Non-prod environments

The ITsynch Suite is deployed to non production environments for testing/demos/etc. The environments are deployed in Azure Kubernetes Services. These are the instructions to connect in case you are assigned a task that requires so. Usually, dev's won't need to connect to the cluster directly.

1. Connect to ITsynch VPN
2. Inside activated container
3. az login
4. Configure kubectl for azure: az aks get-credentials --resource-group itsynch-suite-aks --name itsynch-aks --subscription itsynch-suite
   1. you must be connected to vpn. If you connect to VPN after running the container, exit and activate again. (you'll get error code -3 when running this step)
5. kubectl cluster-info Ensure you are running against AKS by checking the URLs.
6. kubectl get namespace you should see there the non prod environments.

To deploy any environment simply use suite-apply as usual, including for the data-seeder. The infrastructure usually won't need to be updated.

Cluster Deployment Notes

These are some notes that were taken when the cluster was deployed.

az deployment group create -g itsynch-suite-aks --subscription ac085d78-fc56-4031-a907-6234c92e8bdd -f ./azure/arm-templates/deployment.bicep --parameters ./azure/arm-templates/deployment.parameters.json

1. Subnets needs to be created for nodes, system pods and user pods.
2. Private DNS Zone needs to be set up for privatelink.eastus.azmk8s.io 1.If it's not in the same RG, aks identity needs to have read/write rbac
   1. Needs to be linked to aks vnet
   2. Needs to be linked to hub
   3. Can be shared between multiple clusters
3. For ssl to be loaded from keyvault, the CSI secret thingy identity needs to have policy
   1. az aks show --resource-group itsynch-suite-aks \ --name itsynch-aks \ --subscription itsynch-suite \ --query addonProfiles.azureKeyvaultSecretsProvider.identity.clientId \ --output tsv