naioja · August 25, 2022 08:09
diff --git a/AKS Install Options Demo Script b/AKS Install Options Demo Script
 #/bin/bash

 #
 # Script to quickly install an AKS cluster
 #

 set -x

 # Install the aks-preview extension
 az extension add --name aks-preview

 # Update the extension to make sure you have the latest version installed
 az extension update --name aks-preview

 #
 # General Resource Group settings
 #
 COUNT="001"
 LOCATION="eastus2"
 RG_NAME="rg-aks$COUNT"

 VNET_NAME="vnet001"
 VNET_ADDRESS_PREFIXES="172.16.0.0/16"
 VNET_NSG_NAME="nsg001"

 TAGS_NAME="Environment=AKS"

 PUBLIC_IP_NAME="aks-slb-outbound-pip001"

 SSH_KEY_VALUE="~/.ssh/id_rsa.pub"
 CLIENT_IP=$(curl http://ifconfig.me)

 #
 # AKS Cluster settings
 #
 AKS_NAME="aj-aks$COUNT"
 AKS_SYSVM_SIZE="Standard_DS2_v2"
 AKS_SUBNET_NAME="subnet-aks001"
 AKS_SUBNET_PREFIX="172.16.0.0/23"
 AKS_VERSION=$(az aks get-versions -l $LOCATION --query 'orchestrators[?default == `true`]' -o tsv | awk '{print $4}')
 AKS_NETWORK_PLUGIN="azure"
 AKS_NETWORK_POLICY_PLUGIN="calico"
 AKS_NODEPOOL_NAME="sysnp001"
 AKS_MC_NAME="rg-managed-$AKS_NAME"
 # Add your AAD GROUP OBJECT ID HERE !!!!!!!!!
 AKS_AAD_ADMIN=""

 #1. Create resource group
 az group create \
    --location $LOCATION \
    --resource-group $RG_NAME \
    --tags $TAGS_NAME

 #2. Create User Managed Identity
 az identity create \
    --location $LOCATION \
    --resource-group $RG_NAME \
    --name user-identity-${AKS_NAME} \
    --tags $TAGS_NAME

 UMI=$(az identity list --query '[].id' -o tsv | grep user-identity)

 #3. Create Kubelet Managed Identity
 az identity create \
    --location $LOCATION \
    --resource-group $RG_NAME \
    --name kubelet-identity-${AKS_NAME} \
    --tags $TAGS_NAME

 KMI=$(az identity list --query '[].id' -o tsv | grep kubelet-identity)

 #4. Create NSG
 az network nsg create \
    --location $LOCATION \
    --resource-group $RG_NAME \
    --name $VNET_NSG_NAME \
    --tags $TAGS_NAME

 #5. Create VNet and AKS Subnets
 az network vnet create \
    --location $LOCATION \
    --resource-group $RG_NAME \
    --name $VNET_NAME \
    --tags $TAGS_NAME \
    --network-security-group $VNET_NSG_NAME \
    --address-prefixes $VNET_ADDRESS_PREFIXES \
    --subnet-name $AKS_SUBNET_NAME \
    --subnet-prefix $AKS_SUBNET_PREFIX

 #6. Create Static Public IP
 az network public-ip create \
    --location $LOCATION \
    --resource-group $RG_NAME \
    --name $PUBLIC_IP_NAME \
    --tags $TAGS_NAME \
    --allocation-method Static \
    --sku Standard \
    --tier Regional \
    --version IPv4 \
    --zone 1 2 3

 #
 # Set working variables
 #
 AKS_SUBNET_ID=$(az network vnet subnet show --resource-group  $RG_NAME --vnet-name $VNET_NAME --name $AKS_SUBNET_NAME --query id -o tsv)
 OUTBOUND_IP_ID=$(az network public-ip show --resource-group $RG_NAME --name $PUBLIC_IP_NAME --query id -o tsv)

 echo ""
 echo "Sleep for 30 seconds for AAD propagation"; sleep 30
 echo ""

 #7. Create AKS cluster
 az aks create \
    --location $LOCATION \
    --resource-group $RG_NAME \
    --name $AKS_NAME \
    --tags $TAGS_NAME \
    --enable-aad \
    --aad-admin-group-object-ids $AKS_AAD_ADMIN \
    --enable-managed-identity \
    --enable-azure-rbac \
    --enable-secret-rotation \
    --enable-cluster-autoscaler \
    --node-count 1 \
    --min-count 1 \
    --max-count 3 \
    --admin-username azureadmin \
    --assign-identity $UMI \
    --assign-kubelet-identity $KMI \
    --auto-upgrade-channel stable \
    --disable-local-accounts \
    --nodepool-name $AKS_NODEPOOL_NAME \
    --node-resource-group $AKS_MC_NAME \
    --kubernetes-version $AKS_VERSION \
    --network-plugin $AKS_NETWORK_PLUGIN \
    --network-policy $AKS_NETWORK_POLICY_PLUGIN \
    --service-cidr 10.2.0.0/24 \
    --dns-service-ip 10.2.0.10 \
    --docker-bridge-address 172.17.0.1/16 \
    --vnet-subnet-id $AKS_SUBNET_ID \
    --api-server-authorized-ip-ranges $CLIENT_IP \
    --node-vm-size $AKS_SYSVM_SIZE \
    --os-sku Ubuntu \
    --node-osdisk-type Ephemeral \
    --node-osdisk-size 80 \
    --load-balancer-sku standard \
    --load-balancer-outbound-ips $OUTBOUND_IP_ID \
    --load-balancer-idle-timeout 5 \
    --load-balancer-outbound-ports 8000 \
    --ssh-key-value $SSH_KEY_VALUE \
    --vm-set-type VirtualMachineScaleSets \
    --zone 1 2 3
	#/bin/bash

	#
	# Script to quickly install an AKS cluster
	#

	set -x

	# Install the aks-preview extension
	az extension add --name aks-preview

	# Update the extension to make sure you have the latest version installed
	az extension update --name aks-preview

	#
	# General Resource Group settings
	#
	COUNT="001"
	LOCATION="eastus2"
	RG_NAME="rg-aks$COUNT"

	VNET_NAME="vnet001"
	VNET_ADDRESS_PREFIXES="172.16.0.0/16"
	VNET_NSG_NAME="nsg001"

	TAGS_NAME="Environment=AKS"

	PUBLIC_IP_NAME="aks-slb-outbound-pip001"

	SSH_KEY_VALUE="~/.ssh/id_rsa.pub"
	CLIENT_IP=$(curl http://ifconfig.me)

	#
	# AKS Cluster settings
	#
	AKS_NAME="aj-aks$COUNT"
	AKS_SYSVM_SIZE="Standard_DS2_v2"
	AKS_SUBNET_NAME="subnet-aks001"
	AKS_SUBNET_PREFIX="172.16.0.0/23"
	AKS_VERSION=$(az aks get-versions -l $LOCATION --query 'orchestrators[?default == `true`]' -o tsv \| awk '{print $4}')
	AKS_NETWORK_PLUGIN="azure"
	AKS_NETWORK_POLICY_PLUGIN="calico"
	AKS_NODEPOOL_NAME="sysnp001"
	AKS_MC_NAME="rg-managed-$AKS_NAME"
	# Add your AAD GROUP OBJECT ID HERE !!!!!!!!!
	AKS_AAD_ADMIN=""

	#1. Create resource group
	az group create \
	--location $LOCATION \
	--resource-group $RG_NAME \
	--tags $TAGS_NAME

	#2. Create User Managed Identity
	az identity create \
	--location $LOCATION \
	--resource-group $RG_NAME \
	--name user-identity-${AKS_NAME} \
	--tags $TAGS_NAME

	UMI=$(az identity list --query '[].id' -o tsv \| grep user-identity)

	#3. Create Kubelet Managed Identity
	az identity create \
	--location $LOCATION \
	--resource-group $RG_NAME \
	--name kubelet-identity-${AKS_NAME} \
	--tags $TAGS_NAME

	KMI=$(az identity list --query '[].id' -o tsv \| grep kubelet-identity)

	#4. Create NSG
	az network nsg create \
	--location $LOCATION \
	--resource-group $RG_NAME \
	--name $VNET_NSG_NAME \
	--tags $TAGS_NAME

	#5. Create VNet and AKS Subnets
	az network vnet create \
	--location $LOCATION \
	--resource-group $RG_NAME \
	--name $VNET_NAME \
	--tags $TAGS_NAME \
	--network-security-group $VNET_NSG_NAME \
	--address-prefixes $VNET_ADDRESS_PREFIXES \
	--subnet-name $AKS_SUBNET_NAME \
	--subnet-prefix $AKS_SUBNET_PREFIX

	#6. Create Static Public IP
	az network public-ip create \
	--location $LOCATION \
	--resource-group $RG_NAME \
	--name $PUBLIC_IP_NAME \
	--tags $TAGS_NAME \
	--allocation-method Static \
	--sku Standard \
	--tier Regional \
	--version IPv4 \
	--zone 1 2 3

	#
	# Set working variables
	#
	AKS_SUBNET_ID=$(az network vnet subnet show --resource-group $RG_NAME --vnet-name $VNET_NAME --name $AKS_SUBNET_NAME --query id -o tsv)
	OUTBOUND_IP_ID=$(az network public-ip show --resource-group $RG_NAME --name $PUBLIC_IP_NAME --query id -o tsv)

	echo ""
	echo "Sleep for 30 seconds for AAD propagation"; sleep 30
	echo ""

	#7. Create AKS cluster
	az aks create \
	--location $LOCATION \
	--resource-group $RG_NAME \
	--name $AKS_NAME \
	--tags $TAGS_NAME \
	--enable-aad \
	--aad-admin-group-object-ids $AKS_AAD_ADMIN \
	--enable-managed-identity \
	--enable-azure-rbac \
	--enable-secret-rotation \
	--enable-cluster-autoscaler \
	--node-count 1 \
	--min-count 1 \
	--max-count 3 \
	--admin-username azureadmin \
	--assign-identity $UMI \
	--assign-kubelet-identity $KMI \
	--auto-upgrade-channel stable \
	--disable-local-accounts \
	--nodepool-name $AKS_NODEPOOL_NAME \
	--node-resource-group $AKS_MC_NAME \
	--kubernetes-version $AKS_VERSION \
	--network-plugin $AKS_NETWORK_PLUGIN \
	--network-policy $AKS_NETWORK_POLICY_PLUGIN \
	--service-cidr 10.2.0.0/24 \
	--dns-service-ip 10.2.0.10 \
	--docker-bridge-address 172.17.0.1/16 \
	--vnet-subnet-id $AKS_SUBNET_ID \
	--api-server-authorized-ip-ranges $CLIENT_IP \
	--node-vm-size $AKS_SYSVM_SIZE \
	--os-sku Ubuntu \
	--node-osdisk-type Ephemeral \
	--node-osdisk-size 80 \
	--load-balancer-sku standard \
	--load-balancer-outbound-ips $OUTBOUND_IP_ID \
	--load-balancer-idle-timeout 5 \
	--load-balancer-outbound-ports 8000 \
	--ssh-key-value $SSH_KEY_VALUE \
	--vm-set-type VirtualMachineScaleSets \
	--zone 1 2 3