ayan.poddar
/
eShopOnContainers
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 19 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3963 Commits
36 Branches
655 MiB
 
 
 
 
 
 
Tree: 17f9c653e2
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '17f9c653e2'
${ noResults }
eShopOnContainers/deploy/k8s/helm/publicipingressaks.sh

193 lines
9.2 KiB
Raw Blame History

# 20.63.171.125
PUBLIC_IP_ID=$(az network public-ip list --query "[?ipAddress=='20.63.171.125'].id" -o tsv)
az network dns zone create --resource-group k8sstudy --name anniedesign.xyz
az network dns record-set a add-record --resource-group k8sstudy --record-set-name eshop --zone-name anniedesign.xyz --ipv4-address 1.1.1.1
az network dns record-set a update --name eshop --resource-group k8sstudy --zone-name anniedesign.xyz --target-resource /subscriptions/e25379c9-941e-4fe6-81ff-f0e62becf996/resourceGroups/mc_k8sstudy_eshop_japaneast/providers/Microsoft.Network/publicIPAddresses/kubernetes-ae87c596c80514b95839a76c3ed683df
az network dns zone show --resource-group k8sstudy --name anniedesign.xyz --query nameServers
# ns1-03.azure-dns.com.
# ns2-03.azure-dns.net.
# ns3-03.azure-dns.org.
# ns4-03.azure-dns.info.
# ---------------------------
REGISTRY_NAME=heigoo
CONTROLLER_REGISTRY=k8s.gcr.io
CONTROLLER_IMAGE=ingress-nginx/controller
CONTROLLER_TAG=v0.48.1
PATCH_REGISTRY=docker.io
PATCH_IMAGE=jettech/kube-webhook-certgen
PATCH_TAG=v1.5.1
DEFAULTBACKEND_REGISTRY=k8s.gcr.io
DEFAULTBACKEND_IMAGE=defaultbackend-amd64
DEFAULTBACKEND_TAG=1.5
CERT_MANAGER_REGISTRY=quay.io
CERT_MANAGER_TAG=v1.3.1
CERT_MANAGER_IMAGE_CONTROLLER=jetstack/cert-manager-controller
CERT_MANAGER_IMAGE_WEBHOOK=jetstack/cert-manager-webhook
CERT_MANAGER_IMAGE_CAINJECTOR=jetstack/cert-manager-cainjector
az acr import --name $REGISTRY_NAME --source $CONTROLLER_REGISTRY/$CONTROLLER_IMAGE:$CONTROLLER_TAG --image $CONTROLLER_IMAGE:$CONTROLLER_TAG
az acr import --name $REGISTRY_NAME --source $PATCH_REGISTRY/$PATCH_IMAGE:$PATCH_TAG --image $PATCH_IMAGE:$PATCH_TAG
az acr import --name $REGISTRY_NAME --source $DEFAULTBACKEND_REGISTRY/$DEFAULTBACKEND_IMAGE:$DEFAULTBACKEND_TAG --image $DEFAULTBACKEND_IMAGE:$DEFAULTBACKEND_TAG
az acr import --name $REGISTRY_NAME --source $CERT_MANAGER_REGISTRY/$CERT_MANAGER_IMAGE_CONTROLLER:$CERT_MANAGER_TAG --image $CERT_MANAGER_IMAGE_CONTROLLER:$CERT_MANAGER_TAG
az acr import --name $REGISTRY_NAME --source $CERT_MANAGER_REGISTRY/$CERT_MANAGER_IMAGE_WEBHOOK:$CERT_MANAGER_TAG --image $CERT_MANAGER_IMAGE_WEBHOOK:$CERT_MANAGER_TAG
az acr import --name $REGISTRY_NAME --source $CERT_MANAGER_REGISTRY/$CERT_MANAGER_IMAGE_CAINJECTOR:$CERT_MANAGER_TAG --image $CERT_MANAGER_IMAGE_CAINJECTOR:$CERT_MANAGER_TAG
az aks show --resource-group k8sstudy --name eshop --query nodeResourceGroup -o tsv --MC_k8sstudy_eShop_japaneast
az network public-ip create --resource-group MC_k8sstudy_eShop_japaneast --name myAKSPublicIP --sku Standard --allocation-method static --query publicIp.ipAddress -o tsv --20.194.219.173
-----
# Create a namespace for your ingress resources
kubectl create namespace ingress-basic
# Add the ingress-nginx repository
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
# Set variable for ACR location to use for pulling images
ACR_URL=heigoo.azurecr.io
STATIC_IP=20.194.219.173
DNS_LABEL=eshop
# Use Helm to deploy an NGINX ingress controller
kubectl --namespace ingress-basic get services -o wide -w nginx-ingress-ingress-nginx-controller
az network public-ip list --resource-group MC_myResourceGroup_myAKSCluster_eastus --query "[?name=='myAKSPublicIP'].[dnsSettings.fqdn]" -o tsv
# ===============
az network public-ip create \
--resource-group k8sstudy \
--name myAKSPublicIP \
--sku Standard \
--allocation-method static
az network public-ip list
az network public-ip show --resource-group k8sstudy --name myAKSPublicIP --query ipAddress --output tsv
az role assignment create \
--assignee eShop \
--role "Network Contributor" \
--scope /subscriptions/e25379c9-941e-4fe6-81ff-f0e62becf996/resourceGroups/k8sstudy
# ==================
az aks create --name myAKSCluster --resource-group myResourceGroup
service principle
az ad sp create-for-rbac --skip-assignment --name myAKSClusterServicePrincipal
Specify a service principal for an AKS cluster
az aks create \
--resource-group myResourceGroup \
--name myAKSCluster \
--service-principal <appId> \
--client-secret <password>
# Delegate access to other Azure resources
az role assignment create --assignee <appId> --scope <resourceScope> --role Contributor
# ===========================================
# Create a new AKS cluster with ACR integration
# set this to the name of your Azure Container Registry. It must be globally unique
MYACR=myContainerRegistry
# Run the following line to create an Azure Container Registry if you do not already have one
az acr create -n $MYACR -g myContainerRegistryResourceGroup --sku basic
# Create an AKS cluster with ACR integration
az aks create -n myAKSCluster -g myResourceGroup --generate-ssh-keys --attach-acr $MYACR
az aks create -n myAKSCluster -g myResourceGroup --generate-ssh-keys --attach-acr /subscriptions/<subscription-id>/resourceGroups/myContainerRegistryResourceGroup/providers/Microsoft.ContainerRegistry/registries/myContainerRegistry
# Configure ACR integration for existing AKS clusters
# =====
# =================managed identity==========================
az account show --query id -o tsv
az aks show -g k8sstudy -n eShop --query "servicePrincipalProfile"
# After verifying the cluster is using managed identities, you can find the control plane system-assigned identity's object ID with the following command:
az aks show -g k8sstudy -n eShop --query "identity"
az identity list --query "[].{Name:name, Id:id, Location:location}" -o table
# ==================inital aks==========
az group delete --name myResourceGroup --yes --no-wait
# ======= acr azure registry============
az aks check-acr --name MyManagedCluster --resource-group MyResourceGroup --acr myacr.azurecr.io
# set this to the name of your Azure Container Registry. It must be globally unique
MYACR=myContainerRegistry
# Run the following line to create an Azure Container Registry if you do not already have one
az acr create -n $MYACR -g myContainerRegistryResourceGroup --sku basic
# Create an AKS cluster with ACR integration
az aks create -n myAKSCluster -g myResourceGroup --generate-ssh-keys --attach-acr $MYACR
# -----------------
az aks update -n myAKSCluster -g myResourceGroup --attach-acr heigoo
# If you are using an ACR that is located in a different subscription from your AKS cluster, use the ACR resource ID when attaching or detaching from an AKS cluster.
az aks create -n myAKSCluster -g myResourceGroup --generate-ssh-keys --attach-acr /subscriptions/<subscription-id>/resourceGroups/myContainerRegistryResourceGroup/providers/Microsoft.ContainerRegistry/registries/myContainerRegistry
# -----
helm upgrade -i nginx-ingress ingress-nginx/ingress-nginx \
--version 3.36.0 \
--namespace ingress-basic \
--set controller.replicaCount=2 \
--set controller.nodeSelector."kubernetes\.io/os"=linux \
--set controller.image.registry=$ACR_URL \
--set controller.image.image=$CONTROLLER_IMAGE \
--set controller.image.tag=$CONTROLLER_TAG \
--set controller.image.digest="" \
--set controller.admissionWebhooks.patch.nodeSelector."kubernetes\.io/os"=linux \
--set controller.admissionWebhooks.patch.image.registry=$ACR_URL \
--set controller.admissionWebhooks.patch.image.image=$PATCH_IMAGE \
--set controller.admissionWebhooks.patch.image.tag=$PATCH_TAG \
--set defaultBackend.nodeSelector."kubernetes\.io/os"=linux \
--set defaultBackend.image.registry=$ACR_URL \
--set defaultBackend.image.image=$DEFAULTBACKEND_IMAGE \
--set defaultBackend.image.tag=$DEFAULTBACKEND_TAG
helm upgrade -i nginx-ingress ingress-nginx/ingress-nginx \
--version 3.36.0 \
--namespace ingress-basic \
--set controller.replicaCount=2 \
--set controller.nodeSelector."kubernetes\.io/os"=linux \
--set controller.image.registry=$ACR_URL \
--set controller.image.image=$CONTROLLER_IMAGE \
--set controller.image.tag=$CONTROLLER_TAG \
--set controller.image.digest="" \
--set controller.admissionWebhooks.patch.nodeSelector."kubernetes\.io/os"=linux \
--set controller.admissionWebhooks.patch.image.registry=$ACR_URL \
--set controller.admissionWebhooks.patch.image.image=$PATCH_IMAGE \
--set controller.admissionWebhooks.patch.image.tag=$PATCH_TAG \
--set defaultBackend.nodeSelector."kubernetes\.io/os"=linux \
--set defaultBackend.image.registry=$ACR_URL \
--set defaultBackend.image.image=$DEFAULTBACKEND_IMAGE \
--set defaultBackend.image.tag=$DEFAULTBACKEND_TAG \
--set controller.service.loadBalancerIP=$STATIC_IP \
--set controller.service.annotations."service\.beta\.kubernetes\.io/azure-dns-label-name"=$DNS_LABEL
az network dns record-set a add-record \
--resource-group myResourceGroup \
--zone-name anniedesign.xyz \
--record-set-name "*" \
--ipv4-address 20.89.163.19
# ============clear resources========================
kubectl delete namespace ingress-basic
kubectl delete -f certificates.yaml
kubectl delete -f cluster-issuer.yaml
helm list --all-namespaces
helm uninstall nginx-ingress cert-manager -n ingress-basic
kubectl delete -f aks-helloworld.yaml --namespace ingress-basic
kubectl delete -f ingress-demo.yaml --namespace ingress-basic
kubectl delete namespace ingress-basic
az network public-ip delete --resource-group MC_myResourceGroup_myAKSCluster_japaneast --name myAKSPublicIP
az group delete --name myResourceGroup --yes --no-wait