From 98b80fd33bcb8c5914c5a75695e30198153abad4 Mon Sep 17 00:00:00 2001 From: Nick Hudson Date: Wed, 16 Oct 2024 09:40:10 -0500 Subject: [PATCH] remove ability to set container registry --- locals.tf | 1 - main.tf | 52 ++++++++++++++++++++++++++-------------------------- variables.tf | 25 +++++++++++++++---------- 3 files changed, 41 insertions(+), 37 deletions(-) diff --git a/locals.tf b/locals.tf index b4b6e3e..bf70bed 100644 --- a/locals.tf +++ b/locals.tf @@ -69,4 +69,3 @@ locals { } } } - diff --git a/main.tf b/main.tf index 6e0fe3f..22152a5 100644 --- a/main.tf +++ b/main.tf @@ -1,28 +1,28 @@ -module "avm_res_containerregistry_registry" { - for_each = toset(var.acr == null ? [] : ["acr"]) - source = "Azure/avm-res-containerregistry-registry/azurerm" - version = "0.3.1" - name = var.acr.name - location = var.location - resource_group_name = var.resource_group_name - sku = "Premium" - public_network_access_enabled = false - private_endpoints = { - primary = { - private_dns_zone_resource_ids = var.acr.private_dns_zone_resource_ids - subnet_resource_id = var.acr.subnet_resource_id - } - } -} - -resource "azurerm_role_assignment" "acr" { - for_each = toset(var.acr == null ? [] : ["acr"]) - - principal_id = azurerm_kubernetes_cluster.this.kubelet_identity[0].object_id - scope = module.avm_res_containerregistry_registry["acr"].resource_id - role_definition_name = "AcrPull" - skip_service_principal_aad_check = true -} +# module "avm_res_containerregistry_registry" { +# for_each = var.create_acr ? toset(["acr"]) : toset([]) +# source = "Azure/avm-res-containerregistry-registry/azurerm" +# version = "0.3.1" +# name = var.acr.name +# location = var.location +# resource_group_name = var.resource_group_name +# sku = "Premium" +# public_network_access_enabled = false +# private_endpoints = { +# primary = { +# private_dns_zone_resource_ids = var.acr.private_dns_zone_resource_ids +# subnet_resource_id = var.acr.subnet_resource_id +# } +# } +# } +# +# resource "azurerm_role_assignment" "acr" { +# for_each = var.create_acr ? toset(["acr"]) : toset([]) +# +# principal_id = azurerm_kubernetes_cluster.this.kubelet_identity[0].object_id +# scope = module.avm_res_containerregistry_registry[0].resource_id +# role_definition_name = "AcrPull" +# skip_service_principal_aad_check = true +# } resource "azurerm_user_assigned_identity" "aks" { count = length(var.managed_identities.user_assigned_resource_ids) > 0 ? 0 : 1 @@ -67,7 +67,7 @@ resource "azurerm_kubernetes_cluster" "this" { workload_identity_enabled = true api_server_access_profile { - authorized_ip_ranges = var.api_server_authorized_ip_ranges + authorized_ip_ranges = var.api_server_authorized_ip_ranges } default_node_pool { diff --git a/variables.tf b/variables.tf index b0881a5..b4f17a9 100644 --- a/variables.tf +++ b/variables.tf @@ -67,16 +67,21 @@ variable "resource_group_name" { nullable = false } -variable "acr" { - type = object({ - name = string - private_dns_zone_resource_ids = set(string) - subnet_resource_id = string - - }) - default = null - description = "(Optional) Parameters for the Azure Container Registry to use with the Kubernetes Cluster." -} +# variable "create_acr" { +# type = bool +# description = "Whether to create an Azure Container Registry" +# } +# +# variable "acr" { +# type = object({ +# name = string +# private_dns_zone_resource_ids = set(string) +# subnet_resource_id = string +# +# }) +# default = null +# description = "(Optional) Parameters for the Azure Container Registry to use with the Kubernetes Cluster." +# } variable "agents_tags" { type = map(string)