public static ManagedClusterBuilder WithNewAppAndServicePrincipal(this ManagedClusterBuilder builder)
{
var adApp = new Application($"{builder.Arguments.ResourceName}-app");
var adSp = new ServicePrincipal($"{builder.Arguments.ResourceName}-sp", new ServicePrincipalArgs
{
ApplicationId = adApp.Id
});
var password = new RandomPassword($"{builder.Arguments.ResourceName}-password", new RandomPasswordArgs
{
Length = 20,
Special = true
});
var adSpPassword = new ServicePrincipalPassword($"{builder.Arguments.ResourceName}-sp-password", new ServicePrincipalPasswordArgs
{
ServicePrincipalId = adSp.Id,
Value = password.Result,
EndDateRelative = "8760h" // 1 year from the creation of this password
});
builder.Arguments.ServicePrincipalProfile = new ManagedClusterServicePrincipalProfileArgs
{
ClientId = adApp.ApplicationId,
Secret = adSpPassword.Value
};
return(builder);
}
static Task <int> Main()
{
return(Deployment.RunAsync(() => {
var resourceGroup = new ResourceGroup("aks-rg");
var password = new RandomPassword("password", new RandomPasswordArgs
{
Length = 20,
Special = true,
}).Result;
var sshPublicKey = new PrivateKey("ssh-key", new PrivateKeyArgs
{
Algorithm = "RSA",
RsaBits = 4096,
}).PublicKeyOpenssh;
// Create the AD service principal for the K8s cluster.
var adApp = new Application("aks");
var adSp = new ServicePrincipal("aksSp", new ServicePrincipalArgs {
ApplicationId = adApp.ApplicationId
});
var adSpPassword = new ServicePrincipalPassword("aksSpPassword", new ServicePrincipalPasswordArgs
{
ServicePrincipalId = adSp.Id,
Value = password,
EndDate = "2099-01-01T00:00:00Z",
});
// Create a Virtual Network for the cluster
var vnet = new VirtualNetwork("vnet", new VirtualNetworkArgs
{
ResourceGroupName = resourceGroup.Name,
AddressSpaces = { "10.2.0.0/16" },
});
// Create a Subnet for the cluster
var subnet = new Subnet("subnet", new SubnetArgs
{
ResourceGroupName = resourceGroup.Name,
VirtualNetworkName = vnet.Name,
AddressPrefix = "10.2.1.0/24",
});
// Now allocate an AKS cluster.
var cluster = new KubernetesCluster("aksCluster", new KubernetesClusterArgs
{
ResourceGroupName = resourceGroup.Name,
AgentPoolProfiles =
{
new KubernetesClusterAgentPoolProfilesArgs
{
Name = "aksagentpool",
Count = 3,
VmSize = "Standard_B2s",
OsType = "Linux",
OsDiskSizeGb = 30,
VnetSubnetId = subnet.Id,
}
},
DnsPrefix = "sampleaks",
LinuxProfile = new KubernetesClusterLinuxProfileArgs
{
AdminUsername = "******",
SshKey = new KubernetesClusterLinuxProfileSshKeyArgs
{
KeyData = sshPublicKey,
},
},
ServicePrincipal = new KubernetesClusterServicePrincipalArgs
{
ClientId = adApp.ApplicationId,
ClientSecret = adSpPassword.Value,
},
KubernetesVersion = "1.15.4",
RoleBasedAccessControl = new KubernetesClusterRoleBasedAccessControlArgs {
Enabled = true
},
NetworkProfile = new KubernetesClusterNetworkProfileArgs
{
NetworkPlugin = "azure",
DnsServiceIp = "10.2.2.254",
ServiceCidr = "10.2.2.0/24",
DockerBridgeCidr = "172.17.0.1/16",
},
});
return new Dictionary <string, object>
{
{ "kubeconfig", cluster.KubeConfigRaw },
};
}));
}
public MyStack()
{
var config = new Pulumi.Config();
// Per-cluster config
var aksClusterConfigs = new[] {
new {
Name = "east",
Location = "eastus",
NodeCount = 2,
NodeSize = ContainerServiceVMSizeTypes.Standard_D2_v2,
},
new {
Name = "west",
Location = "westus",
NodeCount = 5,
NodeSize = ContainerServiceVMSizeTypes.Standard_D2_v2,
},
};
// Create an Azure Resource Group
var resourceGroup = new ResourceGroup("aks", new ResourceGroupArgs
{
Location = config.Get("location") ?? "eastus",
});
// Create the AD service principal for the K8s cluster.
var adApp = new Application("aks", new ApplicationArgs
{
DisplayName = "my-aks-multicluster",
});
var adSp = new ServicePrincipal("aksSp", new ServicePrincipalArgs
{
ApplicationId = adApp.ApplicationId
});
var adSpPassword = new ServicePrincipalPassword("aksSpPassword", new ServicePrincipalPasswordArgs
{
ServicePrincipalId = adSp.Id,
Value = config.Require("password"),
EndDate = "2099-01-01T00:00:00Z",
});
// Create the individual clusters
var aksClusterNames = new List <Output <string> >();
foreach (var perClusterConfig in aksClusterConfigs)
{
var cluster = new ManagedCluster($"aksCluster-{perClusterConfig.Name}", new ManagedClusterArgs
{
// Global config arguments
ResourceGroupName = resourceGroup.Name,
LinuxProfile = new ContainerServiceLinuxProfileArgs
{
AdminUsername = "******",
Ssh = new ContainerServiceSshConfigurationArgs
{
PublicKeys =
{
new ContainerServiceSshPublicKeyArgs
{
KeyData = config.Require("sshPublicKey"),
}
}
}
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfileArgs
{
ClientId = adApp.ApplicationId,
Secret = adSpPassword.Value
},
// Per-cluster config arguments
Location = perClusterConfig.Location,
AgentPoolProfiles =
{
new ManagedClusterAgentPoolProfileArgs
{
Mode = AgentPoolMode.System,
Name = "agentpool",
Count = perClusterConfig.NodeCount,
VmSize = perClusterConfig.NodeSize,
}
},
DnsPrefix = $"{Pulumi.Deployment.Instance.StackName}-kube",
KubernetesVersion = "1.18.14",
});
aksClusterNames.Add(cluster.Name);
}
;
this.aksClusterNames = Output.All(aksClusterNames);
}
public MyStack()
{
// Create an Azure Resource Group
var resourceGroup = new ResourceGroup("azure-cs-aks");
// Create an AD service principal
var adApp = new Application("aks", new ApplicationArgs
{
DisplayName = "aks"
});
var adSp = new ServicePrincipal("aksSp", new ServicePrincipalArgs
{
ApplicationId = adApp.ApplicationId
});
// Generate random password
var password = new RandomPassword("password", new RandomPasswordArgs
{
Length = 20,
Special = true
});
// Create the Service Principal Password
var adSpPassword = new ServicePrincipalPassword("aksSpPassword", new ServicePrincipalPasswordArgs
{
ServicePrincipalId = adSp.Id,
Value = password.Result,
EndDate = "2099-01-01T00:00:00Z"
});
// Generate an SSH key
var sshKey = new PrivateKey("ssh-key", new PrivateKeyArgs
{
Algorithm = "RSA",
RsaBits = 4096
});
var cluster = new ManagedCluster("my-aks", new ManagedClusterArgs
{
ResourceGroupName = resourceGroup.Name,
AddonProfiles =
{
{ "KubeDashboard", new ManagedClusterAddonProfileArgs {
Enabled = true
} }
},
AgentPoolProfiles =
{
new ManagedClusterAgentPoolProfileArgs
{
Count = 3,
MaxPods = 110,
Mode = "System",
Name = "agentpool",
OsDiskSizeGB = 30,
OsType = "Linux",
Type = "VirtualMachineScaleSets",
VmSize = "Standard_DS2_v2",
}
},
DnsPrefix = "AzureNativeprovider",
EnableRBAC = true,
KubernetesVersion = "1.18.14",
LinuxProfile = new ContainerServiceLinuxProfileArgs
{
AdminUsername = "******",
Ssh = new ContainerServiceSshConfigurationArgs
{
PublicKeys =
{
new ContainerServiceSshPublicKeyArgs
{
KeyData = sshKey.PublicKeyOpenssh,
}
}
}
},
NodeResourceGroup = $"MC_azure-cs_my_aks",
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfileArgs
{
ClientId = adApp.ApplicationId,
Secret = adSpPassword.Value
}
});
// Export the KubeConfig
this.KubeConfig = Output.Tuple(resourceGroup.Name, cluster.Name).Apply(names =>
GetKubeConfig(names.Item1, names.Item2));
}
public MyStack()
{
var env = Deployment.Instance.StackName;
// Create an Azure Resource Group
var resourceGroup = new ResourceGroup($"{env}-skywalker-website");
// Create an Azure Storage Account
var storageAccount = new Account("storage", new AccountArgs
{
ResourceGroupName = resourceGroup.Name,
AccountReplicationType = "LRS",
AccountTier = "Standard",
});
// Create a container registry.
var registry = new Registry("registry", new RegistryArgs
{
ResourceGroupName = resourceGroup.Name,
Sku = "Basic",
AdminEnabled = true
});
// Create a username for SQL Server.
var sqlUserName = "******";
// Create a random password for SQL Server.
var sqlPassword = new RandomPassword("password", new RandomPasswordArgs
{
Length = 20,
Special = true,
}).Result;
// Create a Sql Server.
var sqlServer = new SqlServer("sql", new SqlServerArgs
{
ResourceGroupName = resourceGroup.Name,
AdministratorLogin = sqlUserName,
AdministratorLoginPassword = sqlPassword,
Version = "12.0",
});
// Create a database.
var database = new Database("skywalker", new DatabaseArgs
{
ResourceGroupName = resourceGroup.Name,
ServerName = sqlServer.Name,
RequestedServiceObjectiveName = "S0",
});
var dbConnectionString = Output.Tuple(sqlServer.Name, database.Name, sqlPassword).Apply(x =>
{
(var server, var dbName, string pwd) = x;
return
($"Server= tcp:{server}.database.windows.net;initial catalog={dbName};user ID={sqlUserName};password={pwd};Min Pool Size=0;Max Pool Size=30;Persist Security Info=true;");
});
// Create an app service plan.
var plan = new Plan($"skywalker-apps", new PlanArgs
{
ResourceGroupName = resourceGroup.Name,
Kind = "Linux",
Reserved = true,
Sku = new PlanSkuArgs
{
Tier = "Basic",
Size = "B1"
}
});
// Create an app service.
var appService = new AppService($"skywalker-website", new AppServiceArgs
{
ResourceGroupName = resourceGroup.Name,
AppServicePlanId = plan.Id,
AppSettings = new InputMap <string>
{
["WEBSITES_ENABLE_APP_SERVICE_STORAGE"] = "false",
["WEBSITE_HTTPLOGGING_RETENTION_DAYS"] = "1",
["DOCKER_REGISTRY_SERVER_URL"] = registry.LoginServer.Apply(x => $"https://{x}"),
["DOCKER_REGISTRY_SERVER_USERNAME"] = registry.AdminUsername,
["DOCKER_REGISTRY_SERVER_PASSWORD"] = registry.AdminPassword,
["DOCKER_ENABLE_CI"] = "false",
["WEBSITES_PORT"] = "80",
["ORCHARDCORE__ORCHARDCORE_DATAPROTECTION_AZURE__CONNECTIONSTRING"] =
storageAccount.PrimaryConnectionString,
["ORCHARDCORE__ORCHARDCORE_MEDIA_AZURE__CONNECTIONSTRING"] = storageAccount.PrimaryConnectionString,
["ORCHARDCORE__ORCHARDCORE_MEDIA_SHELLS__CONNECTIONSTRING"] =
storageAccount.PrimaryConnectionString,
},
ConnectionStrings = new AppServiceConnectionStringArgs
{
Name = "db",
Type = "SQLAzure",
Value = dbConnectionString,
},
Logs = new AppServiceLogsArgs
{
HttpLogs = new AppServiceLogsHttpLogsArgs
{
FileSystem = new AppServiceLogsHttpLogsFileSystemArgs
{
RetentionInDays = 1,
RetentionInMb = 35
}
}
},
SiteConfig = new AppServiceSiteConfigArgs
{
AlwaysOn = true,
LinuxFxVersion = registry.LoginServer.Apply(x => $"DOCKER|{x}/skywalker-website:latest"),
},
HttpsOnly = true
});
var appName = appService.Name;
// Create a service principal for GitHub Actions to interact with the App Service.
var adApp = new Application("skywalker-website");
var adSp = new ServicePrincipal(
"skywalker-sp",
new ServicePrincipalArgs
{
ApplicationId = adApp.ApplicationId,
});
var adSpPassword = new ServicePrincipalPassword("skywalker-sp-pwd", new ServicePrincipalPasswordArgs
{
ServicePrincipalId = adSp.Id,
Value = "!Test1234",
EndDate = "2099-01-01T00:00:00Z",
});
// Grant networking permissions to the SP (needed e.g. to provision Load Balancers).
var assignment = new Assignment("skywalker-sp-role-assignment", new AssignmentArgs
{
PrincipalId = adSp.Id,
Scope = resourceGroup.Id,
RoleDefinitionName = "Owner"
});
var azureCredentials = Output.Tuple(
adApp.ApplicationId,
Output.Create("!Test1234"))
.Apply(x =>
{
var currentSubscription = GetSubscription.InvokeAsync().Result;
var model = new
{
clientId = x.Item1,
clientSecret = x.Item2,
subscriptionId = currentSubscription.SubscriptionId,
tenantId = currentSubscription.TenantId,
};
return(JsonConvert.SerializeObject(model));
});
StorageConnectionString = storageAccount.PrimaryConnectionString;
DatabaseConnectionString = dbConnectionString;
RegistryServer = registry.LoginServer;
RegistryRepo = registry.LoginServer;
RegistryUser = registry.AdminUsername;
RegistryPassword = registry.AdminPassword;
AzureCredentials = azureCredentials;
AppName = appName;
WebsiteUrl = appService.DefaultSiteHostname.Apply(x => $"https://{x}");
// Push secrets to GitHub.
var variablePrefix = env.ToUpperInvariant();
var gitHubVariables = new GitHubVariables("github-variables", new GitHubVariablesArgs
{
Variables = new Dictionary <string, Input <string> >
{
[$"{variablePrefix}_DOCKER_REGISTRY"] = RegistryServer,
[$"{variablePrefix}_DOCKER_REPO"] = RegistryRepo,
[$"{variablePrefix}_DOCKER_USER"] = RegistryUser,
[$"{variablePrefix}_DOCKER_PASSWORD"] = RegistryPassword,
[$"{variablePrefix}_APP_NAME"] = AppName,
[$"{variablePrefix}_AZURE_CREDENTIALS"] = azureCredentials
}
});
}
public AksStack()
{
var config = new Pulumi.Config();
var kubernetesVersion = config.Get("kubernetesVersion") ?? "1.19.3";
var resourceGroup = new ResourceGroup("aks-rg");
var password = new RandomPassword("password", new RandomPasswordArgs
{
Length = 20,
Special = true,
}).Result;
var sshPublicKey = new PrivateKey("ssh-key", new PrivateKeyArgs
{
Algorithm = "RSA",
RsaBits = 4096,
}).PublicKeyOpenssh;
// Create the AD service principal for the K8s cluster.
var adApp = new Application("aks");
var adSp = new ServicePrincipal("aksSp", new ServicePrincipalArgs {
ApplicationId = adApp.ApplicationId
});
var adSpPassword = new ServicePrincipalPassword("aksSpPassword", new ServicePrincipalPasswordArgs
{
ServicePrincipalId = adSp.Id,
Value = password,
EndDate = "2099-01-01T00:00:00Z",
});
// Grant networking permissions to the SP (needed e.g. to provision Load Balancers)
var assignment = new Assignment("role-assignment", new AssignmentArgs
{
PrincipalId = adSp.Id,
Scope = resourceGroup.Id,
RoleDefinitionName = "Network Contributor"
});
// Create a Virtual Network for the cluster
var vnet = new VirtualNetwork("vnet", new VirtualNetworkArgs
{
ResourceGroupName = resourceGroup.Name,
AddressSpaces = { "10.2.0.0/16" },
});
// Create a Subnet for the cluster
var subnet = new Subnet("subnet", new SubnetArgs
{
ResourceGroupName = resourceGroup.Name,
VirtualNetworkName = vnet.Name,
AddressPrefixes = { "10.2.1.0/24" },
});
// Now allocate an AKS cluster.
var cluster = new KubernetesCluster("aksCluster", new KubernetesClusterArgs
{
ResourceGroupName = resourceGroup.Name,
DefaultNodePool = new KubernetesClusterDefaultNodePoolArgs
{
Name = "aksagentpool",
NodeCount = 3,
VmSize = "Standard_B2s",
OsDiskSizeGb = 30,
VnetSubnetId = subnet.Id,
},
DnsPrefix = "aksdemo",
LinuxProfile = new KubernetesClusterLinuxProfileArgs
{
AdminUsername = "******",
SshKey = new KubernetesClusterLinuxProfileSshKeyArgs
{
KeyData = sshPublicKey,
},
},
ServicePrincipal = new KubernetesClusterServicePrincipalArgs
{
ClientId = adApp.ApplicationId,
ClientSecret = adSpPassword.Value,
},
KubernetesVersion = kubernetesVersion,
RoleBasedAccessControl = new KubernetesClusterRoleBasedAccessControlArgs {
Enabled = true
},
NetworkProfile = new KubernetesClusterNetworkProfileArgs
{
NetworkPlugin = "azure",
DnsServiceIp = "10.2.2.254",
ServiceCidr = "10.2.2.0/24",
DockerBridgeCidr = "172.17.0.1/16",
},
});
this.KubeConfig = cluster.KubeConfigRaw;
}
public AksStack()
{
var resourceGroup = new ResourceGroup("aks-rg");
var randomPassword = new RandomPassword("password", new RandomPasswordArgs
{
Length = 20,
Special = true,
}).Result;
var sshPublicKey = new PrivateKey("ssh-key", new PrivateKeyArgs
{
Algorithm = "RSA",
RsaBits = 4096,
}).PublicKeyOpenssh;
// Create the AD service principal for the K8s cluster.
var adApp = new Application("aks");
var adSp = new ServicePrincipal("aksSp", new ServicePrincipalArgs {
ApplicationId = adApp.ApplicationId
});
var adSpPassword = new ServicePrincipalPassword("aksSpPassword", new ServicePrincipalPasswordArgs
{
ServicePrincipalId = adSp.Id,
Value = randomPassword,
EndDate = "2099-01-01T00:00:00Z",
});
// Grant networking permissions to the SP (needed e.g. to provision Load Balancers).
var assignment = new Assignment("role-assignment", new AssignmentArgs
{
PrincipalId = adSp.Id,
Scope = resourceGroup.Id,
RoleDefinitionName = "Network Contributor"
});
// Create a Virtual Network for the cluster.
var vnet = new VirtualNetwork("vnet", new VirtualNetworkArgs
{
ResourceGroupName = resourceGroup.Name,
AddressSpaces = { "10.2.0.0/16" },
});
// Create a Subnet for the cluster.
var subnet = new Subnet("subnet", new SubnetArgs
{
ResourceGroupName = resourceGroup.Name,
VirtualNetworkName = vnet.Name,
AddressPrefix = "10.2.1.0/24",
});
// Now allocate an AKS cluster.
var cluster = new KubernetesCluster("aksCluster", new KubernetesClusterArgs
{
ResourceGroupName = resourceGroup.Name,
DefaultNodePool = new KubernetesClusterDefaultNodePoolArgs
{
Name = "aksagentpool",
NodeCount = 3,
VmSize = "Standard_B2s",
OsDiskSizeGb = 30,
VnetSubnetId = subnet.Id
},
DnsPrefix = "sampleaks",
LinuxProfile = new KubernetesClusterLinuxProfileArgs
{
AdminUsername = "******",
SshKey = new KubernetesClusterLinuxProfileSshKeyArgs
{
KeyData = sshPublicKey,
},
},
ServicePrincipal = new KubernetesClusterServicePrincipalArgs
{
ClientId = adApp.ApplicationId,
ClientSecret = adSpPassword.Value,
},
KubernetesVersion = "1.16.9",
RoleBasedAccessControl = new KubernetesClusterRoleBasedAccessControlArgs {
Enabled = true
},
NetworkProfile = new KubernetesClusterNetworkProfileArgs
{
NetworkPlugin = "azure",
DnsServiceIp = "10.2.2.254",
ServiceCidr = "10.2.2.0/24",
DockerBridgeCidr = "172.17.0.1/16",
},
});
// Create a k8s provider pointing to the kubeconfig.
var k8sProvider = new Pulumi.Kubernetes.Provider("k8s", new Pulumi.Kubernetes.ProviderArgs
{
KubeConfig = cluster.KubeConfigRaw
});
var customResourceOptions = new CustomResourceOptions
{
Provider = k8sProvider
};
// Create a Container Registry.
var registry = new Registry("acregistry", new RegistryArgs
{
ResourceGroupName = resourceGroup.Name,
Sku = "Basic",
AdminEnabled = true
});
// Build & push the sample application to the registry.
var applicationName = "sample-application";
var imageName = registry.LoginServer.Apply(value => $"{value}/{applicationName}");
var image = new Image(applicationName, new ImageArgs
{
Build = "./SampleApplication",
Registry = new ImageRegistry
{
Server = registry.LoginServer,
Username = registry.AdminUsername,
Password = registry.AdminPassword
},
ImageName = imageName
}, new ComponentResourceOptions
{
Provider = k8sProvider
});
// Create a k8s secret for use when pulling images from the container registry when deploying the sample application.
var dockerCfg = Output.All <string>(registry.LoginServer, registry.AdminUsername, registry.AdminPassword).Apply(
values =>
{
var r = new Dictionary <string, object>();
var server = values[0];
var username = values[1];
var password = values[2];
r[server] = new
{
email = "*****@*****.**",
username,
password
};
return(r);
});
var dockerCfgString = dockerCfg.Apply(x =>
Convert.ToBase64String(Encoding.UTF8.GetBytes(System.Text.Json.JsonSerializer.Serialize(x))));
var dockerCfgSecretName = "dockercfg-secret";
var dockerCfgSecret = new Pulumi.Kubernetes.Core.V1.Secret(dockerCfgSecretName, new SecretArgs
{
Data =
{
{ ".dockercfg", dockerCfgString }
},
Type = "kubernetes.io/dockercfg",
Metadata = new ObjectMetaArgs
{
Name = dockerCfgSecretName,
}
}, customResourceOptions);
// Deploy the sample application to the cluster.
var labels = new InputMap <string>
{
{ "app", $"app-{applicationName}" },
};
var deployment = new Pulumi.Kubernetes.Apps.V1.Deployment(applicationName, new DeploymentArgs
{
Spec = new DeploymentSpecArgs
{
Selector = new LabelSelectorArgs
{
MatchLabels = labels,
},
Replicas = 1,
Template = new PodTemplateSpecArgs
{
Metadata = new ObjectMetaArgs
{
Labels = labels,
Name = applicationName
},
Spec = new PodSpecArgs
{
Containers = new List <ContainerArgs>
{
new ContainerArgs
{
Name = applicationName,
Image = image.ImageName,
}
},
ImagePullSecrets = new LocalObjectReferenceArgs
{
Name = dockerCfgSecretName
}
}
}
}
}, customResourceOptions);
// Create a new service.
var service = new Pulumi.Kubernetes.Core.V1.Service(applicationName, new ServiceArgs
{
Metadata = new ObjectMetaArgs
{
Name = applicationName,
Labels = labels
},
Spec = new ServiceSpecArgs
{
Type = "LoadBalancer",
Selector = deployment.Spec.Apply(x => x.Template.Metadata.Labels),
Ports = new ServicePortArgs
{
Port = 80
}
}
}, customResourceOptions);
this.KubeConfig = cluster.KubeConfigRaw;
this.DockercfgSecretName = dockerCfgSecret.Metadata.Apply(x => x.Name);
}
public AksCluster(string name, AksClusterArgs args)
: base("example:component:AksCluster", name)
{
var adApp = new Application("app", new ApplicationArgs
{
DisplayName = "aks-cosmos"
}, new CustomResourceOptions {
Parent = this
});
var adSp = new ServicePrincipal("service-principal", new ServicePrincipalArgs
{
ApplicationId = adApp.ApplicationId
}, new CustomResourceOptions {
Parent = this
});
var pw = new RandomPassword("pw", new RandomPasswordArgs
{
Length = 20,
Special = true
}, new CustomResourceOptions {
Parent = this
});
var adSpPassword = new ServicePrincipalPassword("sp-password", new ServicePrincipalPasswordArgs
{
ServicePrincipalId = adSp.Id,
Value = pw.Result,
EndDate = "2099-01-01T00:00:00Z"
}, new CustomResourceOptions {
Parent = this
});
var keyPair = new PrivateKey("ssh-key", new PrivateKeyArgs
{
Algorithm = "RSA",
RsaBits = 4096
}, new CustomResourceOptions {
Parent = this
});
var k8sCluster = new ManagedCluster(name, new ManagedClusterArgs
{
ResourceGroupName = args.ResourceGroupName,
AddonProfiles =
{
["KubeDashboard"] = new ManagedClusterAddonProfileArgs {
Enabled = true
}
},
AgentPoolProfiles =
{
new ManagedClusterAgentPoolProfileArgs
{
Count = args.NodeCount,
VmSize = args.NodeSize,
MaxPods = 110,
Mode = "System",
Name = "agentpool",
OsDiskSizeGB = 30,
OsType = "Linux",
Type = "VirtualMachineScaleSets"
}
},
DnsPrefix = args.ResourceGroupName,
EnableRBAC = true,
KubernetesVersion = args.KubernetesVersion,
LinuxProfile = new ContainerServiceLinuxProfileArgs
{
AdminUsername = "******",
Ssh = new ContainerServiceSshConfigurationArgs
{
PublicKeys = new ContainerServiceSshPublicKeyArgs
{
KeyData = keyPair.PublicKeyOpenssh
}
}
},
NodeResourceGroup = $"{name}-node-rg",
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfileArgs
{
ClientId = adApp.ApplicationId,
Secret = adSpPassword.Value
}
}, new CustomResourceOptions {
Parent = this
});
this.ClusterName = k8sCluster.Name;
this.KubeConfig = Output.Tuple(k8sCluster.Name, args.ResourceGroupName.ToOutput())
.Apply(pair =>
{
var k8sClusterName = pair.Item1;
var resourceGroupName = pair.Item2;
return(ListManagedClusterUserCredentials.InvokeAsync(new ListManagedClusterUserCredentialsArgs
{
ResourceGroupName = resourceGroupName,
ResourceName = k8sClusterName
}));
})
.Apply(x => x.Kubeconfigs[0].Value)
.Apply(Convert.FromBase64String)
.Apply(Encoding.UTF8.GetString);
this.Provider = new K8s.Provider("k8s-provider", new K8s.ProviderArgs
{
KubeConfig = this.KubeConfig
}, new CustomResourceOptions {
Parent = this
});
}
public MyCluster(MyConfig cfg)
{
var resourceGroup = new ResourceGroup("rg");
var adApp = new Application("app", new ApplicationArgs
{
DisplayName = "app"
});
var adSp = new ServicePrincipal("service-principal", new ServicePrincipalArgs
{
ApplicationId = adApp.ApplicationId
});
var adSpPassword = new ServicePrincipalPassword("sp-password", new ServicePrincipalPasswordArgs
{
ServicePrincipalId = adSp.Id,
Value = cfg.Password,
EndDate = "2099-01-01T00:00:00Z"
});
var k8sCluster = new ManagedCluster("cluster", new ManagedClusterArgs
{
ResourceGroupName = resourceGroup.Name,
AddonProfiles =
{
["KubeDashboard"] = new ManagedClusterAddonProfileArgs {
Enabled = true
}
},
AgentPoolProfiles =
{
new ManagedClusterAgentPoolProfileArgs
{
Count = cfg.NodeCount,
VmSize = cfg.NodeSize,
MaxPods = 110,
Mode = "System",
Name = "agentpool",
OsDiskSizeGB = 30,
OsType = "Linux",
Type = "VirtualMachineScaleSets"
}
},
DnsPrefix = resourceGroup.Name,
EnableRBAC = true,
KubernetesVersion = cfg.K8SVersion,
LinuxProfile = new ContainerServiceLinuxProfileArgs
{
AdminUsername = cfg.AdminUserName,
Ssh = new ContainerServiceSshConfigurationArgs
{
PublicKeys = new ContainerServiceSshPublicKeyArgs
{
KeyData = cfg.SshPublicKey
}
}
},
NodeResourceGroup = "node-resource-group",
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfileArgs
{
ClientId = adApp.ApplicationId,
Secret = adSpPassword.Value
}
});
this.ClusterName = k8sCluster.Name;
this.Kubeconfig = ListManagedClusterUserCredentials.Invoke(
new ListManagedClusterUserCredentialsInvokeArgs
{
ResourceGroupName = resourceGroup.Name,
ResourceName = k8sCluster.Name
})
.Apply(x => x.Kubeconfigs[0].Value)
.Apply(Convert.FromBase64String)
.Apply(Encoding.UTF8.GetString);
this.Provider = new K8s.Provider("k8s-provider", new K8s.ProviderArgs
{
KubeConfig = Kubeconfig
});
}
private static AzureResourceBag CreateBaseAzureInfrastructure(Config config)
{
var location = config.Require("azure-location");
var environment = config.Require("azure-tags-environment");
var owner = config.Require("azure-tags-owner");
var createdBy = config.Require("azure-tags-createdby");
var kubernetesVersion = config.Require("kubernetes-version");
var kubernetesNodeCount = config.RequireInt32("kubernetes-scaling-nodecount");
var sqlUser = config.RequireSecret("azure-sqlserver-username");
var sqlPassword = config.RequireSecret("azure-sqlserver-password");
var tags = new InputMap <string>
{
{ "Environment", environment },
{ "CreatedBy", createdBy },
{ "Owner", owner }
};
var resourceGroup = new ResourceGroup("pet-doctor-resource-group", new ResourceGroupArgs
{
Name = "pet-doctor",
Location = location,
Tags = tags
});
var vnet = new VirtualNetwork("pet-doctor-vnet", new VirtualNetworkArgs
{
ResourceGroupName = resourceGroup.Name,
Name = "petdoctorvnet",
AddressSpaces = { "10.0.0.0/8" },
Tags = tags
});
var subnet = new Subnet("pet-doctor-subnet", new SubnetArgs
{
ResourceGroupName = resourceGroup.Name,
Name = "petdoctorsubet",
AddressPrefixes = { "10.240.0.0/16" },
VirtualNetworkName = vnet.Name,
ServiceEndpoints = new InputList <string> {
"Microsoft.KeyVault", "Microsoft.Sql"
}
});
var registry = new Registry("pet-doctor-acr", new RegistryArgs
{
ResourceGroupName = resourceGroup.Name,
Name = "petdoctoracr",
Sku = "Standard",
AdminEnabled = true,
Tags = tags
});
var aksServicePrincipalPassword = new RandomPassword("pet-doctor-aks-ad-sp-password", new RandomPasswordArgs
{
Length = 20,
Special = true,
}).Result;
var clusterAdApp = new Application("pet-doctor-aks-ad-app", new ApplicationArgs
{
Name = "petdoctoraks"
});
var clusterAdServicePrincipal = new ServicePrincipal("aks-app-sp", new ServicePrincipalArgs
{
ApplicationId = clusterAdApp.ApplicationId
});
var clusterAdServicePrincipalPassword = new ServicePrincipalPassword("aks-app-sp-pwd", new ServicePrincipalPasswordArgs
{
ServicePrincipalId = clusterAdServicePrincipal.ObjectId,
EndDate = "2099-01-01T00:00:00Z",
Value = aksServicePrincipalPassword
});
// Grant networking permissions to the SP (needed e.g. to provision Load Balancers)
var subnetAssignment = new Assignment("pet-doctor-aks-sp-subnet-assignment", new AssignmentArgs
{
PrincipalId = clusterAdServicePrincipal.Id,
RoleDefinitionName = "Network Contributor",
Scope = subnet.Id
});
var acrAssignment = new Assignment("pet-doctor-aks-sp-acr-assignment", new AssignmentArgs
{
PrincipalId = clusterAdServicePrincipal.Id,
RoleDefinitionName = "AcrPull",
Scope = registry.Id
});
var logAnalyticsWorkspace = new AnalyticsWorkspace("pet-doctor-aks-log-analytics", new AnalyticsWorkspaceArgs
{
ResourceGroupName = resourceGroup.Name,
Name = "petdoctorloganalytics",
Sku = "PerGB2018",
Tags = tags
});
var logAnalyticsSolution = new AnalyticsSolution("pet-doctor-aks-analytics-solution", new AnalyticsSolutionArgs
{
ResourceGroupName = resourceGroup.Name,
SolutionName = "ContainerInsights",
WorkspaceName = logAnalyticsWorkspace.Name,
WorkspaceResourceId = logAnalyticsWorkspace.Id,
Plan = new AnalyticsSolutionPlanArgs
{
Product = "OMSGallery/ContainerInsights",
Publisher = "Microsoft"
}
});
var sshPublicKey = new PrivateKey("ssh-key", new PrivateKeyArgs
{
Algorithm = "RSA",
RsaBits = 4096,
});
var cluster = new KubernetesCluster("pet-doctor-aks", new KubernetesClusterArgs
{
ResourceGroupName = resourceGroup.Name,
Name = "petdoctoraks",
DnsPrefix = "dns",
KubernetesVersion = kubernetesVersion,
DefaultNodePool = new KubernetesClusterDefaultNodePoolArgs
{
Name = "aksagentpool",
NodeCount = kubernetesNodeCount,
VmSize = "Standard_D2_v2",
OsDiskSizeGb = 30,
VnetSubnetId = subnet.Id
},
LinuxProfile = new KubernetesClusterLinuxProfileArgs
{
AdminUsername = "******",
SshKey = new KubernetesClusterLinuxProfileSshKeyArgs
{
KeyData = sshPublicKey.PublicKeyOpenssh
}
},
ServicePrincipal = new KubernetesClusterServicePrincipalArgs
{
ClientId = clusterAdApp.ApplicationId,
ClientSecret = clusterAdServicePrincipalPassword.Value
},
RoleBasedAccessControl = new KubernetesClusterRoleBasedAccessControlArgs
{
Enabled = true
},
NetworkProfile = new KubernetesClusterNetworkProfileArgs
{
NetworkPlugin = "azure",
ServiceCidr = "10.2.0.0/24",
DnsServiceIp = "10.2.0.10",
DockerBridgeCidr = "172.17.0.1/16"
},
AddonProfile = new KubernetesClusterAddonProfileArgs
{
OmsAgent = new KubernetesClusterAddonProfileOmsAgentArgs
{
Enabled = true,
LogAnalyticsWorkspaceId = logAnalyticsWorkspace.Id
}
},
Tags = tags
});
var sqlServer = new SqlServer("pet-doctor-sql", new SqlServerArgs
{
ResourceGroupName = resourceGroup.Name,
Name = "petdoctorsql",
Tags = tags,
Version = "12.0",
AdministratorLogin = sqlUser,
AdministratorLoginPassword = sqlPassword
});
var sqlvnetrule = new VirtualNetworkRule("pet-doctor-sql", new VirtualNetworkRuleArgs
{
ResourceGroupName = resourceGroup.Name,
Name = "petdoctorsql",
ServerName = sqlServer.Name,
SubnetId = subnet.Id,
});
var appInsights = new Insights("pet-doctor-ai", new InsightsArgs
{
ApplicationType = "web",
Name = "petdoctor",
ResourceGroupName = resourceGroup.Name,
Tags = tags
});
var provider = new Provider("pet-doctor-aks-provider", new ProviderArgs
{
KubeConfig = cluster.KubeConfigRaw
});
return(new AzureResourceBag
{
ResourceGroup = resourceGroup,
SqlServer = sqlServer,
Cluster = cluster,
ClusterProvider = provider,
AppInsights = appInsights,
AksServicePrincipal = clusterAdServicePrincipal,
Subnet = subnet,
Registry = registry,
Tags = tags
});
}
