forked from pulumi/examples
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathAksCluster.cs
119 lines (110 loc) · 4.25 KB
/
AksCluster.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
using System;
using System.Text;
using System.Threading.Tasks;
using Pulumi;
using Pulumi.AzureAD;
using Pulumi.AzureNative.ContainerService;
using Pulumi.AzureNative.ContainerService.Inputs;
using Pulumi.Random;
using Pulumi.Tls;
record AksClusterArgs
{
public string? VmSize { get; init; }
public int? VmCount { get; init; }
public string? KubernetesVersion { get; init; }
}
class AksCluster : ComponentResource
{
public AksCluster(string name, AksClusterArgs? args = default) : base("example:my:AksCluster", name)
{
var adApp = new Application("aks", new ApplicationArgs{ DisplayName = "aks" }, new() { Parent = this });
var adSp = new ServicePrincipal("aksSp", new()
{
ApplicationId = adApp.ApplicationId,
}, new() { Parent = this });
// Generate random password
var password = new RandomPassword("password", new()
{
Length = 20,
Special = true
}, new() { Parent = this });
// Create the Service Principal Password
var adSpPassword = new ServicePrincipalPassword("aksSpPassword", new()
{
ServicePrincipalId = adSp.Id,
Value = password.Result,
EndDate = "2099-01-01T00:00:00Z"
}, new() { Parent = this });
// Generate an SSH key
var sshKey = new PrivateKey("ssh-key", new PrivateKeyArgs
{
Algorithm = "RSA",
RsaBits = 4096
}, new() { Parent = this });
var cluster = new ManagedCluster("managedCluster", new()
{
ResourceGroupName = ResourceGroup.Name,
AddonProfiles =
{
{ "KubeDashboard", new ManagedClusterAddonProfileArgs { Enabled = true } }
},
AgentPoolProfiles =
{
new ManagedClusterAgentPoolProfileArgs
{
Count = args?.VmCount ?? 3,
MaxPods = 110,
Mode = "System",
Name = "agentpool",
OsDiskSizeGB = 30,
OsType = "Linux",
Type = "VirtualMachineScaleSets",
VmSize = args?.VmSize ?? "Standard_DS2_v2",
}
},
DnsPrefix = "demoapppulumiaks",
EnableRBAC = true,
Identity = new ManagedClusterIdentityArgs { Type = ResourceIdentityType.SystemAssigned },
KubernetesVersion = args?.KubernetesVersion ?? "1.18.14",
LinuxProfile = new ContainerServiceLinuxProfileArgs
{
AdminUsername = "testuser",
Ssh = new ContainerServiceSshConfigurationArgs
{
PublicKeys =
{
new ContainerServiceSshPublicKeyArgs
{
KeyData = sshKey.PublicKeyOpenssh,
}
}
}
},
NodeResourceGroup = "MC_demoapppulumiaks",
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfileArgs
{
ClientId = adApp.ApplicationId,
Secret = adSpPassword.Value
}
}, new() { Parent = this });
// Export the KubeConfig and SP
this.KubeConfig = Output.Tuple(ResourceGroup.Name, cluster.Name).Apply(names =>
GetKubeConfig(names.Item1, names.Item2));
this.PrincipalId = cluster.IdentityProfile.Apply(p => p!["kubeletidentity"].ObjectId!);
}
[Output]
public Output<string> KubeConfig { get; set; }
[Output]
public Output<string> PrincipalId { get; set; }
private static async Task<string> GetKubeConfig(string resourceGroupName, string clusterName)
{
var credentials = await ListManagedClusterUserCredentials.InvokeAsync(new ListManagedClusterUserCredentialsArgs
{
ResourceGroupName = resourceGroupName,
ResourceName = clusterName
});
var encoded = credentials.Kubeconfigs[0].Value;
var data = Convert.FromBase64String(encoded);
return Encoding.UTF8.GetString(data);
}
}