Merge pull request #1376 from dod-ccpo/k8s-perms-for-load-balancers
Give the cluster perms to create load balancers.
This commit is contained in:
commit
62d8a89eb1
@ -81,3 +81,9 @@ resource "azurerm_monitor_diagnostic_setting" "k8s_diagnostic-1" {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
resource "azurerm_role_assignment" "k8s_network_contrib" {
|
||||
scope = var.vnet_id
|
||||
role_definition_name = "Network Contributor"
|
||||
principal_id = azurerm_kubernetes_cluster.k8s.identity[0].principal_id
|
||||
}
|
||||
|
@ -66,4 +66,9 @@ variable "client_secret" {
|
||||
variable "workspace_id" {
|
||||
description = "Log Analytics workspace for this resource to log to"
|
||||
type = string
|
||||
}
|
||||
}
|
||||
|
||||
variable "vnet_id" {
|
||||
description = "The ID of the VNET that the AKS cluster app registration needs to provision load balancers in"
|
||||
type = string
|
||||
}
|
||||
|
@ -6,4 +6,8 @@ output "subnet_list" {
|
||||
value = {
|
||||
for k, id in azurerm_subnet.subnet : k => id
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
output "id" {
|
||||
value = azurerm_virtual_network.vpc.id
|
||||
}
|
||||
|
@ -23,6 +23,7 @@ module "k8s" {
|
||||
client_id = data.azurerm_key_vault_secret.k8s_client_id.value
|
||||
client_secret = data.azurerm_key_vault_secret.k8s_client_secret.value
|
||||
workspace_id = module.logs.workspace_id
|
||||
vnet_id = module.vpc.id
|
||||
}
|
||||
|
||||
#module "main_lb" {
|
||||
|
Loading…
x
Reference in New Issue
Block a user