Skip to content

Instantly share code, notes, and snippets.

@cdennig
Created December 14, 2019 12:05
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save cdennig/677d399fa3da3cb64b397bb4cce01af0 to your computer and use it in GitHub Desktop.
Save cdennig/677d399fa3da3cb64b397bb4cce01af0 to your computer and use it in GitHub Desktop.
# Role assignment
# Use ADMIN credentials
provider "kubernetes" {
host = "${azurerm_kubernetes_cluster.aks.kube_admin_config.0.host}"
client_certificate = "${base64decode(azurerm_kubernetes_cluster.aks.kube_admin_config.0.client_certificate)}"
client_key = "${base64decode(azurerm_kubernetes_cluster.aks.kube_admin_config.0.client_key)}"
cluster_ca_certificate = "${base64decode(azurerm_kubernetes_cluster.aks.kube_admin_config.0.cluster_ca_certificate)}"
}
# Cluster role binding to AAD group
resource "kubernetes_cluster_role_binding" "aad_integration" {
metadata {
name = "${var.clustername}admins"
}
role_ref {
api_group = "rbac.authorization.k8s.io"
kind = "ClusterRole"
name = "cluster-admin"
}
subject {
kind = "Group"
name = "${azuread_group.aks-aad-clusteradmins.id}"
}
depends_on = [
azurerm_kubernetes_cluster.aks
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment