Skip to content

Instantly share code, notes, and snippets.

Avatar

Christian Dennig cdennig

View GitHub Profile
View pod.yaml
# contents of pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: demo
labels:
aadpodidbinding: "cosmos-pod-identity"
spec:
containers:
- name: demo
View usage.cs
var credential = new DefaultAzureCredential();
var cosmosClient = new CosmosClient(_configuration["Cosmos:Uri"], credential);
var container = cosmosClient.GetContainer(_configuration["Cosmos:Db"], _configuration["Cosmos:Container"]);
var newId = Guid.NewGuid().ToString();
await container.CreateItemAsync(new {id = newId, partitionKey = newId, name = "Ted Lasso"},
new PartitionKey(newId), cancellationToken: stoppingToken);
View roledef.bicep
@description('Principal ID of the managed identity')
param principalId string
var roleDefId = guid('sql-role-definition-', principalId, cosmosDbAccount.id)
var roleDefName = 'Custom Read/Write role'
resource roleDefinition 'Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions@2021-06-15' = {
name: '${cosmosDbAccount.name}/${roleDefId}'
properties: {
roleName: roleDefName
View roleassign.bicep
var roleAssignId = guid(roleDefId, principalId, cosmosDbAccount.id)
resource roleAssignment 'Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments@2021-06-15' = {
name: '${cosmosDbAccount.name}/${roleAssignId}'
properties: {
roleDefinitionId: roleDefinition.id
principalId: principalId
scope: cosmosDbAccount.id
}
}
View cosmosdb.bicep
var location = resourceGroup().location
var dbName = 'rbacsample'
var containerName = 'data'
// Cosmos DB Account
resource cosmosDbAccount 'Microsoft.DocumentDB/databaseAccounts@2021-06-15' = {
name: 'cosmos-${uniqueString(resourceGroup().id)}'
location: location
kind: 'GlobalDocumentDB'
properties: {
@cdennig
cdennig / azure-pipeline-with-keyvault.yaml
Last active Mar 28, 2022
Azure DevOps Terraform with KeyVault + Service Connection
View azure-pipeline-with-keyvault.yaml
trigger:
- master
pool:
vmImage: 'ubuntu-latest'
variables:
- group: kvintegratedvargroup
steps:
View .p10k.zsh
# Generated by Powerlevel10k configuration wizard on 2020-06-06 at 13:53 CEST.
# Based on romkatv/powerlevel10k/config/p10k-classic.zsh, checksum 47187.
# Wizard options: nerdfont-complete + powerline, small icons, classic, unicode, light,
# 24h time, angled separators, sharp heads, flat tails, 2 lines, dotted, right frame,
# sparse, many icons, fluent, transient_prompt, instant_prompt=verbose.
# Type `p10k configure` to generate another config.
#
# Config for Powerlevel10k with classic powerline prompt style. Type `p10k configure` to generate
# your own config based on it.
#
View kured-az-logicapp.json
"definition": {
"$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
"actions": {
"Parse_JSON": {
"inputs": {
"content": "@triggerBody()",
"schema": {
"properties": {
"Channel": {
"type": "string"
View terra-aks-6.tf
# Role assignment
# Use ADMIN credentials
provider "kubernetes" {
host = "${azurerm_kubernetes_cluster.aks.kube_admin_config.0.host}"
client_certificate = "${base64decode(azurerm_kubernetes_cluster.aks.kube_admin_config.0.client_certificate)}"
client_key = "${base64decode(azurerm_kubernetes_cluster.aks.kube_admin_config.0.client_key)}"
cluster_ca_certificate = "${base64decode(azurerm_kubernetes_cluster.aks.kube_admin_config.0.cluster_ca_certificate)}"
}
View terra-aks-5.tf
# K8s cluster
resource "azurerm_kubernetes_cluster" "aks" {
name = "${var.clustername}"
location = "${var.location}"
resource_group_name = "${var.rg-name}"
dns_prefix = "${var.clustername}"
default_node_pool {
name = "default"