In the absence of service account creds, non-admin users from google's
hosted domain cannot lookup groups, even their own groups (Restriction
from google api). So even during login we can't find out what groups the
user belongs to. Admins of hosted google domain do not have the same restriction.
So they can still search for and add groups that non-admin google users
belong to. This will cause lot of inconsistencies, since admins can add
a user's groups, but user still won't have access to rancher. So making
service account credentials a required field will avoid all this, and
searching users/groups will work equally for all google users.
Hostname should not be updatable once auth is setup, since the
principalIds assigned to users after they log into rancher contain
their google addresses which have the hostname.
**Problem:**
Cannot set the below configuration items of Azure cloud provider:
- `UserAssignedIdentityID`
- `LoadBalancerSku`
- `ExcludeMasterFromStandardLB`
**Solution:**
- Add new items
- Complement the default value to `MaximumLoadBalancerRuleCount`
- Complement the usage for authentication items:
+ Service Principal: `AADClientID` and `AADClientSecret`
+ Client Principal: `AADClientCertPath` and `AADClientCertPassword`
+ Managed Identity: `UseManagedIdentityExtension` and `UserAssignedIdentityID`
**Issue:**
https://github.com/rancher/rancher/issues/20240
**Problem:**
- Cannot bootstrap v1.12+ in Windows
- Upgraded server from previous existing one will cause Windows agent
failed
**Solution:**
- Adjust kubelet bootstrap options
- Drop cadvisor-port
- Drop MountPropagation from feature-gates
- Public accessing AllK8sWindowsVersions
- Support v1.14 options on Windows
**Issues:**
- https://github.com/rancher/rancher/issues/17341
- https://github.com/rancher/rancher/issues/19048
