Skip to content

Instantly share code, notes, and snippets.

Avatar

Christian Dennig cdennig

View GitHub Profile
@cdennig
cdennig / azure-pipeline-with-keyvault.yaml
Last active Mar 12, 2021
Azure DevOps Terraform with KeyVault + Service Connection
View azure-pipeline-with-keyvault.yaml
trigger:
- master
pool:
vmImage: 'ubuntu-latest'
variables:
- group: kvintegratedvargroup
steps:
View .p10k.zsh
# Generated by Powerlevel10k configuration wizard on 2020-06-06 at 13:53 CEST.
# Based on romkatv/powerlevel10k/config/p10k-classic.zsh, checksum 47187.
# Wizard options: nerdfont-complete + powerline, small icons, classic, unicode, light,
# 24h time, angled separators, sharp heads, flat tails, 2 lines, dotted, right frame,
# sparse, many icons, fluent, transient_prompt, instant_prompt=verbose.
# Type `p10k configure` to generate another config.
#
# Config for Powerlevel10k with classic powerline prompt style. Type `p10k configure` to generate
# your own config based on it.
#
View kured-az-logicapp.json
"definition": {
"$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
"actions": {
"Parse_JSON": {
"inputs": {
"content": "@triggerBody()",
"schema": {
"properties": {
"Channel": {
"type": "string"
View terra-aks-6.tf
# Role assignment
# Use ADMIN credentials
provider "kubernetes" {
host = "${azurerm_kubernetes_cluster.aks.kube_admin_config.0.host}"
client_certificate = "${base64decode(azurerm_kubernetes_cluster.aks.kube_admin_config.0.client_certificate)}"
client_key = "${base64decode(azurerm_kubernetes_cluster.aks.kube_admin_config.0.client_key)}"
cluster_ca_certificate = "${base64decode(azurerm_kubernetes_cluster.aks.kube_admin_config.0.cluster_ca_certificate)}"
}
View terra-aks-5.tf
# K8s cluster
resource "azurerm_kubernetes_cluster" "aks" {
name = "${var.clustername}"
location = "${var.location}"
resource_group_name = "${var.rg-name}"
dns_prefix = "${var.clustername}"
default_node_pool {
name = "default"
View terra-aks-4.tf
# Service Principal for AKS
resource "azuread_application" "aks_sp" {
name = "${var.clustername}"
homepage = "https://${var.clustername}"
identifier_uris = ["https://${var.clustername}"]
reply_urls = ["https://${var.clustername}"]
available_to_other_tenants = false
oauth2_allow_implicit_flow = false
}
View terra-aks-3.tf
# AAD K8s cluster admin group / AAD
resource "azuread_group" "aks-aad-clusteradmins" {
name = "${var.clustername}clusteradmin"
}
View terra-aks-2.tf
# AAD K8s Backend App
resource "azuread_application" "aks-aad-srv" {
name = "${var.clustername}srv"
homepage = "https://${var.clustername}srv"
identifier_uris = ["https://${var.clustername}srv"]
reply_urls = ["https://${var.clustername}srv"]
type = "webapp/api"
group_membership_claims = "All"
available_to_other_tenants = false
View terra-aks-1.tf
provider "azurerm" {
# whilst the `version` attribute is optional, we recommend pinning to a given version of the Provider
version = "=1.38.0"
}
provider "azuread" {
version = "~> 0.3"
}
terraform {
@cdennig
cdennig / service-binding.yaml
Created Jun 12, 2018
Kubernetes OSBA Service Binding
View service-binding.yaml
apiVersion: servicecatalog.k8s.io/v1beta1
kind: ServiceBinding
metadata:
name: demosql-binding
namespace: default
spec:
instanceRef:
name: demosqlinstance
secretName: demo-osba-sql-secret