dandds ca1d26cc67 Give the cluster perms to create load balancers.
In order for the cluster app registration to create new load balancers,
it needs to have the Network Contributor role for the virtual network.
In the future, we should create a custom policy scoped to exactly the
permissions the cluster needs, per:

https://docs.microsoft.com/en-us/azure/aks/configure-azure-cni#prerequisites
2020-01-30 16:28:02 -05:00

44 lines
1.3 KiB
HCL

data "azurerm_key_vault_secret" "k8s_client_id" {
name = "k8s-client-id"
key_vault_id = module.operator_keyvault.id
}
data "azurerm_key_vault_secret" "k8s_client_secret" {
name = "k8s-client-secret"
key_vault_id = module.operator_keyvault.id
}
module "k8s" {
source = "../../modules/k8s"
region = var.region
name = var.name
environment = var.environment
owner = var.owner
k8s_dns_prefix = var.k8s_dns_prefix
k8s_node_size = var.k8s_node_size
vnet_subnet_id = module.vpc.subnets #FIXME - output from module.vpc.subnets should be map
enable_auto_scaling = true
max_count = 5
min_count = 3
client_id = data.azurerm_key_vault_secret.k8s_client_id.value
client_secret = data.azurerm_key_vault_secret.k8s_client_secret.value
workspace_id = module.logs.workspace_id
vnet_id = module.vpc.id
}
#module "main_lb" {
# source = "../../modules/lb"
# region = var.region
# name = "main-${var.name}"
# environment = var.environment
# owner = var.owner
#}
#module "auth_lb" {
# source = "../../modules/lb"
# region = var.region
# name = "auth-${var.name}"
# environment = var.environment
# owner = var.owner
#}