def create_app_secret(app: Application, purpose: str, expiry_duration_in_days=365):
secret = RandomPassword("password", length=16, override_special="_%@", special=True)
expiry = (datetime.utcnow() + timedelta(days=expiry_duration_in_days)).isoformat() + "Z" # TODO: Hack
password = ApplicationPassword("app_password",
application_object_id=app.object_id,
description=purpose,
value=secret.result,
end_date=expiry)
return password
from pulumi_kubernetes.apps.v1 import Deployment
from pulumi_kubernetes.core.v1 import Service
from pulumi_random import RandomPassword
# Read in some configurable settings for our cluster:
config = Config(None)
# nodeCount is the number of cluster nodes to provision. Defaults to 3 if unspecified.
NODE_COUNT = config.get('node_count') or 3
# nodeMachineType is the machine type to use for cluster nodes. Defaults to n1-standard-1 if unspecified.
# See https://cloud.google.com/compute/docs/machine-types for more details on available machine types.
NODE_MACHINE_TYPE = config.get('node_machine_type') or 'n1-standard-1'
# username is the admin username for the cluster.
USERNAME = config.get('username') or 'admin'
# password is the password for the admin user in the cluster.
PASSWORD = config.get_secret('password') or RandomPassword(
"password", length=20, special=True).result
# master version of GKE engine
MASTER_VERSION = config.get('master_version')
# Now, actually create the GKE cluster.
k8s_cluster = Cluster(
'gke-cluster',
initial_node_count=NODE_COUNT,
node_version=MASTER_VERSION,
min_master_version=MASTER_VERSION,
master_auth={
'username': USERNAME,
'password': PASSWORD
},
node_config={
'machine_type':
password and key pair.
"""
from pulumi import Config
from pulumi_random import RandomPassword
from pulumi_tls import PrivateKey
config = Config()
k8s_version = config.get('k8sVersion') or '1.18.14'
password = config.get('password') or RandomPassword('pw',
length=20, special=True)
generated_key_pair = PrivateKey('ssh-key',
algorithm='RSA', rsa_bits=4096)
admin_username = config.get('adminUserName') or 'testuser'
ssh_public_key = config.get('sshPublicKey') or \
generated_key_pair.public_key_openssh
node_count = config.get_int('nodeCount') or 2
workmail_group = Group(name="freelancer-emails",
organization_id=workmail_org_id,
group_name='freelancer-emails',
group_email=workmail_group_email)
org_account = AWSOrganizationAccount(
"Nuage-account",
account_unit_id=org_account_unit.id,
account_name=org_account_name,
account_email=org_account_email,
account_access_role_name=org_account_access_role_name,
workmail_org_id=workmail_org_id,
workmail_group_id=workmail_group.group_id)
org_user_password = RandomPassword("org-account-user-password",
length=16,
override_special="_%@",
special=True)
org_user = AWSOrganizationAccountUser(
"org-account-user",
account_id=org_account.account_id,
account_name=org_account_name,
access_role_name=org_account_access_role_name,
username=org_account_username,
password=org_user_password.result,
user_policy_arn="arn:aws:iam::aws:policy/AdministratorAccess")
password = pulumi.Output.secret(org_user.password)
pulumi.export("console_url", org_user.console_url)
pulumi.export("username", org_user.username)
from pulumi_kubernetes.apps.v1 import Deployment
from pulumi_kubernetes.core.v1 import ConfigMap, Pod, Service, Namespace
# Read in configurable settings for our cluster:
config = pulumi.Config(None)
# PREFIX = config.require("prefix") or ''
# nodeCount is the number of cluster nodes to provision.
KUBEFLOW_VERSION = config.get('kubeflow_version') or '0.6'
#
AMI = config.get('ami') or 'ami-08739803f18dcc019'
#
KEYPAIR = config.get('keypair') or 'kfp'
#
PASSWORD = config.get_secret('password') or RandomPassword(
"password", length=16, override_special="/@\" ", special=True).result
#
TEMPLATE_URL = config.get(
'template_url'
) or 'https://amazon-eks.s3-us-west-2.amazonaws.com/cloudformation/2019-02-11/amazon-eks-nodegroup.yaml'
# Instance type(s) of the AMI
INSTANCE_TYPE = config.get('instance_type') or 't3.medium'
# https://learn.hashicorp.com/terraform/aws/eks-intro#worker-node-autoscaling-group
# https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/launch_configuration.html.markdown
# https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/iam_instance_profile.html.markdown
eks_role = iam.Role(
'eks-role',
assume_role_policy=
'{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"sts:AssumeRole\"],\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"eks.amazonaws.com\"]}}]}',
"""
Generate the passwords we will use in the rest of the project
"""
import pulumi
from pulumi_random import RandomPassword
env = pulumi.get_stack()
mysqlRootPassword = RandomPassword(
f"nextcloud-mysql-root-password-{env}",
length=16,
override_special="_%@",
special=True
)
mysqlNextcloudPassword = RandomPassword(
f"nextcloud-mysql-nextcloud-password-{env}",
length=16,
override_special="_%@",
special=True
)
pulumi.export('mysql_root_passwd', mysqlRootPassword.result)
pulumi.export('mysql_nextcloud_passwd', mysqlNextcloudPassword.result)