ams0

# Install bosh from Azure Shell
# in azure shell run pip install certbot
# change quota of Azure shell file share

az ad sp create-for-rbac -n bosh -o json > sp.json
az role assignment create --assignee $(jq -r .appId sp.json) --role "Contributor" --scope /subscriptions/$(az account list --query "[?isDefault].id" -o tsv)

SP_FILE="$HOME/pre/sp.json"
export NAME=${PWD##*/}

ams0

# Install Ambient Mesh with Helm Charts

REPO="https://istio-release.storage.googleapis.com/charts"
VERSION=1.19.0
helm_opts="upgrade -i --namespace istio-system --create-namespace --repo ${REPO} --version ${VERSION}"

# base
helm $(echo $helm_opts) istio-base base

# istiod

ams0

#!/bin/bash

ARCH=$(dpkg --print-architecture)

wget -q "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/${ARCH}/kubectl"
install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
rm kubectl

# Enable bash completion for kubectl
echo "source /usr/share/bash-completion/bash_completion" >> /root/.bashrc

ams0

Let me go thru the setup :

1. Install a 1.24.0 cluster
2. Install OSM and add the namespaces:

osm install --set OpenServiceMesh.enablePermissiveTrafficPolicy=false
kubectl patch meshconfig osm-mesh-config -n osm-system -p '{"spec":{"traffic":{"enableEgress":true}}}'  --type=merge

kubectl create ns keycloak

ams0

#create CA cert and key
brew install step
step certificate create root.osm.cluster.local ca.crt ca.key \
--not-after=87600h --profile root-ca --no-password --insecure

kubectl create ns cert-manager
kubectl create secret generic osm-ca-bundle -n cert-manager --from-file=tls.key=ca.key --from-file=tls.crt=ca.crt

helm upgrade -i cert-manager \
  --namespace cert-manager --create-namespace \

ams0

#Arc+Gitops in AKS

#Prep:
az config set extension.use_dynamic_install=yes_without_prompt
az extension add --name k8s-extension
az extension add --name k8s-configuration
az extension add --name aks-preview

RG=resources
CLUSTER=arc

ams0

Azure/kubelogin/kubelogin
act
adns
aerial
alfred
ansible
aom
apparency
apr
apr-util

ams0

#https://docs.microsoft.com/en-us/azure/container-registry/container-registry-oci-artifacts

ACR_NAME=azuregiovedi
REGION=southcentralus
REGISTRY=$ACR_NAME.azurecr.io
REPO=net-monitor
TAG=v1
IMAGE=$REGISTRY/${REPO}:$TAG

ams0

#!/bin/bash -e

backuprg=prd-northeurope-backup-rg
location=northeurope

for name in `az resource list --tag backup=true --query "[?type=='Microsoft.Compute/disks']".name -o tsv`; do
for id in `az resource list --tag backup=true --query "[?type=='Microsoft.Compute/disks' && name=='$name'].id" -o tsv`; do
  rg=`az resource list --tag backup=true --query "[?type=='Microsoft.Compute/disks' && name=='$name'].resourceGroup" -o tsv`;
  az snapshot create --tags createdby=backupscript --incremental -l $location -g $backuprg --source $id --name $name-snap-$rg-`date '+%Y-%m-%d'` > /dev/null 2>&1; 
  echo "Incremental snapshot created from disk $name, saved as $name-snap-$rg-`date '+%Y-%m-%d'` in resource group $backuprg, tagged with createdby = backupscript"; 

ams0

CLUSTER=prd-gp-cluster
RG=prd-northeurope-gp-rg

CLOUD_SHELL_IP=`curl -s checkip.dyndns.org | sed -e 's/.*Current IP Address: //' -e 's/<.*$//'`

PREVIOUS_ADDRESSES=`az aks show -g $RG -n $CLUSTER --query apiServerAccessProfile.authorizedIpRanges -o tsv | sed -z 's/\n/,/g;s/,$/\n/'`

az aks update -g $RG -n $CLUSTER --api-server-authorized-ip-ranges $PREVIOUS_ADDRESSES,$CLOUD_SHELL_IP