From f7799031143dbdd7ce7a1d38a345a527b116905e Mon Sep 17 00:00:00 2001
From: Nick Hudson <nick.hudson@gmail.com>
Date: Mon, 18 Nov 2024 13:18:12 -0600
Subject: [PATCH] attach cluster uami to node subnet

---
 main.tf | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/main.tf b/main.tf
index 8fb8b89..15ae04f 100644
--- a/main.tf
+++ b/main.tf
@@ -48,6 +48,18 @@ resource "azurerm_role_assignment" "network_contributor_on_resource_group" {
   role_definition_name = "Network Contributor"
 }
 
+resource "azurerm_role_assignment" "virtual_machine_contributor_on_resource_group" {
+  principal_id         = data.azurerm_user_assigned_identity.cluster_identity.principal_id
+  scope                = data.azurerm_resource_group.this.id
+  role_definition_name = "Virtual Machine Contributor"
+}
+
+resource "azurerm_role_assignment" "network_contributor_on_node_subnet" {
+  principal_id         = data.azurerm_user_assigned_identity.cluster_identity.principal_id
+  scope                = var.network.node_subnet_id
+  role_definition_name = "Network Contributor"
+}
+
 resource "azurerm_kubernetes_cluster" "this" {
   location                          = var.location
   name                              = "aks-${var.name}"