml @@ -10,7 +10,7 @@ jobs: markdown-link-check: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - uses: gaurav-nelson/github-action-markdown-link-check@v1 with: # this will only show errors in the output diff --git a/.github/workflows/publish-image-acr.yml b/.github/workflows/publish-image-acr.yml index a307bd942..0283afb3e 100644 --- a/.github/workflows/publish-image-acr.yml +++ b/.github/workflows/publish-image-acr.yml @@ -1,10 +1,14 @@ name: Push image to ACR on: - workflow_dispatch: + workflow_dispatch: inputs: release_version: description: 'tag to be created for this image (i.e. vxx.xx.xx)' required: true + pull_request: + branches: [ main, release-** ] + types: [ completed ] + permissions: id-token: write @@ -14,9 +18,11 @@ permissions: env: GO_VERSION: '1.20' IMAGE_NAME: 'workspace' + MCR_REGISTRY: "mcr.microsoft.com/aks/kaito" jobs: check-tag: + if: github.event_name != 'pull_request' || ( github.event.pull_request.merged == true && contains(github.event.pull_request.title, 'update manifest and helm charts') ) runs-on: labels: [ "self-hosted", "1ES.Pool=1es-aks-kaito-agent-pool-ubuntu" ] environment: publish-mcr @@ -56,6 +62,7 @@ jobs: }) publish: + if: github.event.pull_request.merged == true && contains(github.event.pull_request.title, 'update manifest and helm charts') runs-on: labels: [ "self-hosted", "1ES.Pool=1es-aks-kaito-agent-pool-ubuntu" ] environment: publish-mcr @@ -98,12 +105,20 @@ jobs: TRIVY_USERNAME: ${{ github.actor }} TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} - - name: 'Dispatch tag to e2e test' - uses: peter-evans/repository-dispatch@v3 + - name: 'Run e2e test toward new MCR image' + uses: ./.github/workflows/e2e-workflow.yml with: - token: ${{ secrets.GITHUB_TOKEN }} - event-type: release-tag - client-payload: '{"isRelease": true,"registry": "mcr.microsoft.com/aks/kaito","tag": "${{ needs.check-tag.outputs.tag }}"}' + git_sha: ${{ github.event.pull_request.head.sha }} + isRelease: true + registry: ${{ env.MCR_REGISTRY }} + tag: ${{ env.IMG_TAG }} + secrets: + E2E_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + E2E_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + E2E_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + E2E_AMRT_SECRET_NAME: ${{ secrets.AMRT_SECRET_NAME }} + E2E_ACR_AMRT_USERNAME: ${{ secrets.ACR_AMRT_USERNAME }} + E2E_ACR_AMRT_PASSWORD: ${{ secrets.ACR_AMRT_PASSWORD }} - name: Authenticate to ACR run: | diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 03be3669c..8a5d668d8 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -24,17 +24,22 @@ jobs: runs-on: ubuntu-latest environment: unit-tests steps: - - name: Set up Go ${{ env.GO_VERSION }} - uses: actions/setup-go@v5 + - name: Harden Runner + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 with: - go-version: ${{ env.GO_VERSION }} + egress-policy: audit - - name: Check out the code in the Go module directory - uses: actions/checkout@v4 + - name: Check out the code + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: submodules: true fetch-depth: 0 + - name: Set up Go ${{ env.GO_VERSION }} + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GO_VERSION }} + - name: Run unit tests & Generate coverage run: | make unit-test diff --git a/Makefile b/Makefile index f02db04bf..4017d6437 100644 --- a/Makefile +++ b/Makefile @@ -24,6 +24,7 @@ GINKGO := $(TOOLS_BIN_DIR)/$(GINKGO_BIN)-$(GINKGO_VER) AZURE_SUBSCRIPTION_ID ?= $(AZURE_SUBSCRIPTION_ID) AZURE_LOCATION ?= eastus +AKS_K8S_VERSION ?= 1.27.2 AZURE_RESOURCE_GROUP ?= demo AZURE_CLUSTER_NAME ?= kaito-demo AZURE_RESOURCE_GROUP_MC=MC_$(AZURE_RESOURCE_GROUP)_$(AZURE_CLUSTER_NAME)_$(AZURE_LOCATION) @@ -118,12 +119,13 @@ create-acr: ## Create test ACR .PHONY: create-aks-cluster create-aks-cluster: ## Create test AKS cluster (with msi, oidc, and workload identity enabled) - az aks create --name $(AZURE_CLUSTER_NAME) --resource-group $(AZURE_RESOURCE_GROUP) --attach-acr $(AZURE_ACR_NAME) \ - --node-count 1 --generate-ssh-keys --enable-managed-identity --enable-workload-identity --enable-oidc-issuer -o none + az aks create --name $(AZURE_CLUSTER_NAME) --resource-group $(AZURE_RESOURCE_GROUP) --location $(AZURE_LOCATION) \ + --attach-acr $(AZURE_ACR_NAME) --kubernetes-version $(AKS_K8S_VERSION) --node-count 1 --generate-ssh-keys \ + --enable-managed-identity --enable-workload-identity --enable-oidc-issuer -o none .PHONY: create-aks-cluster-with-kaito create-aks-cluster-with-kaito: ## Create test AKS cluster (with msi, oidc and kaito enabled) - az aks create --name $(AZURE_CLUSTER_NAME) --resource-group $(AZURE_RESOURCE_GROUP) --node-count 1 \ + az aks create --name $(AZURE_CLUSTER_NAME) --resource-group $(AZURE_RESOURCE_GROUP) --location $(AZURE_LOCATION) --node-count 1 \ --generate-ssh-keys --enable-managed-identity --enable-oidc-issuer --enable-ai-toolchain-operator -o none az aks get-credentials --name $(AZURE_CLUSTER_NAME) --resource-group $(AZURE_RESOURCE_GROUP)