Created
January 28, 2021 15:23
-
-
Save ivanthelad/4fb497071650bbca63b56e5d4b91047a to your computer and use it in GitHub Desktop.
demo MSI and webapps
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Variables | |
| location="westus" | |
| RG_Name="UA-TEST-RG2" | |
| ASP_Name="UA-TEST-ASP2" | |
| Web_Name="UA-TEST-Web-1012" | |
| ACR_Name="UAtestACR2" | |
| ID_Name="UA-TEST-Identity2" | |
| #Resource Creation | |
| az group create -n $RG_Name -l $location -o none | |
| az acr create -n $ACR_Name --sku standard -g $RG_Name -l $location -o none | |
| az identity create -n $ID_Name -g $RG_Name -l $location -o none | |
| az appservice plan create --is-linux -n $ASP_Name --sku p1v2 -g $RG_Name -l $location -o none | |
| az webapp create -n $Web_Name -g $RG_Name -p $ASP_Name -i "nginx" -o none | |
| #List resources in the resource group | |
| az resource list -g $RG_Name -o table |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Modify for your environment | |
| # Modify for your environment | |
| #Variables | |
| location="westus" | |
| RG_Name="UA-TEST-RG2" | |
| ASP_Name="UA-TEST-ASP2" | |
| Web_Name="UA-TEST-Web-1012" | |
| ACR_Name="UAtestACR2" | |
| ID_Name="UA-TEST-Identity2" | |
| ## | |
| Identity_ARMID=$(az identity show -g $RG_Name -n $ID_Name --query id -o tsv) | |
| Webapp_Config=$(az webapp show -g $RG_Name -n $Web_Name --query id --output tsv)"/config/web" | |
| ClientID=$(az identity show -g $RG_Name -n $ID_Name --query clientId --output tsv) | |
| #Assign managed-identity to webapp | |
| az webapp identity assign -g $RG_Name -n $Web_Name --identities $Identity_ARMID -o none | |
| #Configure WebApp to use the Manage Identity Credentials to perform docker pull operations | |
| az resource update --ids $Webapp_Config --set properties.acrUseManagedIdentityCreds=True -o none | |
| az resource update --ids $Webapp_Config --set properties.AcrUserManagedIdentityID=$ClientID -o none | |
| # Modify for your environment | |
| Identity_ID=$(az identity show -g $RG_Name -n $ID_Name --query principalId --output tsv) | |
| ACR_ID=$(az acr show -g $RG_Name -n $ACR_Name --query id --output tsv) | |
| #ACR will allow the identity to perform pull operations and nothing more | |
| az role assignment create --assignee $Identity_ID --scope $ACR_ID --role acrpull -o none | |
| # Modify for your environment | |
| ACR_URL=$(az acr show -g $RG_Name --n $ACR_Name --query loginServer --output tsv) | |
| Image="springapp/userapi:v1.1.3-20201210.2-webapp" | |
| FX_Version="Docker|"$ACR_URL"/"$Image | |
| #Configure the ACR, Image and Tag to pull | |
| echo hello | |
| az resource update --ids $Webapp_Config --set properties.linuxFxVersion=$FX_Version -o none --force-string |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment