diff --git a/quickstart/201-aks-acr-identity/acr.tf b/quickstart/201-aks-acr-identity/acr.tf index 00b2edd7..d5a750c9 100644 --- a/quickstart/201-aks-acr-identity/acr.tf +++ b/quickstart/201-aks-acr-identity/acr.tf @@ -2,9 +2,9 @@ locals { acr_name = "${replace(var.dns_prefix, "-", "")}${replace(var.name, "-", "")}acr" } resource "azurerm_container_registry" "default" { - name = "${local.acr_name}" - resource_group_name = "${azurerm_resource_group.default.name}" - location = "${azurerm_resource_group.default.location}" + name = local.acr_name + resource_group_name = azurerm_resource_group.default.name + location = azurerm_resource_group.default.location sku = "Standard" admin_enabled = false } \ No newline at end of file diff --git a/quickstart/201-aks-acr-identity/aks.tf b/quickstart/201-aks-acr-identity/aks.tf index cd31ab21..a7b15bee 100644 --- a/quickstart/201-aks-acr-identity/aks.tf +++ b/quickstart/201-aks-acr-identity/aks.tf @@ -1,24 +1,20 @@ resource "azurerm_kubernetes_cluster" "default" { - name = "${var.name}-aks" - location = "${azurerm_resource_group.default.location}" - resource_group_name = "${azurerm_resource_group.default.name}" - dns_prefix = "${var.dns_prefix}-${var.name}-aks-${var.environment}" - depends_on = ["azurerm_role_assignment.aks_network", "azurerm_role_assignment.aks_acr"] + name = "${var.name}-aks" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name + dns_prefix = "${var.dns_prefix}-${var.name}-aks-${var.environment}" + role_based_access_control_enabled = true - agent_pool_profile { + default_node_pool { name = "default" - count = "${var.node_count}" - vm_size = "${var.node_type}" - os_type = "Linux" + vm_size = var.node_type + node_count = var.node_count os_disk_size_gb = 30 } - - service_principal { - client_id = "${azuread_application.default.application_id}" - client_secret = "${azuread_service_principal_password.default.value}" + identity { + type = "UserAssigned" + identity_ids = [azurerm_user_assigned_identity.aks.id] } - role_based_access_control { - enabled = true - } + depends_on = [azurerm_role_assignment.aks_network, azurerm_role_assignment.aks_acr] } \ No newline at end of file diff --git a/quickstart/201-aks-acr-identity/azuread.tf b/quickstart/201-aks-acr-identity/azuread.tf index 28d463f5..92e3c056 100644 --- a/quickstart/201-aks-acr-identity/azuread.tf +++ b/quickstart/201-aks-acr-identity/azuread.tf @@ -1,30 +1,17 @@ -resource "azuread_application" "default" { - name = "${var.name}-${var.environment}" -} - -resource "azuread_service_principal" "default" { - application_id = "${azuread_application.default.application_id}" -} - -resource "random_string" "password" { - length = 32 - special = true -} - -resource "azuread_service_principal_password" "default" { - service_principal_id = "${azuread_service_principal.default.id}" - value = "${random_string.password.result}" - end_date = "2099-01-01T01:00:00Z" +resource "azurerm_user_assigned_identity" "aks" { + location = azurerm_resource_group.default.location + name = "${random_pet.rg.id}-uai" + resource_group_name = azurerm_resource_group.default.name } resource "azurerm_role_assignment" "aks_network" { - scope = "${data.azurerm_subscription.current.id}/resourceGroups/${azurerm_resource_group.default.name}" + scope = azurerm_resource_group.default.id role_definition_name = "Network Contributor" - principal_id = "${azuread_service_principal.default.id}" + principal_id = azurerm_user_assigned_identity.aks.principal_id } resource "azurerm_role_assignment" "aks_acr" { - scope = "${data.azurerm_subscription.current.id}/resourceGroups/${azurerm_resource_group.default.name}/providers/Microsoft.ContainerRegistry/registries/${azurerm_container_registry.default.name}" + scope = azurerm_container_registry.default.id role_definition_name = "AcrPull" - principal_id = "${azuread_service_principal.default.id}" + principal_id = azurerm_user_assigned_identity.aks.principal_id } diff --git a/quickstart/201-aks-acr-identity/main.tf b/quickstart/201-aks-acr-identity/main.tf index 8e57b9e5..9b57e397 100644 --- a/quickstart/201-aks-acr-identity/main.tf +++ b/quickstart/201-aks-acr-identity/main.tf @@ -1,18 +1,27 @@ -# The Azure Active Resource Manager Terraform provider -provider "azurerm" { - version = "=1.36.0" +terraform { + required_version = ">= 1.3" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.0" + } + } } -# The Azure Active Directory Terraform provider -provider "azuread" { - version = "=0.6.0" +provider "azurerm" { + features {} } # Reference to the current subscription. Used when creating role assignments data "azurerm_subscription" "current" {} +resource "random_pet" "rg" { + length = 1 + prefix = var.name +} + # The main resource group for this deployment resource "azurerm_resource_group" "default" { - name = "${var.name}-${var.environment}-rg" - location = "${var.location}" + name = "${random_pet.rg.id}-${var.environment}-rg" + location = var.location } diff --git a/quickstart/201-aks-acr-identity/variables.tf b/quickstart/201-aks-acr-identity/variables.tf index b9d3b197..babfe277 100644 --- a/quickstart/201-aks-acr-identity/variables.tf +++ b/quickstart/201-aks-acr-identity/variables.tf @@ -1,12 +1,12 @@ // Naming variable "name" { - type = "string" + type = string description = "Location of the azure resource group." default = "demo-tfquickstart" } variable "environment" { - type = "string" + type = string description = "Name of the deployment environment" default = "dev" } @@ -14,7 +14,7 @@ variable "environment" { // Resource information variable "location" { - type = "string" + type = string description = "Location of the azure resource group." default = "WestUS2" } @@ -22,19 +22,19 @@ variable "location" { // Node type information variable "node_count" { - type = "string" + type = number description = "The number of K8S nodes to provision." default = 3 } variable "node_type" { - type = "string" + type = string description = "The size of each node." - default = "Standard_D1_v2" + default = "Standard_D2s_v3" } variable "dns_prefix" { - type = "string" + type = string description = "DNS Prefix" default = "tfq" }