update federation

thomast1906 · Mar 25, 2024 · faf7b43 · faf7b43
1 parent 166f681
commit faf7b43
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 25 deletions.
diff --git a/Terraform-AZURE-Services-Creation/AKS/managed_identity.tf b/Terraform-AZURE-Services-Creation/AKS/managed_identity.tf
@@ -12,7 +12,7 @@ resource "azurerm_federated_identity_credential" "alb_federated_identity" {
   audience            = ["api://AzureADTokenExchange"]
   issuer              = azurerm_kubernetes_cluster.k8s.oidc_issuer_url
   parent_id           = azurerm_user_assigned_identity.alb_identity.id
-  subject             = "system:serviceaccount:alb:alb-controller-sa"
+  subject             = "system:serviceaccount:azure-alb-system:alb-controller-sa"
 
   depends_on = [
     azurerm_user_assigned_identity.alb_identity,

diff --git a/kubernetes_manifest/script/alb-controller-install-k8s.sh b/kubernetes_manifest/script/alb-controller-install-k8s.sh
@@ -6,32 +6,34 @@ helm_resource_namespace="azure-alb-system"
 VNET_NAME="devopsthehardway-vnet"
 ALB_SUBNET_NAME="appgw"
 
-create namespace
-kubectl create namespace $helm_resource_namespace
+#create namespace
+# kubectl create namespace $helm_resource_namespace
 
-# az aks get-credentials --resource-group $RESOURCE_GROUP --name $AKS_NAME
-helm install alb-controller oci://mcr.microsoft.com/application-lb/charts/alb-controller \
-     --version 1.0.0 \
-     --set albController.podIdentity.clientID=$(az identity show -g $RESOURCE_GROUP -n azure-alb-identity --query clientId -o tsv)
+# # az aks get-credentials --resource-group $RESOURCE_GROUP --name $AKS_NAME
+# helm install alb-controller oci://mcr.microsoft.com/application-lb/charts/alb-controller \
+#      --namespace $helm_resource_namespace \
+#      --version 1.0.0 \
+#      --set albController.namespace=$helm_resource_namespace \
+#      --set albController.podIdentity.clientID=$(az identity show -g $RESOURCE_GROUP -n azure-alb-identity --query clientId -o tsv)
 
 
-# ALB_SUBNET_ID=$(az network vnet subnet show --name $ALB_SUBNET_NAME --resource-group $RESOURCE_GROUP --vnet-name $VNET_NAME --query '[id]' --output tsv)
+ALB_SUBNET_ID=$(az network vnet subnet show --name $ALB_SUBNET_NAME --resource-group $RESOURCE_GROUP --vnet-name $VNET_NAME --query '[id]' --output tsv)
 
-# # Creates the namespace for alb-controller
-# kubectl apply -f - <<EOF
-# apiVersion: v1
-# kind: Namespace
-# metadata:
-#   name: alb-infra
-# EOF
+# Creates the namespace for alb-controller
+kubectl apply -f - <<EOF
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: alb-test-infra
+EOF
 
-# kubectl apply -f - <<EOF
-# apiVersion: alb.networking.azure.io/v1
-# kind: ApplicationLoadBalancer
-# metadata:
-#   name: alb-devopshardway
-#   namespace: alb-infra
-# spec:
-#   associations:
-#   - $ALB_SUBNET_ID
-# EOF
+kubectl apply -f - <<EOF
+apiVersion: alb.networking.azure.io/v1
+kind: ApplicationLoadBalancer
+metadata:
+  name: alb-test
+  namespace: alb-test-infra
+spec:
+  associations:
+  - $ALB_SUBNET_ID
+EOF