Merge pull request #1376 from dod-ccpo/k8s-perms-for-load-balancers

Give the cluster perms to create load balancers.
This commit is contained in:
dandds 2020-01-31 10:27:05 -05:00 committed by GitHub
commit 62d8a89eb1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 18 additions and 2 deletions

View File

@ -81,3 +81,9 @@ resource "azurerm_monitor_diagnostic_setting" "k8s_diagnostic-1" {
}
}
}
resource "azurerm_role_assignment" "k8s_network_contrib" {
scope = var.vnet_id
role_definition_name = "Network Contributor"
principal_id = azurerm_kubernetes_cluster.k8s.identity[0].principal_id
}

View File

@ -66,4 +66,9 @@ variable "client_secret" {
variable "workspace_id" {
description = "Log Analytics workspace for this resource to log to"
type = string
}
}
variable "vnet_id" {
description = "The ID of the VNET that the AKS cluster app registration needs to provision load balancers in"
type = string
}

View File

@ -6,4 +6,8 @@ output "subnet_list" {
value = {
for k, id in azurerm_subnet.subnet : k => id
}
}
}
output "id" {
value = azurerm_virtual_network.vpc.id
}

View File

@ -23,6 +23,7 @@ module "k8s" {
client_id = data.azurerm_key_vault_secret.k8s_client_id.value
client_secret = data.azurerm_key_vault_secret.k8s_client_secret.value
workspace_id = module.logs.workspace_id
vnet_id = module.vpc.id
}
#module "main_lb" {