Skip to content

Instantly share code, notes, and snippets.

Last active March 12, 2023 01:50
  • Star 1 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
Create vanilla AKS cluster with Azure CNI and Virtual Network
set -ex
echo "Creating cluster with base name $1 on $2"
if [ -z "$1" ]
echo "Please provide the name of the cluster."
exit -1
if [ -z "$2" ]
echo "Please provide the name of the resource group."
exit -1
echo $'\n=== Creating resource group'
# Create the resource group
az group create \
-l eastus
echo $'\n=== Creating virtual network'
# Create the virtual network and first subnet for AKS
az network vnet create \
-l eastus \
--subnet-name aks \
--address-prefixes \
echo $'\n=== Creating managed identity'
# Create a managed identity
IDENTITY_RESULT=$(az identity create --name $IDENTITY_NAME --resource-group $RESOURCE_GROUP_NAME)
PRINCIPAL_ID=$(echo $IDENTITY_RESULT | jq -r '.principalId')
IDENTITY_ID=$(echo $IDENTITY_RESULT | jq -r '.id')
echo $'\n=== Waiting for 1 minute'
sleep 1m
echo $'\n=== Granting \'Network Contributor\' role assignments to the managed identity'
# Grant network contributor role to the managed identity
az role assignment create --role "Network Contributor" --assignee $PRINCIPAL_ID
AKS_SUBNET=$(az network vnet subnet show -g $RESOURCE_GROUP_NAME --vnet-name $VNET_NAME -n aks --query "id" -o tsv)
echo $'\n=== Creating AKS cluster'
az aks create -n $CLUSTER_NAME \
-l eastus \
--network-plugin azure \
--generate-ssh-keys \
--vnet-subnet-id $AKS_SUBNET \
--enable-managed-identity \
--assign-identity $IDENTITY_ID \
--dns-service-ip \
--service-cidr \
--tags "ignore-cloud-nuke=yes" \
--node-count 1 \
--nodepool-name "$SYSTEM_NODE_POOL_NAME"
echo $'\n=== Adding user node pool'
az aks nodepool add \
--resource-group $RESOURCE_GROUP_NAME \
--cluster-name $CLUSTER_NAME \
--name "usera" \
--mode "User" \
--node-count 2 \
--node-vm-size "Standard_DS3_v2"
az aks get-credentials -n $CLUSTER_NAME -g $RESOURCE_GROUP_NAME
echo $'\n=== Tainting the system node pool'
kubectl taint node -l$SYSTEM_NODE_POOL_NAME CriticalAddonsOnly=true:NoSchedule
exit 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment