I am trying to use data.azurerm_key_vault_certificate in a resource.azurerm_linux_virtual_machine_scale_set to get a CA Cert to be installed on the instances.
Everything run successfully but I can’t figure out if that CA cert was installed on the machine (ubuntu 18.04) and if it’s trusted.
data "azurerm_key_vault" "data" {
name = "Data-Terraform"
resource_group_name = var.resource_group.name
}
data "azurerm_key_vault_certificate" "data" {
name = "data-stack-ca"
key_vault_id = data.azurerm_key_vault.data.id
}
## VM Scaleset
resource "azurerm_linux_virtual_machine_scale_set" "data" {
name = "cluster-data-vmss"
resource_group_name = var.resource_group.name
location = var.resource_group.location
sku = var.vm_size
instances = var.nodes
admin_username = "adminuser"
admin_password = "myPw1234!"
computer_name_prefix = var.prefix
disable_password_authentication = false
source_image_reference {
publisher = "Canonical"
offer = "UbuntuServer"
sku = "18.04-LTS"
version = "latest"
}
os_disk {
storage_account_type = "StandardSSD_LRS"
caching = "ReadWrite"
}
data_disk {
create_option = "Empty"
disk_size_gb = var.disk_size
lun = "10"
caching = "ReadWrite"
storage_account_type = "StandardSSD_LRS"
}
custom_data = data.template_cloudinit_config.config.rendered
depends_on = [var.loadbalancer_rules]
network_interface {
name = "nic"
primary = true
ip_configuration {
name = "internal"
primary = true
subnet_id = var.subnet.id
load_balancer_backend_address_pool_ids = [var.backend_address_pool.id]
}
}
secret {
key_vault_id = data.azurerm_key_vault.data.id
certificate {
url = data.azurerm_key_vault_certificate.data.secret_id
}
}
}
am I misunderstanding the purpose of the certificate block in a scaleset?
Many thanks! 