How to deploy objects in AKS using terraform when local admin account is disabled?


We have build AKS with Active directory and kubernetes RBAC enabled. The moment we disable the local admin account, deployment of any object becomes impossible with terraform.

I don’t want anyone to use --admin flag with az aks get-credentials. Any suggestion how to deploy kubernetes object in AKS using terraform without local account enabled.

In local machine, it is still possible that we can first fetch the credentials of AKS via RBAC and terraform kubernetes provider will automatically use them. But same is not possible with CI/CD because fetching credentials of AKS forces us to do interactive login into which is a common behavior of RBAC enabled AKS.

The way around Azure provides for not doing the interactive sign-in is using Kubelogin. However, for using it Terraform you’ll need to do some nasty stuff like running a null_resource running some bash commands.