recently i started using a Azure AKS cluster. With the integration of Azure active Directory (rbac) my kubernetes Provider stopped working.
provider "kubernetes" {
load_config_file = "false"
host = azurerm_kubernetes_cluster.K8s_Deepblue.kube_config.0.host
##username = azurerm_kubernetes_cluster.K8s_Deepblue.kube_config.0.username
##password = azurerm_kubernetes_cluster.K8s_Deepblue.kube_config.0.password
client_certificate = base64decode(azurerm_kubernetes_cluster.K8s_Deepblue.kube_config.0.client_certificate)
client_key = base64decode(azurerm_kubernetes_cluster.K8s_Deepblue.kube_config.0.client_key)
cluster_ca_certificate = base64decode(azurerm_kubernetes_cluster.K8s_Deepblue.kube_config.0.cluster_ca_certificate)
}
With Active Directory, if not using an --admin kubeconfig, you need to authorise via webbrowser before beeing able to use kubectl commands.
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code ****** to authenticate.
So.. the problem is now, that my Kubernetes Provider gets this message as well but is of course not capable of filling the token into the webbrowser.
This project is going to be ci/cd managed, so it seems this is not only going to be a problem with terraform.
I am looking for a secure way, to let Terraform or ci/cd-tools deploy stuff into my cluster without the need of authorize via webbrowser.
I am glad for any Tips.
I already found -> Azure DevOp Pipelines authentication to AKS with Azure AD RBAC configured?
But sadly give our ci/cd or tf --admin privileges seems very unsafe.
