Just playing around with AKS and the AKV CSI driver. As a bonus, you can uncomment the VM and Bastion related code and also to play around with logging into VMs via Azure Bastion using AAD SSO.
If you aren't deploying from Linux or WSL, comment out the contents of create_env_var_script.tf.
Name | Version |
---|---|
terraform | >=1.2.7 |
azuread | 2.28.1 |
azurerm | 3.24.0 |
random | 3.4.3 |
tls | 4.0.3 |
Name | Version |
---|---|
azuread | 2.28.1 |
azurerm | 3.24.0 |
random | 3.4.3 |
tls | 4.0.3 |
No modules.
Name | Description | Type | Default | Required |
---|---|---|---|---|
aad_certificate_permissions | AAD Level Key Vault Permissions for Certificate. | list(any) |
[ |
no |
aad_key_permissions | AAD Level Key Vault Permissions for Keys. | list(any) |
[ |
no |
aad_secret_permissions | AAD Level Key Vault Permissions for Secrets. | list(any) |
[ |
no |
aad_storage_permissions | AAD Level Key Vault Permissions for Storage. | list(any) |
[ |
no |
admin_certificate_permissions | Admin Level Key Vault Permissions for Certificate. | list(any) |
[ |
no |
admin_group_object_ids | The group(s) that should be given AKS Admin Role on the cluster. | list(any) |
null |
no |
admin_key_permissions | Admin Level Key Vault Permissions for Keys. | list(any) |
[ |
no |
admin_secret_permissions | Admin Level Key Vault Permissions for Secrets. | list(any) |
[ |
no |
admin_storage_permissions | Admin Level Key Vault Permissions for Storage. | list(any) |
[ |
no |
aks_admin_disabled | Disables AKS local admin account if set to true. | bool |
false |
no |
akv_prefix | Keeper for the akv random postfix. Update value to generate new names. | string |
"regen" |
no |
environment | Environment value to use for tagging. | string |
"dev" |
no |
location | Location to use for the deployment. | string |
"eastus" |
no |
prefix | Prefix to use for naming. | string |
"akvpoc" |
no |
private_aks_cluster | Disables AKS API Server's public IP if set to true. | bool |
false |
no |
Name | Description |
---|---|
bastion_connect_command_line | Command line to connect to the VM via the Bastion using AAD SSO. |
kube_config | Raw Kube config file to use for access to the cluster. |
private_key_retrieval_command_line | Command line to retrieve private key. |