diff --git a/kubernetes-cluster/kubernetes.tf b/kubernetes-cluster/kubernetes.tf index c11fa3b..68d103f 100644 --- a/kubernetes-cluster/kubernetes.tf +++ b/kubernetes-cluster/kubernetes.tf @@ -38,11 +38,27 @@ resource "azurerm_kubernetes_cluster" "aks_cluster" { dns_service_ip = cidrhost((var.service_cidr_subnet), 5) # 5th ip on service cidr subnet } - service_principal { - client_id = data.azurerm_key_vault_secret.appid.value - client_secret = data.azurerm_key_vault_secret.secret.value + dynamic "identity" { + for_each = var.authentication_method == "identity" ? [1] : [] + content { + type = "SystemAssigned" + } + } + + dynamic "service_principal" { + for_each = var.authentication_method == "service_principal" ? [1] : [] + content { + client_id = data.azurerm_key_vault_secret.appid.value + client_secret = data.azurerm_key_vault_secret.secret.value + } } + + # service_principal { + # client_id = data.azurerm_key_vault_secret.appid.value + # client_secret = data.azurerm_key_vault_secret.secret.value + # } + workload_identity_enabled = var.workload_identity_enabled oidc_issuer_enabled = var.workload_identity_enabled ? true : false diff --git a/kubernetes-cluster/variables.tf b/kubernetes-cluster/variables.tf index 6327f71..bfbc82f 100644 --- a/kubernetes-cluster/variables.tf +++ b/kubernetes-cluster/variables.tf @@ -343,4 +343,13 @@ variable "kubernetes_version" { condition = can(regex("^[0-9]+\\.[0-9]+\\.[0-9]+$", var.kubernetes_version)) error_message = "The version must be in the format 'major.minor.patch', where major, minor, and patch are non-negative integers." } -} \ No newline at end of file +} +variable "authentication_method" { + description = "Specify 'identity' to use SystemAssigned identity or 'service_principal' to use service principal" + type = string + default = "" + validation { + condition = contains(["identity", "service_principal"], var.authentication_method) + error_message = "This Value should be either identity or service_principal." + } +}