Helm charts managed through Terraform to deploy an Azure SecretProviderClass on AKS
Introduction
In this article we will see how to benefit from the advantages of two infrastructure and template management solutions: Helm charts and Terraform.
In order to make the exercise challenging and to prove that the use of these two features works well, I deliberately chose to use the SecretProviderClass because it is a complex Kubernetes resource type to model.
For more details on the SecretProviderClass, please consult the following article that points out how to create a SecretProviderClass using user-assigned identity to access your key vault.
All the code used in this article is available here on GitHub: JamesDLD/terraform-azurerm_kubernetes-helm-chart-SecretProviderClass
Prerequisite
- Access to an existing Azure Kubernetes Service (AKS) cluster.
- You already have configured the Azure Key Vault provider for Secrets Store CSI Driver in an Azure Kubernetes Service (AKS) cluster.
Terraform providers & authentication
The trick here is to retrieve the Kubernetes certificate from the azurerm_kubernetes_cluster resource and pass it to the helm provider.
Terraform Helm release
In this section we highlight the following tips:
- Use Helm values files.
- Pass parameters from Terraform to the Helm chart through the “set” function.
- Dynamically retrieve the Azure Tenant ID from Terraform and pass it to the Helm chart.
Helm chart template
The following manifest file manages the Kubernetes SecretProviderClass object and was designed using the following requirements:
- Ability to create multiple SecretProviderClass Kubernetes objects using the range action.
- Use in order of preference the values provided by the current “range” (file “value-demo.yaml”), then the default values (file “value.yaml”) then those provided by Terraform (“set” function).
Terraform plan
What’s interesting here with Terraform is that we can see the planned changes and we can pass Terraform known information like the Azure Tenant ID and core parameters like the target Azure Key Vault.
Conclusion
Using Terraform and Helm charts will help you reap the benefits of both worlds:
- Make full use of your teams’ skills.
- Pass calculated values from your cloud provider without writing them in your code.
- Manage planned changes that new git commits plan to do before applying them in production.
See You in the Cloud
Jamesdld
Published on:
Learn moreRelated posts
Power Automate Creating Azure DevOps Items
Update on Azure Boards + GitHub Integration
It’s been a few months since our last update on the initiative to enhance the integration between Azure Boards and GitHub. We’re e...
Bring your custom engine copilot from Azure OpenAI Studio to Microsoft Teams: now in public preview
Azure OpenAI now offers a Deploy to a Teams app option in public preview, providing a new way to connect enterprise data with custom engine co...
Enhancing Security and Scalability with Reusable Workflows in GitHub and Pipeline Templates in Azure
Introduction In the world of modern software development, efficiency, security, and scalability are paramount. Leveraging template work...