Last active
August 25, 2022 08:09
-
-
Save naioja/33ea04a0319e7e6ec4ce607d0be7b6c0 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #/bin/bash | |
| # | |
| # Script to quickly install an AKS cluster | |
| # | |
| set -x | |
| # Install the aks-preview extension | |
| az extension add --name aks-preview | |
| # Update the extension to make sure you have the latest version installed | |
| az extension update --name aks-preview | |
| # | |
| # General Resource Group settings | |
| # | |
| COUNT="001" | |
| LOCATION="eastus2" | |
| RG_NAME="rg-aks$COUNT" | |
| VNET_NAME="vnet001" | |
| VNET_ADDRESS_PREFIXES="172.16.0.0/16" | |
| VNET_NSG_NAME="nsg001" | |
| TAGS_NAME="Environment=AKS" | |
| PUBLIC_IP_NAME="aks-slb-outbound-pip001" | |
| SSH_KEY_VALUE="~/.ssh/id_rsa.pub" | |
| CLIENT_IP=$(curl http://ifconfig.me) | |
| # | |
| # AKS Cluster settings | |
| # | |
| AKS_NAME="aj-aks$COUNT" | |
| AKS_SYSVM_SIZE="Standard_DS2_v2" | |
| AKS_SUBNET_NAME="subnet-aks001" | |
| AKS_SUBNET_PREFIX="172.16.0.0/23" | |
| AKS_VERSION=$(az aks get-versions -l $LOCATION --query 'orchestrators[?default == `true`]' -o tsv | awk '{print $4}') | |
| AKS_NETWORK_PLUGIN="azure" | |
| AKS_NETWORK_POLICY_PLUGIN="calico" | |
| AKS_NODEPOOL_NAME="sysnp001" | |
| AKS_MC_NAME="rg-managed-$AKS_NAME" | |
| # Add your AAD GROUP OBJECT ID HERE !!!!!!!!! | |
| AKS_AAD_ADMIN="" | |
| #1. Create resource group | |
| az group create \ | |
| --location $LOCATION \ | |
| --resource-group $RG_NAME \ | |
| --tags $TAGS_NAME | |
| #2. Create User Managed Identity | |
| az identity create \ | |
| --location $LOCATION \ | |
| --resource-group $RG_NAME \ | |
| --name user-identity-${AKS_NAME} \ | |
| --tags $TAGS_NAME | |
| UMI=$(az identity list --query '[].id' -o tsv | grep user-identity) | |
| #3. Create Kubelet Managed Identity | |
| az identity create \ | |
| --location $LOCATION \ | |
| --resource-group $RG_NAME \ | |
| --name kubelet-identity-${AKS_NAME} \ | |
| --tags $TAGS_NAME | |
| KMI=$(az identity list --query '[].id' -o tsv | grep kubelet-identity) | |
| #4. Create NSG | |
| az network nsg create \ | |
| --location $LOCATION \ | |
| --resource-group $RG_NAME \ | |
| --name $VNET_NSG_NAME \ | |
| --tags $TAGS_NAME | |
| #5. Create VNet and AKS Subnets | |
| az network vnet create \ | |
| --location $LOCATION \ | |
| --resource-group $RG_NAME \ | |
| --name $VNET_NAME \ | |
| --tags $TAGS_NAME \ | |
| --network-security-group $VNET_NSG_NAME \ | |
| --address-prefixes $VNET_ADDRESS_PREFIXES \ | |
| --subnet-name $AKS_SUBNET_NAME \ | |
| --subnet-prefix $AKS_SUBNET_PREFIX | |
| #6. Create Static Public IP | |
| az network public-ip create \ | |
| --location $LOCATION \ | |
| --resource-group $RG_NAME \ | |
| --name $PUBLIC_IP_NAME \ | |
| --tags $TAGS_NAME \ | |
| --allocation-method Static \ | |
| --sku Standard \ | |
| --tier Regional \ | |
| --version IPv4 \ | |
| --zone 1 2 3 | |
| # | |
| # Set working variables | |
| # | |
| AKS_SUBNET_ID=$(az network vnet subnet show --resource-group $RG_NAME --vnet-name $VNET_NAME --name $AKS_SUBNET_NAME --query id -o tsv) | |
| OUTBOUND_IP_ID=$(az network public-ip show --resource-group $RG_NAME --name $PUBLIC_IP_NAME --query id -o tsv) | |
| echo "" | |
| echo "Sleep for 30 seconds for AAD propagation"; sleep 30 | |
| echo "" | |
| #7. Create AKS cluster | |
| az aks create \ | |
| --location $LOCATION \ | |
| --resource-group $RG_NAME \ | |
| --name $AKS_NAME \ | |
| --tags $TAGS_NAME \ | |
| --enable-aad \ | |
| --aad-admin-group-object-ids $AKS_AAD_ADMIN \ | |
| --enable-managed-identity \ | |
| --enable-azure-rbac \ | |
| --enable-secret-rotation \ | |
| --enable-cluster-autoscaler \ | |
| --node-count 1 \ | |
| --min-count 1 \ | |
| --max-count 3 \ | |
| --admin-username azureadmin \ | |
| --assign-identity $UMI \ | |
| --assign-kubelet-identity $KMI \ | |
| --auto-upgrade-channel stable \ | |
| --disable-local-accounts \ | |
| --nodepool-name $AKS_NODEPOOL_NAME \ | |
| --node-resource-group $AKS_MC_NAME \ | |
| --kubernetes-version $AKS_VERSION \ | |
| --network-plugin $AKS_NETWORK_PLUGIN \ | |
| --network-policy $AKS_NETWORK_POLICY_PLUGIN \ | |
| --service-cidr 10.2.0.0/24 \ | |
| --dns-service-ip 10.2.0.10 \ | |
| --docker-bridge-address 172.17.0.1/16 \ | |
| --vnet-subnet-id $AKS_SUBNET_ID \ | |
| --api-server-authorized-ip-ranges $CLIENT_IP \ | |
| --node-vm-size $AKS_SYSVM_SIZE \ | |
| --os-sku Ubuntu \ | |
| --node-osdisk-type Ephemeral \ | |
| --node-osdisk-size 80 \ | |
| --load-balancer-sku standard \ | |
| --load-balancer-outbound-ips $OUTBOUND_IP_ID \ | |
| --load-balancer-idle-timeout 5 \ | |
| --load-balancer-outbound-ports 8000 \ | |
| --ssh-key-value $SSH_KEY_VALUE \ | |
| --vm-set-type VirtualMachineScaleSets \ | |
| --zone 1 2 3 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment