-
-
Save mvasilenko/44db0957770e87256b52dccc4d33ee92 to your computer and use it in GitHub Desktop.
This script will setup a new Azure Resource Group and Azure Kubernetes Service cluster environment also with an Azure Container Registry resource.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## This creates a working single node Azure Kubernetes Cluster | |
| ## and with an Azure Container Registry. Note, the ACR is in | |
| ## the same resource group as the AKS for demo purposes. For | |
| ## dev you should have ACR in separate resource group. | |
| echo "Beginning AKS Setup for Demo" | |
| date | |
| AKS_RESOURCE_GROUP=aks-rg1 | |
| AKS_CLUSTER_NAME=aks-c1 | |
| ACR_RESOURCE_GROUP=MC_aks-rg1_aks-c1_centralus | |
| ACR_NAME=aksacr122 | |
| SERVICE_PRINCIPAL_NAME=aks-sp-user | |
| RG_LOCATION=CentralUS | |
| DOCKER_USERNAME=$ACR_NAME | |
| DOCKER_EMAIL={provide email address here} #does not have to be an account with docker hub | |
| #DOCKER_PASSWORD is applied a value later | |
| az group create --location $RG_LOCATION --name $AKS_RESOURCE_GROUP | |
| az aks create -g $AKS_RESOURCE_GROUP -n $AKS_CLUSTER_NAME --generate-ssh-keys --node-count 1 --node-vm-size Standard_F1s | |
| az acr create --resource-group $ACR_RESOURCE_GROUP --name $ACR_NAME --sku Basic --admin-enabled true | |
| CLIENT_ID=$(az aks show --resource-group $AKS_RESOURCE_GROUP --name $AKS_CLUSTER_NAME --query "servicePrincipalProfile.clientId" --output tsv) | |
| # Get the ACR registry resource id | |
| ACR_ID=$(az acr show --name $ACR_NAME --resource-group $ACR_RESOURCE_GROUP --query "id" --output tsv) | |
| # Create role assignment | |
| az role assignment create --assignee $CLIENT_ID --role Reader --scope $ACR_ID | |
| # Populate the ACR login server and resource id. | |
| ACR_LOGIN_SERVER=$(az acr show --name $ACR_NAME --query loginServer --output tsv) | |
| ACR_REGISTRY_ID=$(az acr show --name $ACR_NAME --query id --output tsv) | |
| # Create a contributor role assignment with a scope of the ACR resource. | |
| SP_PASSWD=$(az ad sp create-for-rbac --name $SERVICE_PRINCIPAL_NAME --role Reader --scopes $ACR_REGISTRY_ID --query password --output tsv) | |
| # Get the service principle client id. | |
| CLIENT_ID=$(az ad sp show --id http://$SERVICE_PRINCIPAL_NAME --query appId --output tsv) | |
| # Output used when creating Kubernetes secret. | |
| echo "Service principal ID: $CLIENT_ID" | |
| echo "Service principal password: $SP_PASSWD" | |
| #connect to the aks environment | |
| az aks get-credentials --resource-group $AKS_RESOURCE_GROUP --name $AKS_CLUSTER_NAME | |
| ACR_HTTPS_LOGIN_SERVER="https://$ACR_LOGIN_SERVER" | |
| ### get password from ACR | |
| DOCKER_PASSWORD=$(az acr credential show -n $ACR_NAME --query passwords[0].value -o tsv) | |
| kubectl create secret docker-registry acrconnection --docker-server=$ACR_HTTPS_LOGIN_SERVER --docker-username=$DOCKER_USERNAME --docker-password=$DOCKER_PASSWORD --docker-email=$DOCKER_EMAIL | |
| az acr login --name $ACR_NAME | |
| echo "Completed AKS Setup" | |
| date | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment