assign network contributor role to control plane identity (#369)

zioproto · web-flow · commit a047f32299cb · 2023-05-23T14:19:28.000+08:00
not to the kubelet identity. Relevant docs: https://learn.microsoft.com/en-us/azure/aks/use-managed-identity#summary-of-managed-identities
diff --git a/main.tf b/main.tf
@@ -702,7 +702,7 @@ resource "azurerm_role_assignment" "acr" {
 resource "azurerm_role_assignment" "network_contributor" {
   for_each = var.create_role_assignment_network_contributor ? local.subnet_ids : []
 
-  principal_id         = azurerm_kubernetes_cluster.main.kubelet_identity[0].object_id
+  principal_id         = azurerm_kubernetes_cluster.main.identity[0].principal_id
   scope                = each.value
   role_definition_name = "Network Contributor"
 }

Original file line number	Diff line number	Diff line change
`@@ -702,7 +702,7 @@ resource "azurerm_role_assignment" "acr" {`
`702`	`702`	`resource "azurerm_role_assignment" "network_contributor" {`
`703`	`703`	`for_each = var.create_role_assignment_network_contributor ? local.subnet_ids : []`
`704`	`704`
`705`		`- principal_id = azurerm_kubernetes_cluster.main.kubelet_identity[0].object_id`
	`705`	`+ principal_id = azurerm_kubernetes_cluster.main.identity[0].principal_id`
`706`	`706`	`scope = each.value`
`707`	`707`	`role_definition_name = "Network Contributor"`
`708`	`708`	`}`