Adds notes on AKS service_principal and preview features that must be enabled
This commit is contained in:
parent
636653a5ad
commit
584b885311
@ -57,6 +57,7 @@ To create all the resources we need for this environment we'll need to enable so
|
|||||||
This registers the specific feature for _SystemAssigned_ principals
|
This registers the specific feature for _SystemAssigned_ principals
|
||||||
```
|
```
|
||||||
az feature register --namespace Microsoft.ContainerService --name MSIPreview
|
az feature register --namespace Microsoft.ContainerService --name MSIPreview
|
||||||
|
az feature register --namespace Microsoft.ContainerService --name NodePublicIPPreview
|
||||||
```
|
```
|
||||||
|
|
||||||
To apply the registration, run the following
|
To apply the registration, run the following
|
||||||
@ -211,6 +212,9 @@ TODO
|
|||||||
# Quick Steps
|
# Quick Steps
|
||||||
Copy paste (mostly)
|
Copy paste (mostly)
|
||||||
|
|
||||||
|
*Register Preview features*
|
||||||
|
See [Registering Features](#Preview_Features)
|
||||||
|
|
||||||
*Edit provider.tf and turn off remote bucket temporarily (comment out backend {} section)*
|
*Edit provider.tf and turn off remote bucket temporarily (comment out backend {} section)*
|
||||||
```
|
```
|
||||||
provider "azurerm" {
|
provider "azurerm" {
|
||||||
@ -255,11 +259,22 @@ Next, we'll create the operator keyvault.
|
|||||||
|
|
||||||
`terraform plan -target=module.operator_keyvault`
|
`terraform plan -target=module.operator_keyvault`
|
||||||
|
|
||||||
Lastly, we'll pre-populate some secrets using the secrets-tool. Follow the install/setup section in the README.md first. Then populate the secrets with a definition file as described in the following link.
|
Next, we'll pre-populate some secrets using the secrets-tool. Follow the install/setup section in the README.md first. Then populate the secrets with a definition file as described in the following link.
|
||||||
|
|
||||||
|
|
||||||
https://github.com/dod-ccpo/atst/tree/staging/terraform/secrets-tool#populating-secrets-from-secrets-definition-file
|
https://github.com/dod-ccpo/atst/tree/staging/terraform/secrets-tool#populating-secrets-from-secrets-definition-file
|
||||||
|
|
||||||
|
*Create service principal for AKS*
|
||||||
|
```
|
||||||
|
az ad sp create-for-rbac
|
||||||
|
```
|
||||||
|
Take note of the output, you'll need it in the next step to store the secret and `client_id` in keyvault.
|
||||||
|
|
||||||
|
This also involves using secrets-tool. Substitute your keyvault url.
|
||||||
|
```
|
||||||
|
secrets-tool secrets --keyvault https://ops-jedidev-keyvault.vault.azure.net/ create --key k8s-client-id --value [value]
|
||||||
|
secrets-tool secrets --keyvault https://ops-jedidev-keyvault.vault.azure.net/ create --key k8s-client-secret --value [value]
|
||||||
|
```
|
||||||
|
|
||||||
*Next we'll apply the rest of the TF configuration*
|
*Next we'll apply the rest of the TF configuration*
|
||||||
|
|
||||||
`terraform plan` # Make sure this looks correct
|
`terraform plan` # Make sure this looks correct
|
||||||
|
Loading…
x
Reference in New Issue
Block a user