The AKS Cluster builder is used to create AKS clusters.
Microsoft.ContainerService/managedClusters
)The AKS builder (aks
) constructs AKS clusters.
Keyword | Purpose |
---|---|
name | Sets the name of the AKS cluster. |
dns_prefix | Sets the DNS prefix of the AKS cluster. |
enable_private_cluster | Restricts the cluster’s Kubernetes API to only be accessible from private networks. |
enable_rbac | Enable Kubernetes Role-Based Access Control. |
add_agent_pools | Adds agent pools to the AKS cluster. |
add_agent_pool | Adds an agent pool to the AKS cluster. |
add_identity | Adds a managed identity to the the AKS cluster. |
system_identity | Activates the system identity of the AKS cluster. |
kubelet_identity | Assigns a user assigned identity to the kubelet user that pulls container images. |
network_profile | Sets the network profile for the AKS cluster. |
linux_profile | Sets the linux profile for the AKS cluster. |
service_principal_client_id | Sets the client id of the service principal for the AKS cluster. |
service_principal_use_msi | Enables the AKS cluster to use the managed identity service principal instead of an external client secret. |
windows_username | Sets the windows admin username for the AKS cluster. |
add_api_server_authorized_ip_ranges | Adds IP address CIDR ranges to be allowed Kubernetes API access. |
addon | A list with the configuration of all addons on the cluster (AciConnectorLinux, HttpApplicationRouting, KubeDashboard, IngressApplicationGateway, OmsAgent). |
The Agent Pool builder (agentPool
) constructs agent pools in the AKS cluster.
Keyword | Purpose |
---|---|
name | Sets the name of the agent pool. |
count | Sets the count of VM’s in the agent pool. |
user_mode | Sets the agent pool to user mode. |
disk_size | Sets the disk size for the VM’s in the agent pool. |
max_pods | Sets the maximum number of pods in the agent pool. |
os_type | Sets the OS type of the VM’s in the agent pool. |
subnet | Sets the name of a virtual network subnet where this AKS cluster should be attached. |
vm_size | Sets the size of the VM’s in the agent pool. |
vnet | Sets the name of a virtual network in the same region where this AKS cluster should be attached. |
The Kubenet builder (kubenetNetworkProfile
) creates Kubenet network profiles on the AKS cluster.
Keyword | Purpose |
---|---|
load_balancer_sku | SKU for the Load Balancer - defaults to ‘Standard’ |
The CNI builder (azureCniNetworkProfile
) creates Azure CNI network profiles on the AKS cluster.
Keyword | Purpose |
---|---|
docker_bridge | Sets the docker bridge CIDR to a network other than the default 17.17.0.1/16. |
dns_service | Sets the DNS service IP - must be within the service CIDR, default is the second address in the service CIDR. |
service_cidr | Sets the service cidr to a network other than the default 10.224.0.0/16. |
load_balancer_sku | SKU for the Load Balancer - defaults to ‘Standard’ |
The simplest cluster uses a system assigned managed identity and default settings for the node pool (size of 3).
open Farmer
open Farmer.Builders
open Farmer.ContainerService
let myAks = aks {
name "aks-cluster"
service_principal_use_msi
}
let myAks = aks {
name "k8s-cluster"
dns_prefix "testaks"
add_agent_pools [
agentPool {
name "linuxPool"
count 3
}
]
linux_profile "aksuser" "public-key-here"
service_principal_use_msi
network_profile (
azureCniNetworkProfile {
service_cidr "10.250.0.0/16"
}
)
}
// Create an identity for kubelet (used to connect to container registry)
let kubeletMsi = createUserAssignedIdentity "kubeletIdentity"
// Create an identity for the AKS cluster
let clusterMsi = createUserAssignedIdentity "clusterIdentity"
// Give the AKS cluster's identity rights to assign a the kubelet MSI
let assignMsiRoleNameExpr = ArmExpression.create($"guid(concat(resourceGroup().id, '{clusterMsi.ResourceId.Name.Value}', '{Roles.ManagedIdentityOperator.Id}'))")
let assignMsiRole =
{ Name =
assignMsiRoleNameExpr.Eval()
|> ResourceName
RoleDefinitionId = Roles.ManagedIdentityOperator
PrincipalId = clusterMsi.PrincipalId
PrincipalType = PrincipalType.ServicePrincipal
Scope = ResourceGroup
Dependencies = Set [ clusterMsi.ResourceId ] }
// Create a container image registry
let myAcr = containerRegistry { name "mycontainerregistry" }
let myAcrResId = (myAcr :> IBuilder).ResourceId
// Assign the AcrPull role on that registry to the identity used for kubelet.
let acrPullRoleNameExpr = ArmExpression.create($"guid(concat(resourceGroup().id, '{kubeletMsi.ResourceId.Name.Value}', '{Roles.AcrPull.Id}'))")
let acrPullRole =
{ Name = acrPullRoleNameExpr.Eval() |> ResourceName
RoleDefinitionId = Roles.AcrPull
PrincipalId = kubeletMsi.PrincipalId
PrincipalType = PrincipalType.ServicePrincipal
Scope = AssignmentScope.SpecificResource myAcrResId
Dependencies = Set [ kubeletMsi.ResourceId ] }
// Create the cluster and assign the cluster and kubelet identities.
let myAks = aks {
name "aks-cluster"
add_identity clusterMsi
service_principal_use_msi
kubelet_identity kubeletMsi
depends_on clusterMsi
depends_on myAcr
depends_on_expression assignMsiRoleNameExpr
depends_on_expression acrPullRoleNameExpr
}
// A template to deploy the MSI's, role assignemnts, container registry and AKS.
let template =
arm {
add_resource kubeletMsi
add_resource clusterMsi
add_resource myAcr
add_resource myAks
add_resource assignMsiRole
add_resource acrPullRole
}