feat(#646): Started Azure migration (Found out we have to migrate to azure identities, wIP

commjoen · commjoen · commit d7976cc21a94 · 2023-03-05T00:00:41.000+01:00
diff --git a/azure/README.md b/azure/README.md
@@ -106,9 +106,9 @@ The documentation below is auto-generated to give insight on what's created via
 
 | Name | Version |
 |------|---------|
-| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | ~> 3.45.0 |
-| <a name="provider_http"></a> [http](#provider\_http) | ~> 3.2.1 |
-| <a name="provider_random"></a> [random](#provider\_random) | ~> 3.4.3 |
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.45.0 |
+| <a name="provider_http"></a> [http](#provider\_http) | 3.2.1 |
+| <a name="provider_random"></a> [random](#provider\_random) | 3.4.3 |
 
 ## Modules
 
diff --git a/azure/k8s-vault-azure-start.sh b/azure/k8s-vault-azure-start.sh
@@ -66,16 +66,19 @@ else
   helm install csi csi-secrets-store-provider-azure/csi-secrets-store-provider-azure --namespace kube-system
 fi
 
+#TO BE REPLACED WITH https://azure.github.io/azure-workload-identity/docs/installation.html
 echo "Add Azure pod identity to repo"
 helm repo add aad-pod-identity https://raw.githubusercontent.com/Azure/aad-pod-identity/master/charts
 
 helm list --namespace kube-system | grep 'aad-pod-identity' &>/dev/null
 if [ $? == 0 ]; then
   echo "Azure pod identity chart already installed"
 else
-  helm install aad-pod-identity aad-pod-identity/aad-pod-identity
+  helm upgrade --install aad-pod-identity aad-pod-identity/aad-pod-identity #NO LONGER WORKS BECAUSE OF OUR CONFIUGRATION (RESTRICTED IN DEFAULT)
 fi
 
+#END TO BE REPLACED WITH https://azure.github.io/azure-workload-identity/docs/installation.html
+
 echo "Generate secret manager challenge secret 2"
 az keyvault secret set --name wrongsecret-2 --vault-name "${AZ_KEY_VAULT_NAME}" --value "$(openssl rand -base64 16)" >/dev/null
 
@@ -96,6 +99,8 @@ kubectl apply -f./k8s/pod-id.yml
 while [[ $(kubectl --namespace=default get pods -l "app.kubernetes.io/component=mic" -o 'jsonpath={..status.conditions[?(@.type=="Ready")].status}') != "True True" ]]; do echo "waiting for component=mic" && sleep 2; done
 while [[ $(kubectl --namespace=default get pods -l "app.kubernetes.io/component=nmi" -o 'jsonpath={..status.conditions[?(@.type=="Ready")].status}') != "True" ]]; do echo "waiting for component=nmi" && sleep 2; done
 
+
+
 source ../scripts/apply-and-portforward.sh
 
 echo "Run terraform destroy to clean everything up."
diff --git a/azure/main.tf b/azure/main.tf
@@ -43,7 +43,9 @@ resource "azurerm_kubernetes_cluster" "cluster" {
 
   kubernetes_version = var.cluster_version
 
-  api_server_authorized_ip_ranges = ["${data.http.ip.response_body}/32"]
+  api_server_access_profile {
+    authorized_ip_ranges = ["${data.http.ip.response_body}/32"]
+  }
 
   network_profile {
     network_plugin = "azure"
