asc-adean/aks-cluster-create.ps1

## aks-cluster-create.ps1
## This assumes you have created your 3 service principals and given them proper access
# https://docs.microsoft.com/en-us/azure/aks/aad-integration

# General infrastructure
$rg = "Name_of_Your_Resource_Group"
$tenant_id = "Tenant_ID_GUID"
$subscription_id = "Subscription_ID_GUID"
$ssh_pubkey = "ssh-rsa your_public_key"
$ssh_root_user_name = "username_for_shelling_in_do_not_use_root"
$location = "valid_azure_location"
$vnet_name = "Name_of_your_VNET_in_your_resource_group"
$subnet_name = "Name_of_subnets_where_your_nodes_will_live"
$vault_name = "Name_of_your_Azure_Key_Vault"

# K8S RBAC
## Put your passwords in a vault, don't leave them in a script!
$aad_server_app_id = "AAD_Server_Service_Principal_Application_Id"
$aad_client_app_id = "AAD_Client_Service_Principal_Application_Id"
$aad_server_app_secret = $(az keyvault secret show --vault-name $vault_name --name aakaadserversecret --query value)
$aad_service_principal_id = "AAD_Service_Principal_Application_Id"
$aad_service_principal_secret = $(az keyvault secret show --vault-name $vault_name --name k8sServicePrincipalClientSecret --query value)

# K8S Infrastructure
$k8s_cluster_name = "Name_of_Your_Kubernetes_Cluster"
$k8s_container_subnet = "Subnet_CIDR_Where_your_containers_will_live_make_this_relatively_large"
$k8s_dns_ip = "IP_Address_inside_of_above_subnet_cidr_to_resolve_DNS"

az aks create `
  --resource-group $rg `
  --name $k8s_cluster_name `
  --generate-ssh-keys `
  --aad-server-app-id $aad_server_app_id `
  --aad-server-app-secret $aad_server_app_secret `
  --aad-client-app-id $aad_client_app_id `
  --aad-tenant-id $tenant_id `
  --service-principal $aad_service_principal_id `
  --client-secret $aad_service_principal_secret `
  --dns-service-ip $k8s_dns_ip `
  --kubernetes-version 1.12.6 `
  --node-count 1 `
  --service-cidr $k8s_container_subnet `
  --network-plugin azure `
  --docker-bridge-address 172.16.0.1/16 `
  --vnet-subnet-id "/subscriptions/$subscription_id/resourceGroups/$rg/providers/Microsoft.Network/virtualNetworks/$vnet_name/subnets/$subnet_name" `
  --admin-username $ssh_root_user_name `
  --ssh-key-value $ssh_pubkey `
  --location $location `
  --enable-rbac `
  --enable-addons http_application_routing

  # Useful links
  #
  # https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/aks/http-application-routing.md
  # https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/aks/configure-advanced-networking.md
	## This assumes you have created your 3 service principals and given them proper access
	# https://docs.microsoft.com/en-us/azure/aks/aad-integration

	# General infrastructure
	$rg = "Name_of_Your_Resource_Group"
	$tenant_id = "Tenant_ID_GUID"
	$subscription_id = "Subscription_ID_GUID"
	$ssh_pubkey = "ssh-rsa your_public_key"
	$ssh_root_user_name = "username_for_shelling_in_do_not_use_root"
	$location = "valid_azure_location"
	$vnet_name = "Name_of_your_VNET_in_your_resource_group"
	$subnet_name = "Name_of_subnets_where_your_nodes_will_live"
	$vault_name = "Name_of_your_Azure_Key_Vault"

	# K8S RBAC
	## Put your passwords in a vault, don't leave them in a script!
	$aad_server_app_id = "AAD_Server_Service_Principal_Application_Id"
	$aad_client_app_id = "AAD_Client_Service_Principal_Application_Id"
	$aad_server_app_secret = $(az keyvault secret show --vault-name $vault_name --name aakaadserversecret --query value)
	$aad_service_principal_id = "AAD_Service_Principal_Application_Id"
	$aad_service_principal_secret = $(az keyvault secret show --vault-name $vault_name --name k8sServicePrincipalClientSecret --query value)

	# K8S Infrastructure
	$k8s_cluster_name = "Name_of_Your_Kubernetes_Cluster"
	$k8s_container_subnet = "Subnet_CIDR_Where_your_containers_will_live_make_this_relatively_large"
	$k8s_dns_ip = "IP_Address_inside_of_above_subnet_cidr_to_resolve_DNS"

	az aks create `
	--resource-group $rg `
	--name $k8s_cluster_name `
	--generate-ssh-keys `
	--aad-server-app-id $aad_server_app_id `
	--aad-server-app-secret $aad_server_app_secret `
	--aad-client-app-id $aad_client_app_id `
	--aad-tenant-id $tenant_id `
	--service-principal $aad_service_principal_id `
	--client-secret $aad_service_principal_secret `
	--dns-service-ip $k8s_dns_ip `
	--kubernetes-version 1.12.6 `
	--node-count 1 `
	--service-cidr $k8s_container_subnet `
	--network-plugin azure `
	--docker-bridge-address 172.16.0.1/16 `
	--vnet-subnet-id "/subscriptions/$subscription_id/resourceGroups/$rg/providers/Microsoft.Network/virtualNetworks/$vnet_name/subnets/$subnet_name" `
	--admin-username $ssh_root_user_name `
	--ssh-key-value $ssh_pubkey `
	--location $location `
	--enable-rbac `
	--enable-addons http_application_routing

	# Useful links
	#
	# https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/aks/http-application-routing.md
	# https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/aks/configure-advanced-networking.md