Adds notes on AKS service_principal and preview features that must be enabled

This commit is contained in:
Rob Gil 2020-01-20 16:10:55 -05:00
parent 636653a5ad
commit 584b885311

View File

@ -57,6 +57,7 @@ To create all the resources we need for this environment we'll need to enable so
This registers the specific feature for _SystemAssigned_ principals This registers the specific feature for _SystemAssigned_ principals
``` ```
az feature register --namespace Microsoft.ContainerService --name MSIPreview az feature register --namespace Microsoft.ContainerService --name MSIPreview
az feature register --namespace Microsoft.ContainerService --name NodePublicIPPreview
``` ```
To apply the registration, run the following To apply the registration, run the following
@ -211,6 +212,9 @@ TODO
# Quick Steps # Quick Steps
Copy paste (mostly) Copy paste (mostly)
*Register Preview features*
See [Registering Features](#Preview_Features)
*Edit provider.tf and turn off remote bucket temporarily (comment out backend {} section)* *Edit provider.tf and turn off remote bucket temporarily (comment out backend {} section)*
``` ```
provider "azurerm" { provider "azurerm" {
@ -255,11 +259,22 @@ Next, we'll create the operator keyvault.
`terraform plan -target=module.operator_keyvault` `terraform plan -target=module.operator_keyvault`
Lastly, we'll pre-populate some secrets using the secrets-tool. Follow the install/setup section in the README.md first. Then populate the secrets with a definition file as described in the following link. Next, we'll pre-populate some secrets using the secrets-tool. Follow the install/setup section in the README.md first. Then populate the secrets with a definition file as described in the following link.
https://github.com/dod-ccpo/atst/tree/staging/terraform/secrets-tool#populating-secrets-from-secrets-definition-file https://github.com/dod-ccpo/atst/tree/staging/terraform/secrets-tool#populating-secrets-from-secrets-definition-file
*Create service principal for AKS*
```
az ad sp create-for-rbac
```
Take note of the output, you'll need it in the next step to store the secret and `client_id` in keyvault.
This also involves using secrets-tool. Substitute your keyvault url.
```
secrets-tool secrets --keyvault https://ops-jedidev-keyvault.vault.azure.net/ create --key k8s-client-id --value [value]
secrets-tool secrets --keyvault https://ops-jedidev-keyvault.vault.azure.net/ create --key k8s-client-secret --value [value]
```
*Next we'll apply the rest of the TF configuration* *Next we'll apply the rest of the TF configuration*
`terraform plan` # Make sure this looks correct `terraform plan` # Make sure this looks correct