Created
February 11, 2021 14:34
-
-
Save vfarcic/cbc10d75af57cffbf30413148dfd13bf to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
################################################################################ | |
# Crossplane - Azure # | |
# TODO: Using Kubernetes API and GitOps to manage Infrastructure as Code (IaC) # | |
# TODO: Link # | |
################################################################################ | |
######### | |
# Setup # | |
######### | |
# The examples are using Azure! | |
# Create an account in https://cloud.upbound.io/register or https://crossplane.io/docs/v1.0/getting-started/install-configure.html#start-with-a-self-hosted-crossplane | |
curl -sL https://raw.githubusercontent.com/crossplane/crossplane/release-1.0/install.sh | sh | |
# Read the instructions from the output to finish the installation | |
minikube start | |
helm repo add crossplane-stable \ | |
https://charts.crossplane.io/stable | |
helm repo update | |
helm upgrade --install \ | |
crossplane crossplane-stable/crossplane \ | |
--namespace crossplane-system \ | |
--create-namespace \ | |
--wait | |
git clone https://github.com/vfarcic/crossplane-demo.git | |
cd crossplane-demo | |
######### | |
# Setup # | |
######### | |
az ad sp create-for-rbac \ | |
--sdk-auth \ | |
--role Owner \ | |
| tee creds-azure.json | |
export AZURE_CLIENT_ID=$(\ | |
cat creds-azure.json \ | |
| grep clientId \ | |
| cut -c 16-51) | |
export RW_ALL_APPS=1cda74f2-2616-4834-b122-5cb1b07f8a59 | |
export RW_DIR_DATA=78c8a3c8-a07e-4b9e-af1b-b5ccab50a175 | |
export AAD_GRAPH_API=00000002-0000-0000-c000-000000000000 | |
az ad app permission add \ | |
--id $AZURE_CLIENT_ID \ | |
--api $AAD_GRAPH_API \ | |
--api-permissions \ | |
$RW_ALL_APPS=Role \ | |
$RW_DIR_DATA=Role | |
az ad app permission grant \ | |
--id $AZURE_CLIENT_ID \ | |
--api $AAD_GRAPH_API \ | |
--expires never | |
az ad app permission admin-consent \ | |
--id $AZURE_CLIENT_ID | |
kubectl --namespace crossplane-system \ | |
create secret generic azure-creds \ | |
--from-file=key=./creds-azure.json | |
export RESOURCE_GROUP=devops-toolkit-$(date +%Y%m%d%H%M%S) | |
cat aks-orig.yaml \ | |
| sed -e "s@CHANGE_ME_RESOURCE_GROUP@$RESOURCE_GROUP@g" \ | |
| tee aks.yaml | |
#################### | |
# Create resources # | |
#################### | |
kubectl crossplane --help | |
kubectl crossplane install provider \ | |
crossplane/provider-azure:v0.14.0 | |
kubectl get providers | |
# Repeat the previous command until `HEALTHY` column is set to `True` (or add `--watch`) | |
echo "apiVersion: azure.crossplane.io/v1beta1 | |
kind: ProviderConfig | |
metadata: | |
name: default | |
spec: | |
credentials: | |
source: Secret | |
secretRef: | |
namespace: crossplane-system | |
name: azure-creds | |
key: key" \ | |
| kubectl apply --filename - | |
cat aks.yaml | |
# Might need to change the version inside `aks.yaml` if the one currently set is not available any more. | |
# Execute `az aks get-versions --location eastus` to retrieve all the available versions. | |
kubectl apply --filename aks.yaml | |
kubectl get resourcegroups | |
kubectl get aksclusters | |
# TODO: Continue | |
################################ | |
# Doing what shouldn't be done # | |
################################ | |
# TODO: | |
#################### | |
# Update resources # | |
#################### | |
# TODO: | |
##################### | |
# Destroy resources # | |
##################### | |
# TODO: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment