BREAKING CHANGE: Updating cluster to managed identity. Migration is supported, but see note at https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster#identity

timdeluxe · timdeluxe · commit 8d9249c58258 · 2023-07-03T16:04:26.000+02:00
feat: Smaller updates for newer provider versions
diff --git a/README.md b/README.md
@@ -55,18 +55,6 @@ Description: The IP ranges to allow for incoming traffic to the server nodes. To
 
 Type: `list(string)`
 
-### client\_id
-
-Description: Azure client ID to use to manage Azure resources from the cluster, like f.e. load balancers
-
-Type: `string`
-
-### client\_secret
-
-Description: Azure client secret to use to manage Azure resources from the cluster, like f.e. load balancers
-
-Type: `string`
-
 ### default\_node\_pool\_k8s\_version
 
 Description: Version of kubernetes for the default node pool
@@ -175,7 +163,7 @@ Description: The SKU for the used Load Balancer
 
 Type: `string`
 
-Default: `"Basic"`
+Default: `"basic"`
 
 ### max\_pods
 
diff --git a/main.tf b/main.tf
@@ -19,14 +19,13 @@ locals {
 #
 #tfsec:ignore:azure-container-logging tfsec:ignore:azure-container-limit-authorized-ips
 resource "azurerm_kubernetes_cluster" "k8s" {
-  name                            = local.cluster_name
-  location                        = var.location
-  resource_group_name             = var.resource_group
-  tags                            = var.tags
-  dns_prefix                      = var.dns_prefix == "NONE" ? local.cluster_name : var.dns_prefix
-  sku_tier                        = var.sku_tier
-  kubernetes_version              = var.kubernetes_version
-  api_server_authorized_ip_ranges = var.api_server_ip_ranges
+  name                = local.cluster_name
+  location            = var.location
+  resource_group_name = var.resource_group
+  tags                = var.tags
+  dns_prefix          = var.dns_prefix == "NONE" ? local.cluster_name : var.dns_prefix
+  sku_tier            = var.sku_tier
+  kubernetes_version  = var.kubernetes_version
 
   default_node_pool {
     name                 = var.default_node_pool_name
@@ -40,9 +39,12 @@ resource "azurerm_kubernetes_cluster" "k8s" {
     zones                = var.availability_zones
   }
 
-  service_principal {
-    client_id     = var.client_id
-    client_secret = var.client_secret
+  api_server_access_profile {
+    authorized_ip_ranges = var.api_server_ip_ranges
+  }
+
+  identity {
+    type = "SystemAssigned"
   }
 
   role_based_access_control_enabled = var.rbac_enabled
diff --git a/vars.tf b/vars.tf
@@ -24,16 +24,6 @@ variable "tags" {
   default     = {}
 }
 
-variable "client_id" {
-  type        = string
-  description = "Azure client ID to use to manage Azure resources from the cluster, like f.e. load balancers"
-}
-
-variable "client_secret" {
-  type        = string
-  description = "Azure client secret to use to manage Azure resources from the cluster, like f.e. load balancers"
-}
-
 variable "dns_prefix" {
   type        = string
   description = "DNS-Prefix to use. Defaults to cluster name"
