Skip to content

Instantly share code, notes, and snippets.

Last active October 21, 2018 06:36
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
Creates necessary Kubernetes deployment resource group, azure AAD, Azure service principle and appropriate permission
az account set --subscription <subscriptionName>
azureSubscriptionId=$(az account show --query id -o tsv)
# Azure resource group to deploy cluster
az group create --name $clusterResourceGroupName --location westeurope
az ad app create --display-name $appName --homepage "$appName" --identifier-uris "$appName"
aadappId=$(az ad app list --display-name $appName --query '[].appId' -o tsv)
echo $aadappId
# Note :: No scope or role provided, then the default will provide contributer role for the whole subscription
az ad sp create-for-rbac --name $aadappId --password $spnPwd --role "Contributor" --scopes "/subscriptions/$azureSubscriptionId/resourceGroups/$clusterResourceGroupName"
spnAppId=$(az ad sp list --display-name $aadappId --query "[].appId" -o tsv)
echo $spnAppId
# List the roles assigned to the SPN
az role assignment list --assignee $spnAppId --all
# Optional : Insert Additional Role assignment here
# az role assignment create --assignee $spnAppId --role "contributor" --scope "/subscriptions/$azureSubscriptionId/resourceGroups/$clusterResourceGroupName"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment