tomasaschan/provision-aks-acr.ps1

## provision-aks-acr.ps1
param(
  $resourceGroup = 'sandbox-<firstname>.<lastname>',
  $clusterName = '<firstname>-<lastname>-cluster',
  $registryName = '<firstname><lastname>',
  $privateKeyName = '<firstname>.<lastname>-secret',
  $email = 'no-one-there@bogusdomain.com'
)

Write-Host "Provisioning resources..."
az configure --defaults group=$resourceGroup

$existingClusters = az aks list --query "[].name"

if ($clusterName -in ($existingClusters | ConvertFrom-Json)) {
  Write-Host "Cluser named $clusterName already exists"
}
else {
  Write-Host "Provisioning cluster $clusterName..."
  az aks create `
    --name $clusterName `
    --generate-ssh-keys #`
  # --node-count $nodeCount `
}

$existingRegistires = az acr list --query "[].name" | ConvertFrom-Json

if ($registryName -in $existingRegistires) {
  Write-Host "Registry $registryName already exists"
}
else {
  Write-Host "Provisioning registry $registryName"
  az acr create --name $registryName --sku Basic
}

Write-Host "Configuring security..."
$kubectlContexts = kubectl config get-contexts --output name
if ($clusterName -notin $kubectlContexts) {
  az aks get-credentials --name $clusterName
}

az acr login --name $registryName | Out-Null
$registryLoginServer = az acr list --query "[0].loginServer" --output tsv

$existingSecrets = kubectl get secrets --output name
if ("secrets/$privateKeyName" -notin $existingSecrets) {
  # Create a private secret that AKS can use to communicate with ACSs
  az acr update --name $registryName --admin-enabled true | Out-Null
  $acrPassword = az acr credential show --query "passwords[0].value" --name $registryName
  kubectl create secret docker-registry $privateKeyName `
    --docker-server $registryLoginServer `
    --docker-username $registryName `
    --docker-password $acrPassword `
    --docker-email $email
}

Write-Host ""
Write-Host "All good to go!"
Write-Host "Tag images $registryLoginServer to push to ACR"
Write-Host "Use secret named $privateKeyName for image pulls in service definitions"

@{
  registry = "$registryLoginServer";
  keyName = "$privateKeyName"
} | ConvertTo-Json | Out-File ./azure-config.json
	param(
	$resourceGroup = 'sandbox-<firstname>.<lastname>',
	$clusterName = '<firstname>-<lastname>-cluster',
	$registryName = '<firstname><lastname>',
	$privateKeyName = '<firstname>.<lastname>-secret',
	$email = 'no-one-there@bogusdomain.com'
	)

	Write-Host "Provisioning resources..."
	az configure --defaults group=$resourceGroup

	$existingClusters = az aks list --query "[].name"

	if ($clusterName -in ($existingClusters \| ConvertFrom-Json)) {
	Write-Host "Cluser named $clusterName already exists"
	}
	else {
	Write-Host "Provisioning cluster $clusterName..."
	az aks create `
	--name $clusterName `
	--generate-ssh-keys #`
	# --node-count $nodeCount `
	}

	$existingRegistires = az acr list --query "[].name" \| ConvertFrom-Json

	if ($registryName -in $existingRegistires) {
	Write-Host "Registry $registryName already exists"
	}
	else {
	Write-Host "Provisioning registry $registryName"
	az acr create --name $registryName --sku Basic
	}

	Write-Host "Configuring security..."
	$kubectlContexts = kubectl config get-contexts --output name
	if ($clusterName -notin $kubectlContexts) {
	az aks get-credentials --name $clusterName
	}

	az acr login --name $registryName \| Out-Null
	$registryLoginServer = az acr list --query "[0].loginServer" --output tsv

	$existingSecrets = kubectl get secrets --output name
	if ("secrets/$privateKeyName" -notin $existingSecrets) {
	# Create a private secret that AKS can use to communicate with ACSs
	az acr update --name $registryName --admin-enabled true \| Out-Null
	$acrPassword = az acr credential show --query "passwords[0].value" --name $registryName
	kubectl create secret docker-registry $privateKeyName `
	--docker-server $registryLoginServer `
	--docker-username $registryName `
	--docker-password $acrPassword `
	--docker-email $email
	}

	Write-Host ""
	Write-Host "All good to go!"
	Write-Host "Tag images $registryLoginServer to push to ACR"
	Write-Host "Use secret named $privateKeyName for image pulls in service definitions"

	@{
	registry = "$registryLoginServer";
	keyName = "$privateKeyName"
	} \| ConvertTo-Json \| Out-File ./azure-config.json