Instantly share code, notes, and snippets.

Embed
What would you like to do?
This script will setup a new Azure Resource Group and Azure Kubernetes Service cluster environment also with an Azure Container Registry resource.
## This creates a working single node Azure Kubernetes Cluster
## and with an Azure Container Registry. Note, the ACR is in
## the same resource group as the AKS for demo purposes. For
## dev, qa, and prod you should have ACR in separate resource group.
echo "Beginning AKS Setup for Demo"
date
AKS_RESOURCE_GROUP=aks-rg1
AKS_CLUSTER_NAME=aks-c1
ACR_RESOURCE_GROUP=MC_$AKS_RESOURCE_GROUP\_$AKS_CLUSTER_NAME\_centralus
ACR_NAME=mytestaksacr
SERVICE_PRINCIPAL_NAME=aks-sp-user
RG_LOCATION=CentralUS
DOCKER_USERNAME=$ACR_NAME
DOCKER_EMAIL={provide email address here} #does not have to be an account with docker hub
#DOCKER_PASSWORD is applied a value later
az group create --location $RG_LOCATION --name $AKS_RESOURCE_GROUP
az aks create -g $AKS_RESOURCE_GROUP -n $AKS_CLUSTER_NAME --generate-ssh-keys --node-count 1 --node-vm-size Standard_F1s
# I tried cheaper VM sizes but they are not large enough for a cluster.
# The Standard_F1s is cheapest VM I could quickly find that is good for a cluster.
az acr create --resource-group $ACR_RESOURCE_GROUP --name $ACR_NAME --sku Basic --admin-enabled true
CLIENT_ID=$(az aks show --resource-group $AKS_RESOURCE_GROUP --name $AKS_CLUSTER_NAME --query "servicePrincipalProfile.clientId" --output tsv)
# Get the ACR registry resource id
ACR_ID=$(az acr show --name $ACR_NAME --resource-group $ACR_RESOURCE_GROUP --query "id" --output tsv)
# Create role assignment
az role assignment create --assignee $CLIENT_ID --role Reader --scope $ACR_ID
# Populate the ACR login server and resource id.
ACR_LOGIN_SERVER=$(az acr show --name $ACR_NAME --query loginServer --output tsv)
ACR_REGISTRY_ID=$(az acr show --name $ACR_NAME --query id --output tsv)
# Create a contributor role assignment with a scope of the ACR resource.
SP_PASSWD=$(az ad sp create-for-rbac --name $SERVICE_PRINCIPAL_NAME --role Reader --scopes $ACR_REGISTRY_ID --query password --output tsv)
# Get the service principle client id.
CLIENT_ID=$(az ad sp show --id http://$SERVICE_PRINCIPAL_NAME --query appId --output tsv)
# Output used when creating Kubernetes secret.
echo "Service principal ID: $CLIENT_ID"
echo "Service principal password: $SP_PASSWD"
#connect to the aks environment
az aks get-credentials --resource-group $AKS_RESOURCE_GROUP --name $AKS_CLUSTER_NAME
ACR_HTTPS_LOGIN_SERVER="https://$ACR_LOGIN_SERVER"
### get password from ACR
DOCKER_PASSWORD=$(az acr credential show -n $ACR_NAME --query passwords[0].value -o tsv)
kubectl create secret docker-registry acrconnection --docker-server=$ACR_HTTPS_LOGIN_SERVER --docker-username=$DOCKER_USERNAME --docker-password=$DOCKER_PASSWORD --docker-email=$DOCKER_EMAIL
az acr login --name $ACR_NAME
echo "Completed AKS Setup"
date
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment