https://github.com/opszero/terraform-azuread-mrmgr
https://github.com/opszero/terraform-azuread-mrmgr
Last synced: 5 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/opszero/terraform-azuread-mrmgr
- Owner: opszero
- License: other
- Created: 2022-05-11T18:07:16.000Z (about 4 years ago)
- Default Branch: main
- Last Pushed: 2025-11-24T19:27:59.000Z (7 months ago)
- Last Synced: 2025-11-28T07:32:01.554Z (7 months ago)
- Language: HCL
- Homepage: https://opszero.com
- Size: 103 KB
- Stars: 1
- Watchers: 1
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE
- Support: SUPPORT
Awesome Lists containing this project
README
# MrMgr (Azure IAM)
# How to deploy service principal
### Example
- In the below defined block, we are creating two `app` and `api` service principals.
- In `app` service principal used Federated credentials of `opszero/app` repo.
- In `api` service principal used Federated credentials of `opszero/api` Repo.
```
module "openid" {
source = "./.."
github = true
sp_name = "testing-sp-name"
repos = {
app = {
repo = "opszero/app"
entity_type = "pull_request" # for branch ref:refs/heads/
}
api = {
repo = "opszero/api"
entity_type = "pull_request" # for branch ref:refs/heads/
}
}
}
```
#### Need to allow access `service principal` to `Kubernetes`
- Get the output of `client_id`.
- `client_id` put it in `kubelogin-cluterrole.yml` name section in subjects.
```
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
```
- Run the command `kubectl apply kubelogin-cluterrole.yml`