In this video, I am going to show you how to build a Role Based Access Controlled (RBAC) Azure Kubernetes Services (AKS) cluster using Terraform and Azure Active Directory. At the time of creating this video, when you create an AKS cluster using the portal or terraform RBAC is disabled by default. Luckily since version 1.19.0 of the AzureRM Terraform provider, RBAC is supported.
You can find the Git repo at:
https://github.com/PixelRobots/terraform-aks-rbac-azure-ad
Prerequisites
Ā
Terraform needs to be installed on your computer.
https://learn.hashicorp.com/terraform/getting-started/install.html
Ā
You will also need a Service Principal.
Make sure you take note of the App ID (Client ID) and Password (Client Secret), we will need them for the variables.tf file later.
Ā
An Azure Storage account with a container and an Access Key.
Ā
An SSH key for the Linux VMs for your AKS cluster.
https://docs.microsoft.com/en-us/azure/virtual-machines/linux/ssh-from-windows.
Please like this video and subscribe! I really appreciate you watching!
source
Great Video.
But what to do if a ci/cd tool or terraform wants to deploy something in the cluster? with the interactive login automation in this cases is not possible anymore, or?
hello which is the client id and client secret can you share a clip of that i got 4 values 1) tenant id 2)Rbac-server-secret 3)Rbac-server-app-id 4) Rbac-client-id .I am not able to get see where you got the first two client id and client secret
Fantastic video, Richard!
Do you know a programmatic way to create the RBAC service principals AND modify the manifest and permissions? I've not quite figured out how to manage the permissions and manifest in a (reasonable) automated way.
Also, what is the non-RBAC service principal used for?
Thanks!