{"id":19152762,"url":"https://github.com/traefik/microsoft-hands-on","last_synced_at":"2025-04-19T16:33:01.795Z","repository":{"id":65983496,"uuid":"361806846","full_name":"traefik/microsoft-hands-on","owner":"traefik","description":null,"archived":false,"fork":false,"pushed_at":"2021-05-20T09:24:59.000Z","size":20,"stargazers_count":0,"open_issues_count":0,"forks_count":2,"subscribers_count":5,"default_branch":"master","last_synced_at":"2023-04-08T11:56:22.724Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/traefik.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-04-26T15:48:51.000Z","updated_at":"2023-04-08T11:56:22.724Z","dependencies_parsed_at":"2023-02-19T19:16:03.467Z","dependency_job_id":null,"html_url":"https://github.com/traefik/microsoft-hands-on","commit_stats":null,"previous_names":[],"tags_count":null,"template":null,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/traefik%2Fmicrosoft-hands-on","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/traefik%2Fmicrosoft-hands-on/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/traefik%2Fmicrosoft-hands-on/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/traefik%2Fmicrosoft-hands-on/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/traefik","download_url":"https://codeload.github.com/traefik/microsoft-hands-on/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":223801931,"owners_count":17205192,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-09T08:19:17.999Z","updated_at":"2024-11-09T08:19:18.507Z","avatar_url":"https://github.com/traefik.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Microsoft Hands-on\n\n# Create AKS cluster\n\n```bash\nexport AZURE_APP_ID=aaaa\nexport AZURE_TENANT_ID=bbbb\nexport AZURE_PASSWORD=ccccc\nexport AZURE_SUBSCRIPTION=your-subscription-id\n\nexport AZURE_LOCATION=westeurope\nexport CLUSTER_NAME=gbb\nexport PREFIX=${CLUSTER_NAME}-$(openssl rand -hex 12 | tr '[:upper:]' '[:lower:]')\nexport DOMAIN=${PREFIX}.${AZURE_LOCATION}.cloudapp.azure.com\nexport LE_EMAIL=michael@traefik.io\nexport TRAEFIKEE_LICENSE=XXXX\nexport KUBECONFIG=~/.kube/${CLUSTER_NAME}.yaml\n\n# Login to azure\naz login --service-principal --username ${AZURE_APP_ID} --password ${AZURE_PASSWORD} --tenant ${AZURE_TENANT_ID}\n\n# Create group in azure for the hands on\naz group create --name ${CLUSTER_NAME} --location ${AZURE_LOCATION}\n\n# Create aks cluster\naz aks create --resource-group ${CLUSTER_NAME} --name ${CLUSTER_NAME} --node-count 3 --ssh-key-value=~/.ssh/id_rsa.pub --subscription ${AZURE_SUBSCRIPTION} --service-principal ${AZURE_APP_ID} --client-secret ${AZURE_PASSWORD}\n\n# Retrieve aks credentials\naz aks get-credentials --resource-group ${CLUSTER_NAME} --name ${CLUSTER_NAME} --file ~/.kube/${CLUSTER_NAME}.yaml\n\n# Create ad app with reply URLs\naz ad app create --display-name ${CLUSTER_NAME} --reply-urls \"https://${DOMAIN}/callback\"\n\n# Retrieve the appId\nAD_APP_ID=$(az ad app list --display-name ${CLUSTER_NAME} --query '[0].appId' | tr -d '\"')\n\n# Add required Microsoft Graph permissions\naz ad app permission add \\\n  --api 00000003-0000-0000-c000-000000000000 \\\n  --api-permissions e1fe6dd8-ba31-4d61-89e7-88639da4683d=Scope 37f7f235-527c-4136-accd-4a02d197296e=Scope 64a6cdd6-aab1-4aaf-94b8-3cc8405e90d0=Scope 14dad69e-099b-42c9-810b-d002981feec1=Scope \\\n  --id ${AD_APP_ID}\n\n# Generate new credentials\naz ad app credential reset --id ${AD_APP_ID}\n# Sample response - appId, password, and tenant values need to be added to the configmap `gitops/01-configmap.yaml`\n# {\n#   \"appId\": \"xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx\",\n#   \"name\": \"xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx\",\n#   \"password\": \"random_password\",\n#   \"tenant\": \"yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy\"\n# }\n```\n\n# TraefikEE\n\nPrerequisites:\n- AKS cluster up and ready\n- Custom DNS name\n- teectl [installed](https://doc.traefik.io/traefik-enterprise/installing/teectl-cli/)\n\n## Gitops installation\n\n```bash\n# Create traefikee namespace\nkubectl create namespace traefikee\n\n# Create secret for the license\nkubectl create secret -n traefikee generic ${CLUSTER_NAME}-license --from-literal=license=\"${TRAEFIKEE_LICENSE}\"\n\n# Retrieve the yaml file for the installation\ncurl -so gitops/00-enterprise.yaml \"https://install.enterprise.traefik.io/v2.4?cluster=${CLUSTER_NAME}\u0026namespace=traefikee\u0026staticconfig=static.toml\"\n\n# Adapt static configuration in the configmap\nvi gitops/01-configmap.yaml\nsed -i \"s/LE_EMAIL/${LE_EMAIL}/g\" gitops/01-configmap.yaml\nsed -i \"s/CLUSTER_NAME/${CLUSTER_NAME}/g\" gitops/01-configmap.yaml\n\n# Apply the gitops file\nkubectl apply -f gitops/\n\n# Add annotation to the LoadBalancer service to create DNS entry\nkubectl annotate service ${CLUSTER_NAME}-proxy-svc -n traefikee service.beta.kubernetes.io/azure-dns-label-name=${PREFIX}\n\n# Check DNS entry creation\ndig ${DOMAIN} # Shoudl return an A entry on the LB IP\n\n# Generate credential to connect teectl to the cluster\nkubectl exec -n traefikee ${CLUSTER_NAME}-controller-0 -c ${CLUSTER_NAME}-controller -- /traefikee generate credentials --kubernetes.kubeconfig=\"${KUBECONFIG}\"  --cluster=${CLUSTER_NAME} \u003e config.yaml\n\n# Import generated credentials\nteectl cluster import --file=\"config.yaml\" --force\n\n# Use the imported cluster\nteectl cluster use --name ${CLUSTER_NAME}\n```\n\n## Demo\n\n### Exposing the dashboard\n\nDeploy the dashboard.\n\n```bash\nsed -i \"s/DOMAIN/${DOMAIN}/g\" traefikee/ingress.yaml\n\nkubectl apply -f traefikee/ingress.yaml\n```\n\n### Demo App\n\nDeploy the demo application and expose this application with an IngressRoute.\n\n```bash\nsed -i \"s/DOMAIN/${DOMAIN}/g\" app/02-ingress.yaml\n\nkubectl apply -f app/\n```\n\nWith the application deployed, we can now add the following items:\n- Middlewares:\n  - Custom header\n  - Rate limiting\n  - OpenID Connect authentication\n\n## Clean\n\nDon't forget to stop your environment.\n\n```bash\n# Delete AKS cluster\naz aks delete --name ${CLUSTER_NAME} --resource-group ${CLUSTER_NAME} --yes\n\n# Delete group\naz group delete --name ${CLUSTER_NAME} --yes\n\n# Delete the ad app\naz ad app delete --id ${AD_APP_ID}\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftraefik%2Fmicrosoft-hands-on","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftraefik%2Fmicrosoft-hands-on","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftraefik%2Fmicrosoft-hands-on/lists"}