So far, in order to create Azure Kubernetes Services, you must start with the Azure CLI. The Az.Aks PowerShell module is so far behind that it's not even able to specify all the parameters we need for creating the cluster, nevermind managing it. Since that's the case, I'll use the az command-lines for everything, instead of requiring any Azure modules.
Start by installing the latest Azure CLI and Helm, probably from chocolatey.
Before we get to the scripts, a couple of points:
The important thing you have to know is that if you want to be able to have Windows containers, you have to create a multiple node pool cluster. In this configuration, the first node pool must be Linux (so we can run the kubernetes services on it), and you can't delete the first node pool.
I'm going to provision it with a single (tiny) system pool which I can use for learning and practicing, and then I'll add and remove additional pools when I need them to actually host something. There's an added cost for this, because it has to use a "standard" load balancer sku, but I think it will be worth it -- and I'll make up for it somewhat by using a smaller system nodepool when I'm not actually hosting anything but matterbridge in here.
In the New-Kubernetes script I create a small nodepool with just 2 burstable servers for the first nodepool.
The easiest way to do that is to use the new Managed Azure AD integrattion, but if you do, you'll be locked in. As an alternative, you can set up RBAC manually.
The short version is: read through, and then run .\New-Kubernetes.ps1
This is based on Microsoft's recommendation for configuring an HTTPS ingress controller, but see also the cert-manager installation docs and their tutorial on securing nginx Ingress.
We have to deploy nginx and cert-manager using Helm, and configure cert-manager to use LetsEncrypt to issue certificates for anything that needs them. Read through, and then run .\New-Ingress.ps1