Creates necessary Kubernetes deployment resource group, azure AAD, Azure service principle and appropriate permission
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
az account set --subscription <subscriptionName> | |
azureSubscriptionId=$(az account show --query id -o tsv) | |
# Azure resource group to deploy cluster | |
clusterResourceGroupName="dik8sscenario01-rg" | |
az group create --name $clusterResourceGroupName --location westeurope | |
appName="dik8sscenario01" | |
az ad app create --display-name $appName --homepage "http://dinventive.com/$appName" --identifier-uris "http://dinventive.com/$appName" | |
aadappId=$(az ad app list --display-name $appName --query '[].appId' -o tsv) | |
echo $aadappId | |
spnPwd="ReplacewithyourPassword" | |
# Note :: No scope or role provided, then the default will provide contributer role for the whole subscription | |
az ad sp create-for-rbac --name $aadappId --password $spnPwd --role "Contributor" --scopes "/subscriptions/$azureSubscriptionId/resourceGroups/$clusterResourceGroupName" | |
spnAppId=$(az ad sp list --display-name $aadappId --query "[].appId" -o tsv) | |
echo $spnAppId | |
# List the roles assigned to the SPN | |
az role assignment list --assignee $spnAppId --all | |
# Optional : Insert Additional Role assignment here | |
# az role assignment create --assignee $spnAppId --role "contributor" --scope "/subscriptions/$azureSubscriptionId/resourceGroups/$clusterResourceGroupName" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment