Updated article (#239)

2023-07-31 20:43:01 -07:00 · 2023-07-31 20:43:01 -07:00 · d0f95da522
commit d0f95da522
parent 0cc90f4455
8 changed files with 101 additions and 620 deletions
--- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/TestRecord.md
+++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/TestRecord.md
@ -1,504 +0,0 @@
-## 30 Jul 23 00:44 UTC
-
-Success: false
-
-### Versions
-
-
-
-### Error
-
-
-[0m[1mInitializing the backend...[0m
-[31m[31m╷[0m[0m
-[31m│[0m [0m[1m[31mError: [0m[0m[1mFailed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$[0m
-[31m│[0m [0m
-[31m│[0m [0m[0m
-[31m╵[0m[0m
-[0m[0m
-
---
-
-## 16 Jul 23 05:09 UTC
-
-Success: false
-
-### Versions
-
-
-
-### Error
-
-
-[0m[1mInitializing the backend...[0m
-[31m[31m╷[0m[0m
-[31m│[0m [0m[1m[31mError: [0m[0m[1mFailed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$[0m
-[31m│[0m [0m
-[31m│[0m [0m[0m
-[31m╵[0m[0m
-[0m[0m
-
---
-
-## 09 Jul 23 00:48 UTC
-
-Success: false
-
-### Versions
-
-
-
-### Error
-
-
-[0m[1mInitializing the backend...[0m
-[31m[31m╷[0m[0m
-[31m│[0m [0m[1m[31mError: [0m[0m[1mFailed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$[0m
-[31m│[0m [0m
-[31m│[0m [0m[0m
-[31m╵[0m[0m
-[0m[0m
-
---
-
-## 02 Jul 23 00:41 UTC
-
-Success: false
-
-### Versions
-
-
-
-### Error
-
-
-[0m[1mInitializing the backend...[0m
-[31m[31m╷[0m[0m
-[31m│[0m [0m[1m[31mError: [0m[0m[1mFailed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$[0m
-[31m│[0m [0m
-[31m│[0m [0m[0m
-[31m╵[0m[0m
-[0m[0m
-
---
-
-## 25 Jun 23 00:48 UTC
-
-Success: false
-
-### Versions
-
-
-
-### Error
-
-
-[0m[1mInitializing the backend...[0m
-[31m[31m╷[0m[0m
-[31m│[0m [0m[1m[31mError: [0m[0m[1mFailed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$[0m
-[31m│[0m [0m
-[31m│[0m [0m[0m
-[31m╵[0m[0m
-[0m[0m
-
---
-
-## 18 Jun 23 00:47 UTC
-
-Success: false
-
-### Versions
-
-
-
-### Error
-
-
-[0m[1mInitializing the backend...[0m
-[31m[31m╷[0m[0m
-[31m│[0m [0m[1m[31mError: [0m[0m[1mFailed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$[0m
-[31m│[0m [0m
-[31m│[0m [0m[0m
-[31m╵[0m[0m
-[0m[0m
-
---
-
-## 11 Jun 23 00:46 UTC
-
-Success: false
-
-### Versions
-
-
-
-### Error
-
-
-[0m[1mInitializing the backend...[0m
-[31m[31m╷[0m[0m
-[31m│[0m [0m[1m[31mError: [0m[0m[1mFailed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$[0m
-[31m│[0m [0m
-[31m│[0m [0m[0m
-[31m╵[0m[0m
-[0m[0m
-
---
-
-## 04 Jun 23 00:46 UTC
-
-Success: false
-
-### Versions
-
-
-
-### Error
-
-
-[0m[1mInitializing the backend...[0m
-[31m[31m╷[0m[0m
-[31m│[0m [0m[1m[31mError: [0m[0m[1mFailed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$[0m
-[31m│[0m [0m
-[31m│[0m [0m[0m
-[31m╵[0m[0m
-[0m[0m
-
---
-
-## 28 May 23 00:35 UTC
-
-Success: false
-
-### Versions
-
-
-
-### Error
-
-
-[0m[1mInitializing the backend...[0m
-[31m[31m╷[0m[0m
-[31m│[0m [0m[1m[31mError: [0m[0m[1mFailed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$[0m
-[31m│[0m [0m
-[31m│[0m [0m[0m
-[31m╵[0m[0m
-[0m[0m
-
---
-
-## 21 May 23 05:12 UTC
-
-Success: false
-
-### Versions
-
-
-
-### Error
-
-
-[0m[1mInitializing the backend...[0m
-[31m[31m╷[0m[0m
-[31m│[0m [0m[1m[31mError: [0m[0m[1mFailed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$[0m
-[31m│[0m [0m
-[31m│[0m [0m[0m
-[31m╵[0m[0m
-[0m[0m
-
---
-
-## 14 May 23 04:45 UTC
-
-Success: false
-
-### Versions
-
-
-
-### Error
-
-
-[0m[1mInitializing the backend...[0m
-[31m[31m╷[0m[0m
-[31m│[0m [0m[1m[31mError: [0m[0m[1mFailed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$[0m
-[31m│[0m [0m
-[31m│[0m [0m[0m
-[31m╵[0m[0m
-[0m[0m
-
---
-
-## 07 May 23 00:33 UTC
-
-Success: false
-
-### Versions
-
-
-
-### Error
-
-
-[0m[1mInitializing the backend...[0m
-[31m[31m╷[0m[0m
-[31m│[0m [0m[1m[31mError: [0m[0m[1mFailed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$[0m
-[31m│[0m [0m
-[31m│[0m [0m[0m
-[31m╵[0m[0m
-[0m[0m
-
---
-
-## 30 Apr 23 00:37 UTC
-
-Success: false
-
-### Versions
-
-
-
-### Error
-
-
-[0m[1mInitializing the backend...[0m
-[31m[31m╷[0m[0m
-[31m│[0m [0m[1m[31mError: [0m[0m[1mFailed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$[0m
-[31m│[0m [0m
-[31m│[0m [0m[0m
-[31m╵[0m[0m
-[0m[0m
-
---
-
-## 23 Apr 23 04:52 UTC
-
-Success: false
-
-### Versions
-
-
-
-### Error
-
-
-[0m[1mInitializing the backend...[0m
-[31m[31m╷[0m[0m
-[31m│[0m [0m[1m[31mError: [0m[0m[1mFailed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$[0m
-[31m│[0m [0m
-[31m│[0m [0m[0m
-[31m╵[0m[0m
-[0m[0m
-
---
-
-## 16 Apr 23 00:45 UTC
-
-Success: false
-
-### Versions
-
-
-
-### Error
-
-
-[0m[1mInitializing the backend...[0m
-[31m[31m╷[0m[0m
-[31m│[0m [0m[1m[31mError: [0m[0m[1mFailed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$[0m
-[31m│[0m [0m
-[31m│[0m [0m[0m
-[31m╵[0m[0m
-[0m[0m
-
---
-
-## 09 Apr 23 00:41 UTC
-
-Success: false
-
-### Versions
-
-
-
-### Error
-
-
-[0m[1mInitializing the backend...[0m
-[31m[31m╷[0m[0m
-[31m│[0m [0m[1m[31mError: [0m[0m[1mFailed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$[0m
-[31m│[0m [0m
-[31m│[0m [0m[0m
-[31m╵[0m[0m
-[0m[0m
-
---
-
-## 02 Apr 23 04:49 UTC
-
-Success: false
-
-### Versions
-
-
-
-### Error
-
-
-[0m[1mInitializing the backend...[0m
-[31m[31m╷[0m[0m
-[31m│[0m [0m[1m[31mError: [0m[0m[1mFailed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$[0m
-[31m│[0m [0m
-[31m│[0m [0m[0m
-[31m╵[0m[0m
-[0m[0m
-
---
-
-## 26 Mar 23 00:09 UTC
-
-Success: false
-
-### Versions
-
-
-
-### Error
-
-
-[0m[1mInitializing the backend...[0m
-[31m[31m╷[0m[0m
-[31m│[0m [0m[1m[31mError: [0m[0m[1mFailed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$[0m
-[31m│[0m [0m
-[31m│[0m [0m[0m
-[31m╵[0m[0m
-[0m[0m
-
---
-
-## 19 Mar 23 04:52 UTC
-
-Success: false
-
-### Versions
-
-
-
-### Error
-
-
-[0m[1mInitializing the backend...[0m
-[31m[31m╷[0m[0m
-[31m│[0m [0m[1m[31mError: [0m[0m[1mFailed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$[0m
-[31m│[0m [0m
-[31m│[0m [0m[0m
-[31m╵[0m[0m
-[0m[0m
-
---
-
-## 12 Mar 23 05:22 UTC
-
-Success: false
-
-### Versions
-
-
-
-### Error
-
-
-[0m[1mInitializing the backend...[0m
-[31m[31m╷[0m[0m
-[31m│[0m [0m[1m[31mError: [0m[0m[1mFailed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$[0m
-[31m│[0m [0m
-[31m│[0m [0m[0m
-[31m╵[0m[0m
-[0m[0m
-
---
-
-## 08 Mar 23 19:08 UTC
-
-Success: false
-
-### Versions
-
-
-
-### Error
-
-
-[0m[1mInitializing the backend...[0m
-[31m[31m╷[0m[0m
-[31m│[0m [0m[1m[31mError: [0m[0m[1mFailed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$[0m
-[31m│[0m [0m
-[31m│[0m [0m[0m
-[31m╵[0m[0m
-[0m[0m
-
---
-
-## 19 Feb 23 00:34 UTC
-
-Success: false
-
-### Versions
-
-
-
-### Error
-
-
-[0m[1mInitializing the backend...[0m
-[31m[31m╷[0m[0m
-[31m│[0m [0m[1m[31mError: [0m[0m[1mFailed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$[0m
-[31m│[0m [0m
-[31m│[0m [0m[0m
-[31m╵[0m[0m
-[0m[0m
-
---
-
-## 12 Feb 23 00:25 UTC
-
-Success: false
-
-### Versions
-
-
-
-### Error
-
-
-[0m[1mInitializing the backend...[0m
-[31m[31m╷[0m[0m
-[31m│[0m [0m[1m[31mError: [0m[0m[1mFailed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$[0m
-[31m│[0m [0m
-[31m│[0m [0m[0m
-[31m╵[0m[0m
-[0m[0m
-
---
-
-## 05 Feb 23 00:40 UTC
-
-Success: false
-
-### Versions
-
-
-
-### Error
-
-
-[0m[1mInitializing the backend...[0m
-[31m[31m╷[0m[0m
-[31m│[0m [0m[1m[31mError: [0m[0m[1mFailed to get existing workspaces: Error retrieving keys for Storage Account "<storage_account_name>": storage.AccountsClient#ListKeys: Invalid input: autorest/validation: validation failed: parameter=resourceGroupName constraint=Pattern value="<storage_account_resource_group>" details: value doesn't match pattern ^[-\w\._\(\)]+$[0m
-[31m│[0m [0m
-[31m│[0m [0m[0m
-[31m╵[0m[0m
-[0m[0m
-
---
-
--- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf
+++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/main.tf
@ -24,8 +24,6 @@ resource "azurerm_user_assigned_identity" "testIdentity" {
  location            = azurerm_resource_group.rg.location

  name = "identity1"
-
-  tags = var.tags
 }

 resource "azurerm_virtual_network" "test" {
@ -43,22 +41,18 @@ resource "azurerm_virtual_network" "test" {
    name           = "appgwsubnet"
    address_prefix = var.app_gateway_subnet_address_prefix
  }
-
-  tags = var.tags
 }

 data "azurerm_subnet" "kubesubnet" {
  name                 = var.aks_subnet_name
  virtual_network_name = azurerm_virtual_network.test.name
  resource_group_name  = azurerm_resource_group.rg.name
-  depends_on           = [azurerm_virtual_network.test]
 }

 data "azurerm_subnet" "appgwsubnet" {
  name                 = "appgwsubnet"
  virtual_network_name = azurerm_virtual_network.test.name
  resource_group_name  = azurerm_resource_group.rg.name
-  depends_on           = [azurerm_virtual_network.test]
 }

 # Public Ip 
@ -68,8 +62,6 @@ resource "azurerm_public_ip" "test" {
  resource_group_name = azurerm_resource_group.rg.name
  allocation_method   = "Static"
  sku                 = "Standard"
-
-  tags = var.tags
 }

 resource "azurerm_application_gateway" "network" {
@ -128,56 +120,28 @@ resource "azurerm_application_gateway" "network" {
    http_listener_name         = local.listener_name
    backend_address_pool_name  = local.backend_address_pool_name
    backend_http_settings_name = local.http_setting_name
+    priority                   = 1
  }
-
-  tags = var.tags
-
-  depends_on = [azurerm_virtual_network.test, azurerm_public_ip.test]
-}
-
-resource "azurerm_role_assignment" "ra1" {
-  scope                = data.azurerm_subnet.kubesubnet.id
-  role_definition_name = "Network Contributor"
-  principal_id         = var.aks_service_principal_object_id
-
-  depends_on = [azurerm_virtual_network.test]
-}
-
-resource "azurerm_role_assignment" "ra2" {
-  scope                = azurerm_user_assigned_identity.testIdentity.id
-  role_definition_name = "Managed Identity Operator"
-  principal_id         = var.aks_service_principal_object_id
-  depends_on           = [azurerm_user_assigned_identity.testIdentity]
-}
-
-resource "azurerm_role_assignment" "ra3" {
-  scope                = azurerm_application_gateway.network.id
-  role_definition_name = "Contributor"
-  principal_id         = azurerm_user_assigned_identity.testIdentity.principal_id
-  depends_on           = [azurerm_user_assigned_identity.testIdentity, azurerm_application_gateway.network]
-}
-
-resource "azurerm_role_assignment" "ra4" {
-  scope                = azurerm_resource_group.rg.id
-  role_definition_name = "Reader"
-  principal_id         = azurerm_user_assigned_identity.testIdentity.principal_id
-  depends_on           = [azurerm_user_assigned_identity.testIdentity, azurerm_application_gateway.network]
 }

 resource "azurerm_kubernetes_cluster" "k8s" {
-  name       = var.aks_name
+  name       = var.aks_cluster_name
  location   = azurerm_resource_group.rg.location
  dns_prefix = var.aks_dns_prefix

+  identity {
+    type = "SystemAssigned"
+  }
+
  resource_group_name = azurerm_resource_group.rg.name

  http_application_routing_enabled = false

  linux_profile {
-    admin_username = var.vm_user_name
+    admin_username = var.vm_username

    ssh_key {
-      key_data = file(var.public_ssh_key_path)
+      key_data = jsondecode(azapi_resource_action.ssh_public_key_gen.output).publicKey
    }
  }

@ -189,22 +153,10 @@ resource "azurerm_kubernetes_cluster" "k8s" {
    vnet_subnet_id  = data.azurerm_subnet.kubesubnet.id
  }

-  service_principal {
-    client_id     = var.aks_service_principal_app_id
-    client_secret = var.aks_service_principal_client_secret
-  }
-
  network_profile {
    network_plugin     = "azure"
    dns_service_ip     = var.aks_dns_service_ip
    docker_bridge_cidr = var.aks_docker_bridge_cidr
    service_cidr       = var.aks_service_cidr
  }
-
-  role_based_access_control {
-    enabled = var.aks_enable_rbac
-  }
-
-  depends_on = [azurerm_virtual_network.test, azurerm_application_gateway.network]
-  tags       = var.tags
 }
--- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/outputs.tf
+++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/outputs.tf
@ -2,24 +2,33 @@ output "resource_group_name" {
  value = azurerm_resource_group.rg.name
 }

+output "aks_cluster_name" {
+  value = azurerm_kubernetes_cluster.k8s.name
+}
+
 output "client_key" {
  value     = azurerm_kubernetes_cluster.k8s.kube_config.0.client_key
+  sensitive = true
 }

 output "client_certificate" {
  value     = azurerm_kubernetes_cluster.k8s.kube_config.0.client_certificate
+  sensitive = true
 }

 output "cluster_ca_certificate" {
  value     = azurerm_kubernetes_cluster.k8s.kube_config.0.cluster_ca_certificate
+  sensitive = true
 }

 output "cluster_username" {
  value     = azurerm_kubernetes_cluster.k8s.kube_config.0.username
+  sensitive = true
 }

 output "cluster_password" {
  value     = azurerm_kubernetes_cluster.k8s.kube_config.0.password
+  sensitive = true
 }

 output "kube_config" {
@ -29,6 +38,7 @@ output "kube_config" {

 output "host" {
  value     = azurerm_kubernetes_cluster.k8s.kube_config.0.host
+  sensitive = true
 }

 output "identity_resource_id" {
--- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/providers.tf
+++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/providers.tf
@ -1,18 +1,19 @@
 terraform {
-
-  required_version = ">=0.12"
+  required_version = ">=1.0"

  required_providers {
+    azapi = {
+      source  = "azure/azapi"
+      version = "~>1.5"
+    }
    azurerm = {
      source  = "hashicorp/azurerm"
-      version = "~>2.0"
+      version = "~>3.0"
    }
+    random = {
+      source  = "hashicorp/random"
+      version = "~>3.0"
    }
-  backend "azurerm" {
-    resource_group_name  = "<storage_account_resource_group>"
-    storage_account_name = "<storage_account_name>"
-    container_name       = "tfstate"
-    key                  = "codelab.microsoft.tfstate"
  }
 }

--- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/readme.md
+++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/readme.md
@ -1,4 +1,4 @@
-# Create an Application Gateway Ingress Controller in Azure Kubernetes Service using Terraform
+# Application Gateway Ingress Controller in Azure Kubernetes Service using Terraform

 This template creates an Application Gateway Ingress Controller in Azure Kubernetes Service using Terraform.

@ -11,18 +11,17 @@ This template creates an Application Gateway Ingress Controller in Azure Kuberne
 - [azurerm_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet)
 - [azurerm_public_ip](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip)
 - [azurerm_application_gateway](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/application_gateway)
- [azurerm_role_assignment](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment)
 - [azurerm_kubernetes_cluster](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster)

+## Terraform data sources
+- [azurerm_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet)
+
 ## Variables

 | Name | Description | Default value |
 |-|-|-|
-| `resource_group_name_prefix` | (Optional) Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription. | rg |
-| `location` | (Optional) Azure region in which to deploy demo resources.| eastus |
-| `aks_service_principal_app_id` | Application ID/Client ID  of the service principal. Used by AKS to manage AKS related resources on Azure like vms, subnets.| |
-| `aks_service_principal_client_secret` | Secret of the service principal. Used by AKS to manage Azure. | |
-| `aks_service_principal_object_id` | Object ID of the service principal. | |
+| `resource_group_name_prefix` | Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription. | rg |
+| `resource_group_location` | Location of the resource group. | eastus |
 | `virtual_network_name` | Virtual network name. | aksVirtualNetwork |
 | `virtual_network_address_prefix` | VNET address prefix. | 192.168.0.0/16 |
 | `aks_subnet_name` | Subnet name. | kubesubnet |
@ -41,6 +40,7 @@ This template creates an Application Gateway Ingress Controller in Azure Kuberne
 | `aks_dns_service_ip` | DNS server IP address. | 10.0.0.10 |
 | `aks_docker_bridge_cidr` | CIDR notation IP for Docker bridge. | 172.17.0.1/16 |
 | `aks_enable_rbac` | Enable RBAC on the AKS cluster. | false |
+| `msi_id` | The Managed Service Identity ID. Set this value if you're running this example using Managed Identity as the authentication method. | null |
 | `vm_user_name` | User name for the VM. | vmuser1 |
 | `public_ssh_key_path` | Public key path for SSH. | ~/.ssh/id_rsa.pub |

--- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/ssh.tf
+++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/ssh.tf
@ -0,0 +1,24 @@
+resource "random_pet" "ssh_key_name" {
+  prefix    = "ssh"
+  separator = ""
+}
+
+resource "azapi_resource_action" "ssh_public_key_gen" {
+  type        = "Microsoft.Compute/sshPublicKeys@2022-11-01"
+  resource_id = azapi_resource.ssh_public_key.id
+  action      = "generateKeyPair"
+  method      = "POST"
+
+  response_export_values = ["publicKey", "privateKey"]
+}
+
+resource "azapi_resource" "ssh_public_key" {
+  type      = "Microsoft.Compute/sshPublicKeys@2022-11-01"
+  name      = random_pet.ssh_key_name.id
+  location  = azurerm_resource_group.rg.location
+  parent_id = azurerm_resource_group.rg.id
+}
+
+output "key_data" {
+  value = jsondecode(azapi_resource_action.ssh_public_key_gen.output).publicKey
+}
--- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/terraform.tfvars
+++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/terraform.tfvars
@ -1,5 +0,0 @@
-aks_service_principal_app_id = "<service_principal_app_id>"
-
-aks_service_principal_client_secret = "<service_principal_password>"
-
-aks_service_principal_object_id = "<service_principal_object_id>"
--- a/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf
+++ b/quickstart/201-k8s-cluster-with-aks-applicationgateway-ingress/variables.tf
@ -1,128 +1,131 @@
-variable "resource_group_name_prefix" {
-  default     = "rg"
-  description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription."
-}
-
 variable "resource_group_location" {
+  type        = string
  default     = "eastus"
  description = "Location of the resource group."
 }

-variable "aks_service_principal_app_id" {
-  description = "Application ID/Client ID  of the service principal. Used by AKS to manage AKS related resources on Azure like vms, subnets."
-}
-
-variable "aks_service_principal_client_secret" {
-  description = "Secret of the service principal. Used by AKS to manage Azure."
-}
-
-variable "aks_service_principal_object_id" {
-  description = "Object ID of the service principal."
+variable "resource_group_name_prefix" {
+  type        = string
+  default     = "rg"
+  description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription."
 }

 variable "virtual_network_name" {
+  type        = string
  description = "Virtual network name"
  default     = "aksVirtualNetwork"
 }

 variable "virtual_network_address_prefix" {
+  type        = string
  description = "VNET address prefix"
  default     = "192.168.0.0/16"
 }

 variable "aks_subnet_name" {
+  type        = string
  description = "Subnet Name."
  default     = "kubesubnet"
 }

 variable "aks_subnet_address_prefix" {
+  type        = string
  description = "Subnet address prefix."
  default     = "192.168.0.0/24"
 }

 variable "app_gateway_subnet_address_prefix" {
+  type        = string
  description = "Subnet server IP address."
  default     = "192.168.1.0/24"
 }

 variable "app_gateway_name" {
+  type        = string
  description = "Name of the Application Gateway"
  default     = "ApplicationGateway1"
 }

 variable "app_gateway_sku" {
+  type        = string
  description = "Name of the Application Gateway SKU"
  default     = "Standard_v2"
 }

 variable "app_gateway_tier" {
+  type        = string
  description = "Tier of the Application Gateway tier"
  default     = "Standard_v2"
 }

-variable "aks_name" {
+variable "aks_cluster_name" {
+  type        = string
  description = "AKS cluster name"
  default     = "aks-cluster1"
 }
+
 variable "aks_dns_prefix" {
+  type        = string
  description = "Optional DNS prefix to use with hosted Kubernetes API server FQDN."
  default     = "aks"
 }

 variable "aks_agent_os_disk_size" {
+  type        = number
  description = "Disk size (in GB) to provision for each of the agent pool nodes. This value ranges from 0 to 1023. Specifying 0 applies the default disk size for that agentVMSize."
  default     = 40
 }

 variable "aks_agent_count" {
+  type        = number
  description = "The number of agent nodes for the cluster."
  default     = 3
 }

 variable "aks_agent_vm_size" {
+  type        = string
  description = "VM size"
  default     = "Standard_D3_v2"
 }

 variable "kubernetes_version" {
+  type        = string
  description = "Kubernetes version"
  default     = "1.11.5"
 }

 variable "aks_service_cidr" {
+  type        = string
  description = "CIDR notation IP range from which to assign service cluster IPs"
  default     = "10.0.0.0/16"
 }

 variable "aks_dns_service_ip" {
+  type        = string
  description = "DNS server IP address"
  default     = "10.0.0.10"
 }

 variable "aks_docker_bridge_cidr" {
+  type        = string
  description = "CIDR notation IP for Docker bridge."
  default     = "172.17.0.1/16"
 }

 variable "aks_enable_rbac" {
+  type        = bool
  description = "Enable RBAC on the AKS cluster. Defaults to false."
  default     = "false"
 }

-variable "vm_user_name" {
+variable "msi_id" {
+  type        = string
+  description = "The Managed Service Identity ID. Set this value if you're running this example using Managed Identity as the authentication method."
+  default     = null
+}
+
+variable "vm_username" {
+  type        = string
  description = "User name for the VM"
  default     = "vmuser1"
 }
-
-variable "public_ssh_key_path" {
-  description = "Public key path for SSH."
-  default     = "~/.ssh/id_rsa.pub"
-}
-
-variable "tags" {
-  type = map(string)
-
-  default = {
-    source = "terraform"
-  }
-}