-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathinfrastructure.sh
73 lines (54 loc) · 2.43 KB
/
infrastructure.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
# New-SelfSignedCertificate -certstorelocation Cert:\localMachine\my -dnsname "www.dlw.com"
# $pwd = ConvertTo-SecureString -String "myTest@Pwd123" -Force -AsPlainText
# Export-PfxCertificate -cert Cert:\localMachine\my\A5CE8D378ED5B664D61E59FF57C5D874DDF1CF35 -FilePath C:\Users\Felix_Yu\Downloads\testCert.pfx -Password $pwd
# https://docs.microsoft.com/en-us/azure/application-gateway/tutorial-ssl-cli
##
## purge: az keyvault purge -n $vaultName
## prepare
echo "preparing"
rgName=dlwRG2
region=eastus
ipName=nginxIp2
clusterName=dlwCluster2
ns=dlwns2
## purge: rg
az group delete --name $rgName --location $region -y
## provisioning resource group
echo "provisioning resource group"
az group create --name $rgName --location $region
## provisioning aks
echo "provisioning aks"
az aks create -n $clusterName -g $rgName \
--kubernetes-version 1.24.3 \
--vm-set-type VirtualMachineScaleSets --node-count 1 --node-vm-size Standard_B2s \
--enable-cluster-autoscaler --min-count 1 --max-count 2 \
--dns-name-prefix dlw \
--network-plugin azure --enable-managed-identity --generate-ssh-keys
## create ip for nginx
nodeResourceGroup=$(az aks show -n $clusterName -g $rgName -o tsv --query "nodeResourceGroup")
az network public-ip create -n $ipName -g $nodeResourceGroup --allocation-method Static --sku Standard
## installing basic services
echo "installing basic services"
## switch context
az aks get-credentials --resource-group $rgName --name $clusterName
## deploy nginx
nodeResourceGroup=$(az aks show -n $clusterName -g $rgName -o tsv --query "nodeResourceGroup")
STATIC_IP=$(az network public-ip show -n $ipName -g $nodeResourceGroup --query "ipAddress" -o tsv)
NAMESPACE=ingress-basic
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm upgrade --install ingress-nginx ingress-nginx/ingress-nginx \
--create-namespace \
--namespace $NAMESPACE \
--set controller.service.loadBalancerIP=$STATIC_IP \
--set controller.service.annotations."service\.beta\.kubernetes\.io/azure-load-balancer-health-probe-request-path"=/healthz \
--set controller.service.externalTrafficPolicy=Local
## config cert-manager
helm repo add jetstack https://charts.jetstack.io
helm repo update
helm install cert-manager jetstack/cert-manager \
--namespace cert-manager --create-namespace \
--version v1.9.1 \
--set installCRDs=true
echo "done"
echo "please create route53 'A' record for IP $STATIC_IP manually"