Tag Archives: Infrastructure as Code

Azure Kubernetes Service – Using Kubernetes credential plugin kubelogin with Terraform

In today’s blog post we have a look at the Kubernetes credential plugin kubelogin for Azure Kubernetes Service and how to use it with Terraform. -> https://github.com/Azure/kubelogin -> https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins The Azure Kubernetes Service cluster I am using for demonstration is an AKS-managed Azure Active Directory Read more [...]

Apply configuration changes to the default node pool in AKS via Bicep

In today’s blog post we look into the Bicep and how to apply configuration changes to the default node pool in Azure Kubernetes Service within the same Bicep template. What sounds easy on the first look gets nasty if all the things shall be done within the same template like creating an Azure Kubernetes Service cluster, adding additional node pools, or changing the configuration of existing ones. Read more [...]

How to change the node size of the default node pool in AKS without downtime?

Currently, as of writing this blog post, Azure Kubernetes Service does not support changing the node size of the default node pool or additional node pools without recreating the whole AKS cluster or the additional node pool. Having all the configuration in infrastructure as code whether it is Bicep or Terraform seems to be a dead end for this simple operation. If we change the node size in our Read more [...]

Conditions with for_each in Terraform

Conditions in Terraform are well-known and can provide in combination with the for_each argument a lot of flexibility. In today’s blog post I walk you through an example storage module I have created to showcase the topic. The module consists of three resources a resource group, a lock, and a storage account. As I am using conditions with for_each for the resource group and the lock I can decide Read more [...]

Unix time format in Azure Resource Manager templates

The Unix time format is represented in seconds elapsed since 01.01.1970 UTC. So, it is different from the standard time format we are used to. Depending on the Azure service some attributes in the Azure API / ARM template require the Unix time format especially Azure Key Vault keys and secrets. Those ones have two attributes the not before (nbf) and expiry (exp) date requiring the Unix time format. -> Read more [...]

Assigning RBAC permissions with Azure Resource Manager templates

Recently, I updated my AKS ARM template supporting the latest AKS feature set and important RBAC role assignments for the AKS cluster. After having a hard time, I managed to get the RBAC role assignment working. When you now think what should be so complicated? Check out my tweet on Twitter getting the background information. -> https://twitter.com/neumanndaniel/status/1294272253211947008 It Read more [...]

ARM Template – Deploy an AKS cluster using managed identity and managed Azure AD integration

As I mentioned in my other blog post before I have updated my Azure Resource Manager template as well. Switching from the AAD service principal to managed identity option and from the AAD v1 integration to AAD v2 which is also managed. Other changes and improvements are the following ones: Private cluster support Managed control plane SKU tier support Windows node pool support Node Read more [...]

Terraform – Deploy an AKS cluster using managed identity and managed Azure AD integration

Recently, I updated my Terraform AKS module switching from the AAD service principal to managed identity option as well from the AAD v1 integration to AAD v2 which is also managed. Other changes and improvements are the following ones: Private cluster support Managed control plane SKU tier support Windows node pool support Node labels support addon_profile section parameterized -> Read more [...]

Speaking at Global Azure Bootcamp 2020 Virtual – Cologne

Unfortunately, the in person event of the Global Azure Bootcamp 2020 Cologne is postponed due to the Corona virus pandemic. But the team worked hard behind the scenes and announced last week that the event will be held virtually. I am happy to be part of the Global Azure Bootcamp 2020 Virtual - Cologne on April 25th. -> https://www.meetup.com/Azure-Cologne-Meetup/events/266727986/ The Read more [...]

Terraform – Upgrading AKS Kubernetes version does not upgrade node pools

If you experience during an AKS Kubernetes version upgrade that only the control plane got upgraded, you are certainly using the Terraform Azure provider in version 1.40.0 or higher. -> https://github.com/terraform-providers/terraform-provider-azurerm/issues/5541 A current workaround is a null_resource with a trigger on the Kubernetes version and running a Bash script with the local-exec provisioner. Read more [...]