Skip to content

Instantly share code, notes, and snippets.

View ivanthelad's full-sized avatar

Ivan Mc Kinley ivanthelad

48 followers · 22 following
  • Microsoft
  • Munich
View GitHub Profile
@ivanthelad
ivanthelad / readme.md
Last active July 29, 2025 11:03
# Quick set of scripts to break down the cost of microservices logs runing on AKS. uses the gb storage cost to calculate the storage cost over time

Quick set of scripts to break down the cost of microservices logs runing on AKS. uses the gb storage cost to calculate the storage cost over time

Take care. The container-name is used. So if you have deployments that use the same container name in multiple deployments, you will need to split the data based on namespace or resource

"Volume in GB per Hour"

let daystosearch = 24h;
ContainerLogV2
| where _IsBillable == true
| where TimeGenerated > startofday(ago(daystosearch))
| project _BilledSize, PodName, TimeGenerated, myapp = strcat(PodNamespace, ":",ContainerName)
| summarize VolumeInGB = round(sum(_BilledSize) / (1024 * 1024 * 1024), 4), TotalMBytes = round(sum(_BilledSize) / (1024 * 1024), 2) by bin(TimeGenerated, 1h), myapp
@ivanthelad
ivanthelad / getvars.sh
Created May 20, 2025 09:12
a quick file to output
az deployment group show -g "$RG_NAME" -n "$DEPLOY_NAME" --query "keys(properties.outputs)" -o tsv | xargs -I{} bash -c 'v=$(az deployment group show -g "$RG_NAME" -n "$DEPLOY_NAME" --query "properties.outputs.{}.value" -o tsv); echo export {}="$v"; export {}="$v"'
@ivanthelad
ivanthelad / output.txt
Created November 19, 2024 08:00
─> ./deploy.sh
privateaca-bbce germanywestcentral aca-bbce aca-bbce-vnet
Create a resource group
id: /subscriptions/$subscription/resourceGroups/privateaca-bbce
location: germanywestcentral
managedBy: null
name: privateaca-bbce
properties:
provisioningState: Succeeded
tags: null
@ivanthelad
ivanthelad / deploy.sh
Created November 15, 2024 23:02
Script to deploy front door, 2 container instance apps and rules and origins to perform canary deployments
export UUID_SHORT=$(uuidgen | cut -c1-4 | tr '[:upper:]' '[:lower:]')
export FRONTDOOR_PROFILE_NAME="frontdoor-$UUID_SHORT"
export FRONTDOOR_RESOURCE_GROUP="frontdoor-$UUID_SHORT"
export FRONTDOOR_ENDPOINT_NAME="default-endpoint$UUID_SHORT"
export FRONTDOOR_ORIGIN_GROUP_NAME="default-origin-group"
export FRONTDOOR_ORIGIN_NAME_BLUE="origin-blue"
export FRONTDOOR_ORIGIN_NAME_GREEN="origin-green"
export FRONTDOOR_ORIGIN_GROUP_NAME_BLUE="origin-group-blue"
export FRONTDOOR_ORIGIN_GROUP_NAME_GREEN="origin-group-green"
export FRONTDOOR_RULESET="BlueGreenRuleSet"
@ivanthelad
ivanthelad / 0.policy.security.yaml
Created February 14, 2023 08:22
A insecure setup demo with policy on azure
apiVersion: v1
kind: Pod
metadata:
name: security-context-demo-4
spec:
containers:
- name: sec-ctx-4
image: nginx:latest
securityContext:
privileged: true
@ivanthelad
ivanthelad / deployaks.sh
Created October 24, 2022 11:33
SimpleAKS
#!/bin/bash
## neable app insights https://github.com/microsoft/Application-Insights-K8s-Codeless-Attach
source ./env.sh
uuid=$(openssl rand -hex 32 | tr -dc 'a-zA-Z0-9' | fold -w 5 | head -n 1)
clusternameparam=$1
function isempty ()
{
paramname="$1"
paramvalue="$2"
@ivanthelad
ivanthelad / disableautomounting.md
Last active February 25, 2022 10:22
approaches to secure token usage in aks

Recommendation when ensuring a workload adheres to automountServiceAccountToken" policy

if using azure policy on aks you can get tripped up with automountServiceAccountToken been violated by most containers

If container does not need to access API

@ivanthelad
ivanthelad / costanalysis.json
Created February 9, 2022 12:32
Cost Analysis Dashboard: A dashboard to highlight which microservices cost the most in a aks log analytics based cluster
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"workspacesubscriptionid": {
"defaultValue": "Insert_Subscription_Id",
"type": "String",
"metadata": {
"description": "Subscription id of the log analytics workspace is deployed. Can be found under 'Log Analytics Workspace -> Overview' "
}
@ivanthelad
ivanthelad / step1.sh
Created January 28, 2021 15:23
demo MSI and webapps
#Variables
location="westus"
RG_Name="UA-TEST-RG2"
ASP_Name="UA-TEST-ASP2"
Web_Name="UA-TEST-Web-1012"
ACR_Name="UAtestACR2"
ID_Name="UA-TEST-Identity2"
#Resource Creation
@ivanthelad
ivanthelad / Dockerfile
Created January 15, 2021 14:28
Dockerfile
FROM locustio/locust:1.4.1
##e TARGET_URL=http://localhost:8080 runtest:latest
## can be master, slace, standalone
## run on ACIU using , where -f i referencing runs/errors.py
## az container create --registry-username $registry_username --registry-password $registry_password -g $RG --image $IMAGE --ports 8089 5557 -l $LOCATION --name $MASTER_NAME --ip-address public --dns-name-label $DNS_LABEL -e URL=$URL URLPATH=$URLPATH --command-line="locust --master -f ${locustfile} "
EXPOSE 5557 8089
## tell the slace how to connect
#ENV LOCUST_MASTER_HOST=
ENV URL="http://192.168.1.115:8080"