wooden-receptionist-75654
10/25/2021, 10:45 AMazure-native.containerservice
lib to create AKS cluster and I also would like deploy k8s RBAC objects with kubernetes
lib.
I have something like:
# Creating AKS
const cluster = new containerservice.ManagedCluster(...)
# Getting a kubectlconfig
const creds = pulumi.all([cluster.name, resourceGroup.name]).apply(([clusterName, rgName]) => {
return containerservice.listManagedClusterUserCredentials({
resourceGroupName: rgName,
resourceName: clusterName,
});
});
const encoded = creds.kubeconfigs[0].value;
const kubeconfig = encoded.apply(enc => Buffer.from(enc, "base64").toString());
# Creating provider
const aksProvider = new k8s.Provider("aks", {
kubeconfig: kubeconfig
})
# And deploying a role
const devsGroupRole = new k8s.rbac.v1.Role("pulumi-devs",{...})
When run it locally with pulumi up
I got auth request:
To sign in, use a web browser to open the page <https://microsoft.com/devicelogin>".
Am I missing something?brainy-lion-38675
10/25/2021, 10:48 AMwooden-receptionist-75654
10/25/2021, 11:16 AMbrainy-lion-38675
10/25/2021, 11:17 AMwooden-receptionist-75654
10/25/2021, 11:17 AMbillowy-army-68599
10/25/2021, 11:59 AMaz account show
return?wooden-receptionist-75654
10/25/2021, 12:15 PM{
"environmentName": "AzureCloud",
"homeTenantId": "xxxxxxxxxx",
"id": "xxxxxxxx",
"isDefault": true,
"managedByTenants": [],
"name": "AAAAA",
"state": "Enabled",
"tenantId": "xxxxxx",
"user": {
"name": "sergiii",
"type": "user"
}
}
billowy-army-68599
10/25/2021, 12:17 PMenv | grep -i azure
wooden-receptionist-75654
10/25/2021, 12:17 PMbillowy-army-68599
10/25/2021, 12:22 PMwooden-receptionist-75654
10/25/2021, 12:24 PMbillowy-army-68599
10/25/2021, 12:25 PMwooden-receptionist-75654
10/25/2021, 12:27 PMconst devsGroupRole = new k8s.rbac.v1.Role("pulumi-devs",{...},{provider: aksProvider})
billowy-army-68599
10/25/2021, 12:34 PMwooden-receptionist-75654
10/25/2021, 12:54 PMconst aksProvider = new k8s.Provider("aks", {
kubeconfig: kubeconfig
})
To sign in, use a web browser to open the page
billowy-army-68599
10/25/2021, 12:55 PMconst devsGroupRole = new k8s.rbac.v1.Role("pulumi-devs",{...})
and then export your kubeconfig:
export const kubeconfig = encoded.apply(enc => Buffer.from(enc, "base64").toString());
Then do pulumi stack output kubeconfig
and examine what's therewooden-receptionist-75654
10/25/2021, 1:06 PMapiVersion: v1
clusters:
- cluster:
certificate-authority-data: CERT
server: <https://api:443>
name: dev
contexts:
- context:
cluster: dev
user: clusterUser_aks_dev
name: dev
current-context: dev
kind: Config
preferences: {}
users:
- name: clusterUser_aks-dev
auth-provider:
config:
apiserver-id:cccc
client-id: xxxx
config-mode: "1"
environment: AzurePublicCloud
tenant-id: cccc
name: azure
pulumi up
without update got auth messagebillowy-army-68599
10/25/2021, 1:13 PMkubeconfig
up to and run kubectl
does it work?wooden-receptionist-75654
10/25/2021, 1:19 PMpulumi stack output kubeconfig --show-secrets > kubeconfig.yaml
➜ pulumi-aks git:(poc) ✗ KUBECONFIG=./kubeconfig.yaml kubectl get nodes
To sign in, use a web browser to open the page <https://microsoft.com/devicelogin> and enter the code XXXXXX to authenticate.
billowy-army-68599
10/25/2021, 1:26 PMwooden-receptionist-75654
10/25/2021, 1:33 PM