Create a RBAC Azure Kubernetes Services (AKS) cluster with Azure Active Directory using Terraform

    18
    3



    In this video, I am going to show you how to build a Role Based Access Controlled (RBAC) Azure Kubernetes Services (AKS) cluster using Terraform and Azure Active Directory. At the time of creating this video, when you create an AKS cluster using the portal or terraform RBAC is disabled by default. Luckily since version 1.19.0 of the AzureRM Terraform provider, RBAC is supported.

    You can find the Git repo at:
    https://github.com/PixelRobots/terraform-aks-rbac-azure-ad

    Prerequisites
     
    Terraform needs to be installed on your computer.
    https://learn.hashicorp.com/terraform/getting-started/install.html
     
    You will also need a Service Principal.

    First look at Terraform and the Azure Cloud Shell


    Make sure you take note of the App ID (Client ID) and Password (Client Secret), we will need them for the variables.tf file later.
     
    An Azure Storage account with a container and an Access Key.

    How to store your Terraform State file in Azure Storage.


     
    An SSH key for the Linux VMs for your AKS cluster.
    https://docs.microsoft.com/en-us/azure/virtual-machines/linux/ssh-from-windows.

    Please like this video and subscribe! I really appreciate you watching!

    source

    Previous articleHow to dockerize NodeJS and MongoDB application using docker-compose
    Next articleEKS Backup – 3 mins to protect containers on EKS Cluster by Yongkang | Kubernetes Backup

    3 COMMENTS

    1. hello which is the client id and client secret can you share a clip of that i got 4 values 1) tenant id 2)Rbac-server-secret 3)Rbac-server-app-id 4) Rbac-client-id .I am not able to get see where you got the first two client id and client secret

    2. Fantastic video, Richard!
      Do you know a programmatic way to create the RBAC service principals AND modify the manifest and permissions? I've not quite figured out how to manage the permissions and manifest in a (reasonable) automated way.
      Also, what is the non-RBAC service principal used for?
      Thanks!