-
Notifications
You must be signed in to change notification settings - Fork 191
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Updating the TF AKS-Secure-Baseline-PrivateCluster scenario #68
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@joselcaguilar great job but i made a number of comments
|
||
variable "storage_account_name" { | ||
default = "winaksdc" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this probably shouldnt be windows
default = "AKS App Dev Jose Team 2" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i think she should probably use a different namehere
* MongoDB | ||
* Helm | ||
* [Group managed service accounts on Windows deployments](https://learn.microsoft.com/en-us/azure/aks/use-group-managed-service-accounts) (GMSA) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lets remove GMSA
- User Access Administrator role is required at the subscription level since you'll be performing role assignments to managed identities across various resource groups. | ||
- Global Admin on Azure AD Tenant is required for setting up Azure Application Proxy. This setup is done manually. An admin could perform this step for you as it's the last step in the setup after deploying your application. | ||
Please follow [these instructions](https://learn.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal) to create a service principal in Azure. | ||
2. PowerShell terminal. This reference reference implementation uses PowerShell for deployment. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
users might not be happy to use powershell for linux
1. Login to the Azure subscription that you'll be deploying into with your credentials. | ||
|
||
```PowerShell |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we shuld have bash options
|
||
```PowerShell |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we need bash as well
# Update the extension to make sure you have the latest version installed | ||
az extension update --name aks-preview | ||
```PowerShell | ||
terraform init -input=false -backend-config="resource_group_name=$backendResourceGroupName" -backend-config="storage_account_name=$backendStorageAccountName" -backend-config="container_name=$backendContainername" -backend-config="key=$layerNametfstate" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
need bash as well
|
||
```bash | ||
az keyvault set-policy -n $KV_NAME -g $KV_RESOURCEGROUP --<object type>-permissions get --spn <client-id> | ||
```PowerShell |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
need bash as well
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
no gmsa in linux
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
no gmsa in linux
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@joselcaguilar great job but i made a number of comments
program moving in a different direction |
The Terraform implementation for AKS-Secure-Baseline-PrivateCluster scenario has been updated/replaced based on the latest changes introduced in aks-baseline-windows repo