phenixita · July 3, 2025 19:57
diff --git a/main.bicep b/main.bicep
 param location string = resourceGroup().location
 param aksClusterName string
 param agentPoolName string
 param kubernetesVersion string
 param nodeCount int
 param nodeVMSize string = 'Standard_DS2_v2'
 param aadAdminGroupObjectIds array
 param acrName string 
 param aksIdentityName string
 param aksKubeletIdentityName string

 resource aksKubeletUserAssignedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
  name: aksKubeletIdentityName
  location: location
 }

 resource acr 'Microsoft.ContainerRegistry/registries@2023-07-01' = {
  name: acrName
  location: location
  sku: {
    name: 'Standard'
  } 
 }

 resource roleAssignmentAcrPull 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
  name: guid(acr.id, aksKubeletUserAssignedIdentity.id, 'AcrPull')
  scope: acr
  properties: {
    roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7f951dda-4ed3-4680-a7ca-43fe172d538d')
    principalId: aksKubeletUserAssignedIdentity.properties.principalId
    principalType: 'ServicePrincipal'
  }
 }


 resource aksUserAssignedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
  name: aksIdentityName
  location: location
 }
 
 resource roleAssignmentManagedIdentityOperator 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
  name: guid(aksUserAssignedIdentity.id, aksKubeletUserAssignedIdentity.id, 'Managed Identity Operator')
  scope: aksKubeletUserAssignedIdentity
  properties: {
    roleDefinitionId: subscriptionResourceId(
      'Microsoft.Authorization/roleDefinitions',
      'f1a07417-d97a-45cb-824c-7a7467783830'
    )
    principalId: aksUserAssignedIdentity.properties.principalId
    principalType: 'ServicePrincipal'
  }
 }

 resource aks 'Microsoft.ContainerService/managedClusters@2024-09-01' = {
  name: aksClusterName
  location: location 
  identity: {
    type: 'UserAssigned'
    userAssignedIdentities: {
      '${aksUserAssignedIdentity.id}': {}
    } 
  }
  properties: {
    dnsPrefix: '${aksClusterName}-dns'
    kubernetesVersion: kubernetesVersion
    enableRBAC: true
    aadProfile: {
      managed: true
      enableAzureRBAC: true
      adminGroupObjectIDs: aadAdminGroupObjectIds
    }
   identityProfile: {
     kubeletidentity: {
        clientId: aksKubeletUserAssignedIdentity.properties.clientId
        objectId: aksKubeletUserAssignedIdentity.properties.principalId
        resourceId: aksKubeletUserAssignedIdentity.id
      }
    }
    agentPoolProfiles: [
      {
        name: agentPoolName
        count: nodeCount
        vmSize: nodeVMSize
        osType: 'Linux'
        mode: 'System'
        type: 'VirtualMachineScaleSets'
        enableNodePublicIP: false
        osDiskSizeGB: 128 
      }
    ] 
    networkProfile: {
      networkPlugin: 'azure'
      networkPolicy: 'azure'
      loadBalancerSku: 'standard'
      outboundType: 'loadBalancer'
      networkDataplane: 'azure'
    }
    apiServerAccessProfile: {
      enablePrivateCluster: false
    }
    
   
    servicePrincipalProfile: null 
  }
 }
	param location string = resourceGroup().location
	param aksClusterName string
	param agentPoolName string
	param kubernetesVersion string
	param nodeCount int
	param nodeVMSize string = 'Standard_DS2_v2'
	param aadAdminGroupObjectIds array
	param acrName string
	param aksIdentityName string
	param aksKubeletIdentityName string

	resource aksKubeletUserAssignedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
	name: aksKubeletIdentityName
	location: location
	}

	resource acr 'Microsoft.ContainerRegistry/registries@2023-07-01' = {
	name: acrName
	location: location
	sku: {
	name: 'Standard'
	}
	}

	resource roleAssignmentAcrPull 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
	name: guid(acr.id, aksKubeletUserAssignedIdentity.id, 'AcrPull')
	scope: acr
	properties: {
	roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7f951dda-4ed3-4680-a7ca-43fe172d538d')
	principalId: aksKubeletUserAssignedIdentity.properties.principalId
	principalType: 'ServicePrincipal'
	}
	}


	resource aksUserAssignedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
	name: aksIdentityName
	location: location
	}

	resource roleAssignmentManagedIdentityOperator 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
	name: guid(aksUserAssignedIdentity.id, aksKubeletUserAssignedIdentity.id, 'Managed Identity Operator')
	scope: aksKubeletUserAssignedIdentity
	properties: {
	roleDefinitionId: subscriptionResourceId(
	'Microsoft.Authorization/roleDefinitions',
	'f1a07417-d97a-45cb-824c-7a7467783830'
	)
	principalId: aksUserAssignedIdentity.properties.principalId
	principalType: 'ServicePrincipal'
	}
	}

	resource aks 'Microsoft.ContainerService/managedClusters@2024-09-01' = {
	name: aksClusterName
	location: location
	identity: {
	type: 'UserAssigned'
	userAssignedIdentities: {
	'${aksUserAssignedIdentity.id}': {}
	}
	}
	properties: {
	dnsPrefix: '${aksClusterName}-dns'
	kubernetesVersion: kubernetesVersion
	enableRBAC: true
	aadProfile: {
	managed: true
	enableAzureRBAC: true
	adminGroupObjectIDs: aadAdminGroupObjectIds
	}
	identityProfile: {
	kubeletidentity: {
	clientId: aksKubeletUserAssignedIdentity.properties.clientId
	objectId: aksKubeletUserAssignedIdentity.properties.principalId
	resourceId: aksKubeletUserAssignedIdentity.id
	}
	}
	agentPoolProfiles: [
	{
	name: agentPoolName
	count: nodeCount
	vmSize: nodeVMSize
	osType: 'Linux'
	mode: 'System'
	type: 'VirtualMachineScaleSets'
	enableNodePublicIP: false
	osDiskSizeGB: 128
	}
	]
	networkProfile: {
	networkPlugin: 'azure'
	networkPolicy: 'azure'
	loadBalancerSku: 'standard'
	outboundType: 'loadBalancer'
	networkDataplane: 'azure'
	}
	apiServerAccessProfile: {
	enablePrivateCluster: false
	}


	servicePrincipalProfile: null
	}
	}
No results found