pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

169163334 - Switches to SystemAssigned managed identity

Browse Source 
The SystemAssigned managed identity requires a preview feature to be
enabled.

```
rgil@rem5:~/atst/terraform/providers/dev$ az feature list|grep MSIPreview
    "id": "/subscriptions/95934d54-980d-47cc-9bce-3a96bf9a2d1b/providers/Microsoft.Features/providers/Microsoft.ContainerService/features/MSIPreview",
    "name": "Microsoft.ContainerService/MSIPreview",
rgil@rem5:~/atst/terraform/providers/dev$ az feature register --namespace Microsoft.ContainerService --name MSIPreview
Once the feature 'MSIPreview' is registered, invoking 'az provider register -n Microsoft.ContainerService' is required to get the change propagated
{
  "id": "/subscriptions/95934d54-980d-47cc-9bce-3a96bf9a2d1b/providers/Microsoft.Features/providers/Microsoft.ContainerService/features/MSIPreview",
  "name": "Microsoft.ContainerService/MSIPreview",
  "properties": {
    "state": "Registering"
  },
  "type": "Microsoft.Features/providers/features"
}
rgil@rem5:~/atst/terraform/providers/dev$ az provider register -n Microsoft.ContainerService
rgil@rem5:~/atst/terraform/providers/dev$
```

This also now integrates the policy for keyvault with the k8s managed
identity (system assigned).
This commit is contained in:
Rob Gil
2020-01-08 15:05:23 -05:00
parent c403dc557c
commit 623368b8dd
4 changed files with 13 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
terraform/modules/k8s/main.tf
View File

@@ -25,6 +25,9 @@ resource "azurerm_kubernetes_cluster" "k8s" {
min_count = var.min_count # FIXME: if auto_scaling disabled, set to 0
}
identity {
type = "SystemAssigned"
}
lifecycle {
ignore_changes = [
default_node_pool.0.node_count

3
terraform/modules/k8s/outputs.tf
View File

@@ -0,0 +1,3 @@
output "principal_id" {
value = azurerm_kubernetes_cluster.k8s.identity[0].principal_id
}