Skip to content

maxiscoding28/terraform-vault-aks-workload-identity-unseal

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
.gitignore
.gitignore
 
 
README.md
README.md
 
 
azure.tf
azure.tf
 
 
helm.tf
helm.tf
 
 
k8s.tf
k8s.tf
 
 
values.yaml.tftpl
values.yaml.tftpl
 
 
variables.tf
variables.tf
 
 

Repository files navigation

Summary

This module can be used to "quickly" provision an enterprise Vault cluster in Azure's managed kubernetes service AKS.

The Vault server uses Azure Key Vault for its seal and authentication to managed the key is delegated via workload identity.

Instructions

  1. Provide the following variables to the module:

    • name: a unique name identifier used to distinguish created resources
    • subscription_id: your azure subscription ID
    • tenant_id: your azure tenant ID
    • vault_license: your vault enterprise license

  2. terraform init

  3. terraform apply

  4. Add the deployed AKS cluster details to your local kube config with these shell commands:

terraform output -json > terraform_output.json

az aks get-credentials \
    --resource-group "$(jq -r '.inputs_for_az_aks_get_credentials.value.resource_group_name' terraform_output.json)" \
    --name "$(jq -r '.inputs_for_az_aks_get_credentials.value.cluster_name' terraform_output.json)"

Example

# Set variables
# Mkdir
# Create main.tf in dir
# CD in
# tf init
# tf apply -auto-approve

Providers

Name Version
azurerm 3.114.0
helm 2.14.0
kubernetes 2.31.0

Resources

Name Type
azurerm_federated_identity_credential.support_repro resource
azurerm_key_vault.support_repro resource
azurerm_key_vault_key.support_repro resource
azurerm_kubernetes_cluster.support_repro resource
azurerm_resource_group.support_repro resource
azurerm_role_assignment.key_vault_admin resource
azurerm_role_assignment.key_vault_user_unseal resource
azurerm_user_assigned_identity.support_repro resource
helm_release.vault resource
kubernetes_secret.vault_ent_license resource
kubernetes_service_account.support_repro resource
azurerm_client_config.current data source

Inputs

Name Description Type Default Required
name_identifier A unique name identifier used to distinguish created resources. string n/a yes
subscription_id Your azure subscription ID string n/a yes
tenant_id If you need to verify this, navigate here in the portal string n/a yes
vault_license Enterprise Vault License string n/a yes

Outputs

Name Description
inputs_for_az_aks_get_credentials n/a

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

0.0.1 Latest
Aug 1, 2024

Packages

No packages published

Languages