GithubHelp home page GithubHelp logo

microsoft-hands-on's Introduction

Microsoft Hands-on

Create AKS cluster

export AZURE_APP_ID=aaaa
export AZURE_TENANT_ID=bbbb
export AZURE_PASSWORD=ccccc
export AZURE_SUBSCRIPTION=your-subscription-id

export AZURE_LOCATION=westeurope
export CLUSTER_NAME=gbb
export PREFIX=${CLUSTER_NAME}-$(openssl rand -hex 12 | tr '[:upper:]' '[:lower:]')
export DOMAIN=${PREFIX}.${AZURE_LOCATION}.cloudapp.azure.com
export [email protected]
export TRAEFIKEE_LICENSE=XXXX
export KUBECONFIG=~/.kube/${CLUSTER_NAME}.yaml

# Login to azure
az login --service-principal --username ${AZURE_APP_ID} --password ${AZURE_PASSWORD} --tenant ${AZURE_TENANT_ID}

# Create group in azure for the hands on
az group create --name ${CLUSTER_NAME} --location ${AZURE_LOCATION}

# Create aks cluster
az aks create --resource-group ${CLUSTER_NAME} --name ${CLUSTER_NAME} --node-count 3 --ssh-key-value=~/.ssh/id_rsa.pub --subscription ${AZURE_SUBSCRIPTION} --service-principal ${AZURE_APP_ID} --client-secret ${AZURE_PASSWORD}

# Retrieve aks credentials
az aks get-credentials --resource-group ${CLUSTER_NAME} --name ${CLUSTER_NAME} --file ~/.kube/${CLUSTER_NAME}.yaml

# Create ad app with reply URLs
az ad app create --display-name ${CLUSTER_NAME} --reply-urls "https://${DOMAIN}/callback"

# Retrieve the appId
AD_APP_ID=$(az ad app list --display-name ${CLUSTER_NAME} --query '[0].appId' | tr -d '"')

# Add required Microsoft Graph permissions
az ad app permission add \
  --api 00000003-0000-0000-c000-000000000000 \
  --api-permissions e1fe6dd8-ba31-4d61-89e7-88639da4683d=Scope 37f7f235-527c-4136-accd-4a02d197296e=Scope 64a6cdd6-aab1-4aaf-94b8-3cc8405e90d0=Scope 14dad69e-099b-42c9-810b-d002981feec1=Scope \
  --id ${AD_APP_ID}

# Generate new credentials
az ad app credential reset --id ${AD_APP_ID}
# Sample response - appId, password, and tenant values need to be added to the configmap `gitops/01-configmap.yaml`
# {
#   "appId": "xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx",
#   "name": "xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx",
#   "password": "random_password",
#   "tenant": "yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy"
# }

TraefikEE

Prerequisites:

  • AKS cluster up and ready
  • Custom DNS name
  • teectl installed

Gitops installation

# Create traefikee namespace
kubectl create namespace traefikee

# Create secret for the license
kubectl create secret -n traefikee generic ${CLUSTER_NAME}-license --from-literal=license="${TRAEFIKEE_LICENSE}"

# Retrieve the yaml file for the installation
curl -so gitops/00-enterprise.yaml "https://install.enterprise.traefik.io/v2.4?cluster=${CLUSTER_NAME}&namespace=traefikee&staticconfig=static.toml"

# Adapt static configuration in the configmap
vi gitops/01-configmap.yaml
sed -i "s/LE_EMAIL/${LE_EMAIL}/g" gitops/01-configmap.yaml
sed -i "s/CLUSTER_NAME/${CLUSTER_NAME}/g" gitops/01-configmap.yaml

# Apply the gitops file
kubectl apply -f gitops/

# Add annotation to the LoadBalancer service to create DNS entry
kubectl annotate service ${CLUSTER_NAME}-proxy-svc -n traefikee service.beta.kubernetes.io/azure-dns-label-name=${PREFIX}

# Check DNS entry creation
dig ${DOMAIN} # Shoudl return an A entry on the LB IP

# Generate credential to connect teectl to the cluster
kubectl exec -n traefikee ${CLUSTER_NAME}-controller-0 -c ${CLUSTER_NAME}-controller -- /traefikee generate credentials --kubernetes.kubeconfig="${KUBECONFIG}"  --cluster=${CLUSTER_NAME} > config.yaml

# Import generated credentials
teectl cluster import --file="config.yaml" --force

# Use the imported cluster
teectl cluster use --name ${CLUSTER_NAME}

Demo

Exposing the dashboard

Deploy the dashboard.

sed -i "s/DOMAIN/${DOMAIN}/g" traefikee/ingress.yaml

kubectl apply -f traefikee/ingress.yaml

Demo App

Deploy the demo application and expose this application with an IngressRoute.

sed -i "s/DOMAIN/${DOMAIN}/g" app/02-ingress.yaml

kubectl apply -f app/

With the application deployed, we can now add the following items:

  • Middlewares:
    • Custom header
    • Rate limiting
    • OpenID Connect authentication

Clean

Don't forget to stop your environment.

# Delete AKS cluster
az aks delete --name ${CLUSTER_NAME} --resource-group ${CLUSTER_NAME} --yes

# Delete group
az group delete --name ${CLUSTER_NAME} --yes

# Delete the ad app
az ad app delete --id ${AD_APP_ID}

microsoft-hands-on's People

Contributors

mdelgin avatar mmatur avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.