diff --git a/.github/workflows/on_pull_request.yml b/.github/workflows/on_pull_request.yml
index 3f31a80..57baae6 100644
--- a/.github/workflows/on_pull_request.yml
+++ b/.github/workflows/on_pull_request.yml
@@ -167,9 +167,13 @@ jobs:
                                      --github-token=${{github.token}} \
                                      --pull-request=${{github.event.pull_request.number}} \
                                      --behavior=new
+  
   tfsec:
     name: tfsec
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
 
     steps:
       - name: Clone repo
@@ -179,9 +183,9 @@ jobs:
         uses: aquasecurity/tfsec-action@v1.0.0
       
       - uses: actions/github-script@v6
-        if: github.event_name == 'pull_request'
+        if: always()
         env:
-          PLAN: "terraform\n${{ steps.plan.outputs.stdout }}"
+          PLAN: "terraform\n${{ steps.sec.outputs.stdout }}"
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |
diff --git a/platforms/dev/terraform.tfvars b/platforms/dev/terraform.tfvars
index d1a9236..86547b9 100644
--- a/platforms/dev/terraform.tfvars
+++ b/platforms/dev/terraform.tfvars
@@ -5,21 +5,28 @@ charts = {
     create_namespace = true
     repository       = "https://charts.bitnami.com/bitnami"
     version          = "9.4.1"
-    sets = {}
+    sets             = {
+      "service.loadBalancerIP" = "20.101.234.17"
+    }
+    skip_crds        = false
   }
-  cert-manager = {
+  /*cert-manager = {
     create_namespace = true
-    repository       = "https://charts.bitnami.com/bitnami"
-    version          = "v0.9.4"
-    sets = {}
-  }
+    repository       = "https://charts.jetstack.io"
+    version          = "v1.11.1"
+    sets             = {
+      "installCRDs" = true
+    }
+    skip_crds        = false
+  }*/
   redis = {
     create_namespace = true
     repository       = "https://charts.bitnami.com/bitnami"
     version          = "v17.9.2"
+    skip_crds        = false
     sets = {
       "global.redis.password" = "plop",
-      "replica.replicaCount" = 1
+      "replica.replicaCount"  = 1
     }
   }
 }
\ No newline at end of file
diff --git a/terraform.tf b/terraform.tf
index e039dc8..ea7cf71 100644
--- a/terraform.tf
+++ b/terraform.tf
@@ -4,13 +4,12 @@ Le module network sert a deployer le resource group mais aussi le virtual networ
 Le module est construit de façon a être le plus réutilisable possible ça évite de réécrire du code pour rien
 */
 module "network" {
-  source = "git@github.com:nomaddevops/azure_resource_group?ref=v1.0.1"
+  source = "git@github.com:nomaddevops/azure_resource_group?ref=v1.0.2"
 
   location      = var.location
   subnet_config = var.subnet_config
 }
 
-
 /*
 Maintenant que les bases réseaux sont déployé et pour plus de facilité ici car c'est une petite infrastructure 
 je crée directement le cluster AKS, les paramètres pouvant varier je n'utilise que des variables
@@ -28,15 +27,36 @@ resource "azurerm_kubernetes_cluster" "aks" {
     name       = var.aks_node_pool_config.default.name
     node_count = var.aks_node_pool_config.default.node_count
     vm_size    = var.aks_node_pool_config.default.vm_size
+    vnet_subnet_id = module.network.subnets.private.subnet.id
+  }
+
+  network_profile {
+    network_plugin = "azure"
   }
 
   identity {
-    type = "SystemAssigned"
+    type = "UserAssigned"
+    identity_ids = [ azurerm_user_assigned_identity.identity.id ]
   }
 
   tags = var.tags
 }
 
+resource "azurerm_user_assigned_identity" "identity" {
+  name                = format("mi-%s", var.name)
+  resource_group_name = module.network.resource_group.name
+  location            = module.network.resource_group.location
+}
+
+resource "azurerm_role_assignment" "role_assignment" {
+    for_each             = {
+    "Owner" = module.network.subnets.private.subnet.id
+    }
+    scope                = each.value
+    role_definition_name = each.key
+    principal_id         = azurerm_user_assigned_identity.identity.principal_id
+}
+
 /*
  J'ai maintenant le cluster pret a acceuillir des pods/servicse etc cependant je n'ai aucun Ingress Controller.
  En utilisant Helm Chart je déploie mon controller nginx (j'utilise un chart de la communauté) et je fais pareil
@@ -50,9 +70,6 @@ resource "azurerm_kubernetes_cluster" "aks" {
  ou le rasoir d'Occam (shorturl.at/eBEFV)
 */
 
-# UPDATE YOUR KUBE CONFIG OTHERWISE HELM WILL NOT BE ABLE TO DEPLOY THE CHART 
-
-
 resource "local_file" "kube_config" {
   content  = azurerm_kubernetes_cluster.aks.kube_config_raw
   filename = ".kube/config"
@@ -66,11 +83,12 @@ resource "helm_release" "chart" {
   repository       = each.value.repository
   chart            = each.key
   version          = each.value.version
+  skip_crds        = each.value.skip_crds
 
   dynamic "set" {
     for_each = each.value.sets
     content {
-      name = set.key
+      name  = set.key
       value = set.value
     }
   }
diff --git a/variables.tf b/variables.tf
index d38a4a3..5ed5947 100644
--- a/variables.tf
+++ b/variables.tf
@@ -6,7 +6,6 @@ variable "location" {
 
 variable "subnet_config" {
   default = {
-    public  = { is_multi_az = false }
     private = { is_multi_az = false }
   }
   description = "Multi az deployment for subnets"
@@ -35,4 +34,9 @@ variable "tags" {
 
 variable "charts" {
   type = any
+}
+
+variable "role_assignment" {
+  type = any
+  default = {}
 }
\ No newline at end of file