Skip to content

Instantly share code, notes, and snippets.

@mani0070

mani0070/k8sclusterspn.sh

Last active Oct 21, 2018
Embed
What would you like to do?
Creates necessary Kubernetes deployment resource group, azure AAD, Azure service principle and appropriate permission
az account set --subscription <subscriptionName>
azureSubscriptionId=$(az account show --query id -o tsv)
# Azure resource group to deploy cluster
clusterResourceGroupName="dik8sscenario01-rg"
az group create --name $clusterResourceGroupName --location westeurope
appName="dik8sscenario01"
az ad app create --display-name $appName --homepage "http://dinventive.com/$appName" --identifier-uris "http://dinventive.com/$appName"
aadappId=$(az ad app list --display-name $appName --query '[].appId' -o tsv)
echo $aadappId
spnPwd="ReplacewithyourPassword"
# Note :: No scope or role provided, then the default will provide contributer role for the whole subscription
az ad sp create-for-rbac --name $aadappId --password $spnPwd --role "Contributor" --scopes "/subscriptions/$azureSubscriptionId/resourceGroups/$clusterResourceGroupName"
spnAppId=$(az ad sp list --display-name $aadappId --query "[].appId" -o tsv)
echo $spnAppId
# List the roles assigned to the SPN
az role assignment list --assignee $spnAppId --all
# Optional : Insert Additional Role assignment here
# az role assignment create --assignee $spnAppId --role "contributor" --scope "/subscriptions/$azureSubscriptionId/resourceGroups/$clusterResourceGroupName"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.