Skip to content

Instantly share code, notes, and snippets.

@d-nishi
Last active May 8, 2019 17:30
Show Gist options
  • Save d-nishi/b757e1e8b3ebe187d81ce32a4d15525e to your computer and use it in GitHub Desktop.
Save d-nishi/b757e1e8b3ebe187d81ce32a4d15525e to your computer and use it in GitHub Desktop.
aks index.ts
import * as azure from "@pulumi/azure";
import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";
import * as azuread from "@pulumi/azuread";
// Step 1: Parse and export configuration variables for the AKS stack.
const config = new pulumi.Config();
export const password = config.require("password");
export const location = config.get("location") || "East US";
export const failoverLocation = config.get("failoverLocation") || "East US 2";
export const nodeCount = config.getNumber("nodeCount") || 2;
export const nodeSize = config.get("nodeSize") || "Standard_D2_v2";
export const sshPublicKey = config.require("sshPublicKey");
export const resourceGroup = new azure.core.ResourceGroup("aks", { location });
export const loganalytics = new azure.operationalinsights.AnalyticsWorkspace("aksloganalytics", {
resourceGroupName: resourceGroup.name,
location: resourceGroup.location,
sku: "PerGB2018",
retentionInDays: 30,
})
// Step 2: Create the AD service principal for the k8s cluster.
let adApp = new azuread.Application("aks");
let adSp = new azuread.ServicePrincipal("aksSp", { applicationId: adApp.applicationId });
let adSpPassword = new azuread.ServicePrincipalPassword("aksSpPassword", {
servicePrincipalId: adSp.id,
value: password,
endDate: "2099-01-01T00:00:00Z",
});
// Wait for the Service Principle to be initialized. The ServicePrincipal will be used to initialize the AKS cluster during creation
let applicationId = adApp.applicationId.apply(async (adAppId) => {
let count = 0;
while (true) {
try {
await azuread.getServicePrincipal({
applicationId: adAppId,
});
break;
} catch (e) {
console.log("retrying");
count++;
if (count > 5) {
throw e;
}
}
}
return adAppId;
});
// Step 3: This step creates an AKS cluster.
export const k8sCluster = new azure.containerservice.KubernetesCluster("aksCluster", {
resourceGroupName: resourceGroup.name,
location: location,
agentPoolProfile: {
name: "aksagentpool",
count: nodeCount,
vmSize: nodeSize,
},
dnsPrefix: `${pulumi.getStack()}-kube`,
linuxProfile: {
adminUsername: "aksuser",
sshKey: { keyData: sshPublicKey, }
},
servicePrincipal: {
clientId: applicationId,
clientSecret: adSpPassword.value,
},
addonProfile: {
omsAgent: {
enabled: true,
logAnalyticsWorkspaceId: loganalytics.id,
},
},
});
// Step 4: Enables the Monitoring Diagonostic control plane component logs and AllMetrics
export const azMonitoringDiagnostic = new azure.monitoring.DiagnosticSetting("aks", {
logAnalyticsWorkspaceId: loganalytics.id,
targetResourceId: k8sCluster.id,
logs: [{
category: "kube-apiserver",
enabled : true,
retentionPolicy: {
enabled: true,
}
},
],
metrics: [{
category: "AllMetrics",
retentionPolicy: {
enabled: true,
}
}],
})
// Step 5: Expose a k8s provider instance using our custom cluster instance.
export const k8sProvider = new k8s.Provider("aksK8s", {
kubeconfig: k8sCluster.kubeConfigRaw,
});
// Export the kubeconfig
export const kubeconfig = k8sCluster.kubeConfigRaw
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment