Create a RBAC Azure Kubernetes Services (AKS) cluster with Azure Active Directory using Terraform



In this video, I am going to show you how to build a Role Based Access Controlled (RBAC) Azure Kubernetes Services (AKS) cluster using Terraform and Azure Active Directory. At the time of creating this video, when you create an AKS cluster using the portal or terraform RBAC is disabled by default. Luckily since version 1.19.0 of the AzureRM Terraform provider, RBAC is supported.

You can find the Git repo at:
https://github.com/PixelRobots/terraform-aks-rbac-azure-ad

Prerequisites
 
Terraform needs to be installed on your computer.
https://learn.hashicorp.com/terraform/getting-started/install.html
 
You will also need a Service Principal.

First look at Terraform and the Azure Cloud Shell


Make sure you take note of the App ID (Client ID) and Password (Client Secret), we will need them for the variables.tf file later.
 
An Azure Storage account with a container and an Access Key.

How to store your Terraform State file in Azure Storage.


 
An SSH key for the Linux VMs for your AKS cluster.
https://docs.microsoft.com/en-us/azure/virtual-machines/linux/ssh-from-windows.

Please like this video and subscribe! I really appreciate you watching!

source

3 thoughts on “Create a RBAC Azure Kubernetes Services (AKS) cluster with Azure Active Directory using Terraform”
  1. Great Video.

    But what to do if a ci/cd tool or terraform wants to deploy something in the cluster? with the interactive login automation in this cases is not possible anymore, or?

  2. hello which is the client id and client secret can you share a clip of that i got 4 values 1) tenant id 2)Rbac-server-secret 3)Rbac-server-app-id 4) Rbac-client-id .I am not able to get see where you got the first two client id and client secret

  3. Fantastic video, Richard!
    Do you know a programmatic way to create the RBAC service principals AND modify the manifest and permissions? I've not quite figured out how to manage the permissions and manifest in a (reasonable) automated way.
    Also, what is the non-RBAC service principal used for?
    Thanks!

Leave a Reply

Your email address will not be published.

Captcha loading...