private static Pulumi.AzureAD.ApplicationPassword DeployAppRegistrationClientSecret(Pulumi.AzureAD.Application functionAppRegistration)
{
return(new Pulumi.AzureAD.ApplicationPassword("balthazarappregistrationpwd",
new Pulumi.AzureAD.ApplicationPasswordArgs
{
ApplicationObjectId = functionAppRegistration.Id,
Description = "Function App Client Secret",
Value = Guid.NewGuid().ToString(),
StartDate = $"{DateTime.UtcNow:yyyy-MM-ddT00:00:00Z}",
EndDate = $"{DateTime.UtcNow.AddYears(5):yyyy-MM-ddT00:00:00Z}",
}
private static AzureResourceBag CreateBaseAzureInfrastructure(Config config)
{
var location = config.Require("azure-location");
var environment = config.Require("azure-tags-environment");
var owner = config.Require("azure-tags-owner");
var createdBy = config.Require("azure-tags-createdby");
var kubernetesVersion = config.Require("kubernetes-version");
var kubernetesNodeCount = config.RequireInt32("kubernetes-scaling-nodecount");
var sqlUser = config.RequireSecret("azure-sqlserver-username");
var sqlPassword = config.RequireSecret("azure-sqlserver-password");
var tags = new InputMap <string>
{
{ "Environment", environment },
{ "CreatedBy", createdBy },
{ "Owner", owner }
};
var resourceGroup = new ResourceGroup("pet-doctor-resource-group", new ResourceGroupArgs
{
Name = "pet-doctor",
Location = location,
Tags = tags
});
var vnet = new VirtualNetwork("pet-doctor-vnet", new VirtualNetworkArgs
{
ResourceGroupName = resourceGroup.Name,
Name = "petdoctorvnet",
AddressSpaces = { "10.0.0.0/8" },
Tags = tags
});
var subnet = new Subnet("pet-doctor-subnet", new SubnetArgs
{
ResourceGroupName = resourceGroup.Name,
Name = "petdoctorsubet",
AddressPrefixes = { "10.240.0.0/16" },
VirtualNetworkName = vnet.Name,
ServiceEndpoints = new InputList <string> {
"Microsoft.KeyVault", "Microsoft.Sql"
}
});
var registry = new Registry("pet-doctor-acr", new RegistryArgs
{
ResourceGroupName = resourceGroup.Name,
Name = "petdoctoracr",
Sku = "Standard",
AdminEnabled = true,
Tags = tags
});
var aksServicePrincipalPassword = new RandomPassword("pet-doctor-aks-ad-sp-password", new RandomPasswordArgs
{
Length = 20,
Special = true,
}).Result;
var clusterAdApp = new Application("pet-doctor-aks-ad-app", new ApplicationArgs
{
Name = "petdoctoraks"
});
var clusterAdServicePrincipal = new ServicePrincipal("aks-app-sp", new ServicePrincipalArgs
{
ApplicationId = clusterAdApp.ApplicationId
});
var clusterAdServicePrincipalPassword = new ServicePrincipalPassword("aks-app-sp-pwd", new ServicePrincipalPasswordArgs
{
ServicePrincipalId = clusterAdServicePrincipal.ObjectId,
EndDate = "2099-01-01T00:00:00Z",
Value = aksServicePrincipalPassword
});
// Grant networking permissions to the SP (needed e.g. to provision Load Balancers)
var subnetAssignment = new Assignment("pet-doctor-aks-sp-subnet-assignment", new AssignmentArgs
{
PrincipalId = clusterAdServicePrincipal.Id,
RoleDefinitionName = "Network Contributor",
Scope = subnet.Id
});
var acrAssignment = new Assignment("pet-doctor-aks-sp-acr-assignment", new AssignmentArgs
{
PrincipalId = clusterAdServicePrincipal.Id,
RoleDefinitionName = "AcrPull",
Scope = registry.Id
});
var logAnalyticsWorkspace = new AnalyticsWorkspace("pet-doctor-aks-log-analytics", new AnalyticsWorkspaceArgs
{
ResourceGroupName = resourceGroup.Name,
Name = "petdoctorloganalytics",
Sku = "PerGB2018",
Tags = tags
});
var logAnalyticsSolution = new AnalyticsSolution("pet-doctor-aks-analytics-solution", new AnalyticsSolutionArgs
{
ResourceGroupName = resourceGroup.Name,
SolutionName = "ContainerInsights",
WorkspaceName = logAnalyticsWorkspace.Name,
WorkspaceResourceId = logAnalyticsWorkspace.Id,
Plan = new AnalyticsSolutionPlanArgs
{
Product = "OMSGallery/ContainerInsights",
Publisher = "Microsoft"
}
});
var sshPublicKey = new PrivateKey("ssh-key", new PrivateKeyArgs
{
Algorithm = "RSA",
RsaBits = 4096,
});
var cluster = new KubernetesCluster("pet-doctor-aks", new KubernetesClusterArgs
{
ResourceGroupName = resourceGroup.Name,
Name = "petdoctoraks",
DnsPrefix = "dns",
KubernetesVersion = kubernetesVersion,
DefaultNodePool = new KubernetesClusterDefaultNodePoolArgs
{
Name = "aksagentpool",
NodeCount = kubernetesNodeCount,
VmSize = "Standard_D2_v2",
OsDiskSizeGb = 30,
VnetSubnetId = subnet.Id
},
LinuxProfile = new KubernetesClusterLinuxProfileArgs
{
AdminUsername = "******",
SshKey = new KubernetesClusterLinuxProfileSshKeyArgs
{
KeyData = sshPublicKey.PublicKeyOpenssh
}
},
ServicePrincipal = new KubernetesClusterServicePrincipalArgs
{
ClientId = clusterAdApp.ApplicationId,
ClientSecret = clusterAdServicePrincipalPassword.Value
},
RoleBasedAccessControl = new KubernetesClusterRoleBasedAccessControlArgs
{
Enabled = true
},
NetworkProfile = new KubernetesClusterNetworkProfileArgs
{
NetworkPlugin = "azure",
ServiceCidr = "10.2.0.0/24",
DnsServiceIp = "10.2.0.10",
DockerBridgeCidr = "172.17.0.1/16"
},
AddonProfile = new KubernetesClusterAddonProfileArgs
{
OmsAgent = new KubernetesClusterAddonProfileOmsAgentArgs
{
Enabled = true,
LogAnalyticsWorkspaceId = logAnalyticsWorkspace.Id
}
},
Tags = tags
});
var sqlServer = new SqlServer("pet-doctor-sql", new SqlServerArgs
{
ResourceGroupName = resourceGroup.Name,
Name = "petdoctorsql",
Tags = tags,
Version = "12.0",
AdministratorLogin = sqlUser,
AdministratorLoginPassword = sqlPassword
});
var sqlvnetrule = new VirtualNetworkRule("pet-doctor-sql", new VirtualNetworkRuleArgs
{
ResourceGroupName = resourceGroup.Name,
Name = "petdoctorsql",
ServerName = sqlServer.Name,
SubnetId = subnet.Id,
});
var appInsights = new Insights("pet-doctor-ai", new InsightsArgs
{
ApplicationType = "web",
Name = "petdoctor",
ResourceGroupName = resourceGroup.Name,
Tags = tags
});
var provider = new Provider("pet-doctor-aks-provider", new ProviderArgs
{
KubeConfig = cluster.KubeConfigRaw
});
return(new AzureResourceBag
{
ResourceGroup = resourceGroup,
SqlServer = sqlServer,
Cluster = cluster,
ClusterProvider = provider,
AppInsights = appInsights,
AksServicePrincipal = clusterAdServicePrincipal,
Subnet = subnet,
Registry = registry,
Tags = tags
});
}
