Currently there is limited support for identity configuration.
Desired is:
identity block support with "bring your own user assigned managed identity"
kubelet_identity block support with "bring your own user assigned managed identity"
Additionally, the module currently creates user assigned managed identity but that seems not the desired way of working. The user assigned managed identities should be created upfront by the user and prepared with the desired role assignments to resources like subnet, acr and zone.
The other way around would be that the module optionally can assign Private DNS Zone Contributor to the zone, Network Contributor to the subnet and AcrPull to the acr.
Tried the user assigned managed identity flow, but this results in the following:
│ Error: Inconsistent conditional result types
│
│ on .terraform\modules\Infrastructure.aks_rbac\main.tf line 388, in resource "azurerm_kubernetes_cluster" "aks":
│ 388: for_each = contains(keys(var.cluster), "identity") ? [var.cluster.identity] : [{
│ 389: type = "SystemAssigned"
│ 390: }]
│ ├────────────────
│ │ var.cluster is object with 22 attributes
│ │ var.cluster.identity is object with 2 attributes
│
│ The true and false result expressions must have consistent types. Type
│ mismatch for tuple element 0: The 'true' value includes object attribute
│ "identity_ids", which is absent in the 'false' value.
╵
Using version 0.8.
Currently there is limited support for identity configuration.
Desired is:
Additionally, the module currently creates user assigned managed identity but that seems not the desired way of working. The user assigned managed identities should be created upfront by the user and prepared with the desired role assignments to resources like subnet, acr and zone.
The other way around would be that the module optionally can assign
Private DNS Zone Contributorto the zone,Network Contributorto the subnet andAcrPullto the acr.Tried the user assigned managed identity flow, but this results in the following: