Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
This script will setup a new Azure Resource Group and Azure Kubernetes Service cluster environment also with an Azure Container Registry resource.
## This creates a working single node Azure Kubernetes Cluster
## and with an Azure Container Registry. Note, the ACR is in
## the same resource group as the AKS for demo purposes. For
## dev, qa, and prod you should have ACR in separate resource group.
echo "Beginning AKS Setup for Demo"
date
AKS_RESOURCE_GROUP=aks-rg1
AKS_CLUSTER_NAME=aks-c1
ACR_RESOURCE_GROUP=MC_$AKS_RESOURCE_GROUP\_$AKS_CLUSTER_NAME\_centralus
ACR_NAME=mytestaksacr
SERVICE_PRINCIPAL_NAME=aks-sp-user
RG_LOCATION=CentralUS
DOCKER_USERNAME=$ACR_NAME
DOCKER_EMAIL={provide email address here} #does not have to be an account with docker hub
#DOCKER_PASSWORD is applied a value later
az group create --location $RG_LOCATION --name $AKS_RESOURCE_GROUP
az aks create -g $AKS_RESOURCE_GROUP -n $AKS_CLUSTER_NAME --generate-ssh-keys --node-count 1 --node-vm-size Standard_F1s
# I tried cheaper VM sizes but they are not large enough for a cluster.
# The Standard_F1s is cheapest VM I could quickly find that is good for a cluster.
az acr create --resource-group $ACR_RESOURCE_GROUP --name $ACR_NAME --sku Basic --admin-enabled true
CLIENT_ID=$(az aks show --resource-group $AKS_RESOURCE_GROUP --name $AKS_CLUSTER_NAME --query "servicePrincipalProfile.clientId" --output tsv)
# Get the ACR registry resource id
ACR_ID=$(az acr show --name $ACR_NAME --resource-group $ACR_RESOURCE_GROUP --query "id" --output tsv)
# Create role assignment
az role assignment create --assignee $CLIENT_ID --role Reader --scope $ACR_ID
# Populate the ACR login server and resource id.
ACR_LOGIN_SERVER=$(az acr show --name $ACR_NAME --query loginServer --output tsv)
ACR_REGISTRY_ID=$(az acr show --name $ACR_NAME --query id --output tsv)
# Create a contributor role assignment with a scope of the ACR resource.
SP_PASSWD=$(az ad sp create-for-rbac --name $SERVICE_PRINCIPAL_NAME --role Reader --scopes $ACR_REGISTRY_ID --query password --output tsv)
# Get the service principle client id.
CLIENT_ID=$(az ad sp show --id http://$SERVICE_PRINCIPAL_NAME --query appId --output tsv)
# Output used when creating Kubernetes secret.
echo "Service principal ID: $CLIENT_ID"
echo "Service principal password: $SP_PASSWD"
#connect to the aks environment
az aks get-credentials --resource-group $AKS_RESOURCE_GROUP --name $AKS_CLUSTER_NAME
ACR_HTTPS_LOGIN_SERVER="https://$ACR_LOGIN_SERVER"
### get password from ACR
DOCKER_PASSWORD=$(az acr credential show -n $ACR_NAME --query passwords[0].value -o tsv)
kubectl create secret docker-registry acrconnection --docker-server=$ACR_HTTPS_LOGIN_SERVER --docker-username=$DOCKER_USERNAME --docker-password=$DOCKER_PASSWORD --docker-email=$DOCKER_EMAIL
az acr login --name $ACR_NAME
echo "Completed AKS Setup"
date
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.