Last active
April 21, 2022 18:17
-
-
Save mdrakiburrahman/a29584dff56e0c94c7d848cc8b2f8a1d to your computer and use it in GitHub Desktop.
Arc Onboarding Script - working version 1.2.3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Login Into Azure Using Service Principal | |
az_cli_cmd login --service-principal -u az_client_id -p az_client_secret --tenant az_tenant_id | |
# Set Azure Subscription | |
az_cli_cmd account set --subscription az_subscription_id | |
# Create AZ Resource Group: Arc K8s | |
az_cli_cmd group create -l az_location -n az_resource_group | |
# OCP Login | |
oc login --server "https://api. cluster_name . base_domain :6443" --token admin_token --kubeconfig=''path-to-kubeconfig'' --insecure-skip-tls-verify=true | |
# Set OpenShift Project to default | |
oc project default --kubeconfig=''path-to-kubeconfig'' | |
# Assign Security Context Constraints | |
oc adm policy add-scc-to-user privileged system:serviceaccount:azure-arc:azure-arc-kube-aad-proxy-sa --kubeconfig=''path-to-kubeconfig' | |
# Connect ARC Cluster | |
az_cli_cmd connectedk8s connect --name az_cluster --resource-group az_resource_group | |
--proxy-http 'http://cntlm.azure-arc-proxy.svc.cluster.local:3128' | |
--proxy-https 'http://cntlm.azure-arc-proxy.svc.cluster.local:3128' | |
--proxy-cert proxy-cert.cer | |
--custom-locations-oid az_custom_locations_oid | |
--kube-config 'path-to-kubeconfig' | |
# Check the Status of Newly Connected ARC Cluster | |
az_cli_cmd connectedk8s show --resource-group az_resource_group --name az_cluster | |
# Create and set OpenShift Project for data services | |
oc project az_data_namespace --kubeconfig=''path-to-kubeconfig'' | |
# Creates an Azure Kubernetes Extension | |
az_cli_cmd k8s-extension create -c az_cluster -g az_resource_group --name az_data_extension --cluster-type connectedClusters --extension-type microsoft.arcdataservices --auto-upgrade false --scope cluster --release-namespace az_data_namespace --config Microsoft.CustomLocation.ServiceAccount=sa-arc-bootstrapper | |
# Enable cluster-connect and custom-location connected cluster features | |
az_cli_cmd connectedk8s enable-features -n az_cluster -g az_resource_group --kube-config 'path-to-kubeconfig' --custom-locations-oid az_custom_locations_oid --features cluster-connect custom-locations | |
# Create AZ Resource Group: Arc Data | |
az_cli_cmd group create -l az_location -n az_data_resource_group | |
# Retrieve System Assigned Service Principal | |
az_k8s_extension_service_principal: " (az_k8s_extension_result.stdout | from_json).identity.principalId " | |
# Setup Monitoring RBAC for the Arc Data Controller | |
# Setup Contributor Role for Data Service Extension Service Principal | |
az_cli_cmd role assignment create --assignee az_k8s_extension_service_principal --role 'Contributor' --scope '/subscriptions/ az_subscription_id /resourceGroups/ az_data_resource_group | |
# Setup Monitoring Metrics Publisher Role for Data Service Extension Service Principal | |
az_cli_cmd role assignment create --assignee az_k8s_extension_service_principal --role 'Monitoring Metrics Publisher' --scope '/subscriptions/ az_subscription_id /resourceGroups/ az_data_resource_group | |
# Deploy Azure Custom Location | |
# Fetch Host Resource ID | |
az_cli_cmd connectedk8s show -g az_resource_group -n az_cluster --query id -o tsv | |
# Fetch Azure Kubernetes Cluster Extension ID | |
az_cli_cmd k8s-extension show -g az_resource_group -c az_cluster --cluster-type connectedClusters --name az_data_extension --query id -o tsv | |
# Create a new Azure Custom Location | |
az_cli_cmd customlocation create -g az_data_resource_group -n az_data_custom_location --namespace az_data_namespace | |
--host-resource-id az_host_resource_id_result.stdout | |
--cluster-extension-ids az_cluster_extension_id_result.stdout --location az_location | |
# Deploy Arc Data Controller Deployment | |
# Generate Default Data Controller Profile | |
az_cli_cmd arcdata dc config init --source azure-arc-openshift --force --path ' azure_tmp_dir /arc-dc-profile | |
# Tweak Data Controller Profile for OpenShift | |
az_cli_cmd arcdata dc config replace --path ' azure_tmp_dir /arc-dc-profile/control.json' -j ' item | |
loop: | |
- '$.spec.services[?(@.name=="controller")].serviceType= az_data_service_type ' | |
- '$.spec.storage.data.className= az_data_storage_class ' | |
- '$.spec.storage.logs.className= az_data_storage_class ' | |
# Create Azure Resource Manager deployment for Data Controller | |
az_cli_cmd arcdata dc create | |
--connectivity-mode direct | |
--location az_location | |
--name az_data_controller | |
--resource-group az_data_resource_group | |
--path " azure_tmp_dir /arc-dc-profile" | |
--custom-location az_data_custom_location | |
--infrastructure onpremises |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment