azureArchived
3 messages
Archive: https://archive.sweetops.com/azure/
Padarnabout 5 years ago
Hi all: reading https://stackoverflow.com/questions/60338757/how-do-i-import-an-azure-ad-service-principal-password-into-terraform
I’m a bit confused between APP and SP passwords: It seems to indicate that to authenticate with a SP you can use a password for the APP. Is this the case? If so, why do we need SP passwords at all?
I’m a bit confused between APP and SP passwords: It seems to indicate that to authenticate with a SP you can use a password for the APP. Is this the case? If so, why do we need SP passwords at all?
Pierre-Yvesabout 5 years ago
Hi, I have setup a private AKS cluster by following this guide and setting it up with terraform https://docs.microsoft.com/en/azure/aks/private-clusters
now I have deployed an helm charts for the nginx-ingress
But when I do
the loadbalancer Ingress is a public ip addresses !
ok the node port is private but ... cluster public ips directly on internet !!! what did I missed ? ..
now I have deployed an helm charts for the nginx-ingress
release_name=nginx
version=3.19.0
chart_name=ingress-nginx/ingress-nginxBut when I do
kubectl describe svc nginx-ingress-nginx-controller -n ingress-nginxthe loadbalancer Ingress is a public ip addresses !
ok the node port is private but ... cluster public ips directly on internet !!! what did I missed ? ..
$ kubectl describe svc nginx-ingress-nginx-controller -n ingress-nginx
Name: nginx-ingress-nginx-controller
Namespace: ingress-nginx
Labels: <http://app.kubernetes.io/component=controller|app.kubernetes.io/component=controller>
<http://app.kubernetes.io/instance=nginx|app.kubernetes.io/instance=nginx>
<http://app.kubernetes.io/managed-by=Helm|app.kubernetes.io/managed-by=Helm>
<http://app.kubernetes.io/name=ingress-nginx|app.kubernetes.io/name=ingress-nginx>
<http://app.kubernetes.io/version=0.43.0|app.kubernetes.io/version=0.43.0>
<http://helm.sh/chart=ingress-nginx-3.19.0|helm.sh/chart=ingress-nginx-3.19.0>
Annotations: <http://meta.helm.sh/release-name|meta.helm.sh/release-name>: nginx
<http://meta.helm.sh/release-namespace|meta.helm.sh/release-namespace>: ingress-nginx
Selector: <http://app.kubernetes.io/component=controller,app.kubernetes.io/instance=nginx,app.kubernetes.io/name=ingress-nginx|app.kubernetes.io/component=controller,app.kubernetes.io/instance=nginx,app.kubernetes.io/name=ingress-nginx>
Type: LoadBalancer
IP: 10.0.xx.xx
LoadBalancer Ingress: 20.74.yy.zz
Port: http 80/TCP
TargetPort: http/TCP
NodePort: http 32006/TCP
Endpoints: 10.244.7.107:80
Port: https 443/TCP
TargetPort: https/TCP
NodePort: https 32448/TCP
Endpoints: 10.yy.z.zz:443
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>Pierre-Yvesabout 5 years ago(edited)
what's the best way to import terraform module from azure devops ?
In the example below the guy uses his personnal ssh key , is there a way to use an Azure service principal ?
and he warns about it "Note that unlike PAT tokens, you cannot scope SSH keys. Using the SSH key will give you the same rights as the user who’s account this key belongs to, so use them carefully."
https://samcogan.com/using-terraform-modules-from-git-in-azure-devops/
In the example below the guy uses his personnal ssh key , is there a way to use an Azure service principal ?
and he warns about it "Note that unlike PAT tokens, you cannot scope SSH keys. Using the SSH key will give you the same rights as the user who’s account this key belongs to, so use them carefully."
https://samcogan.com/using-terraform-modules-from-git-in-azure-devops/