-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathmakeNewCluster.script
executable file
·76 lines (58 loc) · 2.75 KB
/
makeNewCluster.script
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
#!/bin/bash
echo "Would you like to create a new service principal for this cluster? [Y/N]"
read prompt
if [[ $prompt == "y" || $prompt == "Y" ]]; then
az acr login --name registryqft0511
aksname="tripsAKSCluster4"
# Create the Azure AD application
serverApplicationId=$(az ad app create \
--display-name "${aksname}Server" \
--identifier-uris "https://${aksname}Server" \
--query appId -o tsv)
# Update the application group memebership claims
az ad app update --id $serverApplicationId --set groupMembershipClaims=All
# Create a service principal for the Azure AD application
az ad sp create --id $serverApplicationId
# Get the service principal secret
serverApplicationSecret=$(az ad sp credential reset \
--name $serverApplicationId \
--credential-description "AKSPassword" \
--query password -o tsv)
az ad app permission add \
--id $serverApplicationId \
--api 00000003-0000-0000-c000-000000000000 \
--api-permissions e1fe6dd8-ba31-4d61-89e7-88639da4683d=Scope 06da0dbc-49e2-44d2-8312-53f166ab848a=Scope 7ab1d382-f21e-4acd-a863-ba3e13f7da61=Role
az ad app permission grant --id $serverApplicationId --api 00000003-0000-0000-c000-000000000000
az ad app permission admin-consent --id $serverApplicationId
clientApplicationId=$(az ad app create \
--display-name "${aksname}Client" \
--native-app \
--reply-urls "https://${aksname}Client" \
--query appId -o tsv)
az ad sp create --id $clientApplicationId
oAuthPermissionId=$(az ad app show --id $serverApplicationId --query "oauth2Permissions[0].id" -o tsv)
az ad app permission add --id $clientApplicationId --api $serverApplicationId --api-permissions ${oAuthPermissionId}=Scope
az ad app permission grant --id $clientApplicationId --api $serverApplicationId
tenantId=$(az account show --query tenantId -o tsv)
else
serverAppId=$(echo "5ffffb1a-90a3-4ac6-9c0b-06d9e1a944ca")
serverApplicationSecret=$(echo "Q]e?kRjOvlNI1l1-48RQqSwP=f94=FwZ")
clientApplicationId=$(echo "")
tenantId=$(echo "")
fi
VNET_ID=$(az network vnet show --resource-group teamResources --name Vnet --query id -o tsv)
SUBNET_ID=$(az network vnet subnet show --resource-group teamResources --vnet-name Vnet --name vm-subnet --query id -o tsv)
echo $serverAppId
az aks create --resource-group teamResources --name tripAKSCluster \
--node-count 1 \
--generate-ssh-keys \
--kubernetes-version 1.15.7 \
--aad-server-app-id $serverApplicationId \
--aad-server-app-secret $serverApplicationSecret \
--aad-client-app-id $clientApplicationId \
--aad-tenant-id $tenantId \
--network-plugin azure \
--vnet-subnet-id $SUBNET_ID \
--docker-bridge-address 172.17.0.1/16 \
--dns-service-ip 10.2.1.10 \
--service-cidr 10.2.1.0/24