use identity

2023-02-21 10:38:21 +08:00
parent ed79d1aa3b
commit a198987b19
3 changed files with 21 additions and 43 deletions
--- a/quickstart/201-aks-acr-identity/aks.tf
+++ b/quickstart/201-aks-acr-identity/aks.tf
@ -1,24 +1,19 @@
 resource "azurerm_kubernetes_cluster" "default" {
-  name                = "${var.name}-aks"
-  location            = azurerm_resource_group.default.location
-  resource_group_name = azurerm_resource_group.default.name
-  dns_prefix          = "${var.dns_prefix}-${var.name}-aks-${var.environment}"
-  depends_on          = ["azurerm_role_assignment.aks_network", "azurerm_role_assignment.aks_acr"]
+  name                              = "${var.name}-aks"
+  location                          = azurerm_resource_group.default.location
+  resource_group_name               = azurerm_resource_group.default.name
+  dns_prefix                        = "${var.dns_prefix}-${var.name}-aks-${var.environment}"
+  depends_on                        = ["azure_role_assignment.aks_network", "azurerm_role_assignment.aks_acr"]
+  role_based_access_control_enabled = true

-  agent_pool_profile {
+  default_node_pool {
    name            = "default"
-    count           = "${var.node_count}"
-    vm_size         = "${var.node_type}"
-    os_type         = "Linux"
+    vm_size         = var.node_type
+    node_count      = var.node_count
    os_disk_size_gb = 30
  }
-
-  service_principal {
-    client_id     = "${azuread_application.default.application_id}"
-    client_secret = "${azuread_service_principal_password.default.value}"
-  }
-
-  role_based_access_control {
-    enabled = true
+  identity {
+    type         = "UserAssigned"
+    identity_ids = [azurerm_user_assigned_identity.aks.id]
  }
 }