-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathcluster.bicep
78 lines (77 loc) · 1.55 KB
/
cluster.bicep
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
param sshKey string
param adminPassword string
resource aksCluster 'Microsoft.ContainerService/managedClusters@2021-05-01' = {
name: 'aks-apparmor'
location: resourceGroup().location
identity: {
type: 'SystemAssigned'
}
properties: {
agentPoolProfiles: [
{
name: 'system'
mode: 'System'
count: 3
vmSize: 'Standard_DS2_v2'
availabilityZones: [
'1'
'2'
'3'
]
nodeTaints: [
'CriticalAddonsOnly=true:NoSchedule'
]
}
{
name: 'user'
mode: 'User'
count: 3
vmSize: 'Standard_DS2_v2'
availabilityZones: [
'1'
'2'
'3'
]
nodeTaints: [
'WaitingForAppArmorProfiles=true:NoSchedule'
]
}
]
dnsPrefix: 'pahl-apparmor'
linuxProfile: {
adminUsername: 'azureuser'
ssh: {
publicKeys: [
{
keyData: sshKey
}
]
}
}
windowsProfile: {
adminUsername: 'azureuser'
adminPassword: adminPassword
}
enableRBAC: true
networkProfile: {
networkPlugin: 'azure'
networkPolicy: 'azure'
podCidr: '10.1.0.0/17'
serviceCidr: '10.1.128.0/18'
dnsServiceIP: '10.1.128.10'
dockerBridgeCidr: '10.1.192.1/24'
outboundType: 'loadBalancer'
loadBalancerSku: 'standard'
}
aadProfile: {
managed: true
}
servicePrincipalProfile: {
clientId: 'msi'
}
}
sku: {
name: 'Basic'
tier: 'Paid'
}
}