Azure Kubernetes Service (AKS) Workshop

Workshop architecture

Azure subscription with Owner role
- Why? Because we need to assign permissions e.g., AcrPull and others
Azure subscription should be enabled for creating following resources:
- Multiple Azure Virtual Networks
  - User Defined Routes (UDR)
  - Network Security Groups (NSG)
- Private DNS Zone
- Virtual Machine
- Bastion Host
- Azure Container Registry (ACR)
- Azure Kubernetes Service (AKS)
- Azure Container Instances (ACI)
- Azure Storage Account
  - NFS fileshare
  - Private endpoint
- Azure Application Gateway
- Azure Log Analytics Workspace
Each person should have their own dedicated resource group
- Why? Because we need to test AKS cluster upgrades and other operations that require personal environments
Azure Cloud Shell available
- If you want to run this locally, then you need to have Azure CLI, jq, envsubst, and helm installed
Entra ID Group that contains all workshop participants
- Why? Because we need have group for AKS cluster admin access
  - You only need to have Object ID of the group
  - You can use My Groups to find group that you're member of. You can see Object ID of the group in URL.

Open Azure Cloud Shell
- Use Bash
- Use clouddrive folder for persisting files in Azure Cloud Shell
- To prevent cloud shell for timing out, you can use following keep_alive trick in 00-variables.sh script:

   while :; do echo 'Hit CTRL+C'; sleep 1; done

If cloud shell does timeout, then you can recover variable state using these steps:

my_ip=$(curl -s https://myip.jannemattila.com)
az aks update -g $resource_group_name -n $aks_name --api-server-authorized-ip-ranges $my_ip

az aks get-credentials -n $aks_name -g $resource_group_name --overwrite-existing

kubectl get nodes

Alternative environment options: Use WSL or Linux
Pre-reqs for alternative environment:
- Azure CLI
- Optional VS Code
  - Execute different script steps one-by-one in VS Code (hint: use shift-enter)

git clone https://github.com/JanneMattila/aks-workshop.git

Good idea to clone this also to local machine for better readability and usability

Name		Name	Last commit message	Last commit date
Latest commit History 150 Commits
echo-app		echo-app
healthprobe-app		healthprobe-app
monitoring-app		monitoring-app
network-app		network-app
nodepool-app		nodepool-app
others		others
placeholder-app		placeholder-app
simple-app/src		simple-app/src
storage-app		storage-app
update-app		update-app
yarp-app		yarp-app
.gitattributes		.gitattributes
.gitignore		.gitignore
00-variables.sh		00-variables.sh
01-login.sh		01-login.sh
02-network-setup.sh		02-network-setup.sh
03-compute-setup.sh		03-compute-setup.sh
04-network-tests.sh		04-network-tests.sh
05-registry.sh		05-registry.sh
06-storage-part1.sh		06-storage-part1.sh
07-storage-part2.sh		07-storage-part2.sh
08-agc.sh		08-agc.sh
08-agic.sh		08-agic.sh
08-application-routing.sh		08-application-routing.sh
09-monitoring.sh		09-monitoring.sh
10-scale.sh		10-scale.sh
11-upgrade.sh		11-upgrade.sh
12-security.sh		12-security.sh
13-costs.sh		13-costs.sh
14-policy.sh		14-policy.sh
15-network-policies.sh		15-network-policies.sh
16-keyvault.sh		16-keyvault.sh
20-updates.sh		20-updates.sh
21-health-probes.sh		21-health-probes.sh
22-helm-redis.sh		22-helm-redis.sh
23-tools.sh		23-tools.sh
24-jobs.sh		24-jobs.sh
25-kubeconfig.sh		25-kubeconfig.sh
26-chaos-studio.sh		26-chaos-studio.sh
50-advanced-networking.sh		50-advanced-networking.sh
80-cheatsheet_examples.sh		80-cheatsheet_examples.sh
90-bonus-exercises.sh		90-bonus-exercises.sh
91-bonus-exercises-solutions.sh		91-bonus-exercises-solutions.sh
99-cleanup.sh		99-cleanup.sh
AKS Workshop.code-workspace		AKS Workshop.code-workspace
LICENSE		LICENSE
README.md		README.md