diff --git a/quickstart/201-aks-acr-identity/aks.tf b/quickstart/201-aks-acr-identity/aks.tf index 0de91083..adcd92ad 100644 --- a/quickstart/201-aks-acr-identity/aks.tf +++ b/quickstart/201-aks-acr-identity/aks.tf @@ -1,24 +1,19 @@ resource "azurerm_kubernetes_cluster" "default" { - name = "${var.name}-aks" - location = azurerm_resource_group.default.location - resource_group_name = azurerm_resource_group.default.name - dns_prefix = "${var.dns_prefix}-${var.name}-aks-${var.environment}" - depends_on = ["azurerm_role_assignment.aks_network", "azurerm_role_assignment.aks_acr"] + name = "${var.name}-aks" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name + dns_prefix = "${var.dns_prefix}-${var.name}-aks-${var.environment}" + depends_on = ["azure_role_assignment.aks_network", "azurerm_role_assignment.aks_acr"] + role_based_access_control_enabled = true - agent_pool_profile { + default_node_pool { name = "default" - count = "${var.node_count}" - vm_size = "${var.node_type}" - os_type = "Linux" + vm_size = var.node_type + node_count = var.node_count os_disk_size_gb = 30 } - - service_principal { - client_id = "${azuread_application.default.application_id}" - client_secret = "${azuread_service_principal_password.default.value}" - } - - role_based_access_control { - enabled = true + identity { + type = "UserAssigned" + identity_ids = [azurerm_user_assigned_identity.aks.id] } } \ No newline at end of file diff --git a/quickstart/201-aks-acr-identity/azuread.tf b/quickstart/201-aks-acr-identity/azuread.tf index e8f0fd2d..92e3c056 100644 --- a/quickstart/201-aks-acr-identity/azuread.tf +++ b/quickstart/201-aks-acr-identity/azuread.tf @@ -1,30 +1,17 @@ -resource "azuread_application" "default" { - name = "${var.name}-${var.environment}" -} - -resource "azuread_service_principal" "default" { - application_id = azuread_application.default.application_id -} - -resource "random_string" "password" { - length = 32 - special = true -} - -resource "azuread_service_principal_password" "default" { - service_principal_id = "${azuread_service_principal.default.id}" - value = "${random_string.password.result}" - end_date = "2099-01-01T01:00:00Z" +resource "azurerm_user_assigned_identity" "aks" { + location = azurerm_resource_group.default.location + name = "${random_pet.rg.id}-uai" + resource_group_name = azurerm_resource_group.default.name } resource "azurerm_role_assignment" "aks_network" { - scope = "${data.azurerm_subscription.current.id}/resourceGroups/${azurerm_resource_group.default.name}" + scope = azurerm_resource_group.default.id role_definition_name = "Network Contributor" - principal_id = "${azuread_service_principal.default.id}" + principal_id = azurerm_user_assigned_identity.aks.principal_id } resource "azurerm_role_assignment" "aks_acr" { - scope = "${data.azurerm_subscription.current.id}/resourceGroups/${azurerm_resource_group.default.name}/providers/Microsoft.ContainerRegistry/registries/${azurerm_container_registry.default.name}" + scope = azurerm_container_registry.default.id role_definition_name = "AcrPull" - principal_id = "${azuread_service_principal.default.id}" + principal_id = azurerm_user_assigned_identity.aks.principal_id } diff --git a/quickstart/201-aks-acr-identity/main.tf b/quickstart/201-aks-acr-identity/main.tf index b45121ca..d2e91459 100644 --- a/quickstart/201-aks-acr-identity/main.tf +++ b/quickstart/201-aks-acr-identity/main.tf @@ -3,11 +3,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "1.36.0" - } - azuread = { - source = "hashicorp/azuread" - version = "0.6.0" + version = "~> 3.0" } } }