Skip to content

Instantly share code, notes, and snippets.

Last active Oct 21, 2018
What would you like to do?
Creates necessary Kubernetes deployment resource group, azure AAD, Azure service principle and appropriate permission
az account set --subscription <subscriptionName>
azureSubscriptionId=$(az account show --query id -o tsv)
# Azure resource group to deploy cluster
az group create --name $clusterResourceGroupName --location westeurope
az ad app create --display-name $appName --homepage "$appName" --identifier-uris "$appName"
aadappId=$(az ad app list --display-name $appName --query '[].appId' -o tsv)
echo $aadappId
# Note :: No scope or role provided, then the default will provide contributer role for the whole subscription
az ad sp create-for-rbac --name $aadappId --password $spnPwd --role "Contributor" --scopes "/subscriptions/$azureSubscriptionId/resourceGroups/$clusterResourceGroupName"
spnAppId=$(az ad sp list --display-name $aadappId --query "[].appId" -o tsv)
echo $spnAppId
# List the roles assigned to the SPN
az role assignment list --assignee $spnAppId --all
# Optional : Insert Additional Role assignment here
# az role assignment create --assignee $spnAppId --role "contributor" --scope "/subscriptions/$azureSubscriptionId/resourceGroups/$clusterResourceGroupName"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment