Support for AKS AAD integration v2

[EPinci]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Can you implement support for AAD integration v2 (see link below)?
This is especially helpful with MSI-based cluster removing need for any AAD configuration during cluster deployment.

New or Affected Resource(s)

• azurerm_kubernetes_cluster

Potential Terraform Configuration

  enable_aad = true

References

https://docs.microsoft.com/en-us/azure/aks/azure-ad-v2

[djsly]

we need a bump to the container instance.

https://github.com/Azure/azure-sdk-for-go/blob/master/services/containerservice/mgmt/2020-03-01/containerservice/models.go#L1704-L1707

two new flags in the AAD Profiles with the 2020-03-01 release

[jlpedrosa]

Implemented on PR: #6530

resource "azurerm_kubernetes_cluster" "test" {
 ...
  role_based_access_control {
    enabled = true
    azure_active_directory {
      tenant_id = var.tenant_id
      managed   = true 
    }
  }
}

[EPinci]

That's awesome! Any idea on how soon we'll be able to give it spin (a.k.a.: we it will be merged)? :D

[jlpedrosa]

Hi @EPinci
Will depend on when they review, I'm rebasing it frequently so we don't face extra problems after review. As soon as they give feedback I'll address it. I guess asking in the slack channel may give you quicker feedback.

[aidapsibr]

Documentation link is dead, I see #7004 is a duplicate, so may just update the issue? https://docs.microsoft.com/en-us/azure/aks/managed-aad

[djsly]

Correct. This is for managed AAD

…

On May 21, 2020, at 7:35 PM, AIDA ***@***.***> wrote:  Documentation link is dead. Is this the same as "Managed AAD"? https://docs.microsoft.com/en-us/azure/aks/managed-aad — You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.

[jlpedrosa]

@aidapsibr Thanks for the heads up, doc link updated.

[tombuildsstuff]

@jlpedrosa sorry for the delay reviewing this - I've got some time scheduled to work through the open AKS PR's later this week

[ghost]

This has been released in version 2.14.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example:

provider "azurerm" {
    version = "~> 2.14.0"
}
# ... other configuration ...

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!