Te damos la bienvenida a nuestro sitio, en este lugar encontrarás la resolución que estás buscando.
Solución:
Este código funcionó para mí.
resource "azuread_application" "aks_sp"
name = "sp-aks-$local.cluster_name"
resource "azuread_service_principal" "aks_sp"
application_id = azuread_application.aks_sp.application_id
app_role_assignment_required = false
resource "azuread_service_principal_password" "aks_sp"
service_principal_id = azuread_service_principal.aks_sp.id
value = random_string.aks_sp_password.result
end_date_relative = "8760h" # 1 year
lifecycle
ignore_changes = [
value,
end_date_relative
]
resource "azuread_application_password" "aks_sp"
application_object_id = azuread_application.aks_sp.id
value = random_string.aks_sp_secret.result
end_date_relative = "8760h" # 1 year
lifecycle
ignore_changes = [
value,
end_date_relative
]
data "azurerm_container_registry" "pyp"
name = var.container_registry_name
resource_group_name = var.container_registry_resource_group_name
resource "azurerm_role_assignment" "aks_sp_container_registry"
scope = data.azurerm_container_registry.pyp.id
role_definition_name = "AcrPull"
principal_id = azuread_service_principal.aks_sp.object_id
# requires Azure Provider 1.37+
resource "azurerm_kubernetes_cluster" "pyp"
name = local.cluster_name
location = azurerm_resource_group.pyp.location
resource_group_name = azurerm_resource_group.pyp.name
dns_prefix = local.env_name_nosymbols
kubernetes_version = local.kubernetes_version
default_node_pool
name = "default"
node_count = 1
vm_size = "Standard_D2s_v3"
os_disk_size_gb = 80
windows_profile
admin_username = "winadm"
admin_password = random_string.windows_profile_password.result
network_profile
network_plugin = "azure"
dns_service_ip = cidrhost(local.service_cidr, 10)
docker_bridge_cidr = "172.17.0.1/16"
service_cidr = local.service_cidr
load_balancer_sku = "standard"
service_principal
client_id = azuread_service_principal.aks_sp.application_id
client_secret = random_string.aks_sp_password.result
addon_profile
oms_agent
enabled = true
log_analytics_workspace_id = azurerm_log_analytics_workspace.pyp.id
tags = local.tags
fuente https://github.com/giuliov/pipeline-your-pipelines/tree/master/src/kubernetes/terraform
(Hice la respuesta anterior)
Solo agregando una forma más simple en la que no necesita crear una entidad de servicio para cualquier otra persona que pueda necesitarla.
resource "azurerm_kubernetes_cluster" "kubweb"
name = local.cluster_web
location = local.rgloc
resource_group_name = local.rgname
dns_prefix = "$local.cluster_web-dns"
kubernetes_version = local.kubversion
# used to group all the internal objects of this cluster
node_resource_group = "$local.cluster_web-rg-node"
# azure will assign the id automatically
identity
type = "SystemAssigned"
default_node_pool
name = "nodepool1"
node_count = 4
vm_size = local.vm_size
orchestrator_version = local.kubversion
role_based_access_control
enabled = true
addon_profile
kube_dashboard
enabled = true
tags =
environment = local.env
resource "azurerm_container_registry" "acr"
name = "acr1"
resource_group_name = local.rgname
location = local.rgloc
sku = "Standard"
admin_enabled = true
tags =
environment = local.env
# add the role to the identity the kubernetes cluster was assigned
resource "azurerm_role_assignment" "kubweb_to_acr"
scope = azurerm_container_registry.acr.id
role_definition_name = "AcrPull"
principal_id = azurerm_kubernetes_cluster.kubweb.kubelet_identity[0].object_id
Comentarios y valoraciones
Si posees algún recelo o disposición de aclarar nuestro tutorial puedes ejecutar una reseña y con deseo lo estudiaremos.
¡Haz clic para puntuar esta entrada!
(Votos: 0 Promedio: 0)