Last active
March 20, 2019 15:32
-
-
Save asc-adean/0f9a0742437a81b7434863849ff0f8f8 to your computer and use it in GitHub Desktop.
Azure AKS Kubernetes Cluster Create Powershell with RBAC and AAD Enabled
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## This assumes you have created your 3 service principals and given them proper access | |
# https://docs.microsoft.com/en-us/azure/aks/aad-integration | |
# General infrastructure | |
$rg = "Name_of_Your_Resource_Group" | |
$tenant_id = "Tenant_ID_GUID" | |
$subscription_id = "Subscription_ID_GUID" | |
$ssh_pubkey = "ssh-rsa your_public_key" | |
$ssh_root_user_name = "username_for_shelling_in_do_not_use_root" | |
$location = "valid_azure_location" | |
$vnet_name = "Name_of_your_VNET_in_your_resource_group" | |
$subnet_name = "Name_of_subnets_where_your_nodes_will_live" | |
$vault_name = "Name_of_your_Azure_Key_Vault" | |
# K8S RBAC | |
## Put your passwords in a vault, don't leave them in a script! | |
$aad_server_app_id = "AAD_Server_Service_Principal_Application_Id" | |
$aad_client_app_id = "AAD_Client_Service_Principal_Application_Id" | |
$aad_server_app_secret = $(az keyvault secret show --vault-name $vault_name --name aakaadserversecret --query value) | |
$aad_service_principal_id = "AAD_Service_Principal_Application_Id" | |
$aad_service_principal_secret = $(az keyvault secret show --vault-name $vault_name --name k8sServicePrincipalClientSecret --query value) | |
# K8S Infrastructure | |
$k8s_cluster_name = "Name_of_Your_Kubernetes_Cluster" | |
$k8s_container_subnet = "Subnet_CIDR_Where_your_containers_will_live_make_this_relatively_large" | |
$k8s_dns_ip = "IP_Address_inside_of_above_subnet_cidr_to_resolve_DNS" | |
az aks create ` | |
--resource-group $rg ` | |
--name $k8s_cluster_name ` | |
--generate-ssh-keys ` | |
--aad-server-app-id $aad_server_app_id ` | |
--aad-server-app-secret $aad_server_app_secret ` | |
--aad-client-app-id $aad_client_app_id ` | |
--aad-tenant-id $tenant_id ` | |
--service-principal $aad_service_principal_id ` | |
--client-secret $aad_service_principal_secret ` | |
--dns-service-ip $k8s_dns_ip ` | |
--kubernetes-version 1.12.6 ` | |
--node-count 1 ` | |
--service-cidr $k8s_container_subnet ` | |
--network-plugin azure ` | |
--docker-bridge-address 172.16.0.1/16 ` | |
--vnet-subnet-id "/subscriptions/$subscription_id/resourceGroups/$rg/providers/Microsoft.Network/virtualNetworks/$vnet_name/subnets/$subnet_name" ` | |
--admin-username $ssh_root_user_name ` | |
--ssh-key-value $ssh_pubkey ` | |
--location $location ` | |
--enable-rbac ` | |
--enable-addons http_application_routing | |
# Useful links | |
# | |
# https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/aks/http-application-routing.md | |
# https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/aks/configure-advanced-networking.md |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment