import base64 import pulumi from pulumi_azure_native import resources, containerservice import pulumi_azuread as azuread import pulumi_random as random import pulumi_tls as tls config = pulumi.Config() # Create new resource group resource_group = resources.ResourceGroup("azure-native-py-aks") # Create an AD service principal ad_app = azuread.Application("aks", display_name="aks") ad_sp = azuread.ServicePrincipal("aksSp", application_id=ad_app.application_id) # Generate random password password = random.RandomPassword("password", length=20, special=True) # Create the Service Principal Password ad_sp_password = azuread.ServicePrincipalPassword( "aksSpPassword", service_principal_id=ad_sp.id, value=password.result, end_date="2099-01-01T00:00:00Z") # Generate an SSH key ssh_key = tls.PrivateKey("ssh-key", algorithm="RSA", rsa_bits=4096)
rando_password = random.RandomPassword( 'password', length=16, special=True, override_special='@_#', ) password = rando_password.result # Resource Group resource_group = resources.ResourceGroup('rg') ### AKS Cluster Related Resources generated_key_pair = PrivateKey('ssh-key', algorithm='RSA', rsa_bits=4096) ssh_public_key = generated_key_pair.public_key_openssh ad_app = azuread.Application('app', display_name='app') ad_sp = azuread.ServicePrincipal('service-principal', application_id=ad_app.application_id) ad_sp_password = azuread.ServicePrincipalPassword( 'sp-password', service_principal_id=ad_sp.id, value=password, end_date='2099-01-01T00:00:00Z') k8s_cluster = containerservice.ManagedCluster( 'cluster', resource_group_name=resource_group.name, addon_profiles={ 'KubeDashboard': { 'enabled': True, },
config = pulumi.Config() use_sp_auth = config.get_bool('useServicePrincipalAuth') or False # Create a private ACR registry. rg = azure.core.ResourceGroup('myrg') registry = azure.containerservice.Registry('myregistry', resource_group_name=rg.name, admin_enabled=not use_sp_auth, sku='Basic') # Get registry info (creds and endpoint). image_name = registry.login_server.apply(lambda s: f'{s}/myapp') if use_sp_auth: sp = azuread.ServicePrincipal( 'mysp', application_id=azuread.Application('myspapp').application_id, ) sp_password = azuread.ServicePrincipalPassword( 'mysp-pass', service_principal_id=sp.id, value=random.RandomPassword( 'mypass', length=32, opts=pulumi.ResourceOptions( additional_secret_outputs=['result'])).result, end_date_relative='8760h', ) sp_auth = azure.authorization.Assignment( 'myauth', scope=registry.id, role_definition_name='acrpush',
from pulumi import Config, get_stack, export, Output import pulumi_azuread as ad import pulumi_random as random from pulumi_azure import core, containerservice config = Config() password = config.get_secret("password") or random.RandomPassword( "pwd", length=20, special=True).result ssh_public_key = config.require("sshPublicKey") resource_group = core.ResourceGroup("aksresourcegroup") ad_app = ad.Application("aks") ad_sp = ad.ServicePrincipal("aksSp", application_id=ad_app.application_id) ad_sp_password = ad.ServicePrincipalPassword("aksSpPassword", service_principal_id=ad_sp.id, value=password, end_date="2099-01-01T00:00:00Z") aks_cluster_config = [ { "name": "east", "location": "eastus", "node_count": 2, "node_size": "Standard_D2_v2" }, { "name": "west", "location": "westus",
import base64 import pulumi from pulumi import ResourceOptions from pulumi_azure_native import resources, containerservice, network, authorization import pulumi_azuread as azuread from pulumi_kubernetes import Provider config = pulumi.Config("aks-hello-world") prefix = config.require("prefix") password = config.require("password") ssh_public_key = config.require("sshkey") location = config.get("location") or "east us" subscription_id = authorization.get_client_config().subscription_id # Create Azure AD Application for AKS app = azuread.Application(f"{prefix}-aks-app", display_name=f"{prefix}-aks-app") # Create service principal for the application so AKS can act on behalf of the application sp = azuread.ServicePrincipal("aks-sp", application_id=app.application_id) # Create the service principal password sppwd = azuread.ServicePrincipalPassword("aks-sp-pwd", service_principal_id=sp.id, end_date="2099-01-01T00:00:00Z") rg = resources.ResourceGroup(f"{prefix}-rg", location=location) vnet = network.VirtualNetwork(f"{prefix}-vnet", location=rg.location, resource_group_name=rg.name, address_space={
# Copyright 2016-2021, Pulumi Corporation. All rights reserved. import pulumi from pulumi_azure_native import resources, containerservice import pulumi_azuread as ad config = pulumi.Config() password = config.get_secret("password") ssh_public_key = config.require("sshPublicKey") location = config.get("location") or "eastus" resource_group = resources.ResourceGroup("aks", location=location) ad_app = ad.Application( "aks", display_name="my-aks-multicluster", ) ad_sp = ad.ServicePrincipal("aksSp", application_id=ad_app.application_id) ad_sp_password = ad.ServicePrincipalPassword("aksSpPassword", service_principal_id=ad_sp.id, value=password, end_date="2099-01-01T00:00:00Z") aks_cluster_configs = [ { "name": "east", "location": "eastus", "node_count": 2, "node_size":
import base64 import pulumi from pulumi_azure_native import resources, containerservice import pulumi_azuread as azuread import pulumi_random as random import pulumi_tls as tls config = pulumi.Config() # Create new resource group resource_group = resources.ResourceGroup("azure-native-py-aks") # Create an AD service principal ad_app = azuread.Application("aks", None) ad_sp = azuread.ServicePrincipal("aksSp", application_id=ad_app.application_id) # Generate random password password = random.RandomPassword("password", length=20, special=True) # Create the Service Principal Password ad_sp_password = azuread.ServicePrincipalPassword( "aksSpPassword", service_principal_id=ad_sp.id, value=password.result, end_date="2099-01-01T00:00:00Z") # Generate an SSH key ssh_key = tls.PrivateKey("ssh-key", algorithm="RSA", rsa_bits=4096)
def __init__(self, name: str, args: ClusterArgs, opts: ResourceOptions = None): # Leave this line. You can modify 'customer:resoure:Cluster' if you want super().__init__('custom:resource:Cluster', name, {}, opts) # Create the resources. # Be sure to set a ResourceOption(parent=self) and prefix anything you want to return as an output with "self." # Example: # resource_group = resources.ResourceGroup('rg', opts=ResourceOptions(parent=self)) # self.rg_name = resource_group.name ### AKS Cluster Related Resources generated_key_pair = PrivateKey(f'{name}-ssh-key', algorithm='RSA', rsa_bits=4096, opts=ResourceOptions(parent=self)) ssh_public_key = generated_key_pair.public_key_openssh ad_app = azuread.Application('app', display_name='app', opts=ResourceOptions(parent=self)) ad_sp = azuread.ServicePrincipal('service-principal', application_id=ad_app.application_id, opts=ResourceOptions(parent=self)) ad_sp_password = azuread.ServicePrincipalPassword( 'sp-pwd', service_principal_id=ad_sp.id, value=args.password, end_date='2099-01-01T00:00:00Z', opts=ResourceOptions(parent=self)) k8s_cluster = containerservice.ManagedCluster( f'{name}-k8s', resource_group_name=args.resource_group_name, addon_profiles={ 'KubeDashboard': { 'enabled': True, }, }, agent_pool_profiles=[{ 'count': args.node_count, 'max_pods': 20, 'mode': 'System', 'name': 'agentpool', 'node_labels': {}, 'os_disk_size_gb': 30, 'os_type': 'Linux', 'type': 'VirtualMachineScaleSets', 'vm_size': args.node_size, }], dns_prefix=args.resource_group_name, enable_rbac=True, kubernetes_version=args.k8s_version, linux_profile={ 'admin_username': args.admin_username, 'ssh': { 'publicKeys': [{ 'keyData': ssh_public_key, }], }, }, node_resource_group='node-resource-group', service_principal_profile={ 'client_id': ad_app.application_id, 'secret': ad_sp_password.value, }, opts=ResourceOptions(parent=self)) # Obtaining the kubeconfig from an Azure K8s cluster requires using the "list_managed_clsuter_user_credentials" # function. # That function requires passing values that are not be known until the resources are created. # Thus, the use of "apply()" to wait for those values before calling the function. creds = pulumi.Output.all( args.resource_group_name, k8s_cluster.name).apply( lambda args: containerservice. list_managed_cluster_user_credentials( resource_group_name=args[0], resource_name=args[1])) # The "list_managed_cluster_user_credentials" function returns an array of base64 encoded kubeconfigs. # So decode the kubeconfig for our cluster but mark it as a secret so Pulumi treats it accordingly. self.kubeconfig = pulumi.Output.secret( creds.kubeconfigs[0].value.apply( lambda enc: base64.b64decode(enc).decode())) ### End of Cluster Related Resources # End with this. It is used for display purposes. self.register_outputs({})
from pulumi.resource import ResourceOptions from pulumi_azure_native import resources, containerservice, network from pulumi_azure_native.network import virtual_network import pulumi_azuread as azuread import pulumi_random as random import pulumi_tls as tls config = pulumi.Config() name = "shaht" # Create new resource group resource_group = resources.ResourceGroup(f'{name}-azure-native-py-aks') # Create an AD service principal ad_app = azuread.Application(f'{name}-aks-app', display_name=f'{name}-aks-app') ad_sp = azuread.ServicePrincipal(f'{name}-aksSp', application_id=ad_app.application_id) # Generate random password password = random.RandomPassword(f'{name}-password', length=20, special=True) # Create the Service Principal Password ad_sp_password = azuread.ServicePrincipalPassword( f'{name}-aksSpPassword', service_principal_id=ad_sp.id, value=password.result, end_date="2099-01-01T00:00:00Z") # Generate an SSH key ssh_key = tls.PrivateKey(f'{name}-ssh-key', algorithm="RSA", rsa_bits=4096)