How to enable bootstrap token auth for azurerrm_kubernetes_cluster ??

[vinaypuranik]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.7.4

AzureRM Provider Version

3.107.0

Affected Resource(s)/Data Source(s)

azurerm_kubernetes_cluster

Terraform Configuration Files

resource "azurerm_resource_group" "kubernetes" {
  name     = var.resource_group_name
  location = "North Europe"
}

resource "azurerm_kubernetes_cluster" "kubernetes" {
  name                       = var.cluster_name
  location                   = azurerm_resource_group.kubernetes.location
  resource_group_name        = azurerm_resource_group.kubernetes.name
  dns_prefix                 = var.cluster_name
  kubernetes_version         = var.azurerm_kubernetes_cluster_kubernetes_version
  node_resource_group        = var.env == "staging-old"? var.azurerm_node_resource_group_kubernetes_name : null
  role_based_access_control_enabled = false
  azure_policy_enabled = false

  linux_profile {
    admin_username = "energia"
    ssh_key {
      key_data = file("${path.module}/ssh/id_rsa.pub")
    }
  }
  default_node_pool {
    name            = "default"
    type            = var.node_pool_type
    node_count      = var.azurerm_kubernetes_cluster_default_node_pool_node_count
    vm_size         = var.azurerm_kubernetes_cluster_default_node_pool_vm_size
    os_disk_size_gb = var.azurerm_kubernetes_cluster_default_node_pool_os_disk_size_gb
    vnet_subnet_id  = var.azurerm_subnet_aks_id
    max_pods        = var.azurerm_kubernetes_cluster_max_pods
    ultra_ssd_enabled = var.ultra_ssd_enabled
    temporary_name_for_rotation =  var.env == "staging-new" ? "k8snodepool": null
    zones = var.env == "staging-new" ?  ["1", "2", "3"] : null
  }

  network_profile {
    network_plugin      = "azure"
    load_balancer_sku   = var.load_balancer_sku
    network_plugin_mode = var.network_plugin_mode
    network_policy      = var.network_policy
    ebpf_data_plane     = var.env == "staging-new" ? "cilium": null
  }

  identity {
    type = "SystemAssigned"
  }

  oidc_issuer_enabled = var.oidc_issuer_enabled
  workload_identity_enabled = var.workload_identity_enabled

  tags = {
    environment = "${var.env}"
  }
}

Debug Output/Panic Output

cluster has bootstrap token auth enabled.  Along with bootstrap token

Expected Behaviour

No response

Actual Behaviour

No response

Steps to Reproduce

No response

Important Factoids

No response

References

No response

[tombuildsstuff]

hi @vinaypuranik

Thanks for opening this issue.

This forum is intended to be used for feature enhancements and bugs in the Azure Provider - so that we can keep this forum focused on that we instead ask that broader questions are raised using one of the Community Resources. As such I'm going to close this issue for the moment, but I believe you should be able to get an answer for this using one of the Community Resources.

Thanks!

[vinaypuranik]

hi @vinaypuranik

Thanks for opening this issue.

This forum is intended to be used for feature enhancements and bugs in the Azure Provider - so that we can keep this forum focused on that we instead ask that broader questions are raised using one of the Community Resources. As such I'm going to close this issue for the moment, but I believe you should be able to get an answer for this using one of the Community Resources.

Thanks!

Hi @tombuildsstuff , based on the existing documentation, there's no mention of bootstrap token auth, on how to enable or disable so I am not sure if this feature is indeed supported by azurerm terraform provider. So, I'd like to keep this ticket open here. Also, I have created a thread here : https://discuss.hashicorp.com/t/is-there-a-way-to-enable-bootstrap-token-auth-while-creating-k8s-cluster-via-azurerm-terraform-provider/67750

[vinaypuranik]

Ok, this is indeed resolved. Enabling rbac settings creates bootstrap token as well. Thanks

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.