In this lab, you'll create an Azure Kubernetes Service (AKS) cluster and set up the necessary Identity and Access Management (IAM) roles.
- Basic understanding of AKS and Azure IAM concepts
- Completed previous labs (VNET, Log Analytics)
-
Review and Change Terraform .tfvars
- Open the terraform.tfvars file.
- Ensure all values are accurate for your environment.
-
Understand the Terraform Configuration Review the AKS Terraform configuration. The configuration includes:
aks.tf:
- Creates AKS Cluster using
azurerm_kubernetes_cluster - Sets up role assignments using
azurerm_role_assignment - Uses the
uksouthregion (can change if desired)
managed_identity.tf:
- Creates user assigned identity using
azurerm_user_assigned_identity - Sets up federated identity credential using
azurerm_federated_identity_credential
rbac.tf:
- Creates role assignments using
azurerm_role_assignment - Defines role definitions using
azurerm_role_definition
- Creates AKS Cluster using
-
Update Azure AD Group ID
- In
terraform.tfvars, replace line 8 with the Azure AD Group ID you noted down earlier.
- In
-
Create the AKS Cluster and IAM Roles Run the following commands in your terminal:
terraform init terraform plan terraform apply
To ensure the resources were created successfully:
- Log into the Azure Portal
- Navigate to the Resource Group
- Verify the presence of the AKS cluster
- Verify the cluster properties and node pool configuration
- Check the IAM settings to confirm the role assignments
Example screenshot of created resources:
After creating the AKS cluster and IAM roles, consider these questions:
- Why is it important to use managed identities with AKS?
- How does RBAC enhance the security of your AKS cluster?
- What are the benefits of using federated identity credentials?
Consider enabling Azure Policy for Kubernetes to enforce organisational standards and assess compliance at scale for your AKS clusters.