diff --git a/quickstart/201-k8s-cluster-with-tf-and-aks/main.tf b/quickstart/201-k8s-cluster-with-tf-and-aks/main.tf index 66f9facd..9de93e36 100644 --- a/quickstart/201-k8s-cluster-with-tf-and-aks/main.tf +++ b/quickstart/201-k8s-cluster-with-tf-and-aks/main.tf @@ -22,6 +22,10 @@ resource "azurerm_kubernetes_cluster" "k8s" { resource_group_name = azurerm_resource_group.rg.name dns_prefix = random_pet.azurerm_kubernetes_cluster_dns_prefix.id + identity { + type = "SystemAssigned" + } + default_node_pool { name = "agentpool" vm_size = "Standard_D2_v2" @@ -38,10 +42,4 @@ resource "azurerm_kubernetes_cluster" "k8s" { network_plugin = "kubenet" load_balancer_sku = "standard" } - service_principal { - client_id = azuread_service_principal.app.application_id - client_secret = azuread_service_principal_password.app.value - } - - depends_on = [time_sleep.wait_30_seconds] } \ No newline at end of file diff --git a/quickstart/201-k8s-cluster-with-tf-and-aks/readme.md b/quickstart/201-k8s-cluster-with-tf-and-aks/readme.md index 8a601397..efce1c2e 100644 --- a/quickstart/201-k8s-cluster-with-tf-and-aks/readme.md +++ b/quickstart/201-k8s-cluster-with-tf-and-aks/readme.md @@ -11,8 +11,6 @@ This template provisions an [AKS / Azure Kubernetes service (also known as a Man - [azurerm_client_config](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) - [azurerm_kubernetes_cluster](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster) - [azuread_application](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/application) -- [azuread_service_principal](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/service_principal) -- [azuread_service_principal_password](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/service_principal_password) - [azapi_resource](https://registry.terraform.io/providers/Azure/azapi/latest/docs/resources/azapi_resource) - [azapi_resource_action](https://registry.terraform.io/providers/Azure/azapi/latest/docs/resources/azapi_resource_action) diff --git a/quickstart/201-k8s-cluster-with-tf-and-aks/sp.tf b/quickstart/201-k8s-cluster-with-tf-and-aks/sp.tf deleted file mode 100644 index 8fdba63e..00000000 --- a/quickstart/201-k8s-cluster-with-tf-and-aks/sp.tf +++ /dev/null @@ -1,43 +0,0 @@ -data "azurerm_client_config" "current" {} - -locals { - current_user_id = coalesce(var.msi_id, data.azurerm_client_config.current.object_id) -} - -# Create Azure AD app registration. -resource "azuread_application" "app" { - display_name = "my-app" - owners = [local.current_user_id] -} - -# Create service principal. -resource "azuread_service_principal" "app" { - application_id = azuread_application.app.application_id - app_role_assignment_required = true - owners = [local.current_user_id] -} - -# Create service principal password. -resource "azuread_service_principal_password" "app" { - service_principal_id = azuread_service_principal.app.id -} - -# Sleep for 30 seconds to allow for propagation -# of the Service Principal creation before attempting -# to create the AKS cluster. -resource "time_sleep" "wait_30_seconds" { - create_duration = "30s" - - depends_on = [azuread_service_principal_password.app] -} - -# Output the service principal and password. -output "sp" { - value = azuread_service_principal.app.id - sensitive = true -} - -output "sp_password" { - value = azuread_service_principal_password.app.value - sensitive = true -} \ No newline at end of file