33# Global variables
44
55```
6- export suffix =$(echo $RANDOM)
7- export AKS_GRP=aks-grp-$suffix
8- export AZ_KV_GRP=kv-grp-$suffix
6+ export SUFFIX =$(echo $RANDOM)
7+ export AKS_GRP=aks-grp-$SUFFIX
8+ export AZ_KV_GRP=kv-grp-$SUFFIX
99export LOC=westeurope
10- export AKS_NAME=aks-$suffix
11- export AZ_KV_NAME=kv-$suffix
12- export SP_NAME=az-aks-kv-sp-$suffix
10+ export AKS_NAME=aks-$SUFFIX
11+ export AZ_KV_NAME=kv-$SUFFIX
12+ export SP_NAME=az-aks-kv-sp-$SUFFIX
13+ export CSI_STORAGE_CLASS_NAME=nginx-csi-storage-class
1314export SP_AKS_SECRET=secrets-store-creds
1415export CSI_NAMESPACE=azure-cs-driver
1516export TENANTID=$(echo $(az account show) | jq -r '.tenantId')
@@ -30,13 +31,13 @@ export SP_CLIENT_SECRET=$(echo $SPObj | jq -r '.password')
3031
3132# Aks Group create
3233```
33- $ az group create -n $AKS_GRP -l $LOC
34+ az group create -n $AKS_GRP -l $LOC --tags label=$SUFFIX
3435```
3536
3637# Aks Cluster create
3738
3839```
39- $ az aks create -n $AKS_NAME -g $AKS_GRP --node-count 2 --network-plugin azure --generate-ssh-keys
40+ az aks create -n $AKS_NAME -g $AKS_GRP --node-count 2 --network-plugin azure --generate-ssh-keys
4041```
4142
4243# Get AKS credentials to work with kubectl
@@ -55,17 +56,11 @@ kubectl get nodes -o wide
5556kubectl create ns $CSI_NAMESPACE
5657```
5758
58- # Helm repo add for csi-secrets-store-driver (optional)
59- ```
60- $ helm repo add secrets-store-csi-driver https://raw.githubusercontent.com/kubernetes-sigs/secrets-store-csi-driver/master/charts
61- $ helm install -n $CSI_NAMESPACE csi-secrets-store secrets-store-csi-driver/secrets-store-csi-driver
62- ```
63-
6459# Helm repo for cs-secret-store-driver-azure-provider.
6560*** This helm repo provide both the csi-secrets-store-driver as well as csi-secrets-store-driver-azure-provider as well***
6661```
67- $ helm repo add csi-secrets-store-provider-azure https://raw.githubusercontent.com/Azure/secrets-store-csi-driver-provider-azure/master/charts
68- $ helm install -n $CSI_NAMESPACE csi-secrets-store-provider-azure/csi-secrets-store-provider-azure --generate-name
62+ helm repo add csi-secrets-store-provider-azure https://raw.githubusercontent.com/Azure/secrets-store-csi-driver-provider-azure/master/charts
63+ helm install -n $CSI_NAMESPACE csi-secrets-store-provider-azure/csi-secrets-store-provider-azure --generate-name
6964```
7065
7166# Make sure azure CSI driver pods are running.
@@ -75,7 +70,7 @@ kubectl get all -n $CSI_NAMESPACE
7570
7671# Create keyvault group
7772```
78- az group create -n $AZ_KV_GRP -l $LOC
73+ az group create -n $AZ_KV_GRP -l $LOC --tags label=$SUFFIX
7974```
8075
8176# Create azure key vault
@@ -101,17 +96,23 @@ kubectl create secret generic $SP_AKS_SECRET --from-literal clientid=$SP_CLIENT_
10196
10297# Populate all the respective details in storageproviderclass yaml file && run
10398```
104- kubectl apply -f azure-kv-provider.yaml
99+ envsubst < azure-kv-provider.yaml | kubectl apply -f -
105100```
106101
107102# Lastly deploy a sample test nginx deployment to test
108103```
109- kubectl apply -f nginx-deployment.yaml
104+ envsubst < nginx-deployment.yaml | kubectl apply -f -
110105```
111106
112107# wait for nginx pod to be up and running and then test the secrets are mounted or not
113108```
114- kubectl exec nginx-app -- ls /mnt/secrets/DB_PASSWORD
109+ kubectl exec nginx-app -- ls /mnt/secrets/
115110kubectl exec nginx-app -- cat /mnt/secrets/DB_PASSWORD
116111```
117112
113+ # Clean up resources
114+
115+ ```
116+ az ad sp delete --id $SP_CLIENT_ID
117+ for rg in $(az group list --tag label=$SUFFIX --query '[].name' | jq -r '.[]'); do echo "Delete Resource Group: ${rg}"; az group delete -n ${rg}; done
118+ ```
0 commit comments