TF_AKS_AKV

Just playing around with AKS and the AKV CSI driver. As a bonus, you can uncomment the VM and Bastion related code and also to play around with logging into VMs via Azure Bastion using AAD SSO.

If you aren't deploying from Linux or WSL, comment out the contents of create_env_var_script.tf.

Requirements

Name	Version
terraform	>=1.2.7
azuread	2.28.1
azurerm	3.24.0
random	3.4.3
tls	4.0.3

Providers

Name	Version
azuread	2.28.1
azurerm	3.24.0
random	3.4.3
tls	4.0.3

Modules

No modules.

Resources

Name	Type
azuread_application.this	resource
azuread_service_principal.this	resource
azurerm_bastion_host.that	resource
azurerm_key_vault.this	resource
azurerm_key_vault_access_policy.that	resource
azurerm_key_vault_access_policy.this	resource
azurerm_key_vault_secret.this	resource
azurerm_key_vault_secret.vm_ssh_key	resource
azurerm_kubernetes_cluster.this	resource
azurerm_linux_virtual_machine.this	resource
azurerm_network_interface.this	resource
azurerm_network_security_group.this	resource
azurerm_public_ip.that	resource
azurerm_public_ip.this	resource
azurerm_resource_group.this	resource
azurerm_role_assignment.assign-vm-role	resource
azurerm_subnet.bastion	resource
azurerm_subnet.this	resource
azurerm_subnet_network_security_group_association.this	resource
azurerm_virtual_machine_extension.aad_ssh_login	resource
azurerm_virtual_network.this	resource
random_integer.akvname	resource
tls_private_key.ssh_key	resource
azuread_client_config.current	data source
azurerm_client_config.current	data source

Inputs

Name	Description	Type	Default	Required
aad_certificate_permissions	AAD Level Key Vault Permissions for Certificate.	list(any)	[ "Get", "List", "Update", "Create", "Import" ]	no
aad_key_permissions	AAD Level Key Vault Permissions for Keys.	list(any)	[ "Get", "List" ]	no
aad_secret_permissions	AAD Level Key Vault Permissions for Secrets.	list(any)	[ "Get", "List", "Set" ]	no
aad_storage_permissions	AAD Level Key Vault Permissions for Storage.	list(any)	[ "Get", "List", "Set" ]	no
admin_certificate_permissions	Admin Level Key Vault Permissions for Certificate.	list(any)	[ "Get", "List", "Update", "Create", "Import", "Delete", "Recover", "Backup", "Restore", "ManageContacts", "ManageIssuers", "GetIssuers", "ListIssuers", "SetIssuers", "DeleteIssuers", "Purge" ]	no
admin_group_object_ids	The group(s) that should be given AKS Admin Role on the cluster.	list(any)	null	no
admin_key_permissions	Admin Level Key Vault Permissions for Keys.	list(any)	[ "Get", "List", "Delete", "Purge", "Update", "Create", "Import", "Recover", "Backup", "Restore", "GetRotationPolicy", "SetRotationPolicy", "Rotate", "Encrypt", "Decrypt", "UnwrapKey", "WrapKey", "Verify", "Sign", "Release" ]	no
admin_secret_permissions	Admin Level Key Vault Permissions for Secrets.	list(any)	[ "Backup", "Delete", "Get", "List", "Purge", "Recover", "Restore", "Set" ]	no
admin_storage_permissions	Admin Level Key Vault Permissions for Storage.	list(any)	[ "Get", "List", "Set", "Delete", "Purge" ]	no
aks_admin_disabled	Disables AKS local admin account if set to true.	bool	false	no
akv_prefix	Keeper for the akv random postfix. Update value to generate new names.	string	"regen"	no
environment	Environment value to use for tagging.	string	"dev"	no
location	Location to use for the deployment.	string	"eastus"	no
prefix	Prefix to use for naming.	string	"akvpoc"	no
private_aks_cluster	Disables AKS API Server's public IP if set to true.	bool	false	no

Outputs

Name	Description
bastion_connect_command_line	Command line to connect to the VM via the Bastion using AAD SSO.
kube_config	Raw Kube config file to use for access to the cluster.
private_key_retrieval_command_line	Command line to retrieve private key.