This OpenHack enables attendees to modernize an application by moving to containers so that they can meet the demands of large - and scaling – workloads by working through challenges inspired from real-world scenarios.
During the “hacking” attendees will focus on configuring an AKS cluster with production concerns in mind such as security (secret management and RBAC) and observability (logging and monitoring).
This OpenHack simulates a real-world scenario where an insurance company’s current compute power on their core business application is not meeting the demands of their large, and scaling, workloads. The goal is to modernize the application and move it to the cloud.
By the end of the OpenHack, attendees will have built out a technical solution that has cluster(s) ready for production and that meet top-quality security, observability and networking requirements.
About this course
Linux and Windows Containers, Azure Kubernetes Service, Azure Container Registry, Azure Virtual Machine, Networking, Azure Storage, Azure Monitor, Key Vault, Service Fabric Mesh
To be successful and get the most out of this OpenHack, it is highly recommended that participants have previous experience with:
- Container basics
- Command line interface
- Web applications
Challenge 1: But First, Containers
In this challenge, you will familiarize yourself with container basics.
- Use Docker to build and run containers locally
- Push images to Azure Container Registry
Challenge 2: Getting Ready for Orchestration
In this challenge, you will familiarize yourself with the Kubernetes basics.
- Deploy microservices to a basic Azure Kubernetes Service cluster
- Get familiar with basic Kubernetes concepts
Challenge 3: To Orchestration and Beyond
In this challenge, you will deploy into existing network space and implement some security measures.
- Use Azure Kubernetes Service to configure and create an RBAC enabled Kubernetes cluster in an existing VNET
- Use namespaces to logically separate microservices
- Deploy containers from Challenge 1 to the Kubernetes cluster with proper RBAC configurations
Challenge 4: Putting the Pieces Together
In this challenge, you will better secure workload secrets and create routing rules for traffic to your microservices.
- Implement Ingress for the application on the cluster
- Manage and secure secrets with Azure Key Vault
Challenge 5: Wait, What’s Happening?
In this challenge, you will improve the observability of your cluster.
- Use Azure Monitor or Prometheus and Grafana to monitor the health of the AKS cluster
- Create alerts to detect issues
Challenge 6: Locking it Down
In this challenge, you will further improve the security of your cluster.
- Improve cluster security using network policies and pod security policies
- Further configure RBAC roles and permissions for the AKS cluster
- Update a microservice to use managed identity authentication via Pod Identity
Challenge 7: Mixed Emotions
In this challenge, you will deploy a mixed workload (Linux and Windows) into a single cluster.
- Add Windows nodes to AKS cluster and deploy a legacy Windows app
- Use Taints and Tolerations to implement best practices when running mixed workloads in a cluster
- Upgrade a deployment in the cluster
Challenge 8: Doing More with Service Mesh
In this challenge, you will explore the capabilities of a Service Mesh.
- Use service mesh technology to expand on security and observability
- Deliver value to end-users of your application faster, with zero-downtime deployment
- Focus on what matters – code and scale out! Rather than tediously manage compute on your own, use Kubernetes containers orchestration services (AKS) to easily real-time manage your clusters
- Application Containerization: Move services to container technology and leverage the cloud using AKS
- Security: Networking, RBAC and secret management to ensure correct permissions for each cluster
- Mixed-Workloads: Running both Windows and Linux workloads in a single cluster
- Observability: The ability to understand and manage the health of your applications through tools like Azure Monitor
- Target Audience:
- Microsoft – CSE, CSA, GBB, ATT, SE, TPM
- Customer – App Developers/Ops
- Target verticals: Cross-Industry
- Customer profile:
- Customers that are looking to modernize their applications by leveraging AKS
- Customers that are looking to improve their skillset and knowledge of running production workloads in AKS