Adapt AKS infra for managed identity rather than explicit service account creds (#1784)

alexsomesan · web-flow · commit c370d923c9fe · 2022-07-22T15:02:03.000+02:00
diff --git a/kubernetes/test-infra/aks/main.tf b/kubernetes/test-infra/aks/main.tf
@@ -78,13 +78,9 @@ resource "azurerm_kubernetes_cluster" "tf-k8s-acc" {
     vnet_subnet_id = azurerm_subnet.tf-k8s-acc.id
   }
 
-  service_principal {
-    client_id     = var.aks_client_id
-    client_secret = var.aks_client_secret
-  }
 
-  role_based_access_control {
-    enabled = true
+  identity {
+    type = "SystemAssigned"
   }
 
   network_profile {
diff --git a/kubernetes/test-infra/aks/outputs.tf b/kubernetes/test-infra/aks/outputs.tf
@@ -2,3 +2,6 @@ output "kubeconfig_path" {
   value = local_file.kubeconfig.filename
 }
 
+output "cluster_name" {
+  value = azurerm_kubernetes_cluster.tf-k8s-acc.name
+}
diff --git a/kubernetes/test-infra/aks/variables.tf b/kubernetes/test-infra/aks/variables.tf
@@ -22,14 +22,6 @@ variable "workers_type" {
   default = "Standard_DS4_v2"
 }
 
-variable "aks_client_id" {
-  description = "The Client ID for the Service Principal to use for this Managed Kubernetes Cluster"
-}
-
-variable "aks_client_secret" {
-  description = "The Client Secret for the Service Principal to use for this Managed Kubernetes Cluster"
-}
-
 # Uncomment to enable SSH access to nodes
 #
 # variable "public_ssh_key_path" {

Original file line number	Diff line number	Diff line change
`@@ -78,13 +78,9 @@ resource "azurerm_kubernetes_cluster" "tf-k8s-acc" {`
`78`	`78`	`vnet_subnet_id = azurerm_subnet.tf-k8s-acc.id`
`79`	`79`	`}`
`80`	`80`
`81`		`- service_principal {`
`82`		`- client_id = var.aks_client_id`
`83`		`- client_secret = var.aks_client_secret`
`84`		`- }`
`85`	`81`
`86`		`- role_based_access_control {`
`87`		`- enabled = true`
	`82`	`+ identity {`
	`83`	`+ type = "SystemAssigned"`
`88`	`84`	`}`
`89`	`85`
`90`	`86`	`network_profile {`
Original file line number	Diff line number	Diff line change
`@@ -2,3 +2,6 @@ output "kubeconfig_path" {`
`2`	`2`	`value = local_file.kubeconfig.filename`
`3`	`3`	`}`
`4`	`4`
	`5`	`+output "cluster_name" {`
	`6`	`+ value = azurerm_kubernetes_cluster.tf-k8s-acc.name`
	`7`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -22,14 +22,6 @@ variable "workers_type" {`
`22`	`22`	`default = "Standard_DS4_v2"`
`23`	`23`	`}`
`24`	`24`
`25`		`-variable "aks_client_id" {`
`26`		`- description = "The Client ID for the Service Principal to use for this Managed Kubernetes Cluster"`
`27`		`-}`
`28`		`-`
`29`		`-variable "aks_client_secret" {`
`30`		`- description = "The Client Secret for the Service Principal to use for this Managed Kubernetes Cluster"`
`31`		`-}`
`32`		`-`
`33`	`25`	`# Uncomment to enable SSH access to nodes`
`34`	`26`	`#`
`35`	`27`	`# variable "public_ssh_key_path" {`