azure-py-aks

Azure Kubernetes Service (AKS) Cluster using the native Azure Provider in Python

This example deploys an AKS cluster, creates an Azure Active AD application, creates a Service Principal and sets credentials to manage access to the cluster.

Deploying the App

1. Initialize a new stack called dev via pulumi stack init.

   pulumi stack init dev

2. Login to Azure CLI (you will be prompted to do this during deployment if you forget this step):

   az login

3. Create a Python virtualenv, activate it, and install dependencies:

   This installs the dependent packages for our Pulumi program.

   python3 -m venv venv
   source venv/bin/activate
   pip3 install -r requirements.txt

4. Set the confi values via pulumi config set.

   Here are Azure regions see this infographic for a list of available regions)

   pulumi config set azure-native:location eastus2

5. Run pulumi up to preview and deploy changes: You must select y to continue

   pulumi up

   Results

   View Live: https://app.pulumi.com/myuser/azure-py-aks/dev/updates/51
   
    Type                                             Name                             Status      Info
   +   pulumi:pulumi:Stack                              azure-py-aks-dev                 created     1 warning
   +   ├─ azuread:index:Application                     mydemo-azuread-application       created     
   +   ├─ random:index:RandomPassword                   mydemo-password                  created     
   +   ├─ tls:index:PrivateKey                          mydemo-ssh-key                   created     
   +   ├─ azure-native:resources:ResourceGroup          mydemo-aks                       created     
   +   ├─ azuread:index:ServicePrincipal                mydemo-ad-serviceprincipal       created     
   +   ├─ azuread:index:ServicePrincipalPassword        mydemo-serviceprincipalpassword  created     1 warning
   +   └─ azure-native:containerservice:ManagedCluster  mydemo-azure-aks                 created     
   
   Diagnostics:
   azuread:index:ServicePrincipalPassword (mydemo-serviceprincipalpassword):
       warning: urn:pulumi:dev::azure-py-aks::azuread:index/servicePrincipalPassword:ServicePrincipalPassword::mydemo-serviceprincipalpassword verification warning: Deprecated Attribute
   
   pulumi:pulumi:Stack (azure-py-aks-dev):
       warning: value is deprecated: In version 2.0 of the AzureAD provider, this attribute will become read-only as it will no longer be possible to specify a password value. It will be generated by Azure Active Directory and persisted to state for reuse in your Terraform configuration.
   
   Outputs:
       ad_app_name         : "ef7e5f67-c08a-4452-a838-16a16e81869b"
       ad_sp_display_name  : "mydemo-azuread-application"
       kubeconfig          : "[secret]"
       managed_cluster_name: "mydemo-azure-aks6731bd78"
       resource_group_name : "mydemo-aksdf340c7d"
   
   Resources:
       + 8 created
   
   Duration: 5m50s

6. View the outputs.

   pulumi stack output

   Results

   Current stack outputs (5):
    OUTPUT                VALUE
    ad_app_name           ef7e5f67-c08a-4452-a838-16a16e81869b
    ad_sp_display_name    mydemo-azuread-application
    kubeconfig            [secret]
    managed_cluster_name  mydemo-azure-aks6731bd78
    resource_group_name   mydemo-aksdf340c7d

   If you need to see the value in kubeconfig, you will have to do the following

   pulumi stack output --show-secrets

7. You can save this kubeconfig to a file and use kubectl via command line:

   pulumi stack output kubeconfig --show-secrets > kubeconfig

   Once you have this file in hand, you can interact with your new cluster as usual via kubectl:

   export KUBECONFIG=$PWD/kubeconfig 
   kubectl version
   kubectl get nodes

8. Clean up

   pulumi destroy -y

9. Remove. This will remove the Pulumi.dev.yaml file also

   pulumi stack rm dev -y