Required to fix error

thomast1906 · Mar 25, 2024 · dc55adc · dc55adc
1 parent 6a99ad6
commit dc55adc
Show file tree

Hide file tree

Showing 3 changed files with 50 additions and 8 deletions.
diff --git a/Terraform-AZURE-Services-Creation/AKS/rbac.tf b/Terraform-AZURE-Services-Creation/AKS/rbac.tf
@@ -47,3 +47,17 @@ resource "azurerm_role_assignment" "appgwcontainernode" {
     azurerm_user_assigned_identity.alb_identity
   ]
 }
+
+#fixing for  "The client '62119122-6287-4620-98b4-bf86535e2ece' with object id '62119122-6287-4620-98b4-bf86535e2ece' does not have authorization to perform action 'Microsoft.ServiceNetworking/register/action' over scope '/subscriptions/XXXXX' or the scope is invalid. (As part of App Gw for containers - maanged by ALB controller setup)"
+data "azurerm_subscription" "current" {
+}
+
+resource "azurerm_role_assignment" "appgwcontainer" {
+  principal_id         = azurerm_user_assigned_identity.alb_identity.principal_id
+  scope                = data.azurerm_subscription.current.subscription_id
+  role_definition_name = "Network Contributor"
+  depends_on = [
+    azurerm_kubernetes_cluster.k8s,
+    azurerm_user_assigned_identity.alb_identity
+  ]
+}
diff --git a/kubernetes_manifest/alb.yml b/kubernetes_manifest/alb.yml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: alb-infra
diff --git a/kubernetes_manifest/script/alb-controller-install-k8s.sh b/kubernetes_manifest/script/alb-controller-install-k8s.sh
@@ -3,13 +3,37 @@
 RESOURCE_GROUP="devopsthehardway-rg"
 AKS_NAME="devopsthehardwayaks"
 helm_resource_namespace="alb"
+VNET_NAME="devopsthehardway-vnet"
+ALB_SUBNET_NAME="appgw"
 
 # create namespace
-kubectl create namespace $helm_resource_namespace
-
-# az aks get-credentials --resource-group $RESOURCE_GROUP --name $AKS_NAME
-helm install alb-controller oci://mcr.microsoft.com/application-lb/charts/alb-controller \
-     --namespace $helm_resource_namespace \
-     --version 1.0.0 \
-     --set albController.namespace=$helm_resource_namespace \
-     --set albController.podIdentity.clientID=$(az identity show -g $RESOURCE_GROUP -n azure-alb-identity --query clientId -o tsv)
+# kubectl create namespace $helm_resource_namespace
+
+# # az aks get-credentials --resource-group $RESOURCE_GROUP --name $AKS_NAME
+# helm install alb-controller oci://mcr.microsoft.com/application-lb/charts/alb-controller \
+#      --namespace $helm_resource_namespace \
+#      --version 1.0.0 \
+#      --set albController.namespace=$helm_resource_namespace \
+#      --set albController.podIdentity.clientID=$(az identity show -g $RESOURCE_GROUP -n azure-alb-identity --query clientId -o tsv)
+
+
+ALB_SUBNET_ID=$(az network vnet subnet show --name $ALB_SUBNET_NAME --resource-group $RESOURCE_GROUP --vnet-name $VNET_NAME --query '[id]' --output tsv)
+
+# Creates the namespace for alb-controller
+kubectl apply -f - <<EOF
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: alb-infra
+EOF
+
+kubectl apply -f - <<EOF
+apiVersion: alb.networking.azure.io/v1
+kind: ApplicationLoadBalancer
+metadata:
+  name: alb-devopshardway
+  namespace: alb-infra
+spec:
+  associations:
+  - $ALB_SUBNET_ID
+EOF