public static ManagedClusterBuilder WithNewAppAndServicePrincipal(this ManagedClusterBuilder builder) { var adApp = new Application($"{builder.Arguments.ResourceName}-app"); var adSp = new ServicePrincipal($"{builder.Arguments.ResourceName}-sp", new ServicePrincipalArgs { ApplicationId = adApp.Id }); var password = new RandomPassword($"{builder.Arguments.ResourceName}-password", new RandomPasswordArgs { Length = 20, Special = true }); var adSpPassword = new ServicePrincipalPassword($"{builder.Arguments.ResourceName}-sp-password", new ServicePrincipalPasswordArgs { ServicePrincipalId = adSp.Id, Value = password.Result, EndDateRelative = "8760h" // 1 year from the creation of this password }); builder.Arguments.ServicePrincipalProfile = new ManagedClusterServicePrincipalProfileArgs { ClientId = adApp.ApplicationId, Secret = adSpPassword.Value }; return(builder); }
static Task <int> Main() { return(Deployment.RunAsync(() => { var resourceGroup = new ResourceGroup("aks-rg"); var password = new RandomPassword("password", new RandomPasswordArgs { Length = 20, Special = true, }).Result; var sshPublicKey = new PrivateKey("ssh-key", new PrivateKeyArgs { Algorithm = "RSA", RsaBits = 4096, }).PublicKeyOpenssh; // Create the AD service principal for the K8s cluster. var adApp = new Application("aks"); var adSp = new ServicePrincipal("aksSp", new ServicePrincipalArgs { ApplicationId = adApp.ApplicationId }); var adSpPassword = new ServicePrincipalPassword("aksSpPassword", new ServicePrincipalPasswordArgs { ServicePrincipalId = adSp.Id, Value = password, EndDate = "2099-01-01T00:00:00Z", }); // Create a Virtual Network for the cluster var vnet = new VirtualNetwork("vnet", new VirtualNetworkArgs { ResourceGroupName = resourceGroup.Name, AddressSpaces = { "10.2.0.0/16" }, }); // Create a Subnet for the cluster var subnet = new Subnet("subnet", new SubnetArgs { ResourceGroupName = resourceGroup.Name, VirtualNetworkName = vnet.Name, AddressPrefix = "10.2.1.0/24", }); // Now allocate an AKS cluster. var cluster = new KubernetesCluster("aksCluster", new KubernetesClusterArgs { ResourceGroupName = resourceGroup.Name, AgentPoolProfiles = { new KubernetesClusterAgentPoolProfilesArgs { Name = "aksagentpool", Count = 3, VmSize = "Standard_B2s", OsType = "Linux", OsDiskSizeGb = 30, VnetSubnetId = subnet.Id, } }, DnsPrefix = "sampleaks", LinuxProfile = new KubernetesClusterLinuxProfileArgs { AdminUsername = "******", SshKey = new KubernetesClusterLinuxProfileSshKeyArgs { KeyData = sshPublicKey, }, }, ServicePrincipal = new KubernetesClusterServicePrincipalArgs { ClientId = adApp.ApplicationId, ClientSecret = adSpPassword.Value, }, KubernetesVersion = "1.15.4", RoleBasedAccessControl = new KubernetesClusterRoleBasedAccessControlArgs { Enabled = true }, NetworkProfile = new KubernetesClusterNetworkProfileArgs { NetworkPlugin = "azure", DnsServiceIp = "10.2.2.254", ServiceCidr = "10.2.2.0/24", DockerBridgeCidr = "172.17.0.1/16", }, }); return new Dictionary <string, object> { { "kubeconfig", cluster.KubeConfigRaw }, }; })); }
public MyStack() { var config = new Pulumi.Config(); // Per-cluster config var aksClusterConfigs = new[] { new { Name = "east", Location = "eastus", NodeCount = 2, NodeSize = ContainerServiceVMSizeTypes.Standard_D2_v2, }, new { Name = "west", Location = "westus", NodeCount = 5, NodeSize = ContainerServiceVMSizeTypes.Standard_D2_v2, }, }; // Create an Azure Resource Group var resourceGroup = new ResourceGroup("aks", new ResourceGroupArgs { Location = config.Get("location") ?? "eastus", }); // Create the AD service principal for the K8s cluster. var adApp = new Application("aks", new ApplicationArgs { DisplayName = "my-aks-multicluster", }); var adSp = new ServicePrincipal("aksSp", new ServicePrincipalArgs { ApplicationId = adApp.ApplicationId }); var adSpPassword = new ServicePrincipalPassword("aksSpPassword", new ServicePrincipalPasswordArgs { ServicePrincipalId = adSp.Id, Value = config.Require("password"), EndDate = "2099-01-01T00:00:00Z", }); // Create the individual clusters var aksClusterNames = new List <Output <string> >(); foreach (var perClusterConfig in aksClusterConfigs) { var cluster = new ManagedCluster($"aksCluster-{perClusterConfig.Name}", new ManagedClusterArgs { // Global config arguments ResourceGroupName = resourceGroup.Name, LinuxProfile = new ContainerServiceLinuxProfileArgs { AdminUsername = "******", Ssh = new ContainerServiceSshConfigurationArgs { PublicKeys = { new ContainerServiceSshPublicKeyArgs { KeyData = config.Require("sshPublicKey"), } } } }, ServicePrincipalProfile = new ManagedClusterServicePrincipalProfileArgs { ClientId = adApp.ApplicationId, Secret = adSpPassword.Value }, // Per-cluster config arguments Location = perClusterConfig.Location, AgentPoolProfiles = { new ManagedClusterAgentPoolProfileArgs { Mode = AgentPoolMode.System, Name = "agentpool", Count = perClusterConfig.NodeCount, VmSize = perClusterConfig.NodeSize, } }, DnsPrefix = $"{Pulumi.Deployment.Instance.StackName}-kube", KubernetesVersion = "1.18.14", }); aksClusterNames.Add(cluster.Name); } ; this.aksClusterNames = Output.All(aksClusterNames); }
public MyStack() { // Create an Azure Resource Group var resourceGroup = new ResourceGroup("azure-cs-aks"); // Create an AD service principal var adApp = new Application("aks", new ApplicationArgs { DisplayName = "aks" }); var adSp = new ServicePrincipal("aksSp", new ServicePrincipalArgs { ApplicationId = adApp.ApplicationId }); // Generate random password var password = new RandomPassword("password", new RandomPasswordArgs { Length = 20, Special = true }); // Create the Service Principal Password var adSpPassword = new ServicePrincipalPassword("aksSpPassword", new ServicePrincipalPasswordArgs { ServicePrincipalId = adSp.Id, Value = password.Result, EndDate = "2099-01-01T00:00:00Z" }); // Generate an SSH key var sshKey = new PrivateKey("ssh-key", new PrivateKeyArgs { Algorithm = "RSA", RsaBits = 4096 }); var cluster = new ManagedCluster("my-aks", new ManagedClusterArgs { ResourceGroupName = resourceGroup.Name, AddonProfiles = { { "KubeDashboard", new ManagedClusterAddonProfileArgs { Enabled = true } } }, AgentPoolProfiles = { new ManagedClusterAgentPoolProfileArgs { Count = 3, MaxPods = 110, Mode = "System", Name = "agentpool", OsDiskSizeGB = 30, OsType = "Linux", Type = "VirtualMachineScaleSets", VmSize = "Standard_DS2_v2", } }, DnsPrefix = "AzureNativeprovider", EnableRBAC = true, KubernetesVersion = "1.18.14", LinuxProfile = new ContainerServiceLinuxProfileArgs { AdminUsername = "******", Ssh = new ContainerServiceSshConfigurationArgs { PublicKeys = { new ContainerServiceSshPublicKeyArgs { KeyData = sshKey.PublicKeyOpenssh, } } } }, NodeResourceGroup = $"MC_azure-cs_my_aks", ServicePrincipalProfile = new ManagedClusterServicePrincipalProfileArgs { ClientId = adApp.ApplicationId, Secret = adSpPassword.Value } }); // Export the KubeConfig this.KubeConfig = Output.Tuple(resourceGroup.Name, cluster.Name).Apply(names => GetKubeConfig(names.Item1, names.Item2)); }
public MyStack() { var env = Deployment.Instance.StackName; // Create an Azure Resource Group var resourceGroup = new ResourceGroup($"{env}-skywalker-website"); // Create an Azure Storage Account var storageAccount = new Account("storage", new AccountArgs { ResourceGroupName = resourceGroup.Name, AccountReplicationType = "LRS", AccountTier = "Standard", }); // Create a container registry. var registry = new Registry("registry", new RegistryArgs { ResourceGroupName = resourceGroup.Name, Sku = "Basic", AdminEnabled = true }); // Create a username for SQL Server. var sqlUserName = "******"; // Create a random password for SQL Server. var sqlPassword = new RandomPassword("password", new RandomPasswordArgs { Length = 20, Special = true, }).Result; // Create a Sql Server. var sqlServer = new SqlServer("sql", new SqlServerArgs { ResourceGroupName = resourceGroup.Name, AdministratorLogin = sqlUserName, AdministratorLoginPassword = sqlPassword, Version = "12.0", }); // Create a database. var database = new Database("skywalker", new DatabaseArgs { ResourceGroupName = resourceGroup.Name, ServerName = sqlServer.Name, RequestedServiceObjectiveName = "S0", }); var dbConnectionString = Output.Tuple(sqlServer.Name, database.Name, sqlPassword).Apply(x => { (var server, var dbName, string pwd) = x; return ($"Server= tcp:{server}.database.windows.net;initial catalog={dbName};user ID={sqlUserName};password={pwd};Min Pool Size=0;Max Pool Size=30;Persist Security Info=true;"); }); // Create an app service plan. var plan = new Plan($"skywalker-apps", new PlanArgs { ResourceGroupName = resourceGroup.Name, Kind = "Linux", Reserved = true, Sku = new PlanSkuArgs { Tier = "Basic", Size = "B1" } }); // Create an app service. var appService = new AppService($"skywalker-website", new AppServiceArgs { ResourceGroupName = resourceGroup.Name, AppServicePlanId = plan.Id, AppSettings = new InputMap <string> { ["WEBSITES_ENABLE_APP_SERVICE_STORAGE"] = "false", ["WEBSITE_HTTPLOGGING_RETENTION_DAYS"] = "1", ["DOCKER_REGISTRY_SERVER_URL"] = registry.LoginServer.Apply(x => $"https://{x}"), ["DOCKER_REGISTRY_SERVER_USERNAME"] = registry.AdminUsername, ["DOCKER_REGISTRY_SERVER_PASSWORD"] = registry.AdminPassword, ["DOCKER_ENABLE_CI"] = "false", ["WEBSITES_PORT"] = "80", ["ORCHARDCORE__ORCHARDCORE_DATAPROTECTION_AZURE__CONNECTIONSTRING"] = storageAccount.PrimaryConnectionString, ["ORCHARDCORE__ORCHARDCORE_MEDIA_AZURE__CONNECTIONSTRING"] = storageAccount.PrimaryConnectionString, ["ORCHARDCORE__ORCHARDCORE_MEDIA_SHELLS__CONNECTIONSTRING"] = storageAccount.PrimaryConnectionString, }, ConnectionStrings = new AppServiceConnectionStringArgs { Name = "db", Type = "SQLAzure", Value = dbConnectionString, }, Logs = new AppServiceLogsArgs { HttpLogs = new AppServiceLogsHttpLogsArgs { FileSystem = new AppServiceLogsHttpLogsFileSystemArgs { RetentionInDays = 1, RetentionInMb = 35 } } }, SiteConfig = new AppServiceSiteConfigArgs { AlwaysOn = true, LinuxFxVersion = registry.LoginServer.Apply(x => $"DOCKER|{x}/skywalker-website:latest"), }, HttpsOnly = true }); var appName = appService.Name; // Create a service principal for GitHub Actions to interact with the App Service. var adApp = new Application("skywalker-website"); var adSp = new ServicePrincipal( "skywalker-sp", new ServicePrincipalArgs { ApplicationId = adApp.ApplicationId, }); var adSpPassword = new ServicePrincipalPassword("skywalker-sp-pwd", new ServicePrincipalPasswordArgs { ServicePrincipalId = adSp.Id, Value = "!Test1234", EndDate = "2099-01-01T00:00:00Z", }); // Grant networking permissions to the SP (needed e.g. to provision Load Balancers). var assignment = new Assignment("skywalker-sp-role-assignment", new AssignmentArgs { PrincipalId = adSp.Id, Scope = resourceGroup.Id, RoleDefinitionName = "Owner" }); var azureCredentials = Output.Tuple( adApp.ApplicationId, Output.Create("!Test1234")) .Apply(x => { var currentSubscription = GetSubscription.InvokeAsync().Result; var model = new { clientId = x.Item1, clientSecret = x.Item2, subscriptionId = currentSubscription.SubscriptionId, tenantId = currentSubscription.TenantId, }; return(JsonConvert.SerializeObject(model)); }); StorageConnectionString = storageAccount.PrimaryConnectionString; DatabaseConnectionString = dbConnectionString; RegistryServer = registry.LoginServer; RegistryRepo = registry.LoginServer; RegistryUser = registry.AdminUsername; RegistryPassword = registry.AdminPassword; AzureCredentials = azureCredentials; AppName = appName; WebsiteUrl = appService.DefaultSiteHostname.Apply(x => $"https://{x}"); // Push secrets to GitHub. var variablePrefix = env.ToUpperInvariant(); var gitHubVariables = new GitHubVariables("github-variables", new GitHubVariablesArgs { Variables = new Dictionary <string, Input <string> > { [$"{variablePrefix}_DOCKER_REGISTRY"] = RegistryServer, [$"{variablePrefix}_DOCKER_REPO"] = RegistryRepo, [$"{variablePrefix}_DOCKER_USER"] = RegistryUser, [$"{variablePrefix}_DOCKER_PASSWORD"] = RegistryPassword, [$"{variablePrefix}_APP_NAME"] = AppName, [$"{variablePrefix}_AZURE_CREDENTIALS"] = azureCredentials } }); }
public AksStack() { var config = new Pulumi.Config(); var kubernetesVersion = config.Get("kubernetesVersion") ?? "1.19.3"; var resourceGroup = new ResourceGroup("aks-rg"); var password = new RandomPassword("password", new RandomPasswordArgs { Length = 20, Special = true, }).Result; var sshPublicKey = new PrivateKey("ssh-key", new PrivateKeyArgs { Algorithm = "RSA", RsaBits = 4096, }).PublicKeyOpenssh; // Create the AD service principal for the K8s cluster. var adApp = new Application("aks"); var adSp = new ServicePrincipal("aksSp", new ServicePrincipalArgs { ApplicationId = adApp.ApplicationId }); var adSpPassword = new ServicePrincipalPassword("aksSpPassword", new ServicePrincipalPasswordArgs { ServicePrincipalId = adSp.Id, Value = password, EndDate = "2099-01-01T00:00:00Z", }); // Grant networking permissions to the SP (needed e.g. to provision Load Balancers) var assignment = new Assignment("role-assignment", new AssignmentArgs { PrincipalId = adSp.Id, Scope = resourceGroup.Id, RoleDefinitionName = "Network Contributor" }); // Create a Virtual Network for the cluster var vnet = new VirtualNetwork("vnet", new VirtualNetworkArgs { ResourceGroupName = resourceGroup.Name, AddressSpaces = { "10.2.0.0/16" }, }); // Create a Subnet for the cluster var subnet = new Subnet("subnet", new SubnetArgs { ResourceGroupName = resourceGroup.Name, VirtualNetworkName = vnet.Name, AddressPrefixes = { "10.2.1.0/24" }, }); // Now allocate an AKS cluster. var cluster = new KubernetesCluster("aksCluster", new KubernetesClusterArgs { ResourceGroupName = resourceGroup.Name, DefaultNodePool = new KubernetesClusterDefaultNodePoolArgs { Name = "aksagentpool", NodeCount = 3, VmSize = "Standard_B2s", OsDiskSizeGb = 30, VnetSubnetId = subnet.Id, }, DnsPrefix = "aksdemo", LinuxProfile = new KubernetesClusterLinuxProfileArgs { AdminUsername = "******", SshKey = new KubernetesClusterLinuxProfileSshKeyArgs { KeyData = sshPublicKey, }, }, ServicePrincipal = new KubernetesClusterServicePrincipalArgs { ClientId = adApp.ApplicationId, ClientSecret = adSpPassword.Value, }, KubernetesVersion = kubernetesVersion, RoleBasedAccessControl = new KubernetesClusterRoleBasedAccessControlArgs { Enabled = true }, NetworkProfile = new KubernetesClusterNetworkProfileArgs { NetworkPlugin = "azure", DnsServiceIp = "10.2.2.254", ServiceCidr = "10.2.2.0/24", DockerBridgeCidr = "172.17.0.1/16", }, }); this.KubeConfig = cluster.KubeConfigRaw; }
public AksStack() { var resourceGroup = new ResourceGroup("aks-rg"); var randomPassword = new RandomPassword("password", new RandomPasswordArgs { Length = 20, Special = true, }).Result; var sshPublicKey = new PrivateKey("ssh-key", new PrivateKeyArgs { Algorithm = "RSA", RsaBits = 4096, }).PublicKeyOpenssh; // Create the AD service principal for the K8s cluster. var adApp = new Application("aks"); var adSp = new ServicePrincipal("aksSp", new ServicePrincipalArgs { ApplicationId = adApp.ApplicationId }); var adSpPassword = new ServicePrincipalPassword("aksSpPassword", new ServicePrincipalPasswordArgs { ServicePrincipalId = adSp.Id, Value = randomPassword, EndDate = "2099-01-01T00:00:00Z", }); // Grant networking permissions to the SP (needed e.g. to provision Load Balancers). var assignment = new Assignment("role-assignment", new AssignmentArgs { PrincipalId = adSp.Id, Scope = resourceGroup.Id, RoleDefinitionName = "Network Contributor" }); // Create a Virtual Network for the cluster. var vnet = new VirtualNetwork("vnet", new VirtualNetworkArgs { ResourceGroupName = resourceGroup.Name, AddressSpaces = { "10.2.0.0/16" }, }); // Create a Subnet for the cluster. var subnet = new Subnet("subnet", new SubnetArgs { ResourceGroupName = resourceGroup.Name, VirtualNetworkName = vnet.Name, AddressPrefix = "10.2.1.0/24", }); // Now allocate an AKS cluster. var cluster = new KubernetesCluster("aksCluster", new KubernetesClusterArgs { ResourceGroupName = resourceGroup.Name, DefaultNodePool = new KubernetesClusterDefaultNodePoolArgs { Name = "aksagentpool", NodeCount = 3, VmSize = "Standard_B2s", OsDiskSizeGb = 30, VnetSubnetId = subnet.Id }, DnsPrefix = "sampleaks", LinuxProfile = new KubernetesClusterLinuxProfileArgs { AdminUsername = "******", SshKey = new KubernetesClusterLinuxProfileSshKeyArgs { KeyData = sshPublicKey, }, }, ServicePrincipal = new KubernetesClusterServicePrincipalArgs { ClientId = adApp.ApplicationId, ClientSecret = adSpPassword.Value, }, KubernetesVersion = "1.16.9", RoleBasedAccessControl = new KubernetesClusterRoleBasedAccessControlArgs { Enabled = true }, NetworkProfile = new KubernetesClusterNetworkProfileArgs { NetworkPlugin = "azure", DnsServiceIp = "10.2.2.254", ServiceCidr = "10.2.2.0/24", DockerBridgeCidr = "172.17.0.1/16", }, }); // Create a k8s provider pointing to the kubeconfig. var k8sProvider = new Pulumi.Kubernetes.Provider("k8s", new Pulumi.Kubernetes.ProviderArgs { KubeConfig = cluster.KubeConfigRaw }); var customResourceOptions = new CustomResourceOptions { Provider = k8sProvider }; // Create a Container Registry. var registry = new Registry("acregistry", new RegistryArgs { ResourceGroupName = resourceGroup.Name, Sku = "Basic", AdminEnabled = true }); // Build & push the sample application to the registry. var applicationName = "sample-application"; var imageName = registry.LoginServer.Apply(value => $"{value}/{applicationName}"); var image = new Image(applicationName, new ImageArgs { Build = "./SampleApplication", Registry = new ImageRegistry { Server = registry.LoginServer, Username = registry.AdminUsername, Password = registry.AdminPassword }, ImageName = imageName }, new ComponentResourceOptions { Provider = k8sProvider }); // Create a k8s secret for use when pulling images from the container registry when deploying the sample application. var dockerCfg = Output.All <string>(registry.LoginServer, registry.AdminUsername, registry.AdminPassword).Apply( values => { var r = new Dictionary <string, object>(); var server = values[0]; var username = values[1]; var password = values[2]; r[server] = new { email = "*****@*****.**", username, password }; return(r); }); var dockerCfgString = dockerCfg.Apply(x => Convert.ToBase64String(Encoding.UTF8.GetBytes(System.Text.Json.JsonSerializer.Serialize(x)))); var dockerCfgSecretName = "dockercfg-secret"; var dockerCfgSecret = new Pulumi.Kubernetes.Core.V1.Secret(dockerCfgSecretName, new SecretArgs { Data = { { ".dockercfg", dockerCfgString } }, Type = "kubernetes.io/dockercfg", Metadata = new ObjectMetaArgs { Name = dockerCfgSecretName, } }, customResourceOptions); // Deploy the sample application to the cluster. var labels = new InputMap <string> { { "app", $"app-{applicationName}" }, }; var deployment = new Pulumi.Kubernetes.Apps.V1.Deployment(applicationName, new DeploymentArgs { Spec = new DeploymentSpecArgs { Selector = new LabelSelectorArgs { MatchLabels = labels, }, Replicas = 1, Template = new PodTemplateSpecArgs { Metadata = new ObjectMetaArgs { Labels = labels, Name = applicationName }, Spec = new PodSpecArgs { Containers = new List <ContainerArgs> { new ContainerArgs { Name = applicationName, Image = image.ImageName, } }, ImagePullSecrets = new LocalObjectReferenceArgs { Name = dockerCfgSecretName } } } } }, customResourceOptions); // Create a new service. var service = new Pulumi.Kubernetes.Core.V1.Service(applicationName, new ServiceArgs { Metadata = new ObjectMetaArgs { Name = applicationName, Labels = labels }, Spec = new ServiceSpecArgs { Type = "LoadBalancer", Selector = deployment.Spec.Apply(x => x.Template.Metadata.Labels), Ports = new ServicePortArgs { Port = 80 } } }, customResourceOptions); this.KubeConfig = cluster.KubeConfigRaw; this.DockercfgSecretName = dockerCfgSecret.Metadata.Apply(x => x.Name); }
public AksCluster(string name, AksClusterArgs args) : base("example:component:AksCluster", name) { var adApp = new Application("app", new ApplicationArgs { DisplayName = "aks-cosmos" }, new CustomResourceOptions { Parent = this }); var adSp = new ServicePrincipal("service-principal", new ServicePrincipalArgs { ApplicationId = adApp.ApplicationId }, new CustomResourceOptions { Parent = this }); var pw = new RandomPassword("pw", new RandomPasswordArgs { Length = 20, Special = true }, new CustomResourceOptions { Parent = this }); var adSpPassword = new ServicePrincipalPassword("sp-password", new ServicePrincipalPasswordArgs { ServicePrincipalId = adSp.Id, Value = pw.Result, EndDate = "2099-01-01T00:00:00Z" }, new CustomResourceOptions { Parent = this }); var keyPair = new PrivateKey("ssh-key", new PrivateKeyArgs { Algorithm = "RSA", RsaBits = 4096 }, new CustomResourceOptions { Parent = this }); var k8sCluster = new ManagedCluster(name, new ManagedClusterArgs { ResourceGroupName = args.ResourceGroupName, AddonProfiles = { ["KubeDashboard"] = new ManagedClusterAddonProfileArgs { Enabled = true } }, AgentPoolProfiles = { new ManagedClusterAgentPoolProfileArgs { Count = args.NodeCount, VmSize = args.NodeSize, MaxPods = 110, Mode = "System", Name = "agentpool", OsDiskSizeGB = 30, OsType = "Linux", Type = "VirtualMachineScaleSets" } }, DnsPrefix = args.ResourceGroupName, EnableRBAC = true, KubernetesVersion = args.KubernetesVersion, LinuxProfile = new ContainerServiceLinuxProfileArgs { AdminUsername = "******", Ssh = new ContainerServiceSshConfigurationArgs { PublicKeys = new ContainerServiceSshPublicKeyArgs { KeyData = keyPair.PublicKeyOpenssh } } }, NodeResourceGroup = $"{name}-node-rg", ServicePrincipalProfile = new ManagedClusterServicePrincipalProfileArgs { ClientId = adApp.ApplicationId, Secret = adSpPassword.Value } }, new CustomResourceOptions { Parent = this }); this.ClusterName = k8sCluster.Name; this.KubeConfig = Output.Tuple(k8sCluster.Name, args.ResourceGroupName.ToOutput()) .Apply(pair => { var k8sClusterName = pair.Item1; var resourceGroupName = pair.Item2; return(ListManagedClusterUserCredentials.InvokeAsync(new ListManagedClusterUserCredentialsArgs { ResourceGroupName = resourceGroupName, ResourceName = k8sClusterName })); }) .Apply(x => x.Kubeconfigs[0].Value) .Apply(Convert.FromBase64String) .Apply(Encoding.UTF8.GetString); this.Provider = new K8s.Provider("k8s-provider", new K8s.ProviderArgs { KubeConfig = this.KubeConfig }, new CustomResourceOptions { Parent = this }); }
public MyCluster(MyConfig cfg) { var resourceGroup = new ResourceGroup("rg"); var adApp = new Application("app", new ApplicationArgs { DisplayName = "app" }); var adSp = new ServicePrincipal("service-principal", new ServicePrincipalArgs { ApplicationId = adApp.ApplicationId }); var adSpPassword = new ServicePrincipalPassword("sp-password", new ServicePrincipalPasswordArgs { ServicePrincipalId = adSp.Id, Value = cfg.Password, EndDate = "2099-01-01T00:00:00Z" }); var k8sCluster = new ManagedCluster("cluster", new ManagedClusterArgs { ResourceGroupName = resourceGroup.Name, AddonProfiles = { ["KubeDashboard"] = new ManagedClusterAddonProfileArgs { Enabled = true } }, AgentPoolProfiles = { new ManagedClusterAgentPoolProfileArgs { Count = cfg.NodeCount, VmSize = cfg.NodeSize, MaxPods = 110, Mode = "System", Name = "agentpool", OsDiskSizeGB = 30, OsType = "Linux", Type = "VirtualMachineScaleSets" } }, DnsPrefix = resourceGroup.Name, EnableRBAC = true, KubernetesVersion = cfg.K8SVersion, LinuxProfile = new ContainerServiceLinuxProfileArgs { AdminUsername = cfg.AdminUserName, Ssh = new ContainerServiceSshConfigurationArgs { PublicKeys = new ContainerServiceSshPublicKeyArgs { KeyData = cfg.SshPublicKey } } }, NodeResourceGroup = "node-resource-group", ServicePrincipalProfile = new ManagedClusterServicePrincipalProfileArgs { ClientId = adApp.ApplicationId, Secret = adSpPassword.Value } }); this.ClusterName = k8sCluster.Name; this.Kubeconfig = ListManagedClusterUserCredentials.Invoke( new ListManagedClusterUserCredentialsInvokeArgs { ResourceGroupName = resourceGroup.Name, ResourceName = k8sCluster.Name }) .Apply(x => x.Kubeconfigs[0].Value) .Apply(Convert.FromBase64String) .Apply(Encoding.UTF8.GetString); this.Provider = new K8s.Provider("k8s-provider", new K8s.ProviderArgs { KubeConfig = Kubeconfig }); }
private static AzureResourceBag CreateBaseAzureInfrastructure(Config config) { var location = config.Require("azure-location"); var environment = config.Require("azure-tags-environment"); var owner = config.Require("azure-tags-owner"); var createdBy = config.Require("azure-tags-createdby"); var kubernetesVersion = config.Require("kubernetes-version"); var kubernetesNodeCount = config.RequireInt32("kubernetes-scaling-nodecount"); var sqlUser = config.RequireSecret("azure-sqlserver-username"); var sqlPassword = config.RequireSecret("azure-sqlserver-password"); var tags = new InputMap <string> { { "Environment", environment }, { "CreatedBy", createdBy }, { "Owner", owner } }; var resourceGroup = new ResourceGroup("pet-doctor-resource-group", new ResourceGroupArgs { Name = "pet-doctor", Location = location, Tags = tags }); var vnet = new VirtualNetwork("pet-doctor-vnet", new VirtualNetworkArgs { ResourceGroupName = resourceGroup.Name, Name = "petdoctorvnet", AddressSpaces = { "10.0.0.0/8" }, Tags = tags }); var subnet = new Subnet("pet-doctor-subnet", new SubnetArgs { ResourceGroupName = resourceGroup.Name, Name = "petdoctorsubet", AddressPrefixes = { "10.240.0.0/16" }, VirtualNetworkName = vnet.Name, ServiceEndpoints = new InputList <string> { "Microsoft.KeyVault", "Microsoft.Sql" } }); var registry = new Registry("pet-doctor-acr", new RegistryArgs { ResourceGroupName = resourceGroup.Name, Name = "petdoctoracr", Sku = "Standard", AdminEnabled = true, Tags = tags }); var aksServicePrincipalPassword = new RandomPassword("pet-doctor-aks-ad-sp-password", new RandomPasswordArgs { Length = 20, Special = true, }).Result; var clusterAdApp = new Application("pet-doctor-aks-ad-app", new ApplicationArgs { Name = "petdoctoraks" }); var clusterAdServicePrincipal = new ServicePrincipal("aks-app-sp", new ServicePrincipalArgs { ApplicationId = clusterAdApp.ApplicationId }); var clusterAdServicePrincipalPassword = new ServicePrincipalPassword("aks-app-sp-pwd", new ServicePrincipalPasswordArgs { ServicePrincipalId = clusterAdServicePrincipal.ObjectId, EndDate = "2099-01-01T00:00:00Z", Value = aksServicePrincipalPassword }); // Grant networking permissions to the SP (needed e.g. to provision Load Balancers) var subnetAssignment = new Assignment("pet-doctor-aks-sp-subnet-assignment", new AssignmentArgs { PrincipalId = clusterAdServicePrincipal.Id, RoleDefinitionName = "Network Contributor", Scope = subnet.Id }); var acrAssignment = new Assignment("pet-doctor-aks-sp-acr-assignment", new AssignmentArgs { PrincipalId = clusterAdServicePrincipal.Id, RoleDefinitionName = "AcrPull", Scope = registry.Id }); var logAnalyticsWorkspace = new AnalyticsWorkspace("pet-doctor-aks-log-analytics", new AnalyticsWorkspaceArgs { ResourceGroupName = resourceGroup.Name, Name = "petdoctorloganalytics", Sku = "PerGB2018", Tags = tags }); var logAnalyticsSolution = new AnalyticsSolution("pet-doctor-aks-analytics-solution", new AnalyticsSolutionArgs { ResourceGroupName = resourceGroup.Name, SolutionName = "ContainerInsights", WorkspaceName = logAnalyticsWorkspace.Name, WorkspaceResourceId = logAnalyticsWorkspace.Id, Plan = new AnalyticsSolutionPlanArgs { Product = "OMSGallery/ContainerInsights", Publisher = "Microsoft" } }); var sshPublicKey = new PrivateKey("ssh-key", new PrivateKeyArgs { Algorithm = "RSA", RsaBits = 4096, }); var cluster = new KubernetesCluster("pet-doctor-aks", new KubernetesClusterArgs { ResourceGroupName = resourceGroup.Name, Name = "petdoctoraks", DnsPrefix = "dns", KubernetesVersion = kubernetesVersion, DefaultNodePool = new KubernetesClusterDefaultNodePoolArgs { Name = "aksagentpool", NodeCount = kubernetesNodeCount, VmSize = "Standard_D2_v2", OsDiskSizeGb = 30, VnetSubnetId = subnet.Id }, LinuxProfile = new KubernetesClusterLinuxProfileArgs { AdminUsername = "******", SshKey = new KubernetesClusterLinuxProfileSshKeyArgs { KeyData = sshPublicKey.PublicKeyOpenssh } }, ServicePrincipal = new KubernetesClusterServicePrincipalArgs { ClientId = clusterAdApp.ApplicationId, ClientSecret = clusterAdServicePrincipalPassword.Value }, RoleBasedAccessControl = new KubernetesClusterRoleBasedAccessControlArgs { Enabled = true }, NetworkProfile = new KubernetesClusterNetworkProfileArgs { NetworkPlugin = "azure", ServiceCidr = "10.2.0.0/24", DnsServiceIp = "10.2.0.10", DockerBridgeCidr = "172.17.0.1/16" }, AddonProfile = new KubernetesClusterAddonProfileArgs { OmsAgent = new KubernetesClusterAddonProfileOmsAgentArgs { Enabled = true, LogAnalyticsWorkspaceId = logAnalyticsWorkspace.Id } }, Tags = tags }); var sqlServer = new SqlServer("pet-doctor-sql", new SqlServerArgs { ResourceGroupName = resourceGroup.Name, Name = "petdoctorsql", Tags = tags, Version = "12.0", AdministratorLogin = sqlUser, AdministratorLoginPassword = sqlPassword }); var sqlvnetrule = new VirtualNetworkRule("pet-doctor-sql", new VirtualNetworkRuleArgs { ResourceGroupName = resourceGroup.Name, Name = "petdoctorsql", ServerName = sqlServer.Name, SubnetId = subnet.Id, }); var appInsights = new Insights("pet-doctor-ai", new InsightsArgs { ApplicationType = "web", Name = "petdoctor", ResourceGroupName = resourceGroup.Name, Tags = tags }); var provider = new Provider("pet-doctor-aks-provider", new ProviderArgs { KubeConfig = cluster.KubeConfigRaw }); return(new AzureResourceBag { ResourceGroup = resourceGroup, SqlServer = sqlServer, Cluster = cluster, ClusterProvider = provider, AppInsights = appInsights, AksServicePrincipal = clusterAdServicePrincipal, Subnet = subnet, Registry = registry, Tags = tags }); }