How to deploy object in AKS using terraform when local admin account is disabled?

Question

How to deploy object in AKS using terraform when local admin account is disabled?

Tanul 1,291

Hello,

We have build AKS with Active directory and kubernetes RBAC enabled. The moment we disable the local admin account deployment of any object is impossible with terraform.

I don't want anyone to use --admin flag with az aks get-credentials. Any suggestion how to deploy kubernetes object in AKS using terraform without local account enabled.

deherman-MSFT 38,021 Reputation points Microsoft Employee Moderator

2023-06-14T17:34:13.21+00:00

@Tanul

If you still have questions, please let us know in the "comments" and we would be happy to help you. Comment is the fastest way of notifying the experts.

If the answer has been helpful, we appreciate hearing from you and would love to help others who may have the same question. Accepting answers helps increase visibility of this question for other members of the Microsoft Q&A community.

Thank you for helping to improve Microsoft Q&A!
deherman-MSFT 38,021 Reputation points Microsoft Employee Moderator

2023-06-20T19:55:16.0933333+00:00

@Tanul

If you still have questions, please let us know in the "comments" and we would be happy to help you. Comment is the fastest way of notifying the experts.

If the answer has been helpful, we appreciate hearing from you and would love to help others who may have the same question. Accepting answers helps increase visibility of this question for other members of the Microsoft Q&A community.

Thank you for helping to improve Microsoft Q&A!

1 answer

Your answer

deherman-MSFT 38,021 Reputation points Microsoft Employee Moderator

2023-06-14T17:34:13.21+00:00

@Tanul

If you still have questions, please let us know in the "comments" and we would be happy to help you. Comment is the fastest way of notifying the experts.

If the answer has been helpful, we appreciate hearing from you and would love to help others who may have the same question. Accepting answers helps increase visibility of this question for other members of the Microsoft Q&A community.

Thank you for helping to improve Microsoft Q&A!
deherman-MSFT 38,021 Reputation points Microsoft Employee Moderator

2023-06-20T19:55:16.0933333+00:00

@Tanul

If you still have questions, please let us know in the "comments" and we would be happy to help you. Comment is the fastest way of notifying the experts.

If the answer has been helpful, we appreciate hearing from you and would love to help others who may have the same question. Accepting answers helps increase visibility of this question for other members of the Microsoft Q&A community.

Thank you for helping to improve Microsoft Q&A!

Answer 1

shiva patpi 13,366 Microsoft Employee Moderator

@Tanul

How about using ServicePrincipal or Managed Identity ?

Create the Service Principal
Grant Permissions
Configure the terraform to use that ClientID & ClientSecret in Azure provider block

Share via

How to deploy object in AKS using terraform when local admin account is disabled?

1 answer

Your answer