Azure Kubernetes Service (AKS) Cluster using the native Azure Provider and DiagnosticSetting in Python
This example deploys an AKS cluster, creates an Azure Active AD application, creates a Service Principal and sets credentials to manage access to the cluster. We also turn on DiagnosticSettings on the AKS cluster.
-
Initialize a new stack called
devvia pulumi stack init.pulumi stack init dev
-
Login to Azure CLI (you will be prompted to do this during deployment if you forget this step):
az login
-
Create a Python virtualenv, activate it, and install dependencies:
This installs the dependent packages for our Pulumi program.
python3 -m venv venv source venv/bin/activate pip3 install -r requirements.txt -
Set the confi values via pulumi config set.
Here are Azure regions see this infographic for a list of available regions)
pulumi config set azure-native:location eastus2 -
Run
pulumi upto preview and deploy changes: You must selectyto continuepulumi up
Results
View Live: https://app.pulumi.com/shaht/azure-py-aks-diagnosticsetting/dev/updates/60 Type Name Status Info + pulumi:pulumi:Stack azure-py-aks-diagnosticsetting-dev created 1 warning + ├─ azuread:index:Application demodiag-azuread-apps created + ├─ random:index:RandomPassword demodiag-randompassword created + ├─ tls:index:PrivateKey demodiag-ssh-key created + ├─ azure-native:resources:ResourceGroup demodiag-rg created + ├─ azure-native:storage:StorageAccount demodiagsa created + ├─ azuread:index:ServicePrincipal demodiag-ad-serviceprincipal created + ├─ azuread:index:ServicePrincipalPassword demodiag-serviceprincipalpassword created 1 warning + ├─ azure-native:containerservice:ManagedCluster demodiag-azure-aks created + └─ azure-native:insights:DiagnosticSetting demodiag-diagnostic-control-plane-log created Diagnostics: azuread:index:ServicePrincipalPassword (demodiag-serviceprincipalpassword): warning: urn:pulumi:dev::azure-py-aks-diagnosticsetting::azuread:index/servicePrincipalPassword:ServicePrincipalPassword::demodiag-serviceprincipalpassword verification warning: Deprecated Attribute pulumi:pulumi:Stack (azure-py-aks-diagnosticsetting-dev): warning: value is deprecated: In version 2.0 of the AzureAD provider, this attribute will become read-only as it will no longer be possible to specify a password value. It will be generated by Azure Active Directory and persisted to state for reuse in your Terraform configuration. Outputs: ad_app_name : "0f86d9e4-1990-40d7-be39-cf25b788edc0" ad_sp_display_name : "demodiag-azuread-apps" diagnostic_setting_id : "[secret]" diagnostic_setting_name: "demodiag-diagnostic-control-plane-logaf3a4dbf" kubeconfig : "[secret]" managed_cluster_name : "demodiag-azure-akse5175902" managed_cluster_uri : "[secret]" resource_group_name : "demodiag-rg0b6f1569" storage_account_id : "[secret]" storage_account_name : "demodiagsa89363946" Resources: + 10 created Duration: 12m7s -
View the outputs.
pulumi stack output
Results
Current stack outputs (10): OUTPUT VALUE ad_app_name 0f86d9e4-1990-40d7-be39-cf25b788edc0 ad_sp_display_name demodiag-azuread-apps diagnostic_setting_id [secret] diagnostic_setting_name demodiag-diagnostic-control-plane-logaf3a4dbf kubeconfig [secret] managed_cluster_name demodiag-azure-akse5175902 managed_cluster_uri [secret] resource_group_name demodiag-rg0b6f1569 storage_account_id [secret] storage_account_name demodiagsa89363946
If you need to see the values that are
secret, you will have to do the followingpulumi stack output --show-secrets
-
You can save this kubeconfig to a file and use
kubectlvia command line:pulumi stack output kubeconfig --show-secrets > kubeconfigOnce you have this file in hand, you can interact with your new cluster as usual via
kubectl:export KUBECONFIG=$PWD/kubeconfig kubectl version kubectl get nodes
-
Clean up
pulumi destroy -y
-
Remove. This will remove the Pulumi.dev.yaml file also
pulumi stack rm dev -y