script for creating aks cluster with
workload identity
api vnet integration
node and pod subnets
azure network plugin
azure network policy
azure defender
azure keyvault secrets provider
kubelet identity
keda addon
grafana managed addon
promethous managed addon
running on MarinerV2/W2022 node pools
A public cluster is created with API VNet integration.
The cluster has 3 nodes pools. A dedicated system node pool
A linux node pool and a Windows node pool. Each in their own subnet
Each node pool has a seperate pod subnet
Autoscaling is not enabled
A keyvault is setup with a secret 'Secret1'.
A workload(managaed) identity is setup ${aksPrefix}WorkloadId.
A service accoount {aksPrefix}-sa is created in namespace {aksPrefix}-ns.
A federated account is seteup ${aksPrefix}FedId.
A quick-start pod is deployed to the namespace using the service account and pulls the secret from the keyvault
The link to the Grafana dashboard is printed.
The Windows node exporter is installed.
run
cd baseCluster
./aksdeploy.sh
You can get the logs for the quick-start pod to verify workload identity.
kubectl logs quick-start
I1013 22:49:29.872708 1 main.go:30] "successfully got secret" secret="Hello!"