seanw122/AKS Setup Script

## AKS Setup Script
## This creates a working single node Azure Kubernetes Cluster
## and with an Azure Container Registry. Note, the ACR is in
## the same resource group as the AKS for demo purposes. For
## dev, qa, and prod you should have ACR in separate resource group.

echo "Beginning AKS Setup for Demo"
date

AKS_RESOURCE_GROUP=aks-rg1
AKS_CLUSTER_NAME=aks-c1
ACR_RESOURCE_GROUP=MC_$AKS_RESOURCE_GROUP\_$AKS_CLUSTER_NAME\_centralus
ACR_NAME=mytestaksacr
SERVICE_PRINCIPAL_NAME=aks-sp-user
RG_LOCATION=CentralUS
DOCKER_USERNAME=$ACR_NAME
DOCKER_EMAIL={provide email address here}  #does not have to be an account with docker hub
#DOCKER_PASSWORD is applied a value later

az group create --location $RG_LOCATION --name $AKS_RESOURCE_GROUP

az aks create -g $AKS_RESOURCE_GROUP -n $AKS_CLUSTER_NAME --generate-ssh-keys --node-count 1 --node-vm-size Standard_F1s
# I tried cheaper VM sizes but they are not large enough for a cluster.
# The Standard_F1s is cheapest VM I could quickly find that is good for a cluster.


az acr create --resource-group $ACR_RESOURCE_GROUP --name $ACR_NAME --sku Basic --admin-enabled true


CLIENT_ID=$(az aks show --resource-group $AKS_RESOURCE_GROUP --name $AKS_CLUSTER_NAME --query "servicePrincipalProfile.clientId" --output tsv)

# Get the ACR registry resource id
ACR_ID=$(az acr show --name $ACR_NAME --resource-group $ACR_RESOURCE_GROUP --query "id" --output tsv)

# Create role assignment
az role assignment create --assignee $CLIENT_ID --role Reader --scope $ACR_ID

# Populate the ACR login server and resource id.
ACR_LOGIN_SERVER=$(az acr show --name $ACR_NAME --query loginServer --output tsv)
ACR_REGISTRY_ID=$(az acr show --name $ACR_NAME --query id --output tsv)

# Create a contributor role assignment with a scope of the ACR resource.
SP_PASSWD=$(az ad sp create-for-rbac --name $SERVICE_PRINCIPAL_NAME --role Reader --scopes $ACR_REGISTRY_ID --query password --output tsv)

# Get the service principle client id.
CLIENT_ID=$(az ad sp show --id http://$SERVICE_PRINCIPAL_NAME --query appId --output tsv)

# Output used when creating Kubernetes secret.
echo "Service principal ID: $CLIENT_ID"
echo "Service principal password: $SP_PASSWD"

#connect to the aks environment
az aks get-credentials --resource-group $AKS_RESOURCE_GROUP --name $AKS_CLUSTER_NAME

ACR_HTTPS_LOGIN_SERVER="https://$ACR_LOGIN_SERVER"

### get password from ACR
DOCKER_PASSWORD=$(az acr credential show -n $ACR_NAME --query passwords[0].value -o tsv)
kubectl create secret docker-registry acrconnection --docker-server=$ACR_HTTPS_LOGIN_SERVER --docker-username=$DOCKER_USERNAME --docker-password=$DOCKER_PASSWORD --docker-email=$DOCKER_EMAIL

az acr login --name $ACR_NAME

echo "Completed AKS Setup"
date
	## This creates a working single node Azure Kubernetes Cluster
	## and with an Azure Container Registry. Note, the ACR is in
	## the same resource group as the AKS for demo purposes. For
	## dev, qa, and prod you should have ACR in separate resource group.

	echo "Beginning AKS Setup for Demo"
	date

	AKS_RESOURCE_GROUP=aks-rg1
	AKS_CLUSTER_NAME=aks-c1
	ACR_RESOURCE_GROUP=MC_$AKS_RESOURCE_GROUP\_$AKS_CLUSTER_NAME\_centralus
	ACR_NAME=mytestaksacr
	SERVICE_PRINCIPAL_NAME=aks-sp-user
	RG_LOCATION=CentralUS
	DOCKER_USERNAME=$ACR_NAME
	DOCKER_EMAIL={provide email address here} #does not have to be an account with docker hub
	#DOCKER_PASSWORD is applied a value later

	az group create --location $RG_LOCATION --name $AKS_RESOURCE_GROUP

	az aks create -g $AKS_RESOURCE_GROUP -n $AKS_CLUSTER_NAME --generate-ssh-keys --node-count 1 --node-vm-size Standard_F1s
	# I tried cheaper VM sizes but they are not large enough for a cluster.
	# The Standard_F1s is cheapest VM I could quickly find that is good for a cluster.


	az acr create --resource-group $ACR_RESOURCE_GROUP --name $ACR_NAME --sku Basic --admin-enabled true


	CLIENT_ID=$(az aks show --resource-group $AKS_RESOURCE_GROUP --name $AKS_CLUSTER_NAME --query "servicePrincipalProfile.clientId" --output tsv)

	# Get the ACR registry resource id
	ACR_ID=$(az acr show --name $ACR_NAME --resource-group $ACR_RESOURCE_GROUP --query "id" --output tsv)

	# Create role assignment
	az role assignment create --assignee $CLIENT_ID --role Reader --scope $ACR_ID

	# Populate the ACR login server and resource id.
	ACR_LOGIN_SERVER=$(az acr show --name $ACR_NAME --query loginServer --output tsv)
	ACR_REGISTRY_ID=$(az acr show --name $ACR_NAME --query id --output tsv)

	# Create a contributor role assignment with a scope of the ACR resource.
	SP_PASSWD=$(az ad sp create-for-rbac --name $SERVICE_PRINCIPAL_NAME --role Reader --scopes $ACR_REGISTRY_ID --query password --output tsv)

	# Get the service principle client id.
	CLIENT_ID=$(az ad sp show --id http://$SERVICE_PRINCIPAL_NAME --query appId --output tsv)

	# Output used when creating Kubernetes secret.
	echo "Service principal ID: $CLIENT_ID"
	echo "Service principal password: $SP_PASSWD"

	#connect to the aks environment
	az aks get-credentials --resource-group $AKS_RESOURCE_GROUP --name $AKS_CLUSTER_NAME

	ACR_HTTPS_LOGIN_SERVER="https://$ACR_LOGIN_SERVER"

	### get password from ACR
	DOCKER_PASSWORD=$(az acr credential show -n $ACR_NAME --query passwords[0].value -o tsv)
	kubectl create secret docker-registry acrconnection --docker-server=$ACR_HTTPS_LOGIN_SERVER --docker-username=$DOCKER_USERNAME --docker-password=$DOCKER_PASSWORD --docker-email=$DOCKER_EMAIL

	az acr login --name $ACR_NAME

	echo "Completed AKS Setup"
	date