ams0

#!/bin/bash

GRAFANA_USERNAME=$(echo -n "grafana" | base64)
GRAFANA_PASSPHRASE=$(echo -n "grafana" | base64)

cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Secret
metadata:
  name: grafana

ams0

kubectl create ns istio-system
kubectl config set-context $(kubectl config current-context) --namespace=istio-system

alias h3='helm3'

h3 repo add istio https://storage.googleapis.com/istio-release/releases/1.1.7/charts/
h3 repo update

#install istio-cni
h3 upgrade --install istio-cni istio/istio-cni --set istio_cni.enabled=true

ams0

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: descheduler-cluster-role
rules:
- apiGroups: [""]
  resources: ["nodes"]
  verbs: ["get", "watch", "list"]
- apiGroups: [""]
  resources: ["pods"]

ams0

#create a secret with
# kubectl -n cert-manager create secret generic azuredns-config --from-literal=client-secret=<secret>

apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
  name: "letsencrypt"
spec:
  commonName: "*.dev.cookingwithazure.com"
  dnsNames:

ams0

#!/bin/sh
#https://itnext.io/get-a-shell-to-a-kubernetes-node-9b720a15a4fe
set -x
node=${1}
nodeName=$(kubectl get node ${node} -o template --template='{{index .metadata.labels "kubernetes.io/hostname"}}') 
nodeSelector='"nodeSelector": { "kubernetes.io/hostname": "'${nodeName:?}'" },'
podName=${USER}-nsenter-${node}
kubectl run ${podName:?} --restart=Never -it --rm --image overriden --overrides '
{
  "spec": {

ams0

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: authservices.getambassador.io
spec:
  group: getambassador.io
  version: v1
  versions:
  - name: v1
    served: true

ams0

#Deploy Linkerd2 with helm3 and certificates

kubectl create ns linkerd
kubectl label ns linkerd config.linkerd.io/admission-webhooks=disabled

#brew install step
step certificate create identity.linkerd.cluster.local ca.crt ca.key --profile root-ca --no-password --insecure
step certificate create identity.linkerd.cluster.local issuer.crt issuer.key --ca ca.crt --ca-key ca.key --profile intermediate-ca --not-after 8760h --no-password --insecure

#install helm3-rc from https://github.com/helm/helm/releases

ams0

NS=linkerd
kubectl get ns $NS -o json > tmp.json
sed -i '' '/kubernetes/d' tmp.json
kubectl proxy &
curl -k -H "Content-Type: application/json" -X PUT --data-binary @tmp.json http://127.0.0.1:8001/api/v1/namespaces/$NS/finalize
bg
<ctrl-c>

ams0

#to make this instruction work: https://github.com/kubernetes-sigs/azuredisk-csi-driver

RG=k8s
AKS=csi
SUB=12c7e9d6-967e-40c8-8b3e-4659a4ada3ef

#Create the AKS cluster - NOTE! you can't use AZ until https://github.com/kubernetes-sigs/azuredisk-csi-driver/issues/183

az aks create -k 1.15.5  --enable-managed-identity --load-balancer-sku Standard --network-plugin kubenet --network-policy calico -x -c 2 -s Standard_B4ms --nodepool-name base  -g $RG -n $AKS

ams0

https://github.com/Hyperfish/vsts-build.git


vsts:
  enabled: true
  repository: microsoft/vsts-agent
  tag: "ubuntu-16.04-docker-18.06.1-ce-standard"
  replicaCount: 2
  pullPolicy: IfNotPresent
  nodeSelector: {}