Updating the TF AKS-Secure-Baseline-PrivateCluster scenario #68
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mosabami
reviewed
Jun 7, 2023
|
|
||
| variable "storage_account_name" { | ||
| default = "winaksdc" |
There was a problem hiding this comment.
this probably shouldnt be windows
| default = "AKS App Dev Jose Team 2" |
There was a problem hiding this comment.
i think she should probably use a different namehere
| * MongoDB | ||
| * Helm | ||
| * [Group managed service accounts on Windows deployments](https://learn.microsoft.com/en-us/azure/aks/use-group-managed-service-accounts) (GMSA) |
| - User Access Administrator role is required at the subscription level since you'll be performing role assignments to managed identities across various resource groups. | ||
| - Global Admin on Azure AD Tenant is required for setting up Azure Application Proxy. This setup is done manually. An admin could perform this step for you as it's the last step in the setup after deploying your application. | ||
| Please follow [these instructions](https://learn.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal) to create a service principal in Azure. | ||
| 2. PowerShell terminal. This reference reference implementation uses PowerShell for deployment. |
There was a problem hiding this comment.
users might not be happy to use powershell for linux
| 1. Login to the Azure subscription that you'll be deploying into with your credentials. | ||
|
|
||
| ```PowerShell |
There was a problem hiding this comment.
we shuld have bash options
|
|
||
| ```PowerShell |
| # Update the extension to make sure you have the latest version installed | ||
| az extension update --name aks-preview | ||
| ```PowerShell | ||
| terraform init -input=false -backend-config="resource_group_name=$backendResourceGroupName" -backend-config="storage_account_name=$backendStorageAccountName" -backend-config="container_name=$backendContainername" -backend-config="key=$layerNametfstate" |
|
|
||
| ```bash | ||
| az keyvault set-policy -n $KV_NAME -g $KV_RESOURCEGROUP --<object type>-permissions get --spn <client-id> | ||
| ```PowerShell |
mosabami
reviewed
Jun 7, 2023
|
program moving in a different direction |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The Terraform implementation for AKS-Secure-Baseline-PrivateCluster scenario has been updated/replaced based on the latest changes introduced in aks-baseline-windows repo