In today’s fast-paced and dynamic business environment, containerization and orchestration are becoming increasingly important. Kubernetes has become the de facto standard for container orchestration and management, providing organizations with the flexibility and scalability needed to manage modern applications.
Microsoft Azure Kubernetes Service (AKS) is a fully managed Kubernetes service that eliminates the complexity of managing and scaling your Kubernetes infrastructure, enabling you to focus on building and deploying your applications. AKS offers benefits such as seamless integration with other Azure services, rapid deployment and scaling, automatic upgrades, built-in security and compliance, and much more.
This course is meant to make AKS easy to learn, understand, and to provide students with a comprehensive and practical experience with AKS.
The course start with an introduction about containers and Kubernetes, then we will cover topics such as creating and managing Kubernetes clusters, understand the components at Kubernetes and Azure level, configuring networking with respect to network plugins, Kubernetes services, SNAT, outbound types and types of AKS clusters in relation to control plane access, like public or private AKS clusters and the ones with VNET integration.
Security will be the next topics and we will start with a section about AKS-managed Active Directory integration, then we will look gain knowledge of identities, certificates, network policies, how to use secrets from the Azure Key Vault, about Azure policy, Microsoft Defender, AppArmor, and SecComp.
Scaling is important, so we will discover resource reservations, Horizontal Pod Autoscaler (HPA), Vertical Pod Autoscaler, Cluster Autoscaler (CAS), Virtual Nodes add-on, and KEDA.
Get Instant Notification of New Courses on our
Telegram channel.
The next section will be Storage, and you will learn how to use Azure Disk, including snapshot, resize, Azure File, and Azure Blob in AKS.
Then, we will discover the monitoring and troubleshooting chapter, where we will learn default available features as well as enabling Container Insights or managed Prometheus and Grafana.
Subsequent to this, we will learn about upgrades and related features like auto-upgrade or planned maintenance, then how to integrate our AKS cluster with the Azure Container Registry.
After this, we will focus on ingress controllers, like application gateway ingress controllers (AGIC) and nginx ingress controllers, and how to expose an application via HTTPS or how to use Let’s Encrypt and Cert Manager.
Finally, we will focus on high availability, and you will learn about available tiers, availability zones, and how to obtain reliability while routing traffic between multiple AKS clusters.
By the end of this course, you will be equipped with the skills and knowledge to effectively deploy and manage Kubernetes clusters in AKS, and to leverage the benefits of AKS in the industry, including faster application development, improved scalability, and increased flexibility.
Introduction
Introduction about instructor and course
Good to have / Recommended background
Connect with me
Understanding containers
What is a container and how is it different from a VM?
Microservices architecture
What are Docker, Dockerfile and Docker Hub?
Creating our first container app (web app), pushing it to Docker Hub and running
Create our 2nd container app (troubleshooting app), push it to DHub and run it
Understanding why we need a container orchestrator, like Kubernetes
What is Kubernetes?
Introduction to Kubernetes
Kubernetes architecture
Self-managed vs Cloud-managed Kubernetes cluster
Starting with Azure Kubernetes Service (AKS)
What is Azure Kubernetes Service (AKS)?
Azure pricing, free account and AKS cost
Let’s create our first AKS cluster
Install CLI, explore Azure Cloud Shell, connect to the cluster
aks-preview extension and feature registration
Making our life easier with autocompletion, alias, Kubernetes and AKS extension
Imperative and declarative approaches
Practice with Nodes, Pod, Deployment, Replicaset, DaemonSet, Service, Secret, CM
Understanding our CIDRs
What is a node pool?
Connect to AKS nodes – quick demo
Exploring the AKS cluster – Kubernetes side
kubelet
containerd
azure-ip-masq-agent
cloud-node-manager
coredns
coredns-autoscaler
CSI
konnectivity
kube-proxy
metrics-server
Exploring the AKS cluster – Azure infrastructure side
Virtual Machine Scale Set (VMSS)
Virtual Network (VNET) and Subnet (SNET)
Network Security Group (NSG)
Route Table (RT)
Load Balancer (LB) and Public IP (PIP)
Managed Identity (MI)
Important notes about AKS support policy
Stop and Start feature
About kubeconfig and how to work with multiple AKS clusters
Starting with AKS – Quiz
Working with node pools and nodes
VM types: VMSS (Scale Set) vs VMAS (Availability Set)
Understanding System and User node pool types
Connect to AKS nodes – using helper pod
Connect to AKS nodes – via SSH using Azure Bastion
Connect to AKS nodes – via SSH using a pod
Connect to AKS nodes – run-command invoke
Node’s Operating Systems is AKS
Node pool with Mariner OS
Create Windows node pool and connect to nodes
Schedule pods on specific node pools or specific OS type nodes
Customize node configuration using az aks parameters
Customize node configuration using DaemonSet
OS disk types
Default OS disk sizes
Spot node pools
GPU node pools
Node pool snapshot
Resize a node pool
Working with node pools and nodes – Quiz
Networking in AKS
Kubenet network plugin
Azure CNI network plugin
Azure CNI overlay network plugin
Network plugins comparison
Bring your own VNET/subnet, NSG and Route Table in AKS
A deeper look into LoadBalancer Service in AKS
Consideration when multiple NSGs are used
Kubernetes Internal Load Balancer
Understand VNET Peering
SNAT in Azure
Outbound types: Load Balancer, NAT Gateway and UserDefinedRouting (UDR)
Create AKS with NAT Gateway
Create AKS with UDR and Azure Firewall
Network in AKS – quiz
Types of clusters in relation to control plane access
Types of clusters in relation to control plane access
Explore public AKS cluster
Create public AKS cluster with VNET integration
API server authorized IP ranges
Create and connect to general and VNET integration private AKS cluster
az aks invoke command
Run kubectl commands from worker nodes
Types of clusters in relation to control plane access – Quiz
AKS-managed Active Directory integration
Understanding AKS-managed AAD integration with Azure RBAC and Kubernetes RBAC
Prepare the environment for Azure RBAC
Practice Azure RBAC
Use custom role with Azure RBAC
Prepare the environment for Kubernetes RBAC
Practice Kubernetes RBAC
Local accounts
AKS-managed Active Directory integration quiz
Security and identities in AKS
Identities in AKS
Create an AKS cluster with service principal
Certificate rotation
Network policies in AKS
Azure Key Vault Provider for Secrets Store CSI Drive
Use autorotation for Azure Key Vault Secret Provider add-on
Azure Policy for Kubernetes
Microsoft Defender for Containers in AKS
AppArmor in AKS
Seccomp in AKS
Security and identities in AKS – Quiz
Scaling in AKS
Understand resource reservations
Manually scale pod replicas and node count
Stop/deallocate nodes with Scale-down mode
Horizontal Pod Autoscaler (HPA)
Vertical Pod Autoscaler (VPA)
Cluster Autoscaler (CAS)
Virtual nodes add-on for AKS
KEDA in AKS
Scaling in AKS – Quiz
Storage in AKS
Exploring the storage options in AKS
Dynamically create Azure Disk
Create snapshot and restore Azure Disk
Resize Azure Disk
Statically create Azure File
Use a custom StorageClass to create Azure File with private endpoint and GRS
Use a StatefulSet to dynamically create Azure Blob
Storage in AKS – Quiz
Monitor and troubleshoot AKS
Activity logs
Diagnose and solve problems and Ask Genie
Resource Health and Azure Status
Azure Advisor
Metrics explorer for AKS
Metrics explorer for AKS related resources
Azure Monitor with Container Insights in AKS
Explore Insights
Explore Workbooks
Explore Logs
Understanding Alerts
Create out-of-the-box Alert
Create custom Alert
Diagnostics settings in AKS
Monitor AKS with managed Prometheus and Grafana
Monitor and troubleshoot AKS – Quiz
Upgrade an AKS cluster
Understanding K8s version, node image, the upgrade and why we need to upgrade
Auto-upgrade Feature
Planned Maintenance Feature
What to check to prevent an upgrade failure
Performing a Kubernetes version upgrade – All at once
Performing a Kubernetes version upgrade – Blue green
Performing a node image upgrade
Upgrade an AKS cluster – Quiz
Integrate AKS with Azure Container Registry (ACR)
What is Azure Container Registry (ACR) and how the integration works?
Create ACR and push/import our apps to it
Integrate AKS and ACR – Azure/RBAC method
Integrate AKS and ACR – Kubernetes/pull secret method
Securely connect to ACR via a private connection
Integrate AKS with Azure Container Registry (ACR) – Quiz
Ingress controllers in AKS
What is an ingress controller?
Using Application Gateway Ingress Controller (AGIC)
Expose apps using a domain name on HTTPS
Using nginx-ingress-controller in AKS
Expose App on HTTPS with Cert-Manager and Let’s Encrypt
Ingress controllers in AKS – Quiz
High Availability in AKS
Free and Standard tiers for AKS cluster management
Availability Zones in AKS
Use Azure Front Door to route traffic between multiple AKS clusters
Use custom domain and Azure Front Door certificate to expose apps in AKS
High availability in AKS – Quiz
