Tips-Of-Mine/terraform
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

use identity

Browse Source
This commit is contained in:
hezijie 2023-02-21 10:38:21 +08:00
parent ed79d1aa3b
commit a198987b19
3 changed files with 21 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
quickstart/201-aks-acr-identity/aks.tf
View File

@ -1,24 +1,19 @@
resource "azurerm_kubernetes_cluster" "default" { resource "azurerm_kubernetes_cluster" "default" {
name = "${var.name}-aks" name = "${var.name}-aks"
location = azurerm_resource_group.default.location location = azurerm_resource_group.default.location
resource_group_name = azurerm_resource_group.default.name resource_group_name = azurerm_resource_group.default.name
dns_prefix = "${var.dns_prefix}-${var.name}-aks-${var.environment}" dns_prefix = "${var.dns_prefix}-${var.name}-aks-${var.environment}"
depends_on = ["azurerm_role_assignment.aks_network", "azurerm_role_assignment.aks_acr"] depends_on = ["azure_role_assignment.aks_network", "azurerm_role_assignment.aks_acr"]
role_based_access_control_enabled = true
agent_pool_profile { default_node_pool {
name = "default" name = "default"
count = "${var.node_count}" vm_size = var.node_type
vm_size = "${var.node_type}" node_count = var.node_count
os_type = "Linux"
os_disk_size_gb = 30 os_disk_size_gb = 30
} }
identity {
service_principal { type = "UserAssigned"
client_id = "${azuread_application.default.application_id}" identity_ids = [azurerm_user_assigned_identity.aks.id]
client_secret = "${azuread_service_principal_password.default.value}"
}
role_based_access_control {
enabled = true
} }
} }

29
quickstart/201-aks-acr-identity/azuread.tf
View File

@ -1,30 +1,17 @@
resource "azuread_application" "default" { resource "azurerm_user_assigned_identity" "aks" {
name = "${var.name}-${var.environment}" location = azurerm_resource_group.default.location
} name = "${random_pet.rg.id}-uai"
resource_group_name = azurerm_resource_group.default.name
resource "azuread_service_principal" "default" {
application_id = azuread_application.default.application_id
}
resource "random_string" "password" {
length = 32
special = true
}
resource "azuread_service_principal_password" "default" {
service_principal_id = "${azuread_service_principal.default.id}"
value = "${random_string.password.result}"
end_date = "2099-01-01T01:00:00Z"
} }
resource "azurerm_role_assignment" "aks_network" { resource "azurerm_role_assignment" "aks_network" {
scope = "${data.azurerm_subscription.current.id}/resourceGroups/${azurerm_resource_group.default.name}" scope = azurerm_resource_group.default.id
role_definition_name = "Network Contributor" role_definition_name = "Network Contributor"
principal_id = "${azuread_service_principal.default.id}" principal_id = azurerm_user_assigned_identity.aks.principal_id
} }
resource "azurerm_role_assignment" "aks_acr" { resource "azurerm_role_assignment" "aks_acr" {
scope = "${data.azurerm_subscription.current.id}/resourceGroups/${azurerm_resource_group.default.name}/providers/Microsoft.ContainerRegistry/registries/${azurerm_container_registry.default.name}" scope = azurerm_container_registry.default.id
role_definition_name = "AcrPull" role_definition_name = "AcrPull"
principal_id = "${azuread_service_principal.default.id}" principal_id = azurerm_user_assigned_identity.aks.principal_id
} }

6
quickstart/201-aks-acr-identity/main.tf
View File

@ -3,11 +3,7 @@ terraform {
required_providers { required_providers {
azurerm = { azurerm = {
source = "hashicorp/azurerm" source = "hashicorp/azurerm"
version = "1.36.0" version = "~> 3.0"
}
azuread = {
source = "hashicorp/azuread"
version = "0.6.0"
} }
} }
} }