Helm charts managed through Terraform to deploy an Azure SecretProviderClass on AKS
Introduction
In this article we will see how to benefit from the advantages of two infrastructure and template management solutions: Helm charts and Terraform.
In order to make the exercise challenging and to prove that the use of these two features works well, I deliberately chose to use the SecretProviderClass because it is a complex Kubernetes resource type to model.
For more details on the SecretProviderClass, please consult the following article that points out how to create a SecretProviderClass using user-assigned identity to access your key vault.
All the code used in this article is available here on GitHub: JamesDLD/terraform-azurerm_kubernetes-helm-chart-SecretProviderClass
Prerequisite
- Access to an existing Azure Kubernetes Service (AKS) cluster.
- You already have configured the Azure Key Vault provider for Secrets Store CSI Driver in an Azure Kubernetes Service (AKS) cluster.
Terraform providers & authentication
The trick here is to retrieve the Kubernetes certificate from the azurerm_kubernetes_cluster resource and pass it to the helm provider.
Terraform Helm release
In this section we highlight the following tips:
- Use Helm values files.
- Pass parameters from Terraform to the Helm chart through the “set” function.
- Dynamically retrieve the Azure Tenant ID from Terraform and pass it to the Helm chart.
Helm chart template
The following manifest file manages the Kubernetes SecretProviderClass object and was designed using the following requirements:
- Ability to create multiple SecretProviderClass Kubernetes objects using the range action.
- Use in order of preference the values provided by the current “range” (file “value-demo.yaml”), then the default values (file “value.yaml”) then those provided by Terraform (“set” function).
Terraform plan
What’s interesting here with Terraform is that we can see the planned changes and we can pass Terraform known information like the Azure Tenant ID and core parameters like the target Azure Key Vault.
Conclusion
Using Terraform and Helm charts will help you reap the benefits of both worlds:
- Make full use of your teams’ skills.
- Pass calculated values from your cloud provider without writing them in your code.
- Manage planned changes that new git commits plan to do before applying them in production.
See You in the Cloud
Jamesdld
Published on:
Learn moreRelated posts
Coding at the Speed of Innovation: AI and more with Azure SQL Database
The Azure SQL Database team is all set to unveil new product announcements as Build 2024 approaches. Innovation is the prominent theme this ti...
Generate insights from audio and video data using Speech analytics in Azure AI Studio
In this video, we explore the power of speech analytics in Azure AI Studio to extract insights from audio and video data. This technology help...
Azure Custom Policy- PostgreSQL Product - Compliance Report not Available- New Feature Request
If you're attempting to create custom policies for Azure Cosmos DB for PostgreSQL at the subscription level and are running into issues where ...
Microsoft Causes Fuss Around Azure MFA Announcement
Microsoft's recent announcement regarding the requirement of Azure MFA for connections to services starting in July 2024 has caused quite a st...
PostgreSQL for your AI app's backend | Azure Database for PostgreSQL Flexible Server
If you want to use Postgres as a managed service on Azure and build generative AI apps, then the Azure Database for Postgres Flexible Server i...
Storage migration: Combine Azure Storage Mover and Azure Data Box
If you are looking to migrate your data from on-premises to Azure Storage, it can be challenging, but with Microsoft's solutions, you can make...
Loop DDoS Attacks: Understanding the Threat and Azure's Defense
This article provides a comprehensive overview of Loop DDoS attacks, a sophisticated and evolving cybersecurity threat that exploits applicati...
Azure Communication Services at Microsoft Build 2024
Join us for Microsoft Build 2024, either in-person in Seattle or virtually, to learn about the latest updates from Azure Communication Service...
Azure Developer CLI (azd) – May 2024 Release
The Azure Developer CLI (`azd`) has received a May 2024 update, version 1.9.0, making it simpler for developers to create, manage, and deploy ...
Join us at Build 2024: Get the latest on Azure Cosmos DB in Seattle or online!
Join Microsoft Build 2024 to get a sneak peek into the future of AI and data innovation. Taking place in Seattle and online from May 21 to 23,...