export AKS_CLUSTER_NAME="YOUR_AKS_CLUSTER_NAME"
export AKS_CLUSTER_RESOURCE_GROUP_NAME="YOUR_AKS_CLUSTER_GROUP_NAME"
export AZURE_STORAGE_ACCOUNT_ID="YOUR_STORAGE_ACCOUNT"
export RG="YOUR_STORAGE_ACCOUNT_RESOURCE_GROUP_NAME"
export BLOB_CONTAINER_NAME="YOUR_STORAGE_BLOB_CONTAINER_NAME"

az storage account create --name $AZURE_STORAGE_ACCOUNT_ID --resource-group $RG --sku Standard_LRS --encryption-services blob --https-only true --kind BlobStorage --access-tier Hot
az storage container create --name $BLOB_CONTAINER_NAME --public-access off --account-name $AZURE_STORAGE_ACCOUNT_ID


AKS_MANAGEMENT_RESOURCE_GROUP=$(az aks show --query nodeResourceGroup --name $AKS_CLUSTER_NAME --resource-group $AKS_CLUSTER_RESOURCE_GROUP_NAME --output tsv)
AZURE_SUBSCRIPTION_ID=$(az account list --query '[?isDefault].id' -o tsv)
AZURE_TENANT_ID=$(az account list --query '[?isDefault].tenantId' -o tsv)

AZURE_CLIENT_SECRET=$(az ad sp create-for-rbac -n $AZURE_STORAGE_ACCOUNT_ID --role contributor --query password --output tsv)
AZURE_CLIENT_ID=$(az ad sp show --id http://$AZURE_STORAGE_ACCOUNT_ID --query appId --output tsv)

echo "\
AZURE_SUBSCRIPTION_ID=$AZURE_SUBSCRIPTION_ID \n\
AZURE_TENANT_ID=$AZURE_TENANT_ID \n\
AZURE_CLIENT_ID=$AZURE_CLIENT_ID \n\
AZURE_CLIENT_SECRET=$AZURE_CLIENT_SECRET \n\
AZURE_RESOURCE_GROUP=$AKS_MANAGEMENT_RESOURCE_GROUP" \
> ./credentials-velero



velero install --provider azure --plugins velero/velero-plugin-for-microsoft-azure:v1.1.0 --bucket $BLOB_CONTAINER_NAME --secret-file ./credentials-velero --backup-location-config resourceGroup=$RG,storageAccount=$AZURE_STORAGE_ACCOUNT_ID,storageAccount=$AZURE_STORAGE_ACCOUNT_ID,subscriptionId=$AZURE_SUBSCRIPTION_ID --snapshot-location-config resourceGroup=$AKS_CLUSTER_RESOURCE_GROUP_NAME,subscriptionId=$AZURE_SUBSCRIPTION_ID --velero-pod-cpu-limit 1000m --velero-pod-cpu-request 1000m --velero-pod-mem-limit 1024Mi --velero-pod-mem-request 1024Mi