Merge pull request #1355 from DFE-Digital/feature/enable-azure-rbac

Added RBAC to project
DFE-Digital · Jan 30, 2024 · aad8fde · aad8fde
2 parents 4f8d6ea + 63dd759
commit aad8fde
Show file tree

Hide file tree

Showing 4 changed files with 134 additions and 4 deletions.
diff --git a/.github/workflows/actions/deploy_v2/action.yml b/.github/workflows/actions/deploy_v2/action.yml
@@ -38,7 +38,8 @@ runs:
       with:
         terraform_version: ${{ env.TERRAFORM_VERSION }}
 
-    - uses: DFE-Digital/github-actions/set-arm-environment-variables@master
+
+    - uses: DFE-Digital/github-actions/set-kubelogin-environment@master
       with:
         azure-credentials: ${{ inputs.azure-credentials }}
 

diff --git a/Makefile b/Makefile
@@ -27,13 +27,13 @@ bin/terrafile: ## Install terrafile to manage terraform modules
 bin/yaq:
 	mkdir -p bin | curl -sL https://github.com/uk-devops/yaq/releases/download/v0.0.3/yaq_linux_amd64_v0.0.3.zip -o yaq.zip && unzip -o yaq.zip -d ./bin/ && rm yaq.zip
 
-development_aks:
+development_aks: test-cluster
 	$(eval include global_config/development_aks.sh)
 
-test_aks:
+test_aks: test-cluster
 	$(eval include global_config/test_aks.sh)
 
-production_aks:
+production_aks: production-cluster
 	$(eval include global_config/production_aks.sh)
 
 local_aks:
@@ -103,3 +103,15 @@ arm-deployment: set-azure-account set-key-vault-names
 deploy-arm-resources: arm-deployment
 
 validate-arm-resources: set-what-if arm-deployment
+
+test-cluster:
+	$(eval CLUSTER_RESOURCE_GROUP_NAME=s189t01-tsc-ts-rg)
+	$(eval CLUSTER_NAME=s189t01-tsc-test-aks)
+
+production-cluster:
+	$(eval CLUSTER_RESOURCE_GROUP_NAME=s189p01-tsc-pd-rg)
+	$(eval CLUSTER_NAME=s189p01-tsc-production-aks)
+
+get-cluster-credentials: set-azure-account
+	az aks get-credentials --overwrite-existing -g ${CLUSTER_RESOURCE_GROUP_NAME} -n ${CLUSTER_NAME}
+	kubelogin convert-kubeconfig -l $(if ${GITHUB_ACTIONS},spn,azurecli)
diff --git a/terraform/aks/.terraform.lock.hcl b/terraform/aks/.terraform.lock.hcl
diff --git a/terraform/aks/provider.tf b/terraform/aks/provider.tf
@@ -36,6 +36,16 @@ provider "kubernetes" {
   client_certificate     = module.cluster_data.kubernetes_client_certificate
   client_key             = module.cluster_data.kubernetes_client_key
   cluster_ca_certificate = module.cluster_data.kubernetes_cluster_ca_certificate
+
+   dynamic "exec" {
+    for_each = module.cluster_data.azure_RBAC_enabled ? [1] : []
+    content {
+      api_version = "client.authentication.k8s.io/v1beta1"
+      command     = "kubelogin"
+      args        = module.cluster_data.kubelogin_args
+    }
+  }
+
 }
 
 provider "statuscake" {