Last active
September 19, 2024 05:42
-
-
Save rajvermacas/3b865e804668ecad36c809d24923d3e1 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| az role definition list --name "Azure Kubernetes Service Cluster Admin Role" --query "[].id" -o tsv | |
| az role assignment create --assignee-object-id <principal_id> --assignee-principal-type <principal_type> --scope <aks_cluster_id> --role "Azure Kubernetes Service Cluster Admin Role" | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Azure provider configuration | |
| terraform { | |
| required_providers { | |
| azurerm = { | |
| source = "hashicorp/azurerm" | |
| version = "~> 3.0" | |
| } | |
| } | |
| } | |
| provider "azurerm" { | |
| features {} | |
| } | |
| # Variables | |
| variable "aks_cluster_id" { | |
| description = "The ID of the AKS cluster" | |
| type = string | |
| } | |
| variable "principal_id" { | |
| description = "The ID of the principal (user, group, service principal, or managed identity) to assign the role to" | |
| type = string | |
| } | |
| # Data source for the Azure Kubernetes Service Cluster Admin Role | |
| data "azurerm_role_definition" "aks_cluster_admin" { | |
| name = "Azure Kubernetes Service Cluster Admin Role" | |
| } | |
| # Role assignment | |
| resource "azurerm_role_assignment" "aks_admin" { | |
| scope = var.aks_cluster_id | |
| role_definition_id = data.azurerm_role_definition.aks_cluster_admin.id | |
| principal_id = var.principal_id | |
| } | |
| # Output | |
| output "role_assignment_id" { | |
| value = azurerm_role_assignment.aks_admin.id | |
| description = "The ID of the Role Assignment" | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Assign Required Permissions to the AAD Identity | |
| Ensure that the identity you're using has the necessary permissions to access the AKS cluster. Specifically, you need the Azure Kubernetes Service Cluster Admin Role or a custom role with the necessary permissions. | |
| Using Azure Portal: | |
| Go to the Azure portal and navigate to the AKS cluster. | |
| Click on Access control (IAM) on the left sidebar. | |
| Click on Add > Add role assignment. | |
| In the role dropdown, select Azure Kubernetes Service Cluster Admin Role. | |
| In the Assign access to dropdown, select the appropriate option (e.g., User, Service principal, Managed identity). | |
| Search for the identity you're using and select it. | |
| Click Save. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from azure.identity import DefaultAzureCredential | |
| from azure.mgmt.containerservice import ContainerServiceClient | |
| from kubernetes import client, config | |
| # Azure subscription and AKS cluster details | |
| subscription_id = "your_subscription_id" | |
| resource_group = "your_resource_group" | |
| cluster_name = "your_aks_cluster_name" | |
| # Authenticate with Azure | |
| credential = DefaultAzureCredential() | |
| # Create a ContainerServiceClient | |
| aks_client = ContainerServiceClient(credential, subscription_id) | |
| # Get AKS cluster credentials | |
| credentials = aks_client.managed_clusters.list_cluster_admin_credentials(resource_group, cluster_name) | |
| kubeconfig = credentials.kubeconfigs[0].value | |
| # Write kubeconfig to a file | |
| with open("kubeconfig", "w") as f: | |
| f.write(kubeconfig) | |
| # Load the kubeconfig | |
| config.load_kube_config("kubeconfig") | |
| # Create a Kubernetes API client | |
| v1 = client.CoreV1Api() | |
| # Example: List all pods in the default namespace | |
| print("Listing pods with their IPs:") | |
| ret = v1.list_namespaced_pod(namespace="default") | |
| for i in ret.items: | |
| print(f"{i.status.pod_ip}\t{i.metadata.name}") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| import yaml | |
| from azure.identity import DefaultAzureCredential | |
| from azure.mgmt.containerservice import ContainerServiceClient | |
| from kubernetes import client, config | |
| from kubernetes.config.kube_config import KubeConfigLoader | |
| # Step 1: Set up environment variables for Azure authentication | |
| os.environ['AZURE_CLIENT_ID'] = 'YOUR_CLIENT_ID' | |
| os.environ['AZURE_CLIENT_SECRET'] = 'YOUR_CLIENT_SECRET' | |
| os.environ['AZURE_TENANT_ID'] = 'YOUR_TENANT_ID' | |
| os.environ['AZURE_SUBSCRIPTION_ID'] = 'YOUR_SUBSCRIPTION_ID' | |
| os.environ['AZURE_RESOURCE_GROUP_NAME'] = 'YOUR_RESOURCE_GROUP_NAME' | |
| os.environ['CLUSTER_NAME'] = 'YOUR_CLUSTER_NAME' | |
| # Step 2: Authenticate and get AKS cluster credentials | |
| credential = DefaultAzureCredential(exclude_cli_credential=True) | |
| subscription_id = os.getenv('AZURE_SUBSCRIPTION_ID') | |
| resource_group_name = os.getenv('AZURE_RESOURCE_GROUP_NAME') | |
| cluster_name = os.getenv('CLUSTER_NAME') | |
| container_service_client = ContainerServiceClient(credential, subscription_id) | |
| kubeconfig = container_service_client.managed_clusters.list_cluster_user_credentials(resource_group_name, cluster_name).kubeconfigs[0] | |
| kubeconfig_value = kubeconfig.value.decode("utf-8") | |
| # Step 3: Load kubeconfig into Kubernetes client configuration | |
| cfg_dict = yaml.safe_load(kubeconfig_value) | |
| loader = KubeConfigLoader(cfg_dict) | |
| configuration = client.Configuration() | |
| loader.load_and_set(configuration) | |
| client.Configuration.set_default(configuration) | |
| # Step 4: Connect to AKS cluster and list nodes | |
| with client.ApiClient(configuration) as api_client: | |
| v1 = client.CoreV1Api(api_client) | |
| nodes = v1.list_node() | |
| for node in nodes.items: | |
| print(f"Node Name: {node.metadata.name}") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from azure.identity import DefaultAzureCredential | |
| from azure.mgmt.containerservice import ContainerServiceClient | |
| from azure.mgmt.resource import ResourceManagementClient | |
| from kubernetes import client, config | |
| # Azure subscription and AKS cluster details | |
| subscription_id = "your_subscription_id" | |
| cluster_name = "your_aks_cluster_name" | |
| # Authenticate with Azure | |
| credential = DefaultAzureCredential() | |
| # Create a ResourceManagementClient to list resource groups | |
| resource_client = ResourceManagementClient(credential, subscription_id) | |
| # Create a ContainerServiceClient | |
| aks_client = ContainerServiceClient(credential, subscription_id) | |
| # Function to find the resource group containing the AKS cluster | |
| def find_aks_resource_group(cluster_name): | |
| for rg in resource_client.resource_groups.list(): | |
| try: | |
| aks_client.managed_clusters.get(rg.name, cluster_name) | |
| return rg.name | |
| except: | |
| continue | |
| return None | |
| # Find the resource group | |
| resource_group = find_aks_resource_group(cluster_name) | |
| if not resource_group: | |
| print(f"Could not find AKS cluster '{cluster_name}' in any resource group.") | |
| exit(1) | |
| print(f"Found AKS cluster '{cluster_name}' in resource group '{resource_group}'") | |
| # Get AKS cluster credentials | |
| credentials = aks_client.managed_clusters.list_cluster_admin_credentials(resource_group, cluster_name) | |
| kubeconfig = credentials.kubeconfigs[0].value | |
| # Write kubeconfig to a file | |
| with open("kubeconfig", "w") as f: | |
| f.write(kubeconfig) | |
| # Load the kubeconfig | |
| config.load_kube_config("kubeconfig") | |
| # Create a Kubernetes API client | |
| v1 = client.CoreV1Api() | |
| # Example: List all pods in the default namespace | |
| print("Listing pods with their IPs:") | |
| ret = v1.list_namespaced_pod(namespace="default") | |
| for i in ret.items: | |
| print(f"{i.status.pod_ip}\t{i.metadata.name}") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pip install azure-identity azure-mgmt-containerservice kubernetes |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment