import base64
import pulumi
from pulumi_azure_native import resources, containerservice
import pulumi_azuread as azuread
import pulumi_random as random
import pulumi_tls as tls
config = pulumi.Config()
# Create new resource group
resource_group = resources.ResourceGroup("azure-native-py-aks")
# Create an AD service principal
ad_app = azuread.Application("aks", display_name="aks")
ad_sp = azuread.ServicePrincipal("aksSp", application_id=ad_app.application_id)
# Generate random password
password = random.RandomPassword("password", length=20, special=True)
# Create the Service Principal Password
ad_sp_password = azuread.ServicePrincipalPassword(
"aksSpPassword",
service_principal_id=ad_sp.id,
value=password.result,
end_date="2099-01-01T00:00:00Z")
# Generate an SSH key
ssh_key = tls.PrivateKey("ssh-key", algorithm="RSA", rsa_bits=4096)
rando_password = random.RandomPassword(
'password',
length=16,
special=True,
override_special='@_#',
)
password = rando_password.result
# Resource Group
resource_group = resources.ResourceGroup('rg')
### AKS Cluster Related Resources
generated_key_pair = PrivateKey('ssh-key', algorithm='RSA', rsa_bits=4096)
ssh_public_key = generated_key_pair.public_key_openssh
ad_app = azuread.Application('app', display_name='app')
ad_sp = azuread.ServicePrincipal('service-principal',
application_id=ad_app.application_id)
ad_sp_password = azuread.ServicePrincipalPassword(
'sp-password',
service_principal_id=ad_sp.id,
value=password,
end_date='2099-01-01T00:00:00Z')
k8s_cluster = containerservice.ManagedCluster(
'cluster',
resource_group_name=resource_group.name,
addon_profiles={
'KubeDashboard': {
'enabled': True,
},
config = pulumi.Config()
use_sp_auth = config.get_bool('useServicePrincipalAuth') or False
# Create a private ACR registry.
rg = azure.core.ResourceGroup('myrg')
registry = azure.containerservice.Registry('myregistry',
resource_group_name=rg.name,
admin_enabled=not use_sp_auth,
sku='Basic')
# Get registry info (creds and endpoint).
image_name = registry.login_server.apply(lambda s: f'{s}/myapp')
if use_sp_auth:
sp = azuread.ServicePrincipal(
'mysp',
application_id=azuread.Application('myspapp').application_id,
)
sp_password = azuread.ServicePrincipalPassword(
'mysp-pass',
service_principal_id=sp.id,
value=random.RandomPassword(
'mypass',
length=32,
opts=pulumi.ResourceOptions(
additional_secret_outputs=['result'])).result,
end_date_relative='8760h',
)
sp_auth = azure.authorization.Assignment(
'myauth',
scope=registry.id,
role_definition_name='acrpush',
from pulumi import Config, get_stack, export, Output
import pulumi_azuread as ad
import pulumi_random as random
from pulumi_azure import core, containerservice
config = Config()
password = config.get_secret("password") or random.RandomPassword(
"pwd", length=20, special=True).result
ssh_public_key = config.require("sshPublicKey")
resource_group = core.ResourceGroup("aksresourcegroup")
ad_app = ad.Application("aks")
ad_sp = ad.ServicePrincipal("aksSp", application_id=ad_app.application_id)
ad_sp_password = ad.ServicePrincipalPassword("aksSpPassword",
service_principal_id=ad_sp.id,
value=password,
end_date="2099-01-01T00:00:00Z")
aks_cluster_config = [
{
"name": "east",
"location": "eastus",
"node_count": 2,
"node_size": "Standard_D2_v2"
},
{
"name": "west",
"location": "westus",
import base64
import pulumi
from pulumi import ResourceOptions
from pulumi_azure_native import resources, containerservice, network, authorization
import pulumi_azuread as azuread
from pulumi_kubernetes import Provider
config = pulumi.Config("aks-hello-world")
prefix = config.require("prefix")
password = config.require("password")
ssh_public_key = config.require("sshkey")
location = config.get("location") or "east us"
subscription_id = authorization.get_client_config().subscription_id
# Create Azure AD Application for AKS
app = azuread.Application(f"{prefix}-aks-app",
display_name=f"{prefix}-aks-app")
# Create service principal for the application so AKS can act on behalf of the application
sp = azuread.ServicePrincipal("aks-sp", application_id=app.application_id)
# Create the service principal password
sppwd = azuread.ServicePrincipalPassword("aks-sp-pwd",
service_principal_id=sp.id,
end_date="2099-01-01T00:00:00Z")
rg = resources.ResourceGroup(f"{prefix}-rg", location=location)
vnet = network.VirtualNetwork(f"{prefix}-vnet",
location=rg.location,
resource_group_name=rg.name,
address_space={
# Copyright 2016-2021, Pulumi Corporation. All rights reserved.
import pulumi
from pulumi_azure_native import resources, containerservice
import pulumi_azuread as ad
config = pulumi.Config()
password = config.get_secret("password")
ssh_public_key = config.require("sshPublicKey")
location = config.get("location") or "eastus"
resource_group = resources.ResourceGroup("aks", location=location)
ad_app = ad.Application(
"aks",
display_name="my-aks-multicluster",
)
ad_sp = ad.ServicePrincipal("aksSp", application_id=ad_app.application_id)
ad_sp_password = ad.ServicePrincipalPassword("aksSpPassword",
service_principal_id=ad_sp.id,
value=password,
end_date="2099-01-01T00:00:00Z")
aks_cluster_configs = [
{
"name": "east",
"location": "eastus",
"node_count": 2,
"node_size":
import base64
import pulumi
from pulumi_azure_native import resources, containerservice
import pulumi_azuread as azuread
import pulumi_random as random
import pulumi_tls as tls
config = pulumi.Config()
# Create new resource group
resource_group = resources.ResourceGroup("azure-native-py-aks")
# Create an AD service principal
ad_app = azuread.Application("aks", None)
ad_sp = azuread.ServicePrincipal("aksSp", application_id=ad_app.application_id)
# Generate random password
password = random.RandomPassword("password", length=20, special=True)
# Create the Service Principal Password
ad_sp_password = azuread.ServicePrincipalPassword(
"aksSpPassword",
service_principal_id=ad_sp.id,
value=password.result,
end_date="2099-01-01T00:00:00Z")
# Generate an SSH key
ssh_key = tls.PrivateKey("ssh-key", algorithm="RSA", rsa_bits=4096)
def __init__(self,
name: str,
args: ClusterArgs,
opts: ResourceOptions = None):
# Leave this line. You can modify 'customer:resoure:Cluster' if you want
super().__init__('custom:resource:Cluster', name, {}, opts)
# Create the resources.
# Be sure to set a ResourceOption(parent=self) and prefix anything you want to return as an output with "self."
# Example:
# resource_group = resources.ResourceGroup('rg', opts=ResourceOptions(parent=self))
# self.rg_name = resource_group.name
### AKS Cluster Related Resources
generated_key_pair = PrivateKey(f'{name}-ssh-key',
algorithm='RSA',
rsa_bits=4096,
opts=ResourceOptions(parent=self))
ssh_public_key = generated_key_pair.public_key_openssh
ad_app = azuread.Application('app',
display_name='app',
opts=ResourceOptions(parent=self))
ad_sp = azuread.ServicePrincipal('service-principal',
application_id=ad_app.application_id,
opts=ResourceOptions(parent=self))
ad_sp_password = azuread.ServicePrincipalPassword(
'sp-pwd',
service_principal_id=ad_sp.id,
value=args.password,
end_date='2099-01-01T00:00:00Z',
opts=ResourceOptions(parent=self))
k8s_cluster = containerservice.ManagedCluster(
f'{name}-k8s',
resource_group_name=args.resource_group_name,
addon_profiles={
'KubeDashboard': {
'enabled': True,
},
},
agent_pool_profiles=[{
'count': args.node_count,
'max_pods': 20,
'mode': 'System',
'name': 'agentpool',
'node_labels': {},
'os_disk_size_gb': 30,
'os_type': 'Linux',
'type': 'VirtualMachineScaleSets',
'vm_size': args.node_size,
}],
dns_prefix=args.resource_group_name,
enable_rbac=True,
kubernetes_version=args.k8s_version,
linux_profile={
'admin_username': args.admin_username,
'ssh': {
'publicKeys': [{
'keyData': ssh_public_key,
}],
},
},
node_resource_group='node-resource-group',
service_principal_profile={
'client_id': ad_app.application_id,
'secret': ad_sp_password.value,
},
opts=ResourceOptions(parent=self))
# Obtaining the kubeconfig from an Azure K8s cluster requires using the "list_managed_clsuter_user_credentials"
# function.
# That function requires passing values that are not be known until the resources are created.
# Thus, the use of "apply()" to wait for those values before calling the function.
creds = pulumi.Output.all(
args.resource_group_name, k8s_cluster.name).apply(
lambda args: containerservice.
list_managed_cluster_user_credentials(
resource_group_name=args[0], resource_name=args[1]))
# The "list_managed_cluster_user_credentials" function returns an array of base64 encoded kubeconfigs.
# So decode the kubeconfig for our cluster but mark it as a secret so Pulumi treats it accordingly.
self.kubeconfig = pulumi.Output.secret(
creds.kubeconfigs[0].value.apply(
lambda enc: base64.b64decode(enc).decode()))
### End of Cluster Related Resources
# End with this. It is used for display purposes.
self.register_outputs({})
from pulumi.resource import ResourceOptions
from pulumi_azure_native import resources, containerservice, network
from pulumi_azure_native.network import virtual_network
import pulumi_azuread as azuread
import pulumi_random as random
import pulumi_tls as tls
config = pulumi.Config()
name = "shaht"
# Create new resource group
resource_group = resources.ResourceGroup(f'{name}-azure-native-py-aks')
# Create an AD service principal
ad_app = azuread.Application(f'{name}-aks-app', display_name=f'{name}-aks-app')
ad_sp = azuread.ServicePrincipal(f'{name}-aksSp',
application_id=ad_app.application_id)
# Generate random password
password = random.RandomPassword(f'{name}-password', length=20, special=True)
# Create the Service Principal Password
ad_sp_password = azuread.ServicePrincipalPassword(
f'{name}-aksSpPassword',
service_principal_id=ad_sp.id,
value=password.result,
end_date="2099-01-01T00:00:00Z")
# Generate an SSH key
ssh_key = tls.PrivateKey(f'{name}-ssh-key', algorithm="RSA", rsa_bits=4096)