most_recent=True,
filters=[
aws.ec2.GetAmiFilterArgs(
name='name',
values=[
'ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-*'
],
),
aws.ec2.GetAmiFilterArgs(
name='virtualization-type',
values=['hvm'],
)
],
)
private_key = tls.PrivateKey("node-key", algorithm="RSA")
rke_key_pair = aws.ec2.KeyPair("rke-node-keypair",
public_key=private_key.public_key_openssh)
rke_role = aws.iam.Role('rke-role',
assume_role_policy="""{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
# Create an AD service principal
ad_app = azuread.Application("aks", display_name="aks")
ad_sp = azuread.ServicePrincipal("aksSp", application_id=ad_app.application_id)
# Generate random password
password = random.RandomPassword("password", length=20, special=True)
# Create the Service Principal Password
ad_sp_password = azuread.ServicePrincipalPassword(
"aksSpPassword",
service_principal_id=ad_sp.id,
value=password.result,
end_date="2099-01-01T00:00:00Z")
# Generate an SSH key
ssh_key = tls.PrivateKey("ssh-key", algorithm="RSA", rsa_bits=4096)
# Create cluster
managed_cluster_name = config.get("managedClusterName")
if managed_cluster_name is None:
managed_cluster_name = "azure-native-aks"
managed_cluster = containerservice.ManagedCluster(
managed_cluster_name,
resource_group_name=resource_group.name,
agent_pool_profiles=[{
"count": 3,
"max_pods": 110,
"mode": "System",
"name": "agentpool",
"node_labels": {},
def __init__(self, name: str, opts: ResourceOptions = None):
super().__init__('custom:resource:LibvirtHost', name, {}, opts)
basename = f"{name}-kvm"
username = "******"
computername = "kvmhost"
# Resource group, etc for the KVM host
resource_group = resources.ResourceGroup(
f"{basename}-rg", opts=ResourceOptions(parent=self))
net = network.VirtualNetwork(f"{basename}-net",
resource_group_name=resource_group.name,
address_space=network.AddressSpaceArgs(
address_prefixes=["10.0.0.0/16"], ),
subnets=[
network.SubnetArgs(
name="default",
address_prefix="10.0.1.0/24",
)
],
opts=ResourceOptions(parent=self))
public_ip = network.PublicIPAddress(
f"{basename}-ip",
resource_group_name=resource_group.name,
public_ip_allocation_method=network.IPAllocationMethod.DYNAMIC,
opts=ResourceOptions(parent=self))
network_iface = network.NetworkInterface(
f"{basename}-nic",
resource_group_name=resource_group.name,
ip_configurations=[
network.NetworkInterfaceIPConfigurationArgs(
name="serveripcfg",
subnet=network.SubnetArgs(id=net.subnets[0].id),
private_ip_allocation_method=network.IPAllocationMethod.
DYNAMIC,
public_ip_address=network.PublicIPAddressArgs(
id=public_ip.id),
)
],
opts=ResourceOptions(parent=self))
# SSH key for accessing the Azure VM that is going to be the KVM host.
ssh_key = tls.PrivateKey(f"{basename}-sshkey",
algorithm="RSA",
rsa_bits=4096,
opts=ResourceOptions(parent=self))
# Script to configure the kvm service on the kvm host
init_script = f"""#!/bin/bash
# Install KVM
sudo apt update
sudo apt-get -y install qemu-kvm libvirt-bin
# hack to account for this bug: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1677398
# Work around: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1677398/comments/42
sudo sed -i '$ a security_driver = "none"' /etc/libvirt/qemu.conf
sudo systemctl restart libvirt-bin
"""
vm = compute.VirtualMachine(
f"{basename}-vm",
resource_group_name=resource_group.name,
network_profile=compute.NetworkProfileArgs(network_interfaces=[
compute.NetworkInterfaceReferenceArgs(id=network_iface.id),
], ),
hardware_profile=compute.HardwareProfileArgs(
vm_size=compute.VirtualMachineSizeTypes.STANDARD_D4S_V3),
os_profile=compute.OSProfileArgs(
computer_name=computername,
admin_username=username,
custom_data=base64.b64encode(
init_script.encode("ascii")).decode("ascii"),
linux_configuration=compute.LinuxConfigurationArgs(
ssh=compute.SshConfigurationArgs(public_keys=[
compute.SshPublicKeyArgs(
key_data=ssh_key.public_key_openssh,
path=f"/home/{username}/.ssh/authorized_keys")
]))),
storage_profile=compute.StorageProfileArgs(
os_disk=compute.OSDiskArgs(
create_option=compute.DiskCreateOptionTypes.FROM_IMAGE, ),
image_reference=compute.ImageReferenceArgs(
publisher="canonical",
offer="UbuntuServer",
sku="18.04-LTS",
version="latest",
),
),
opts=ResourceOptions(parent=self))
# There's some delay between when Azure says the VM is ready and
# when the KVM/qemu service can start accepting connections.
# So, wait a bit to allow the KVM server to become fully ready.
# But only do the wait if the VM has been provisioned (i.e. not during a preview).
vm.provisioning_state.apply(lambda state: time.sleep(90))
public_ip_addr = vm.id.apply(
lambda _: network.get_public_ip_address_output(
public_ip_address_name=public_ip.name,
resource_group_name=resource_group.name))
# Create/update the private key file for the SSH remote connection URI.
def write_key_file(priv_key, key_file):
if (os.path.exists(key_file)):
os.chmod(key_file, 0o666)
f = open(key_file, "w")
f.write(priv_key)
f.close()
os.chmod(key_file, 0o400)
key_file = f"{basename}_server.priv"
ssh_key.private_key_pem.apply(
lambda priv_key: write_key_file(priv_key, key_file))
# Build the connection URI that is returned for use by the libvirt provider.
# See https://libvirt.org/uri.html#URI_remote for details on the remote URI options
self.libvirt_remote_uri = Output.concat(
"qemu+ssh://", username, "@", public_ip_addr.ip_address,
"/system?keyfile=./", key_file,
"&socket=/var/run/libvirt/libvirt-sock&no_verify=1")
# Return where the VM pool should be created.
# In this case, the "vm pool" is simply placed under the KVM host user's home folder
self.vm_pool_dir = f"/home/{username}/vms"
# Other values for convenience to output useful information
self.ip = public_ip_addr.ip_address
self.username = username
self.ssh_priv_key_file = key_file
self.register_outputs({})
import pulumi
import pulumi_aws as aws
import pulumi_tls as tls
import pulumi_random as random
from pulumi_vars import *
pet = random.RandomPet("key")
#pet.id.apply(lambda id: f"{id}"))
key = tls.PrivateKey(id + '_pkey', algorithm="RSA", ecdsa_curve="2048")
pulumi.export('public_key', key.public_key_openssh)
pulumi.export('private_key', key.private_key_pem)
pulumi.Output.all([key.private_key_pem]).apply(lambda key: f'key')
key.private_key_pem.apply(lambda key: f'key')
#private_key_pem_file = open(id + '_pkey.pem', 'w')
#private_key_pem_file.write(pulumi.Output.all([key.private_key_pem]).apply(lambda key: f'key'))
#private_key_pem_file.close()
keypair = aws.ec2.KeyPair(id + '_keypair', public_key=key.public_key_openssh)
"""A Python Pulumi program"""
import pulumi_tls as tls
key = tls.PrivateKey("my-private-key", algorithm="ECDSA", ecdsa_curve="P384")
ad_app = azuread.Application(f'{name}-aks-app', display_name=f'{name}-aks-app')
ad_sp = azuread.ServicePrincipal(f'{name}-aksSp',
application_id=ad_app.application_id)
# Generate random password
password = random.RandomPassword(f'{name}-password', length=20, special=True)
# Create the Service Principal Password
ad_sp_password = azuread.ServicePrincipalPassword(
f'{name}-aksSpPassword',
service_principal_id=ad_sp.id,
value=password.result,
end_date="2099-01-01T00:00:00Z")
# Generate an SSH key
ssh_key = tls.PrivateKey(f'{name}-ssh-key', algorithm="RSA", rsa_bits=4096)
# Create cluster
managed_cluster_name = config.get("managedClusterName")
if managed_cluster_name is None:
managed_cluster_name = f'{name}-azure-native-aks'
# Create network
mynetwork = network.VirtualNetwork(
f'{name}-vnet',
resource_group_name=resource_group.name,
location=resource_group.location,
address_space=network.AddressSpaceArgs(address_prefixes=["10.0.0.0/20"], ),
#opts=ResourceOptions(ignore_changes=["subnet1", "subnet2"])
)
import pulumi
import pulumi_aws as aws
import pulumi_tls as tls
example_private_key = tls.PrivateKey("examplePrivateKey", algorithm="RSA")
example_self_signed_cert = tls.SelfSignedCert(
"exampleSelfSignedCert",
allowed_uses=[
"key_encipherment",
"digital_signature",
"server_auth",
],
key_algorithm="RSA",
private_key_pem=example_private_key.private_key_pem,
subjects=[{
"commonName": "example.com",
"organization": "ACME Examples, Inc",
}],
validity_period_hours=12)
cert = aws.acm.Certificate("cert",
certificate_body=example_self_signed_cert.cert_pem,
private_key=example_private_key.private_key_pem)
