location = config.get("location") or "east us" subscription_id = authorization.get_client_config().subscription_id # Create Azure AD Application for AKS app = azuread.Application(f"{prefix}-aks-app", display_name=f"{prefix}-aks-app") # Create service principal for the application so AKS can act on behalf of the application sp = azuread.ServicePrincipal("aks-sp", application_id=app.application_id) # Create the service principal password sppwd = azuread.ServicePrincipalPassword("aks-sp-pwd", service_principal_id=sp.id, end_date="2099-01-01T00:00:00Z") rg = resources.ResourceGroup(f"{prefix}-rg", location=location) vnet = network.VirtualNetwork(f"{prefix}-vnet", location=rg.location, resource_group_name=rg.name, address_space={ "address_prefixes": ["10.0.0.0/16"], }) subnet = network.Subnet(f"{prefix}-subnet", resource_group_name=rg.name, address_prefix="10.0.0.0/24", virtual_network_name=vnet.name) subnet_assignment = authorization.RoleAssignment( "subnet-permissions",
"""An Azure RM Python Pulumi program""" import pulumi from pulumi_azure_native import storage from pulumi_azure_native import resources # Create an Azure Resource Group resource_group = resources.ResourceGroup('cloudskills-rg') # Create an Azure resource (Storage Account) account = storage.StorageAccount('sa', resource_group_name=resource_group.name, sku=storage.SkuArgs( name=storage.SkuName.STANDARD_LRS, ), kind=storage.Kind.STORAGE_V2) # Export the primary key of the Storage Account primary_key = pulumi.Output.all(resource_group.name, account.name) \ .apply(lambda args: storage.list_storage_account_keys( resource_group_name=args[0], account_name=args[1] )).apply(lambda accountKeys: accountKeys.keys[0].value) pulumi.export("primary_storage_key", primary_key)
import pulumi from pulumi_azure_native import resources from pulumi_azure_native import storage # Create an Azure Resource Group resource_group = resources.ResourceGroup('my-resourcegroup') # Create an Azure resource (Storage Account) account = storage.StorageAccount('storageaccount', resource_group_name=resource_group.name, sku=storage.SkuArgs(name=storage.SkuName.STANDARD_LRS,), kind=storage.Kind.STORAGE_V2)
import pulumi from pulumi_azure_native import resources from pulumi_azure_native import storage from pulumi_azure_native import web # Create an Azure Resource Group resource_group = resources.ResourceGroup('resourcegroup_functions_py') # Create a Storage Account account = storage.StorageAccount('storageaccount', resource_group_name=resource_group.name, sku=storage.SkuArgs( name=storage.SkuName.STANDARD_LRS, ), kind=storage.Kind.STORAGE_V2) # Create a consumption plan # Consumption plan must be linux for python: https://docs.microsoft.com/en-us/azure/azure-functions/functions-scale#operating-systemruntime plan = web.AppServicePlan( "consumption-plan", resource_group_name=resource_group.name, location=resource_group.location, kind="functionapp", reserved= True, # This is an Azure Requirement for PYTHON. The function can only run on Linux. sku=web.SkuDescriptionArgs(name="Y1", tier="Dynamic", size="Y1", family="Y", capacity=0)) # Export the Azure Resource Group
import base64 import pulumi from pulumi.resource import ResourceOptions from pulumi_azure_native import resources, containerservice, network from pulumi_azure_native.network import virtual_network import pulumi_azuread as azuread import pulumi_random as random import pulumi_tls as tls config = pulumi.Config() name = "shaht" # Create new resource group resource_group = resources.ResourceGroup(f'{name}-azure-native-py-aks') # Create an AD service principal ad_app = azuread.Application(f'{name}-aks-app', display_name=f'{name}-aks-app') ad_sp = azuread.ServicePrincipal(f'{name}-aksSp', application_id=ad_app.application_id) # Generate random password password = random.RandomPassword(f'{name}-password', length=20, special=True) # Create the Service Principal Password ad_sp_password = azuread.ServicePrincipalPassword( f'{name}-aksSpPassword', service_principal_id=ad_sp.id, value=password.result, end_date="2099-01-01T00:00:00Z")
# Copyright 2016-2021, Pulumi Corporation. All rights reserved. import pulumi from pulumi_azure_native import resources, containerservice import pulumi_azuread as ad config = pulumi.Config() password = config.get_secret("password") ssh_public_key = config.require("sshPublicKey") location = config.get("location") or "eastus" resource_group = resources.ResourceGroup("aks", location=location) ad_app = ad.Application( "aks", display_name="my-aks-multicluster", ) ad_sp = ad.ServicePrincipal("aksSp", application_id=ad_app.application_id) ad_sp_password = ad.ServicePrincipalPassword("aksSpPassword", service_principal_id=ad_sp.id, value=password, end_date="2099-01-01T00:00:00Z") aks_cluster_configs = [ { "name": "east", "location": "eastus", "node_count": 2, "node_size":
from pulumi_azure_native import resources from pulumi_azure_native import network from pulumi_azure_native import containerservice from pulumi_azure_native import compute # Setting up variables prefix_name = "pulumiAKS" vnet_ip_range = "192.168.0.0/16" aks_ip_range = "192.168.0.0/20" vm_ip_range = "192.168.16.0/24" ssh_key = "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAslS5LnoCJlj8OE4VncUK2iP6YhVT/RmeNkvP3VTd/GbiZd384wrD0rzr3MwEgMm4ZkjUQno54x+bpRhIFDha4Kj89cs7LwuPHZSkXLF+aVydxy2nu464TmflnhVVW71wLE9E3bCUxmh5+IZ3sJ8is2XQMuC1IHiIoEMFc+buMTG+kVc3f+VaJ5ZT+bFPjqs816YBPTSZRmUjzfwRcLIRXvlVxlFsMckhSTa7xCCxunsGKITOnqmlk/vIWr/bKfev6RD+qV8DFquM0zxquwcSv5ERXE384m6ESJ/YJ4IN5P14CDWT3pdZtwM1jOaL/zPyMHbamk5iTPLfuPao740plQ==" # Create an Azure Resource Group resource_group = resources.ResourceGroup(prefix_name + "-rg", resource_group_name=(prefix_name + "-rg")) # Create network security group nsg = network.NetworkSecurityGroup(resource_name=(prefix_name + "-nsg"), network_security_group_name=(prefix_name + "-nsg"), resource_group_name=resource_group.name, security_rules=[ network.SecurityRuleArgs( access="Allow", destination_address_prefix="*", destination_port_range="22", direction="Inbound", name="Allow-SSH", priority=130,
import pulumi_azure_native.insights as insights import pulumi_azure_native.resources as resource import pulumi_azure_native.sql as sql import pulumi_azure_native.storage as storage import pulumi_azure_native.web as web from pulumi import Config, Output, asset, export from pulumi_azure_native.storage import (BlobContainer, PublicAccess, StorageAccount) username = "******" config = Config() pwd = config.require("sqlPassword") resource_group = resource.ResourceGroup("appservicerg") storage_account = storage.StorageAccount( "appservicesa", resource_group_name=resource_group.name, kind=storage.Kind.STORAGE_V2, sku=storage.SkuArgs(name=storage.SkuName.STANDARD_LRS)) app_service_plan = web.AppServicePlan("appservice-asp", resource_group_name=resource_group.name, kind="App", sku=web.SkuDescriptionArgs( tier="Basic", name="B1", )) storage_container = BlobContainer("appservice-c",
"""An Azure RM Python Pulumi program""" import pulumi from pulumi_azure_native import storage from pulumi_azure_native import resources # Create an Azure Resource Group resource_group = resources.ResourceGroup('michaellevan-rg') # Create an Azure resource (Storage Account) account = storage.StorageAccount('sa', resource_group_name=resource_group.name, sku=storage.SkuArgs( name=storage.SkuName.STANDARD_LRS, ), kind=storage.Kind.STORAGE_V2) # Export the primary key of the Storage Account primary_key = pulumi.Output.all(resource_group.name, account.name) \ .apply(lambda args: storage.list_storage_account_keys( resource_group_name=args[0], account_name=args[1] )).apply(lambda accountKeys: accountKeys.keys[0].value) pulumi.export("primary_storage_key", primary_key)
location = config.get('location') # The privateKey associated with the selected key must be provided (either directly or base64 encoded), # along with an optional passphrase if needed. def decode_key(key): if key.startswith('-----BEGIN RSA PRIVATE KEY-----'): return key return key.encode('ascii') private_key = config.require_secret('privateKey').apply(decode_key) private_key_passphrase = config.get_secret('privateKeyPassphrase') # Create a resource group to hold project resources. resource_group = resources.ResourceGroup("minecraft") # Create a virtual network resource. net = network.VirtualNetwork( "server-network", resource_group_name=resource_group.name, address_space=network.AddressSpaceArgs( address_prefixes=["10.0.0.0/16"], ), subnets=[network.SubnetArgs( name="default", address_prefix="10.0.0.0/24", )] ) # Create a public IP to enable access on the Internet.
## Exercise 1: Export the resource group name as a stack output # Doc: https://www.pulumi.com/docs/intro/concepts/stack/#outputs ## Exercise 2: Use stack configuration to set the resource group name instead of the hard-coded 'resource_group' # Doc: https://www.pulumi.com/docs/intro/concepts/config/#code # Hint: Require a configuration parameter named "base_name" that you can then use as a basis for resource names. ## (Optional) Exercise 3: Use explicit naming for the resource group instead of autonaming. # Note: This means you have to prevent resource naming conflicts. # Hint: Resources have a "_name" property that allows you to override autonaming. # Doc: https://www.pulumi.com/docs/reference/pkg/azure-native/resources/resourcegroup/ import pulumi from pulumi_azure_native import resources ## Exercise 2 ## config = pulumi.Config() base_name = config.require("base_name") ## Exercise 2 ## # Create an Azure Resource Group ## Exercise 2 ## resource_group = resources.ResourceGroup(f"{base_name}-rg") ## Exercise 2 ## ## Exercise 1 ## pulumi.export("rg_name", resource_group.name) ## Exercise 1 ##
# Copyright 2016-2020, Pulumi Corporation. All rights reserved. import base64 from pulumi import Config, Output, export import pulumi_azure_native.compute as compute import pulumi_azure_native.network as network import pulumi_azure_native.resources as resources config = Config() username = config.require("username") password = config.require("password") resource_group = resources.ResourceGroup("server") net = network.VirtualNetwork("server-network", resource_group_name=resource_group.name, address_space=network.AddressSpaceArgs( address_prefixes=["10.0.0.0/16"], ), subnets=[ network.SubnetArgs( name="default", address_prefix="10.0.1.0/24", ) ]) public_ip = network.PublicIPAddress( "server-ip", resource_group_name=resource_group.name, public_ip_allocation_method=network.IPAllocationMethod.DYNAMIC) network_iface = network.NetworkInterface(
"""An Azure RM Python Pulumi program""" import pulumi from pulumi_azure_native import resources from pulumi_azure_native import web # Resource Group - https://www.pulumi.com/docs/reference/pkg/azure-native/resources/resourcegroup/ demo_resource_group = resources.ResourceGroup("rg-aelia-dev-westus2-001", location="West US 2") # App Service Plan - https://www.pulumi.com/docs/reference/pkg/azure-native/web/appserviceplan/ demo_plan = web.AppServicePlan("sp-aelia-dev-westus2-001", location=demo_resource_group.location, resource_group_name=demo_resource_group.name, kind="Linux", reserved=True, sku=web.SkuDescriptionArgs(tier="Free", name="F1", size="F1")) # App Service - https://www.pulumi.com/docs/reference/pkg/azure-native/web/webapp/ demo_app_service = web.WebApp("app-aelia-dev-westus2-001", location=demo_resource_group.location, resource_group_name=demo_resource_group.name, server_farm_id=demo_plan.id, site_config={ "linuxFxVersion": "DOCKER|ghcr.io/boredtweak/webapi:latest", "use32BitWorkerProcess": True, })
# Copyright 2016-2021, Pulumi Corporation. All rights reserved. import base64 import pulumi from pulumi_azure_native import resources, containerservice import pulumi_azuread as azuread import pulumi_random as random import pulumi_tls as tls config = pulumi.Config() # Create new resource group resource_group = resources.ResourceGroup("azure-native-py-aks") # Create an AD service principal ad_app = azuread.Application("aks", display_name="aks") ad_sp = azuread.ServicePrincipal("aksSp", application_id=ad_app.application_id) # Generate random password password = random.RandomPassword("password", length=20, special=True) # Create the Service Principal Password ad_sp_password = azuread.ServicePrincipalPassword( "aksSpPassword", service_principal_id=ad_sp.id, value=password.result, end_date="2099-01-01T00:00:00Z") # Generate an SSH key ssh_key = tls.PrivateKey("ssh-key", algorithm="RSA", rsa_bits=4096)
# Copyright 2016-2020, Pulumi Corporation. All rights reserved. import pulumi import pulumi_azure_native.authorization as authorization import pulumi_azure_native.storage as storage import pulumi_azure_native.synapse as synapse import pulumi_azure_native.resources as resources import pulumi_random as random config = pulumi.Config() resource_group = resources.ResourceGroup("synapse-rg") storage_account = storage.StorageAccount( "synapsesa", resource_group_name=resource_group.name, access_tier=storage.AccessTier.HOT, enable_https_traffic_only=True, is_hns_enabled=True, kind=storage.Kind.STORAGE_V2, sku=storage.SkuArgs(name=storage.SkuName.STANDARD_RAGRS, )) data_lake_storage_account_url = storage_account.name.apply( lambda name: f"https://{name}.dfs.core.windows.net") users = storage.BlobContainer("users", resource_group_name=resource_group.name, account_name=storage_account.name, public_access=storage.PublicAccess.NONE) workspace = synapse.Workspace(
k8s_version = config.get('k8sVersion') or '1.18.14' admin_username = config.get('adminUserName') or 'testuser' node_count = config.get_int('nodeCount') or 2 node_size = config.get('nodeSize') or 'Standard_D2_v2' password = config.get_secret("password") if not password: rando_password = random.RandomPassword( 'password', length=16, special=True, override_special='@_#', ) password = rando_password.result # Resource Group resource_group = resources.ResourceGroup('rg') ### AKS Cluster Related Resources generated_key_pair = PrivateKey('ssh-key', algorithm='RSA', rsa_bits=4096) ssh_public_key = generated_key_pair.public_key_openssh ad_app = azuread.Application('app', display_name='app') ad_sp = azuread.ServicePrincipal('service-principal', application_id=ad_app.application_id) ad_sp_password = azuread.ServicePrincipalPassword( 'sp-password', service_principal_id=ad_sp.id, value=password, end_date='2099-01-01T00:00:00Z') k8s_cluster = containerservice.ManagedCluster(
def __init__(self, name: str, opts: ResourceOptions = None): super().__init__('custom:resource:LibvirtHost', name, {}, opts) basename = f"{name}-kvm" username = "******" computername = "kvmhost" # Resource group, etc for the KVM host resource_group = resources.ResourceGroup( f"{basename}-rg", opts=ResourceOptions(parent=self)) net = network.VirtualNetwork(f"{basename}-net", resource_group_name=resource_group.name, address_space=network.AddressSpaceArgs( address_prefixes=["10.0.0.0/16"], ), subnets=[ network.SubnetArgs( name="default", address_prefix="10.0.1.0/24", ) ], opts=ResourceOptions(parent=self)) public_ip = network.PublicIPAddress( f"{basename}-ip", resource_group_name=resource_group.name, public_ip_allocation_method=network.IPAllocationMethod.DYNAMIC, opts=ResourceOptions(parent=self)) network_iface = network.NetworkInterface( f"{basename}-nic", resource_group_name=resource_group.name, ip_configurations=[ network.NetworkInterfaceIPConfigurationArgs( name="serveripcfg", subnet=network.SubnetArgs(id=net.subnets[0].id), private_ip_allocation_method=network.IPAllocationMethod. DYNAMIC, public_ip_address=network.PublicIPAddressArgs( id=public_ip.id), ) ], opts=ResourceOptions(parent=self)) # SSH key for accessing the Azure VM that is going to be the KVM host. ssh_key = tls.PrivateKey(f"{basename}-sshkey", algorithm="RSA", rsa_bits=4096, opts=ResourceOptions(parent=self)) # Script to configure the kvm service on the kvm host init_script = f"""#!/bin/bash # Install KVM sudo apt update sudo apt-get -y install qemu-kvm libvirt-bin # hack to account for this bug: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1677398 # Work around: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1677398/comments/42 sudo sed -i '$ a security_driver = "none"' /etc/libvirt/qemu.conf sudo systemctl restart libvirt-bin """ vm = compute.VirtualMachine( f"{basename}-vm", resource_group_name=resource_group.name, network_profile=compute.NetworkProfileArgs(network_interfaces=[ compute.NetworkInterfaceReferenceArgs(id=network_iface.id), ], ), hardware_profile=compute.HardwareProfileArgs( vm_size=compute.VirtualMachineSizeTypes.STANDARD_D4S_V3), os_profile=compute.OSProfileArgs( computer_name=computername, admin_username=username, custom_data=base64.b64encode( init_script.encode("ascii")).decode("ascii"), linux_configuration=compute.LinuxConfigurationArgs( ssh=compute.SshConfigurationArgs(public_keys=[ compute.SshPublicKeyArgs( key_data=ssh_key.public_key_openssh, path=f"/home/{username}/.ssh/authorized_keys") ]))), storage_profile=compute.StorageProfileArgs( os_disk=compute.OSDiskArgs( create_option=compute.DiskCreateOptionTypes.FROM_IMAGE, ), image_reference=compute.ImageReferenceArgs( publisher="canonical", offer="UbuntuServer", sku="18.04-LTS", version="latest", ), ), opts=ResourceOptions(parent=self)) # There's some delay between when Azure says the VM is ready and # when the KVM/qemu service can start accepting connections. # So, wait a bit to allow the KVM server to become fully ready. # But only do the wait if the VM has been provisioned (i.e. not during a preview). vm.provisioning_state.apply(lambda state: time.sleep(90)) public_ip_addr = vm.id.apply( lambda _: network.get_public_ip_address_output( public_ip_address_name=public_ip.name, resource_group_name=resource_group.name)) # Create/update the private key file for the SSH remote connection URI. def write_key_file(priv_key, key_file): if (os.path.exists(key_file)): os.chmod(key_file, 0o666) f = open(key_file, "w") f.write(priv_key) f.close() os.chmod(key_file, 0o400) key_file = f"{basename}_server.priv" ssh_key.private_key_pem.apply( lambda priv_key: write_key_file(priv_key, key_file)) # Build the connection URI that is returned for use by the libvirt provider. # See https://libvirt.org/uri.html#URI_remote for details on the remote URI options self.libvirt_remote_uri = Output.concat( "qemu+ssh://", username, "@", public_ip_addr.ip_address, "/system?keyfile=./", key_file, "&socket=/var/run/libvirt/libvirt-sock&no_verify=1") # Return where the VM pool should be created. # In this case, the "vm pool" is simply placed under the KVM host user's home folder self.vm_pool_dir = f"/home/{username}/vms" # Other values for convenience to output useful information self.ip = public_ip_addr.ip_address self.username = username self.ssh_priv_key_file = key_file self.register_outputs({})
# Copyright 2016-2021, Pulumi Corporation. All rights reserved. import pulumi from pulumi_azure_native import containerinstance from pulumi_azure_native import resources resource_group = resources.ResourceGroup("resourceGroup") image_name = "mcr.microsoft.com/azuredocs/aci-helloworld" container_group = containerinstance.ContainerGroup( "containerGroup", resource_group_name=resource_group.name, os_type="Linux", containers=[ containerinstance.ContainerArgs( name="acilinuxpublicipcontainergroup", image=image_name, ports=[containerinstance.ContainerPortArgs(port=80)], resources=containerinstance.ResourceRequirementsArgs( requests=containerinstance.ResourceRequestsArgs( cpu=1.0, memory_in_gb=1.5, )), ) ], ip_address=containerinstance.IpAddressArgs( ports=[containerinstance.PortArgs( port=80, protocol="Tcp", )], type="Public",
import pulumi from pulumi_azure_native import resources from pulumi_azure_native import storage from pulumi_azure_native import web from pulumi import Output # Create an Azure Resource Group resource_group = resources.ResourceGroup('resourcegroup_functionapp') # Create a Storage Account account = storage.StorageAccount('storageaccount', resource_group_name=resource_group.name, sku=storage.SkuArgs( name=storage.SkuName.STANDARD_LRS, ), kind=storage.Kind.STORAGE_V2) # Create a consumption plan plan = web.AppServicePlan( "consumption-plan", resource_group_name=resource_group.name, location=resource_group.location, kind="functionapp", reserved=True, # This is REQUIRED for PYTHON. It can only run on Linux. sku=web.SkuDescriptionArgs(name="Y1", tier="Dynamic", size="Y1", family="Y", capacity=0)) # Export the Azure Resource Group pulumi.export('resourcegroup', resource_group.name)