work in progress

220_app_routing/terraform/Readme.md

@@ -0,0 +1,14 @@
+To deploy these resources via Terraform, you will need to have the following installed on your machine:
+
+```sh
+$env:ARM_SUBSCRIPTION_ID=(az account show --query id -o tsv)
+
+# Set the following environment variable if you are using Linux
+# export ARM_CLIENT_ID=(az account show --query id -o tsv)
+
+terraform init
+
+terraform plan -out tfplan
+
+terraform apply tfplan
+```

220_app_routing/terraform/aks.tf

@@ -3,7 +3,7 @@ resource "azurerm_kubernetes_cluster" "aks" {
   location                = azurerm_resource_group.rg.location
   resource_group_name     = azurerm_resource_group.rg.name
   dns_prefix              = "aks"
-  kubernetes_version      = "1.29.2"
+  kubernetes_version      = "1.31.3"
   private_cluster_enabled = false
 
   network_profile {
@@ -12,12 +12,12 @@ resource "azurerm_kubernetes_cluster" "aks" {
   }
 
   default_node_pool {
-    name                  = "systemnp"
-    node_count            = 3
-    vm_size               = "Standard_B2als_v2"
-    os_sku                = "AzureLinux"
-    vnet_subnet_id        = azurerm_subnet.snet-aks.id
-    enable_node_public_ip = false
+    name                   = "systemnp"
+    node_count             = 3
+    vm_size                = "Standard_B2als_v2"
+    os_sku                 = "AzureLinux"
+    vnet_subnet_id         = azurerm_subnet.snet-aks.id
+    node_public_ip_enabled = false
   }
 
   identity {

220_app_routing/terraform/appservice_domain.tf

@@ -8,7 +8,7 @@ resource "azapi_resource" "appservice_domain" {
   schema_validation_enabled = true
   response_export_values    = ["*"] # ["id", "name", "properties.nameServers"]
 
-  body = jsonencode({
+  body = {
 
     properties = {
       autoRenew = false
@@ -78,6 +78,6 @@ resource "azapi_resource" "appservice_domain" {
         }
       }
     }
-  })
+  }
 }
 

220_app_routing/terraform/import_grafana_dashboard.tf

@@ -4,6 +4,7 @@ resource "terraform_data" "import-grafana-dashboard" {
   }
 
   triggers_replace = [ azurerm_dashboard_grafana.grafana.id ]
+  depends_on = [ azurerm_role_assignment.role_grafana_admin ]
 }
 
 resource "terraform_data" "import-grafana-dashboard2" {
@@ -12,4 +13,5 @@ resource "terraform_data" "import-grafana-dashboard2" {
   }
 
   triggers_replace = [ azurerm_dashboard_grafana.grafana.id ]
+  depends_on = [ azurerm_role_assignment.role_grafana_admin ]
 }

220_app_routing/terraform/keyvault-2.tf

@@ -20,7 +20,7 @@ resource "azurerm_key_vault_certificate" "aks-ingress-tls-012" {
     password = ""
   }
 
-  depends_on = [ azurerm_role_assignment.keyvault-secrets-officer ]
+  depends_on = [ azurerm_role_assignment.keyvault-secrets-officer2 ]
 }
 
 resource "azurerm_role_assignment" "keyvault-secrets-officer2" {

220_app_routing/terraform/load_test.tf

@@ -1,27 +1,27 @@
-resource "azurerm_load_test" "load_test" {
-  name                = "load-test"
-  resource_group_name = azurerm_resource_group.rg.name
-  location            = azurerm_resource_group.rg.location
-}
+# resource "azurerm_load_test" "load_test" {
+#   name                = "load-test"
+#   resource_group_name = azurerm_resource_group.rg.name
+#   location            = azurerm_resource_group.rg.location
+# }
 
-resource "terraform_data" "create-load-test" {
-  provisioner "local-exec" {
-    command = <<-EOF
-      az load test create --load-test-resource  ${azurerm_load_test.load_test.name} -g ${azurerm_load_test.load_test.resource_group_name} --test-id testwebapp --test-plan testplan.jmx --engine-instances 1
-    EOF
-  }
+# resource "terraform_data" "create-load-test" {
+#   provisioner "local-exec" {
+#     command = <<-EOF
+#       az load test create --load-test-resource  ${azurerm_load_test.load_test.name} -g ${azurerm_load_test.load_test.resource_group_name} --test-id testwebapp --test-plan testplan.jmx --engine-instances 1
+#     EOF
+#   }
 
-  triggers_replace = [azurerm_load_test.load_test.id]
-}
+#   triggers_replace = [azurerm_load_test.load_test.id]
+# }
 
-resource "terraform_data" "run-load-test" {
-  provisioner "local-exec" {
-    command = <<-EOF
-      az load test-run create --load-test-resource  ${azurerm_load_test.load_test.name} -g ${azurerm_load_test.load_test.resource_group_name} --test-id testwebapp --test-run-id testwebapprun1
-    EOF
-  }
+# resource "terraform_data" "run-load-test" {
+#   provisioner "local-exec" {
+#     command = <<-EOF
+#       az load test-run create --load-test-resource  ${azurerm_load_test.load_test.name} -g ${azurerm_load_test.load_test.resource_group_name} --test-id testwebapp --test-run-id testwebapprun1
+#     EOF
+#   }
 
-  triggers_replace = [azurerm_load_test.load_test.id]
+#   triggers_replace = [azurerm_load_test.load_test.id]
 
-  depends_on = [terraform_data.create-load-test]
-}
+#   depends_on = [terraform_data.create-load-test]
+# }

220_app_routing/terraform/providers.tf

@@ -6,12 +6,12 @@ terraform {
 
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "= 3.100.0"
+      version = "= 4.16.0"
     }
 
     azapi = {
       source  = "Azure/azapi"
-      version = ">= 1.12.1"
+      version = ">= 2.2.0" # 1.12.1
     }
   }
 }

570_ingress_preserve_source_ip/Readme.md

@@ -11,6 +11,8 @@ spec.externalTrafficPolicy: Local
 
 This way the original IP address of the client will be carried by the headers: `X-Forwarded-For` and `X-Real-IP`.
 
+![](images/architecture.png)
+
 Here is a step-by-step guide to demonstrate how to preserve the client's IP address.
 
 ```sh

580_keycloak_aks/Readme.md

@@ -0,0 +1,2 @@
+https://github.com/keycloak/keycloak-quickstarts/tree/main/kubernetes
+https://www.keycloak.org/getting-started/getting-started-kube

600_k8s_tip_tricks/Readme.md

@@ -0,0 +1,33 @@
+# Tips and tricks for Kubernetes and AKS
+
+## Creaate an AKS cluster quickly
+
+```sh
+az group create -n rg-aks-cluster -l swedencentral
+
+az aks create -n aks-cluster -g rg-aks-cluster --network-plugin azure --network-plugin-mode overlay -k 1.31.2 --node-vm-size standard_d2pds_v6
+
+az aks get-credentials -n aks-cluster -g rg-aks-cluster --overwrite-existing
+```
+
+## Monitor Your cgroup Metrics
+
+Linux cgroups provide detailed metrics about CPU usage and throttling. Look for the cpu.stat file within the container’s cgroup directory (usually under /sys/fs/cgroup):
+Within the cpu.stat file there are three key metrics:
+
+`nr_throttled`: Number of times the container was throttled.
+`throttled_time`: Total time spent throttled – which I believe is in nanoseconds
+`nr_periods`: Total CPU allocation periods.
+Example:
+
+```sh
+cat /sys/fs/cgroup/cpu.stat
+# Output:
+# nr_periods 12345
+# nr_throttled 543
+# throttled_time 987654321
+```
+
+If `nr_throttled` or `throttled_time` is high relative to `nr_periods`, then you have CPU throttling on your container.
+
+Src: https://dev.to/causely/tackling-cpu-throttling-in-kubernetes-for-better-application-performance-1dko

87_log_analytics_ampls/dcr-log_analytics.tf

@@ -19,7 +19,7 @@ resource "azurerm_monitor_data_collection_rule" "dcr-log-analytics" {
   data_sources {
     syslog {
       name = "example-syslog"
-      #   streams = ["Microsoft-Syslog"]
+      streams = ["Microsoft-Syslog"]
       facility_names = [
         "*"
       ]

_kaito/kaito_workspace_deepseek_r1_distill_llama_8b.yaml

@@ -0,0 +1,13 @@
+apiVersion: kaito.sh/v1alpha1
+kind: Workspace
+metadata:
+  name: workspace-deepseek-r1-distill-llama-8b
+resource:
+  instanceType: "Standard_NC24s_v3" # "Standard_NC24ads_A100_v4"
+  labelSelector:
+    matchLabels:
+      apps: deepseek-r1-distill-llama-8b
+inference:
+  preset:
+    name: "deepseek-r1-distill-llama-8b"
+