Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

support azure cli as well #48

Closed
ozbillwang opened this issue Jan 27, 2023 · 4 comments
Closed

support azure cli as well #48

ozbillwang opened this issue Jan 27, 2023 · 4 comments

Comments

@ozbillwang
Copy link
Collaborator

support azure cli as well in this image to cover Azure AKS in automation pipeline as well

Azure CLI doesn't work as AWS, sometimes you need install extra extensions for managing some services. In this image, I will only install the basic Azure CLI to save the image size.

If you want to manage extra extensions for your pipepline, please add the command in your pipeline tasks

az extension add --name <extension-name>
@ozbillwang
Copy link
Collaborator Author

ozbillwang commented Jan 27, 2023
edited
Loading

After did the research, I gave up the idea.

Azure CLI is a python package, but Microsoft develop team doesn't care of the package size (familar, right?). If I installed it in our alpine/k8s image, will increase 1.2GB+ to it, which is not suiltable for a pipeline task.

reference the discussion at Azure/azure-cli#19591 (comment)

@ozbillwang
Copy link
Collaborator Author

ozbillwang commented Jan 27, 2023
edited
Loading

So what's the better way to deploy a kubernetes application in Azure?

We need az cli to get credential for AKS, but install Azure CLI takes extra 1.3GB space currently, that's not suitable for a image to run in Pipeline

az aks get-credentials --resource-group MyResourceGroup --name MyAKS

@dhduvall
Copy link
Contributor

dhduvall commented Feb 7, 2023

If the only thing you need is az aks get-credentials, then it shouldn't be too hard to write just that bit by hand (I say this not having actually done it). I've been thinking about doing that in Go once I have the need, which I don't just yet. It's probably easier than whittling down the official Python package to what you need. Heck, you probably can do just this much with a couple calls to curl.

@dhduvall
Copy link
Contributor

dhduvall commented Feb 7, 2023

This was reconstructed from my command history, so it's untested in this particular form, but I was able to get the Kubernetes config back. I don't know if you have to URI-escape the password, but it works if you do.

az ad sp create-for-rbac --name "manual login to AKS test SP" -o json > sp.json
APP_ID=$(jq .appId sp.json)
APP_PASS=$(jq ".password | @uri" sp.json)
TENANT_ID=$(jq .tenant sp.json)

CLUSTER_ID=subscriptions/$SUBSCRIPTION_ID/resourceGroups/$CLUSTER_RESOURCE_GROUP/providers/Microsoft.ContainerService/managedClusters/$CLUSTER_NAME

az role assignment create \
    --role "Azure Kubernetes Service Cluster User Role" \
    --scope /$CLUSTER_ID \
    --assignee $APP_ID

token=$(
    curl -X POST -d "grant_type=client_credentials&client_id=$APP_ID&client_secret=$APP_PASS&resource=https%3A%2F%2Fmanagement.azure.com%2F"
    https://login.microsoftonline.com/$TENANT_ID/oauth2/token
    | jq -r .access_token)

curl -s -X POST -d "" -H "Authorization:Bearer $token" \
    https://management.azure.com/$CLUSTER_ID/listClusterUserCredential\?api-version\=2022-10-02-preview \
    | jq -r '.kubeconfigs[0].value' \
    | base64 -d \
    > $HOME/.kube/config.testme

@ozbillwang ozbillwang mentioned this issue Oct 10, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dhduvall @ozbillwang