DEV Community

Discussion on: Fully automated creation of an AAD-integrated Kubernetes cluster with Terraform

barnumd profile image

The kubernetes_cluster_role_binding - aad_integration was enough to get me logged into the dashboard, but then there was a bunch of errors like configmaps is forbidden: User "system:serviceaccount:kube-system:kubernetes-dashboard" cannot list resource "configmaps" in API group "" at the cluster scope. I hadd to add the following for that to work

resource "kubernetes_cluster_role_binding" "service_account" {

  metadata {
    name = "${}-service-account"
  role_ref {
    api_group = ""
    kind      = "ClusterRole"
    name      = "cluster-admin"
  subject {
    kind      = "ServiceAccount"
    name      = "kubernetes-dashboard"
    namespace = "kube-system"
  depends_on = [
cdennig profile image
Christian Dennig Author

Be careful with running the dashboard as „cluster-admin“. It a very „popular“ attack vector!