Add extension for VMSS creation

alyssa1303 · alyssa1303 · commit 848c67d0aff5 · 2025-12-20T01:22:43.000Z
diff --git a/modules/kustomize/stretch/stretch.sh b/modules/kustomize/stretch/stretch.sh
@@ -11,6 +11,7 @@ VMSS_RG="${RG}-vmss"
 
 TENANT_ID="72f988bf-86f1-41af-91ab-2d7cd011db47"
 AAD_ADMIN_GROUP_ID="8a5603a8-2c60-49ab-bc28-a989b91e187d"
+BOOTSTRAP_SCRIPT_PATH=$1
 
 create_cluster() {
     az group create -n ${RG} -l $LOCATION --tags "SkipAKSCluster=1" "SkipASB_Audit=true" "SkipLinuxAzSecPack=true"
@@ -261,24 +262,36 @@ create_vm() {
 }
 
 create_vmss() {
+    bootstrap_script_path=$1
+    LB_NAME="vmss-lb"
+    BACKEND_POOL="lb-backend-pool"
     az group create -n $VMSS_RG -l $VMSS_LOCATION --tags "SkipAKSCluster=1" "SkipASB_Audit=true" "SkipLinuxAzSecPack=true"
     az network vnet create --resource-group $VMSS_RG --location $VMSS_LOCATION --name $VMSS_VNET --address-prefixes 172.16.0.0/12 -o none
     az network vnet subnet create --resource-group $VMSS_RG --vnet-name $VMSS_VNET --name $VMSS_SUBNET --address-prefixes 172.16.0.0/16 -o none
 
     az network lb create \
         --resource-group $VMSS_RG \
-        --name vmss-lb \
+        --name $LB_NAME \
         --sku Standard \
         --frontend-ip-name lb-frontend \
-        --backend-pool-name lb-backend-pool
+        --backend-pool-name $BACKEND_POOL
     lb_backend_pool_id=$(az network lb address-pool show \
         --resource-group $VMSS_RG \
-        --lb-name vmss-lb \
-        --name lb-backend-pool \
+        --lb-name $LB_NAME \
+        --name $BACKEND_POOL \
         --query id -o tsv)
+    az network lb outbound-rule create \
+        --resource-group $VMSS_RG \
+        --lb-name $LB_NAME \
+        --name lb-outbound-rule \
+        --address-pool $BACKEND_POOL \
+        --protocol All \
+        --idle-timeout 30 \
+        --enable-tcp-reset true
 
     identity_id=$(az identity show --name $IDENTITY_NAME --resource-group $RG --query id -o tsv)
 
+    # First create a VMSS with bootstrap script using CustomScript extension
     az deployment group create \
         --resource-group $VMSS_RG \
         --template-file vmss-dual-ipconfig.json \
@@ -287,8 +300,27 @@ create_vmss() {
         --parameters vnetName=$VMSS_VNET \
         --parameters subnetName=$VMSS_SUBNET \
         --parameters loadBalancerBackendPoolId="$lb_backend_pool_id" \
-        --parameters managedIdentityId="$identity_id"
+        --parameters managedIdentityId="$identity_id" \
+        --parameters bootstrapScript="$(base64 -w 0 $bootstrap_script_path)"
 
+    echo "VMSS created in resource group: $VMSS_RG"
+    # Next, update VMSS to uset ipvlan setup script
+    az deployment group create \
+        --resource-group $VMSS_RG \
+        --template-file vmss-dual-ipconfig.json \
+        --parameters vmssName="test-vmss" \
+        --parameters sshPublicKey="$(cat ~/.ssh/id_rsa.pub)" \
+        --parameters vnetName=$VMSS_VNET \
+        --parameters subnetName=$VMSS_SUBNET \
+        --parameters loadBalancerBackendPoolId="$lb_backend_pool_id" \
+        --parameters managedIdentityId="$identity_id" \
+        --parameters bootstrapScript="$(base64 -w 0 setup_ipvlan.sh)"
+
+    echo "Run ipvlan setup script"
+    az vmss update-instances \
+        --resource-group $node_rg \
+        --name $vmss_name \
+        --instance-ids "*"
 }
 
 setup_vnet_peering() {
@@ -316,6 +348,6 @@ setup_vnet_peering() {
 }
 
 # update_aks_vmss
-create_vm
-# create_vmss
+# create_vm
+create_vmss $BOOTSTRAP_SCRIPT_PATH
 # setup_vnet_peering
diff --git a/modules/kustomize/stretch/vmss-dual-ipconfig.json b/modules/kustomize/stretch/vmss-dual-ipconfig.json
@@ -76,6 +76,12 @@
       "metadata": {
         "description": "Resource ID of the user-assigned managed identity to associate with the VMSS (optional)"
       }
+    },
+    "bootstrapScript": {
+      "type": "string",
+      "metadata": {
+        "description": "A Base64-encoded bootstrap script to run on VMSS instances"
+      }
     }
   },
   "variables": {
@@ -168,6 +174,22 @@
                 }
               }
             ]
+          },
+          "extensionProfile": {
+            "extensions": [
+              {
+                "name": "bootstrapExtension",
+                "properties": {
+                  "publisher": "Microsoft.Azure.Extensions",
+                  "type": "CustomScript",
+                  "typeHandlerVersion": "2.1",
+                  "autoUpgradeMinorVersion": true,
+                  "settings": {
+                    "script": "[parameters('bootstrapScript')]"
+                  }
+                }
+              }
+            ]
           }
         }
       }

Original file line number	Diff line number	Diff line change
`@@ -76,6 +76,12 @@`
`76`	`76`	`"metadata": {`
`77`	`77`	`"description": "Resource ID of the user-assigned managed identity to associate with the VMSS (optional)"`
`78`	`78`	`}`
	`79`	`+ },`
	`80`	`+ "bootstrapScript": {`
	`81`	`+ "type": "string",`
	`82`	`+ "metadata": {`
	`83`	`+ "description": "A Base64-encoded bootstrap script to run on VMSS instances"`
	`84`	`+ }`
`79`	`85`	`}`
`80`	`86`	`},`
`81`	`87`	`"variables": {`
`@@ -168,6 +174,22 @@`
`168`	`174`	`}`
`169`	`175`	`}`
`170`	`176`	`]`
	`177`	`+ },`
	`178`	`+ "extensionProfile": {`
	`179`	`+ "extensions": [`
	`180`	`+ {`
	`181`	`+ "name": "bootstrapExtension",`
	`182`	`+ "properties": {`
	`183`	`+ "publisher": "Microsoft.Azure.Extensions",`
	`184`	`+ "type": "CustomScript",`
	`185`	`+ "typeHandlerVersion": "2.1",`
	`186`	`+ "autoUpgradeMinorVersion": true,`
	`187`	`+ "settings": {`
	`188`	`+ "script": "[parameters('bootstrapScript')]"`
	`189`	`+ }`
	`190`	`+ }`
	`191`	`+ }`
	`192`	`+ ]`
`171`	`193`	`}`
`172`	`194`	`}`
`173`	`195`	`}`