Thursday, February 4, 2021

Azure/PowerShell: Resource Groups, Resource Clean Up (Docker, ACR, Kubernetes, AKS)


Developers and DevOps engineers should be conscious of the resource they create under Azure as these resources come at a cost. Engineers with MSDN subscription receive a $150 per-month in Azure credit and engineers who sign up for Azure receive a $200 credit for their first month (Create your Azure free account today) can quickly burn up their complimentary allotment. A simple approach to controlling Azure costs is to:
  • Create a new Azure resource group
  • Perform a development/devops task using Azure resources associated with the newly created resource group
  • Delete the newly created resource group
By deleting the resource group the resources are released and hence Azure will no longer charge for said resources. 

A specific scenario using a resource group to insure Azure object clean up is:
  • Create a new Azure resource group
  • Create an Azure Container Registry (ACS) that would be used to manage Docker containers,
  • Create an Azure Kubernetes Service (AKS) cluster
  • Perform specific Docker/Kubernetes tasks 
  • Delete the Azure resource group thus cleaning up the ACS and the AKS

The post demonstrates the above sequence of tasks using PowerShell. All source code is provided in text form in Appendix A: Source Code at the end of this post.


PowerShell can access Azure from a physical or virtual host but an elegant way to access Azure with PowerShell is to login to the Azure Portal ( and launch Cloud Shell. Once logged into the Azure Portal the button for launch Cloud Shell is highlighted by an ellipse below:

The url brings up Cloud Shell directly.

Using Cloud Shell and PowerShell a resource group can be created as follows (in location West US 2 with name rgdockerkubernetes00) using the New-AzResourceGroup cmdlet:

The code to remove the resource group using Powershell is as follows using the Remove-AzResourceGroup cmdlet:

It should be noted in the previous examples that the resource group was created at line 6 and the resource group removed at line 37. Any Azure objects (such as a container registry or a Kubernetes service) created after line 8 and before line 37 for the same resource are cleaned up when the resource group is removed.

The code to create an ACR associated with resource group, rgdockerkubernetes00, is as follows using the New-AzContainerRegistry cmdlet:

The ACR will be removed when the resource group is removed.

The code to create an AKS associated with resource group, rgdockerkubernetes00, is as follows using the New-AzAksCluster cmdlet (line 17 and line 27):

The AKS will be removed when the resource group is removed. After line 33 code could be added in order experiment with Docker/Kubernetes. The ultimate invocation of Remove-AzResourceGroup would insure that all Azure resources are cleaned up for the resource group.

A bit of explanation is needed for the above code. A Kubernetes cluster internally uses Linux virtual machines. These virtual machines require an SSH Key in order to be accessed. Line 15 above detects if the key exists. If the key does not exist then the New-AzAksCluster cmdlet is invoked with the GeneratesSshKey parameter. When this parameter is specified a user is required to respond to the following two prompts used in creating the SSH key:

Most Azure PowerShell scripts are not meant to be run with user interaction. A practical approach would be to create the SSH key in advance and appropriately backup the SSH keys. Microsoft provides an excellent tutorial on creating an SSH key at Quick steps: Create and use an SSH public-private key pair for Linux VMs in Azure.

Since Remove-AzResourceGroup cleans up the ACR and AKS resources, there is no need to explicitly invoke Remove-AzContainerRegistry or Remove-AzAksCluster.

Appendix A: Source Code

The source code in its entirety is as follows:

[string] $resourceGroupName = 'rgdockerkubernetes00'
[string] $acrName = 'crdockerkubernetes00'
[string] $aksName = 'ksdockerkubernetes00'
[int] $nodeCount = 2

New-AzResourceGroup `
    -Name $resourceGroupName `
    -Location 'West US 2' | Out-Null

New-AzContainerRegistry `
    -ResourceGroupName $resourceGroupName `
    -Name $acrName `
    -Sku 'Basic' | Out-Null

if (Test-Path '~/.ssh/id_rsa' -PathType Leaf) {
    Write-Host 'SSH Keys Exist'
    New-AzAksCluster `
        -ResourceGroupName $resourceGroupName `
        -AcrNameToAttach $acrName `
        -NodeCount $nodeCount `
        -Name $aksName

else {
    # -GenerateSshKey generates a prompt
    Write-Host 'Generate SSH Keys'
    New-AzAksCluster `
        -ResourceGroupName $resourceGroupName `
        -AcrNameToAttach $acrName `
        -NodeCount $nodeCount `
        -Name $aksName `

<# code here that uses Docker/Kubernetes #>

Remove-AzResourceGroup `
    -Name $resourceGroupName `
    -Force # | Out-Null

No comments :

Post a Comment