Skip to content

Commit

Permalink
DEVOPS-301 added dynamic block for using sp or identity
Browse files Browse the repository at this point in the history
  • Loading branch information
@githubofkrishnadhas
githubofkrishnadhas committed Dec 28, 2024
1 parent 2405de6 commit e8b06d0
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 4 deletions.
22 changes: 19 additions & 3 deletions kubernetes-cluster/kubernetes.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,11 +38,27 @@ resource "azurerm_kubernetes_cluster" "aks_cluster" {
dns_service_ip = cidrhost((var.service_cidr_subnet), 5) # 5th ip on service cidr subnet
}

service_principal {
client_id = data.azurerm_key_vault_secret.appid.value
client_secret = data.azurerm_key_vault_secret.secret.value
dynamic "identity" {
for_each = var.authentication_method == "identity" ? [1] : []
content {
type = "SystemAssigned"
}
}

dynamic "service_principal" {
for_each = var.authentication_method == "service_principal" ? [1] : []
content {
client_id = data.azurerm_key_vault_secret.appid.value
client_secret = data.azurerm_key_vault_secret.secret.value
}
}


# service_principal {
# client_id = data.azurerm_key_vault_secret.appid.value
# client_secret = data.azurerm_key_vault_secret.secret.value
# }

workload_identity_enabled = var.workload_identity_enabled
oidc_issuer_enabled = var.workload_identity_enabled ? true : false

Expand Down
11 changes: 10 additions & 1 deletion kubernetes-cluster/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -343,4 +343,13 @@ variable "kubernetes_version" {
condition = can(regex("^[0-9]+\\.[0-9]+\\.[0-9]+$", var.kubernetes_version))
error_message = "The version must be in the format 'major.minor.patch', where major, minor, and patch are non-negative integers."
}
}
}
variable "authentication_method" {
description = "Specify 'identity' to use SystemAssigned identity or 'service_principal' to use service principal"
type = string
default = ""
validation {
condition = contains(["identity", "service_principal"], var.authentication_method)
error_message = "This Value should be either identity or service_principal."
}
}

0 comments on commit e8b06d0

Please sign in to comment.