location = config.get("location") or "east us"
subscription_id = authorization.get_client_config().subscription_id
# Create Azure AD Application for AKS
app = azuread.Application(f"{prefix}-aks-app",
display_name=f"{prefix}-aks-app")
# Create service principal for the application so AKS can act on behalf of the application
sp = azuread.ServicePrincipal("aks-sp", application_id=app.application_id)
# Create the service principal password
sppwd = azuread.ServicePrincipalPassword("aks-sp-pwd",
service_principal_id=sp.id,
end_date="2099-01-01T00:00:00Z")
rg = resources.ResourceGroup(f"{prefix}-rg", location=location)
vnet = network.VirtualNetwork(f"{prefix}-vnet",
location=rg.location,
resource_group_name=rg.name,
address_space={
"address_prefixes": ["10.0.0.0/16"],
})
subnet = network.Subnet(f"{prefix}-subnet",
resource_group_name=rg.name,
address_prefix="10.0.0.0/24",
virtual_network_name=vnet.name)
subnet_assignment = authorization.RoleAssignment(
"subnet-permissions",
"""An Azure RM Python Pulumi program"""
import pulumi
from pulumi_azure_native import storage
from pulumi_azure_native import resources
# Create an Azure Resource Group
resource_group = resources.ResourceGroup('cloudskills-rg')
# Create an Azure resource (Storage Account)
account = storage.StorageAccount('sa',
resource_group_name=resource_group.name,
sku=storage.SkuArgs(
name=storage.SkuName.STANDARD_LRS, ),
kind=storage.Kind.STORAGE_V2)
# Export the primary key of the Storage Account
primary_key = pulumi.Output.all(resource_group.name, account.name) \
.apply(lambda args: storage.list_storage_account_keys(
resource_group_name=args[0],
account_name=args[1]
)).apply(lambda accountKeys: accountKeys.keys[0].value)
pulumi.export("primary_storage_key", primary_key)
import pulumi
from pulumi_azure_native import resources
from pulumi_azure_native import storage
# Create an Azure Resource Group
resource_group = resources.ResourceGroup('my-resourcegroup')
# Create an Azure resource (Storage Account)
account = storage.StorageAccount('storageaccount',
resource_group_name=resource_group.name,
sku=storage.SkuArgs(name=storage.SkuName.STANDARD_LRS,),
kind=storage.Kind.STORAGE_V2)
import pulumi
from pulumi_azure_native import resources
from pulumi_azure_native import storage
from pulumi_azure_native import web
# Create an Azure Resource Group
resource_group = resources.ResourceGroup('resourcegroup_functions_py')
# Create a Storage Account
account = storage.StorageAccount('storageaccount',
resource_group_name=resource_group.name,
sku=storage.SkuArgs(
name=storage.SkuName.STANDARD_LRS, ),
kind=storage.Kind.STORAGE_V2)
# Create a consumption plan
# Consumption plan must be linux for python: https://docs.microsoft.com/en-us/azure/azure-functions/functions-scale#operating-systemruntime
plan = web.AppServicePlan(
"consumption-plan",
resource_group_name=resource_group.name,
location=resource_group.location,
kind="functionapp",
reserved=
True, # This is an Azure Requirement for PYTHON. The function can only run on Linux.
sku=web.SkuDescriptionArgs(name="Y1",
tier="Dynamic",
size="Y1",
family="Y",
capacity=0))
# Export the Azure Resource Group
import base64
import pulumi
from pulumi.resource import ResourceOptions
from pulumi_azure_native import resources, containerservice, network
from pulumi_azure_native.network import virtual_network
import pulumi_azuread as azuread
import pulumi_random as random
import pulumi_tls as tls
config = pulumi.Config()
name = "shaht"
# Create new resource group
resource_group = resources.ResourceGroup(f'{name}-azure-native-py-aks')
# Create an AD service principal
ad_app = azuread.Application(f'{name}-aks-app', display_name=f'{name}-aks-app')
ad_sp = azuread.ServicePrincipal(f'{name}-aksSp',
application_id=ad_app.application_id)
# Generate random password
password = random.RandomPassword(f'{name}-password', length=20, special=True)
# Create the Service Principal Password
ad_sp_password = azuread.ServicePrincipalPassword(
f'{name}-aksSpPassword',
service_principal_id=ad_sp.id,
value=password.result,
end_date="2099-01-01T00:00:00Z")
# Copyright 2016-2021, Pulumi Corporation. All rights reserved.
import pulumi
from pulumi_azure_native import resources, containerservice
import pulumi_azuread as ad
config = pulumi.Config()
password = config.get_secret("password")
ssh_public_key = config.require("sshPublicKey")
location = config.get("location") or "eastus"
resource_group = resources.ResourceGroup("aks", location=location)
ad_app = ad.Application(
"aks",
display_name="my-aks-multicluster",
)
ad_sp = ad.ServicePrincipal("aksSp", application_id=ad_app.application_id)
ad_sp_password = ad.ServicePrincipalPassword("aksSpPassword",
service_principal_id=ad_sp.id,
value=password,
end_date="2099-01-01T00:00:00Z")
aks_cluster_configs = [
{
"name": "east",
"location": "eastus",
"node_count": 2,
"node_size":
from pulumi_azure_native import resources
from pulumi_azure_native import network
from pulumi_azure_native import containerservice
from pulumi_azure_native import compute
# Setting up variables
prefix_name = "pulumiAKS"
vnet_ip_range = "192.168.0.0/16"
aks_ip_range = "192.168.0.0/20"
vm_ip_range = "192.168.16.0/24"
ssh_key = "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAslS5LnoCJlj8OE4VncUK2iP6YhVT/RmeNkvP3VTd/GbiZd384wrD0rzr3MwEgMm4ZkjUQno54x+bpRhIFDha4Kj89cs7LwuPHZSkXLF+aVydxy2nu464TmflnhVVW71wLE9E3bCUxmh5+IZ3sJ8is2XQMuC1IHiIoEMFc+buMTG+kVc3f+VaJ5ZT+bFPjqs816YBPTSZRmUjzfwRcLIRXvlVxlFsMckhSTa7xCCxunsGKITOnqmlk/vIWr/bKfev6RD+qV8DFquM0zxquwcSv5ERXE384m6ESJ/YJ4IN5P14CDWT3pdZtwM1jOaL/zPyMHbamk5iTPLfuPao740plQ=="
# Create an Azure Resource Group
resource_group = resources.ResourceGroup(prefix_name + "-rg",
resource_group_name=(prefix_name +
"-rg"))
# Create network security group
nsg = network.NetworkSecurityGroup(resource_name=(prefix_name + "-nsg"),
network_security_group_name=(prefix_name +
"-nsg"),
resource_group_name=resource_group.name,
security_rules=[
network.SecurityRuleArgs(
access="Allow",
destination_address_prefix="*",
destination_port_range="22",
direction="Inbound",
name="Allow-SSH",
priority=130,
import pulumi_azure_native.insights as insights
import pulumi_azure_native.resources as resource
import pulumi_azure_native.sql as sql
import pulumi_azure_native.storage as storage
import pulumi_azure_native.web as web
from pulumi import Config, Output, asset, export
from pulumi_azure_native.storage import (BlobContainer, PublicAccess,
StorageAccount)
username = "******"
config = Config()
pwd = config.require("sqlPassword")
resource_group = resource.ResourceGroup("appservicerg")
storage_account = storage.StorageAccount(
"appservicesa",
resource_group_name=resource_group.name,
kind=storage.Kind.STORAGE_V2,
sku=storage.SkuArgs(name=storage.SkuName.STANDARD_LRS))
app_service_plan = web.AppServicePlan("appservice-asp",
resource_group_name=resource_group.name,
kind="App",
sku=web.SkuDescriptionArgs(
tier="Basic",
name="B1",
))
storage_container = BlobContainer("appservice-c",
"""An Azure RM Python Pulumi program"""
import pulumi
from pulumi_azure_native import storage
from pulumi_azure_native import resources
# Create an Azure Resource Group
resource_group = resources.ResourceGroup('michaellevan-rg')
# Create an Azure resource (Storage Account)
account = storage.StorageAccount('sa',
resource_group_name=resource_group.name,
sku=storage.SkuArgs(
name=storage.SkuName.STANDARD_LRS, ),
kind=storage.Kind.STORAGE_V2)
# Export the primary key of the Storage Account
primary_key = pulumi.Output.all(resource_group.name, account.name) \
.apply(lambda args: storage.list_storage_account_keys(
resource_group_name=args[0],
account_name=args[1]
)).apply(lambda accountKeys: accountKeys.keys[0].value)
pulumi.export("primary_storage_key", primary_key)
location = config.get('location')
# The privateKey associated with the selected key must be provided (either directly or base64 encoded),
# along with an optional passphrase if needed.
def decode_key(key):
if key.startswith('-----BEGIN RSA PRIVATE KEY-----'):
return key
return key.encode('ascii')
private_key = config.require_secret('privateKey').apply(decode_key)
private_key_passphrase = config.get_secret('privateKeyPassphrase')
# Create a resource group to hold project resources.
resource_group = resources.ResourceGroup("minecraft")
# Create a virtual network resource.
net = network.VirtualNetwork(
"server-network",
resource_group_name=resource_group.name,
address_space=network.AddressSpaceArgs(
address_prefixes=["10.0.0.0/16"],
),
subnets=[network.SubnetArgs(
name="default",
address_prefix="10.0.0.0/24",
)]
)
# Create a public IP to enable access on the Internet.
## Exercise 1: Export the resource group name as a stack output
# Doc: https://www.pulumi.com/docs/intro/concepts/stack/#outputs
## Exercise 2: Use stack configuration to set the resource group name instead of the hard-coded 'resource_group'
# Doc: https://www.pulumi.com/docs/intro/concepts/config/#code
# Hint: Require a configuration parameter named "base_name" that you can then use as a basis for resource names.
## (Optional) Exercise 3: Use explicit naming for the resource group instead of autonaming.
# Note: This means you have to prevent resource naming conflicts.
# Hint: Resources have a "_name" property that allows you to override autonaming.
# Doc: https://www.pulumi.com/docs/reference/pkg/azure-native/resources/resourcegroup/
import pulumi
from pulumi_azure_native import resources
## Exercise 2 ##
config = pulumi.Config()
base_name = config.require("base_name")
## Exercise 2 ##
# Create an Azure Resource Group
## Exercise 2 ##
resource_group = resources.ResourceGroup(f"{base_name}-rg")
## Exercise 2 ##
## Exercise 1 ##
pulumi.export("rg_name", resource_group.name)
## Exercise 1 ##
# Copyright 2016-2020, Pulumi Corporation. All rights reserved.
import base64
from pulumi import Config, Output, export
import pulumi_azure_native.compute as compute
import pulumi_azure_native.network as network
import pulumi_azure_native.resources as resources
config = Config()
username = config.require("username")
password = config.require("password")
resource_group = resources.ResourceGroup("server")
net = network.VirtualNetwork("server-network",
resource_group_name=resource_group.name,
address_space=network.AddressSpaceArgs(
address_prefixes=["10.0.0.0/16"], ),
subnets=[
network.SubnetArgs(
name="default",
address_prefix="10.0.1.0/24",
)
])
public_ip = network.PublicIPAddress(
"server-ip",
resource_group_name=resource_group.name,
public_ip_allocation_method=network.IPAllocationMethod.DYNAMIC)
network_iface = network.NetworkInterface(
"""An Azure RM Python Pulumi program"""
import pulumi
from pulumi_azure_native import resources
from pulumi_azure_native import web
# Resource Group - https://www.pulumi.com/docs/reference/pkg/azure-native/resources/resourcegroup/
demo_resource_group = resources.ResourceGroup("rg-aelia-dev-westus2-001",
location="West US 2")
# App Service Plan - https://www.pulumi.com/docs/reference/pkg/azure-native/web/appserviceplan/
demo_plan = web.AppServicePlan("sp-aelia-dev-westus2-001",
location=demo_resource_group.location,
resource_group_name=demo_resource_group.name,
kind="Linux",
reserved=True,
sku=web.SkuDescriptionArgs(tier="Free",
name="F1",
size="F1"))
# App Service - https://www.pulumi.com/docs/reference/pkg/azure-native/web/webapp/
demo_app_service = web.WebApp("app-aelia-dev-westus2-001",
location=demo_resource_group.location,
resource_group_name=demo_resource_group.name,
server_farm_id=demo_plan.id,
site_config={
"linuxFxVersion":
"DOCKER|ghcr.io/boredtweak/webapi:latest",
"use32BitWorkerProcess": True,
})
# Copyright 2016-2021, Pulumi Corporation. All rights reserved.
import base64
import pulumi
from pulumi_azure_native import resources, containerservice
import pulumi_azuread as azuread
import pulumi_random as random
import pulumi_tls as tls
config = pulumi.Config()
# Create new resource group
resource_group = resources.ResourceGroup("azure-native-py-aks")
# Create an AD service principal
ad_app = azuread.Application("aks", display_name="aks")
ad_sp = azuread.ServicePrincipal("aksSp", application_id=ad_app.application_id)
# Generate random password
password = random.RandomPassword("password", length=20, special=True)
# Create the Service Principal Password
ad_sp_password = azuread.ServicePrincipalPassword(
"aksSpPassword",
service_principal_id=ad_sp.id,
value=password.result,
end_date="2099-01-01T00:00:00Z")
# Generate an SSH key
ssh_key = tls.PrivateKey("ssh-key", algorithm="RSA", rsa_bits=4096)
# Copyright 2016-2020, Pulumi Corporation. All rights reserved.
import pulumi
import pulumi_azure_native.authorization as authorization
import pulumi_azure_native.storage as storage
import pulumi_azure_native.synapse as synapse
import pulumi_azure_native.resources as resources
import pulumi_random as random
config = pulumi.Config()
resource_group = resources.ResourceGroup("synapse-rg")
storage_account = storage.StorageAccount(
"synapsesa",
resource_group_name=resource_group.name,
access_tier=storage.AccessTier.HOT,
enable_https_traffic_only=True,
is_hns_enabled=True,
kind=storage.Kind.STORAGE_V2,
sku=storage.SkuArgs(name=storage.SkuName.STANDARD_RAGRS, ))
data_lake_storage_account_url = storage_account.name.apply(
lambda name: f"https://{name}.dfs.core.windows.net")
users = storage.BlobContainer("users",
resource_group_name=resource_group.name,
account_name=storage_account.name,
public_access=storage.PublicAccess.NONE)
workspace = synapse.Workspace(
k8s_version = config.get('k8sVersion') or '1.18.14'
admin_username = config.get('adminUserName') or 'testuser'
node_count = config.get_int('nodeCount') or 2
node_size = config.get('nodeSize') or 'Standard_D2_v2'
password = config.get_secret("password")
if not password:
rando_password = random.RandomPassword(
'password',
length=16,
special=True,
override_special='@_#',
)
password = rando_password.result
# Resource Group
resource_group = resources.ResourceGroup('rg')
### AKS Cluster Related Resources
generated_key_pair = PrivateKey('ssh-key', algorithm='RSA', rsa_bits=4096)
ssh_public_key = generated_key_pair.public_key_openssh
ad_app = azuread.Application('app', display_name='app')
ad_sp = azuread.ServicePrincipal('service-principal',
application_id=ad_app.application_id)
ad_sp_password = azuread.ServicePrincipalPassword(
'sp-password',
service_principal_id=ad_sp.id,
value=password,
end_date='2099-01-01T00:00:00Z')
k8s_cluster = containerservice.ManagedCluster(
def __init__(self, name: str, opts: ResourceOptions = None):
super().__init__('custom:resource:LibvirtHost', name, {}, opts)
basename = f"{name}-kvm"
username = "******"
computername = "kvmhost"
# Resource group, etc for the KVM host
resource_group = resources.ResourceGroup(
f"{basename}-rg", opts=ResourceOptions(parent=self))
net = network.VirtualNetwork(f"{basename}-net",
resource_group_name=resource_group.name,
address_space=network.AddressSpaceArgs(
address_prefixes=["10.0.0.0/16"], ),
subnets=[
network.SubnetArgs(
name="default",
address_prefix="10.0.1.0/24",
)
],
opts=ResourceOptions(parent=self))
public_ip = network.PublicIPAddress(
f"{basename}-ip",
resource_group_name=resource_group.name,
public_ip_allocation_method=network.IPAllocationMethod.DYNAMIC,
opts=ResourceOptions(parent=self))
network_iface = network.NetworkInterface(
f"{basename}-nic",
resource_group_name=resource_group.name,
ip_configurations=[
network.NetworkInterfaceIPConfigurationArgs(
name="serveripcfg",
subnet=network.SubnetArgs(id=net.subnets[0].id),
private_ip_allocation_method=network.IPAllocationMethod.
DYNAMIC,
public_ip_address=network.PublicIPAddressArgs(
id=public_ip.id),
)
],
opts=ResourceOptions(parent=self))
# SSH key for accessing the Azure VM that is going to be the KVM host.
ssh_key = tls.PrivateKey(f"{basename}-sshkey",
algorithm="RSA",
rsa_bits=4096,
opts=ResourceOptions(parent=self))
# Script to configure the kvm service on the kvm host
init_script = f"""#!/bin/bash
# Install KVM
sudo apt update
sudo apt-get -y install qemu-kvm libvirt-bin
# hack to account for this bug: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1677398
# Work around: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1677398/comments/42
sudo sed -i '$ a security_driver = "none"' /etc/libvirt/qemu.conf
sudo systemctl restart libvirt-bin
"""
vm = compute.VirtualMachine(
f"{basename}-vm",
resource_group_name=resource_group.name,
network_profile=compute.NetworkProfileArgs(network_interfaces=[
compute.NetworkInterfaceReferenceArgs(id=network_iface.id),
], ),
hardware_profile=compute.HardwareProfileArgs(
vm_size=compute.VirtualMachineSizeTypes.STANDARD_D4S_V3),
os_profile=compute.OSProfileArgs(
computer_name=computername,
admin_username=username,
custom_data=base64.b64encode(
init_script.encode("ascii")).decode("ascii"),
linux_configuration=compute.LinuxConfigurationArgs(
ssh=compute.SshConfigurationArgs(public_keys=[
compute.SshPublicKeyArgs(
key_data=ssh_key.public_key_openssh,
path=f"/home/{username}/.ssh/authorized_keys")
]))),
storage_profile=compute.StorageProfileArgs(
os_disk=compute.OSDiskArgs(
create_option=compute.DiskCreateOptionTypes.FROM_IMAGE, ),
image_reference=compute.ImageReferenceArgs(
publisher="canonical",
offer="UbuntuServer",
sku="18.04-LTS",
version="latest",
),
),
opts=ResourceOptions(parent=self))
# There's some delay between when Azure says the VM is ready and
# when the KVM/qemu service can start accepting connections.
# So, wait a bit to allow the KVM server to become fully ready.
# But only do the wait if the VM has been provisioned (i.e. not during a preview).
vm.provisioning_state.apply(lambda state: time.sleep(90))
public_ip_addr = vm.id.apply(
lambda _: network.get_public_ip_address_output(
public_ip_address_name=public_ip.name,
resource_group_name=resource_group.name))
# Create/update the private key file for the SSH remote connection URI.
def write_key_file(priv_key, key_file):
if (os.path.exists(key_file)):
os.chmod(key_file, 0o666)
f = open(key_file, "w")
f.write(priv_key)
f.close()
os.chmod(key_file, 0o400)
key_file = f"{basename}_server.priv"
ssh_key.private_key_pem.apply(
lambda priv_key: write_key_file(priv_key, key_file))
# Build the connection URI that is returned for use by the libvirt provider.
# See https://libvirt.org/uri.html#URI_remote for details on the remote URI options
self.libvirt_remote_uri = Output.concat(
"qemu+ssh://", username, "@", public_ip_addr.ip_address,
"/system?keyfile=./", key_file,
"&socket=/var/run/libvirt/libvirt-sock&no_verify=1")
# Return where the VM pool should be created.
# In this case, the "vm pool" is simply placed under the KVM host user's home folder
self.vm_pool_dir = f"/home/{username}/vms"
# Other values for convenience to output useful information
self.ip = public_ip_addr.ip_address
self.username = username
self.ssh_priv_key_file = key_file
self.register_outputs({})
# Copyright 2016-2021, Pulumi Corporation. All rights reserved.
import pulumi
from pulumi_azure_native import containerinstance
from pulumi_azure_native import resources
resource_group = resources.ResourceGroup("resourceGroup")
image_name = "mcr.microsoft.com/azuredocs/aci-helloworld"
container_group = containerinstance.ContainerGroup(
"containerGroup",
resource_group_name=resource_group.name,
os_type="Linux",
containers=[
containerinstance.ContainerArgs(
name="acilinuxpublicipcontainergroup",
image=image_name,
ports=[containerinstance.ContainerPortArgs(port=80)],
resources=containerinstance.ResourceRequirementsArgs(
requests=containerinstance.ResourceRequestsArgs(
cpu=1.0,
memory_in_gb=1.5,
)),
)
],
ip_address=containerinstance.IpAddressArgs(
ports=[containerinstance.PortArgs(
port=80,
protocol="Tcp",
)],
type="Public",
import pulumi
from pulumi_azure_native import resources
from pulumi_azure_native import storage
from pulumi_azure_native import web
from pulumi import Output
# Create an Azure Resource Group
resource_group = resources.ResourceGroup('resourcegroup_functionapp')
# Create a Storage Account
account = storage.StorageAccount('storageaccount',
resource_group_name=resource_group.name,
sku=storage.SkuArgs(
name=storage.SkuName.STANDARD_LRS, ),
kind=storage.Kind.STORAGE_V2)
# Create a consumption plan
plan = web.AppServicePlan(
"consumption-plan",
resource_group_name=resource_group.name,
location=resource_group.location,
kind="functionapp",
reserved=True, # This is REQUIRED for PYTHON. It can only run on Linux.
sku=web.SkuDescriptionArgs(name="Y1",
tier="Dynamic",
size="Y1",
family="Y",
capacity=0))
# Export the Azure Resource Group
pulumi.export('resourcegroup', resource_group.name)
