static (Output <string> username, Output <string> password) GetConfig() { var config = new Pulumi.Config(); var username = config.RequireSecret("sqlUsername"); var password = config.RequireSecret("sqlPassword"); return(username, password); }
static Task <int> Main() => Deployment.RunAsync(async() => { // Fetch the Docker Hub auth info from config. var config = new Pulumi.Config(); var username = config.Require("dockerUsername"); var password = config.RequireSecret("dockerPassword"); // Populate the registry info (creds and endpoint). var imageName = $"{username}/myapp"; var registryInfo = new ImageRegistry { Server = "docker.io", Username = username, Password = password, }; // Build and publish the app image. var image = new Image("my-image", new ImageArgs { ImageName = username + "/myapp", Build = new DockerBuild { Context = "app" }, Registry = registryInfo, }); // Export the resulting image name. return(new Dictionary <string, object> { { "imageName", image.ImageName }, }); });
public MyStack() { var config = new Pulumi.Config(); Pulumi.Log.Info($"mySecretKey: {config.RequireSecret("mySecretKey")}"); // Create an Azure Resource Group var resourceGroup = new ResourceGroup("resourceGroup"); // Create an Azure Storage Account var storageAccount = new Account("storage", new AccountArgs { ResourceGroupName = resourceGroup.Name, AccountReplicationType = "LRS", AccountTier = "Standard" }); // Export the connection string for the storage account this.ConnectionString = storageAccount.PrimaryConnectionString; }
static Task <int> Main(string[] args) { return(Pulumi.Deployment.RunAsync(() => { var config = new Pulumi.Config(); var pw = config.RequireSecret("message"); var rawPw = config.Require("message"); var cmData = new CoreV1.ConfigMap("cmdata", new ConfigMapArgs { Data = new InputMap <string> { { "password", pw }, } }); var cmBinaryData = new CoreV1.ConfigMap("cmbinarydata", new ConfigMapArgs { BinaryData = new InputMap <string> { { "password", pw.Apply(v => Base64Encode(v)) }, } }); var sStringData = new CoreV1.Secret("sstringdata", new SecretArgs { StringData = new InputMap <string> { { "password", rawPw } } }); var sData = new CoreV1.Secret("sdata", new SecretArgs { Data = new InputMap <string> { { "password", Base64Encode(rawPw) } } }); var name = $"test-{RandomString()}"; var secretYAML = $@" apiVersion: v1 kind: Secret metadata: name: {name} stringData: password: {rawPw} "; var cg = new Yaml.ConfigGroup("example", new Yaml.ConfigGroupArgs { Yaml = secretYAML }); var cgSecret = cg.GetResource <CoreV1.Secret>(name); return new Dictionary <string, object> { { "cmData", cmData.Data }, { "cmBinaryData", cmData.BinaryData }, { "sStringData", sStringData.StringData }, { "sData", sStringData.Data }, { "cgData", cgSecret.Apply(v => v.Data) }, }; })); }
public DevOpsInfra() { _config = new Config("ado"); #pragma warning disable Pulumi.InputMap <string> tags = JsonConvert.DeserializeObject <Dictionary <string, string> >(_config.RequireObject <JsonElement>("tags").ToString()); #region AzureNative.Resources.ResourceGroup (-rg) var resourceGroup = new Pulumi.AzureNative.Resources.ResourceGroup($"{_config.Require("resourceGroup")}-{_config.Require("env")}-rg-", new Pulumi.AzureNative.Resources.ResourceGroupArgs { Location = _config.Require("location"), Tags = tags, }); this.ResourceGroupName = resourceGroup.Name; #endregion #region NetworkSecurityGroup (-nsg) // NSGs can be connected to Subnets or Network cards (NICs). // When applied to the subnet, the NSG applies to all VMs on that subnet. If you apply only to the NIC card, just that one VM is affected. string myIp = new System.Net.WebClient().DownloadString("https://api.ipify.org"); var networkSecurityGroup = new Pulumi.AzureNative.Network.NetworkSecurityGroup($"{_config.Require("vnet.name")}-{_config.Require("env")}-nsg-", new Pulumi.AzureNative.Network.NetworkSecurityGroupArgs { ResourceGroupName = resourceGroup.Name, SecurityRules = { new Pulumi.AzureNative.Network.Inputs.SecurityRuleArgs { Name = "allow-rdp", Protocol = SecurityRuleProtocol.Tcp, SourcePortRange = "*", DestinationPortRange = "3389", SourceAddressPrefix = myIp, DestinationAddressPrefix = "*", Access = "Allow", Priority = 300, Direction = "Inbound", }, new Pulumi.AzureNative.Network.Inputs.SecurityRuleArgs { Name = "allow-http", // _config.Require("nsg.name"), Protocol = SecurityRuleProtocol.Tcp, SourcePortRange = "*", DestinationPortRange = "443", SourceAddressPrefix = "*", DestinationAddressPrefix = "*", Access = "Allow", Priority = 301, Direction = "Inbound", }, }, }); #endregion #region VirtualNetwork (-vnet) var network = new VirtualNetwork($"{_config.Require("vnet.name")}-{_config.Require("env")}-vnet-", new VirtualNetworkArgs { AddressSpace = new Pulumi.AzureNative.Network.Inputs.AddressSpaceArgs { AddressPrefixes = { _config.Require("vnet.cidr"), }, }, Location = _config.Require("location"), ResourceGroupName = resourceGroup.Name, Subnets = { new Pulumi.AzureNative.Network.Inputs.SubnetArgs { AddressPrefix = _config.Require("bastion.cidr"), Name = "AzureBastionSubnet", }, new Pulumi.AzureNative.Network.Inputs.SubnetArgs { AddressPrefix = _config.Require("snet.cidr"), Name = _config.Require("snet.name"), NetworkSecurityGroup = new Pulumi.AzureNative.Network.Inputs.NetworkSecurityGroupArgs { Id = networkSecurityGroup.Id, }, }, }, VirtualNetworkName = "AzureDevOps", // VirtualNetworkPeerings EnableDdosProtection = false, } ); #endregion #region PublicIp (-ip) var publicIp = new Pulumi.AzureNative.Network.PublicIPAddress($"bastion-{_config.Require("env")}-ip-", new Pulumi.AzureNative.Network.PublicIPAddressArgs { PublicIPAddressVersion = IPVersion.IPv4, PublicIPAllocationMethod = IPAllocationMethod.Static, IdleTimeoutInMinutes = 4, Location = _config.Require("location"), ResourceGroupName = resourceGroup.Name, Sku = new Pulumi.AzureNative.Network.Inputs.PublicIPAddressSkuArgs { Name = PublicIPAddressSkuName.Standard, Tier = PublicIPAddressSkuTier.Regional, }, }); var vmPublicIp = new Pulumi.AzureNative.Network.PublicIPAddress($"{_config.Require("agent.name")}-{_config.Require("env")}-ip-", new Pulumi.AzureNative.Network.PublicIPAddressArgs { PublicIPAddressVersion = IPVersion.IPv4, PublicIPAllocationMethod = IPAllocationMethod.Static, IdleTimeoutInMinutes = 4, Location = _config.Require("location"), ResourceGroupName = resourceGroup.Name, Sku = new Pulumi.AzureNative.Network.Inputs.PublicIPAddressSkuArgs { Name = PublicIPAddressSkuName.Standard, Tier = PublicIPAddressSkuTier.Regional, }, }); #endregion #region NetworkInterface (-nic) var networkInterface = new Pulumi.AzureNative.Network.NetworkInterface($"{_config.Require("agent.name")}-{_config.Require("env")}-nic-", new Pulumi.AzureNative.Network.NetworkInterfaceArgs { // AdoAgent has size Standard_B2s, which is not compatible with accelerated networking on network interface. // https://docs.microsoft.com/en-us/azure/virtual-network/create-vm-accelerated-networking-powershell // EnableAcceleratedNetworking = true, IpConfigurations = { new Pulumi.AzureNative.Network.Inputs.NetworkInterfaceIPConfigurationArgs { Name = "ipconfig1", Primary = true, PrivateIPAllocationMethod = IPAllocationMethod.Dynamic, PrivateIPAddressVersion = "IPv4", PublicIPAddress = new Pulumi.AzureNative.Network.Inputs.PublicIPAddressArgs { Id = vmPublicIp.Id, }, Subnet = new Pulumi.AzureNative.Network.Inputs.SubnetArgs { #pragma warning disable Id = network.Subnets.Apply(s => s[1].Id), }, }, }, Location = _config.Require("location"), ResourceGroupName = resourceGroup.Name, }); #endregion #region VirtualMachine (-vm) var vm = new Pulumi.AzureNative.Compute.VirtualMachine($"{_config.Require("agent.name")}-{_config.Require("env")}-vmi-", new Pulumi.AzureNative.Compute.VirtualMachineArgs { ResourceGroupName = resourceGroup.Name, HardwareProfile = new Pulumi.AzureNative.Compute.Inputs.HardwareProfileArgs { VmSize = _config.Require("vm.vmSize") }, VmName = "AdoAgent", DiagnosticsProfile = new Pulumi.AzureNative.Compute.Inputs.DiagnosticsProfileArgs { BootDiagnostics = new Pulumi.AzureNative.Compute.Inputs.BootDiagnosticsArgs { Enabled = true } }, NetworkProfile = new Pulumi.AzureNative.Compute.Inputs.NetworkProfileArgs { NetworkInterfaces = { new Pulumi.AzureNative.Compute.Inputs.NetworkInterfaceReferenceArgs { Id = networkInterface.Id, Primary = true, }, } }, StorageProfile = new Pulumi.AzureNative.Compute.Inputs.StorageProfileArgs { ImageReference = new Pulumi.AzureNative.Compute.Inputs.ImageReferenceArgs { Publisher = "MicrosoftWindowsServer", Offer = "WindowsServer", Sku = "2019-Datacenter-with-Containers-smalldisk", Version = "latest" }, OsDisk = new Pulumi.AzureNative.Compute.Inputs.OSDiskArgs { OsType = Pulumi.AzureNative.Compute.OperatingSystemTypes.Windows, Name = "system", CreateOption = Pulumi.AzureNative.Compute.DiskCreateOptionTypes.FromImage, Caching = Pulumi.AzureNative.Compute.CachingTypes.ReadWrite, ManagedDisk = new Pulumi.AzureNative.Compute.Inputs.ManagedDiskParametersArgs { StorageAccountType = Pulumi.AzureNative.Compute.StorageAccountTypes.Standard_LRS, }, DiskSizeGB = 100, }, DataDisks = { new Pulumi.AzureNative.Compute.Inputs.DataDiskArgs { Name = "Data", CreateOption = Pulumi.AzureNative.Compute.DiskCreateOptionTypes.Empty, DiskSizeGB = _config.RequireInt32("vm.diskSizeGB"), Lun = 0, Caching = Pulumi.AzureNative.Compute.CachingTypes.None, }, }, }, OsProfile = new Pulumi.AzureNative.Compute.Inputs.OSProfileArgs { ComputerName = _config.Require("agent.name"), AdminUsername = _config.Require("admin.user"), AdminPassword = _config.RequireSecret("admin.pw"), WindowsConfiguration = new Pulumi.AzureNative.Compute.Inputs.WindowsConfigurationArgs { ProvisionVMAgent = true, EnableAutomaticUpdates = true, PatchSettings = new Pulumi.AzureNative.Compute.Inputs.PatchSettingsArgs { PatchMode = Pulumi.AzureNative.Compute.WindowsVMGuestPatchMode.AutomaticByOS, EnableHotpatching = false, }, }, }, }); // new CustomResourceOptions { DeleteBeforeReplace = true }); #endregion #region BastionHost (-bas) // Azure Bastion is a fully managed PaaS service that provides secure and seamless RDP and SSH access to virtual machines through the Azure Portal. // A BastionHost is provisioned within a Virtual Network (VNet) to provid SSL access to all VMs in the VNet without exposure through public IP addresses. var bastionHost = new Pulumi.AzureNative.Network.BastionHost($"{_config.Require("vnet.name")}-{_config.Require("env")}-bas-", new Pulumi.AzureNative.Network.BastionHostArgs { Location = resourceGroup.Location, ResourceGroupName = resourceGroup.Name, IpConfigurations = { new Pulumi.AzureNative.Network.Inputs.BastionHostIPConfigurationArgs { Name = "bastionHostIpConfiguration", PublicIPAddress = new Pulumi.AzureNative.Network.Inputs.SubResourceArgs { Id = publicIp.Id, }, Subnet = new Pulumi.AzureNative.Network.Inputs.SubResourceArgs { Id = network.Subnets.Apply(s => s[0].Id), }, }, }, }); #endregion }
private static AzureResourceBag CreateBaseAzureInfrastructure(Config config) { var location = config.Require("azure-location"); var environment = config.Require("azure-tags-environment"); var owner = config.Require("azure-tags-owner"); var createdBy = config.Require("azure-tags-createdby"); var kubernetesVersion = config.Require("kubernetes-version"); var kubernetesNodeCount = config.RequireInt32("kubernetes-scaling-nodecount"); var sqlUser = config.RequireSecret("azure-sqlserver-username"); var sqlPassword = config.RequireSecret("azure-sqlserver-password"); var tags = new InputMap <string> { { "Environment", environment }, { "CreatedBy", createdBy }, { "Owner", owner } }; var resourceGroup = new ResourceGroup("pet-doctor-resource-group", new ResourceGroupArgs { Name = "pet-doctor", Location = location, Tags = tags }); var vnet = new VirtualNetwork("pet-doctor-vnet", new VirtualNetworkArgs { ResourceGroupName = resourceGroup.Name, Name = "petdoctorvnet", AddressSpaces = { "10.0.0.0/8" }, Tags = tags }); var subnet = new Subnet("pet-doctor-subnet", new SubnetArgs { ResourceGroupName = resourceGroup.Name, Name = "petdoctorsubet", AddressPrefixes = { "10.240.0.0/16" }, VirtualNetworkName = vnet.Name, ServiceEndpoints = new InputList <string> { "Microsoft.KeyVault", "Microsoft.Sql" } }); var registry = new Registry("pet-doctor-acr", new RegistryArgs { ResourceGroupName = resourceGroup.Name, Name = "petdoctoracr", Sku = "Standard", AdminEnabled = true, Tags = tags }); var aksServicePrincipalPassword = new RandomPassword("pet-doctor-aks-ad-sp-password", new RandomPasswordArgs { Length = 20, Special = true, }).Result; var clusterAdApp = new Application("pet-doctor-aks-ad-app", new ApplicationArgs { Name = "petdoctoraks" }); var clusterAdServicePrincipal = new ServicePrincipal("aks-app-sp", new ServicePrincipalArgs { ApplicationId = clusterAdApp.ApplicationId }); var clusterAdServicePrincipalPassword = new ServicePrincipalPassword("aks-app-sp-pwd", new ServicePrincipalPasswordArgs { ServicePrincipalId = clusterAdServicePrincipal.ObjectId, EndDate = "2099-01-01T00:00:00Z", Value = aksServicePrincipalPassword }); // Grant networking permissions to the SP (needed e.g. to provision Load Balancers) var subnetAssignment = new Assignment("pet-doctor-aks-sp-subnet-assignment", new AssignmentArgs { PrincipalId = clusterAdServicePrincipal.Id, RoleDefinitionName = "Network Contributor", Scope = subnet.Id }); var acrAssignment = new Assignment("pet-doctor-aks-sp-acr-assignment", new AssignmentArgs { PrincipalId = clusterAdServicePrincipal.Id, RoleDefinitionName = "AcrPull", Scope = registry.Id }); var logAnalyticsWorkspace = new AnalyticsWorkspace("pet-doctor-aks-log-analytics", new AnalyticsWorkspaceArgs { ResourceGroupName = resourceGroup.Name, Name = "petdoctorloganalytics", Sku = "PerGB2018", Tags = tags }); var logAnalyticsSolution = new AnalyticsSolution("pet-doctor-aks-analytics-solution", new AnalyticsSolutionArgs { ResourceGroupName = resourceGroup.Name, SolutionName = "ContainerInsights", WorkspaceName = logAnalyticsWorkspace.Name, WorkspaceResourceId = logAnalyticsWorkspace.Id, Plan = new AnalyticsSolutionPlanArgs { Product = "OMSGallery/ContainerInsights", Publisher = "Microsoft" } }); var sshPublicKey = new PrivateKey("ssh-key", new PrivateKeyArgs { Algorithm = "RSA", RsaBits = 4096, }); var cluster = new KubernetesCluster("pet-doctor-aks", new KubernetesClusterArgs { ResourceGroupName = resourceGroup.Name, Name = "petdoctoraks", DnsPrefix = "dns", KubernetesVersion = kubernetesVersion, DefaultNodePool = new KubernetesClusterDefaultNodePoolArgs { Name = "aksagentpool", NodeCount = kubernetesNodeCount, VmSize = "Standard_D2_v2", OsDiskSizeGb = 30, VnetSubnetId = subnet.Id }, LinuxProfile = new KubernetesClusterLinuxProfileArgs { AdminUsername = "******", SshKey = new KubernetesClusterLinuxProfileSshKeyArgs { KeyData = sshPublicKey.PublicKeyOpenssh } }, ServicePrincipal = new KubernetesClusterServicePrincipalArgs { ClientId = clusterAdApp.ApplicationId, ClientSecret = clusterAdServicePrincipalPassword.Value }, RoleBasedAccessControl = new KubernetesClusterRoleBasedAccessControlArgs { Enabled = true }, NetworkProfile = new KubernetesClusterNetworkProfileArgs { NetworkPlugin = "azure", ServiceCidr = "10.2.0.0/24", DnsServiceIp = "10.2.0.10", DockerBridgeCidr = "172.17.0.1/16" }, AddonProfile = new KubernetesClusterAddonProfileArgs { OmsAgent = new KubernetesClusterAddonProfileOmsAgentArgs { Enabled = true, LogAnalyticsWorkspaceId = logAnalyticsWorkspace.Id } }, Tags = tags }); var sqlServer = new SqlServer("pet-doctor-sql", new SqlServerArgs { ResourceGroupName = resourceGroup.Name, Name = "petdoctorsql", Tags = tags, Version = "12.0", AdministratorLogin = sqlUser, AdministratorLoginPassword = sqlPassword }); var sqlvnetrule = new VirtualNetworkRule("pet-doctor-sql", new VirtualNetworkRuleArgs { ResourceGroupName = resourceGroup.Name, Name = "petdoctorsql", ServerName = sqlServer.Name, SubnetId = subnet.Id, }); var appInsights = new Insights("pet-doctor-ai", new InsightsArgs { ApplicationType = "web", Name = "petdoctor", ResourceGroupName = resourceGroup.Name, Tags = tags }); var provider = new Provider("pet-doctor-aks-provider", new ProviderArgs { KubeConfig = cluster.KubeConfigRaw }); return(new AzureResourceBag { ResourceGroup = resourceGroup, SqlServer = sqlServer, Cluster = cluster, ClusterProvider = provider, AppInsights = appInsights, AksServicePrincipal = clusterAdServicePrincipal, Subnet = subnet, Registry = registry, Tags = tags }); }