diff --git a/.gitignore b/.gitignore index f887b78b7..3bb208658 100644 --- a/.gitignore +++ b/.gitignore @@ -22,6 +22,4 @@ id_rsa* kube.conf out.env infra/**/peer-pods-config.yaml -infra/**/kustomization.yaml -infra/**/workload-identity.yaml uplosi.conf* diff --git a/infra/azure-peerpods/main.tf b/infra/azure-peerpods/main.tf index 5f2cf3f2c..e85106c78 100644 --- a/infra/azure-peerpods/main.tf +++ b/infra/azure-peerpods/main.tf @@ -69,14 +69,6 @@ resource "azurerm_role_assignment" "ra_network_contributor" { principal_id = azuread_service_principal.sp.object_id } -resource "azuread_application_federated_identity_credential" "federated_credentials" { - display_name = local.name - application_id = azuread_application.app.id - issuer = azurerm_kubernetes_cluster.cluster.oidc_issuer_url - subject = "system:serviceaccount:confidential-containers-system:cloud-api-adaptor" - audiences = ["api://AzureADTokenExchange"] -} - resource "azuread_application_password" "cred" { application_id = azuread_application.app.id } @@ -128,70 +120,6 @@ resource "local_file" "kubeconfig" { content = azurerm_kubernetes_cluster.cluster.kube_config_raw } -resource "local_file" "workload_identity" { - filename = "./workload-identity.yaml" - file_permission = "0777" - content = <