mirror of https://github.com/edgelesssys/constellation.git synced 2025-08-21 13:08:07 -04:00

History

renovate[bot] ae7888a13f deps: update Terraform azuread to v2.41.0 (#2254 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>		2023-08-17 10:29:49 +02:00
..
.terraform.lock.hcl	deps: update Terraform azuread to v2.41.0 (#2254 )	2023-08-17 10:29:49 +02:00
main.tf	deps: update Terraform azuread to v2.41.0 (#2254 )	2023-08-17 10:29:49 +02:00
outputs.tf	azure: fix ccm config with correct uami client_id (#2144 )	2023-08-01 08:40:44 +02:00
README.md	config: drop support for deprecated Azure's service principal authentication (#1906 )	2023-06-14 17:50:57 +02:00
variables.tf	AB#2579 Add constellation iam create command (#624 )	2022-12-07 11:48:54 +01:00

README.md

Terraform Azure IAM creation

This terraform configuration creates the necessary Azure resources that need to be available to host a Constellation cluster.

You can create the resources with the following commands:

mkdir constellation_azure_iam
cd constellation_azure_iam
curl --remote-name-all https://raw.githubusercontent.com/edgelesssys/constellation/main/hack/terraform/azure/iam/{main.tf,output.tf,variables.tf,.terraform.lock.hcl}
terraform init
terraform apply

The following terraform output values are available (with their corresponding keys in the Constellation configuration file):

subscription_id (subscription)
tenant_id (tenant)
uami_id (userAssignedIdentity)

You can either get the profile names from the Terraform output and manually add them to your Constellation configuration file according to our Documentation. Or you can do this with a yq command:

yq -i "
  .provider.azure.subscription = $(terraform output subscription_id) |
  .provider.azure.tenant = $(terraform output tenant_id) |
  .provider.azure.userAssignedIdentity = $(terraform output uami_id) |
  " path/to/constellation-conf.yaml

Where path/to/constellation-conf.yaml is the path to your Constellation configuration file.