Students in a classroom-min

Course Description

This Hack enables attendees to modernize an application by moving to containers so that they can meet the demands of large - and scaling – workloads by working through challenges inspired from real-world scenarios. 

During the “hacking” attendees will focus on configuring an AKS cluster with production concerns in mind such as security (secret management and RBAC) and observability (logging and monitoring).  

This Hack simulates a real-world scenario where an insurance company’s current compute power on their core business application is not meeting the demands of their large, and scaling, workloads. The goal is to modernize the application and move it to the cloud. 

By the end of the Hack, attendees will have built out a technical solution that has cluster(s) ready for production and that meet top-quality security, observability and networking requirements. 

About this course

Technologies

Linux and Windows Containers, Azure Kubernetes Service, Azure Container Registry, Azure Virtual Machine, Networking, Azure Storage, Azure Monitor, Key Vault, Service Fabric Mesh 

Prerequisites

To be successful and get the most out of this OpenHack, it is highly recommended that participants have previous experience with: 

  • Container basics 
  • Command line interface 
  • Web applications 
Required knowledge of Azure fundamentals.

Challenges

Challenge 1: But First, Containers 

In this challenge, you will familiarize yourself with container basics. 

Learning objectives: 

  • Use Docker to build and run containers locally
  • Push images to Azure Container Registry

Challenge 2: Getting Ready for Orchestration  

In this challenge, you will familiarize yourself with the Kubernetes basics. 

Learning objectives: 

  • Deploy microservices to a basic Azure Kubernetes Service cluster
  • Get familiar with basic Kubernetes concepts

Challenge 3: To Orchestration and Beyond 

In this challenge, you will deploy into existing network space and implement some security measures. 

Learning objectives: 

  • Use Azure Kubernetes Service to configure and create an RBAC enabled Kubernetes cluster in an existing VNET
  • Use namespaces to logically separate microservices 
  • Deploy containers from Challenge 1 to the Kubernetes cluster with proper RBAC configurations 

Challenge 4: Putting the Pieces Together 

In this challenge, you will better secure workload secrets and create routing rules for traffic to your microservices. 

Learning objectives: 

  • Implement Ingress for the application on the cluster
  • Manage and secure secrets with Azure Key Vault

Challenge 5: Wait, What’s Happening? 

In this challenge, you will improve the observability of your cluster. 

Learning objectives: 

  • Use Azure Monitor or Prometheus and Grafana to monitor the health of the AKS cluster
  • Create alerts to detect issues

Challenge 6: Locking it Down 

In this challenge, you will further improve the security of your cluster. 

Learning objectives: 

  • Improve cluster security using network policies and pod security policies
  • Further configure RBAC roles and permissions for the AKS cluster
  • Update a microservice to use managed identity authentication via Pod Identity

Challenge 7: Mixed Emotions 

In this challenge, you will deploy a mixed workload (Linux and Windows) into a single cluster. 

Learning objectives: 

  • Add Windows nodes to AKS cluster and deploy a legacy Windows app
  • Use Taints and Tolerations to implement best practices when running mixed workloads in a cluster
  • Upgrade a deployment in the cluster

Challenge 8: Doing More with Service Mesh 

In this challenge, you will explore the capabilities of a Service Mesh. 

Learning objectives: 

  • Use service mesh technology to expand on security and observability

 

 

Value Proposition

  • Deliver value to end-users of your application faster, with zero-downtime deployment  
  • Focus on what matters – code and scale out! Rather than tediously manage compute on your own, use Kubernetes containers orchestration services (AKS) to easily real-time manage your clusters 

Technical Scenarios

  • Application Containerization: Move services to container technology and leverage the cloud using AKS  
  • Security: Networking, RBAC and secret management to ensure correct permissions for each cluster 
  • Mixed-Workloads: Running both Windows and Linux workloads in a single cluster 
  • Observability: The ability to understand and manage the health of your applications through tools like Azure Monitor 

Audience

  • Target Audience:  
    • Microsoft – CSE, CSA, GBB, ATT, SE, TPM 
    • Customer – App Developers/Ops 
  • Target verticals: Cross-Industry 
  • Customer profile: 
    • Customers that are looking to modernize their applications by leveraging AKS 
    • Customers that are looking to improve their skillset and knowledge of running production workloads in AKS

Ready to get started?