raykao/aks_with_cluster_and_kubelet_identity

## aks_with_cluster_and_kubelet_identity
resource "azurerm_user_assigned_identity" "cluster" {
  location            = azurerm_resource_group.example.location
  name                = "aks-cluster-identity-${var.cluster_uid}"
  resource_group_name = azurerm_resource_group.example.name
}

resource "azurerm_user_assigned_identity" "kubelet" {
  location            = azurerm_resource_group.example.location
  name                = "aks-kubelet-identity-${var.cluster_uid}"
  resource_group_name = azurerm_resource_group.example.name
}


resource "azurerm_role_definition" "cluster-identity" {
  role_definition_id = "00000000-0000-0000-0000-000000000000"
  name               = "aks-cluster-identity"
  scope              = ***Azure Resource ID e.g. RG/Storage/Compute***

  permissions {
    actions     = ["Microsoft.Resources/subscriptions/resourceGroups/read"]
    not_actions = []
  }

  assignable_scopes = [
    ***Same as above***,
  ]
}

resource "azurerm_role_assignment" "cluster-identity" {
  name               = "00000000-0000-0000-0000-000000000000"
  scope              = ***your azure resource uuid***
  role_definition_id = azurerm_role_definition.cluster-identity.role_definition_resource_id
  principal_id       = azurerm_user_assigned_identity.cluster.object_id
}


resource "azurerm_role_definition" "kubelet-identity" {
  role_definition_id = "00000000-0000-0000-0000-000000000000"
  name               = "aks-kubelet-identity"
  scope              = ***Azure Resource ID e.g. RG/Storage/Compute***

  permissions {
    actions     = ["Microsoft.Resources/subscriptions/resourceGroups/read"]
    not_actions = []
  }

  assignable_scopes = [
    ***Same as above***,
  ]
}

resource "azurerm_role_assignment" "kubelet-identity" {
  name               = "00000000-0000-0000-0000-000000000000"
  scope              = ***your azure resource uuid***
  role_definition_id = azurerm_role_definition.kubelet-identity.role_definition_resource_id
  principal_id       = azurerm_user_assigned_identity.kubelet.object_id
}

resource "azurerm_kubernetes_cluster" "example" {
....
	resource "azurerm_user_assigned_identity" "cluster" {
	location = azurerm_resource_group.example.location
	name = "aks-cluster-identity-${var.cluster_uid}"
	resource_group_name = azurerm_resource_group.example.name
	}

	resource "azurerm_user_assigned_identity" "kubelet" {
	location = azurerm_resource_group.example.location
	name = "aks-kubelet-identity-${var.cluster_uid}"
	resource_group_name = azurerm_resource_group.example.name
	}


	resource "azurerm_role_definition" "cluster-identity" {
	role_definition_id = "00000000-0000-0000-0000-000000000000"
	name = "aks-cluster-identity"
	scope = *Azure Resource ID e.g. RG/Storage/Compute*

	permissions {
	actions = ["Microsoft.Resources/subscriptions/resourceGroups/read"]
	not_actions = []
	}

	assignable_scopes = [
	*Same as above*,
	]
	}

	resource "azurerm_role_assignment" "cluster-identity" {
	name = "00000000-0000-0000-0000-000000000000"
	scope = *your azure resource uuid*
	role_definition_id = azurerm_role_definition.cluster-identity.role_definition_resource_id
	principal_id = azurerm_user_assigned_identity.cluster.object_id
	}


	resource "azurerm_role_definition" "kubelet-identity" {
	role_definition_id = "00000000-0000-0000-0000-000000000000"
	name = "aks-kubelet-identity"
	scope = *Azure Resource ID e.g. RG/Storage/Compute*

	permissions {
	actions = ["Microsoft.Resources/subscriptions/resourceGroups/read"]
	not_actions = []
	}

	assignable_scopes = [
	*Same as above*,
	]
	}

	resource "azurerm_role_assignment" "kubelet-identity" {
	name = "00000000-0000-0000-0000-000000000000"
	scope = *your azure resource uuid*
	role_definition_id = azurerm_role_definition.kubelet-identity.role_definition_resource_id
	principal_id = azurerm_user_assigned_identity.kubelet.object_id
	}

	resource "azurerm_kubernetes_cluster" "example" {
	....