-
Notifications
You must be signed in to change notification settings - Fork 868
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'wth-packager' of github.com:jordanbean-msft/WhatTheHack…
… into wth-packager
- Loading branch information
Showing
54 changed files
with
1,249 additions
and
663 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| participative | ||
| freemium | ||
| Whoami | ||
| uninject | ||
| ConfigMaps | ||
| CSI | ||
| etcd | ||
| unencrypted | ||
| nodepool | ||
| nodepools | ||
| Flexvol | ||
| tolerations | ||
| LetsEncrypt | ||
| OPA | ||
| Ahmet's | ||
| AlwaysOn | ||
| PSPs | ||
| ModHeader | ||
| Emojivoto | ||
| Linkerd's | ||
| HPA | ||
| CAPI | ||
| kubeadm | ||
| Joian | ||
| Gitte | ||
| Vermeiren | ||
| Viriya | ||
| ampanond | ||
| Laudati | ||
| autoscaling | ||
| AKV | ||
| IOPS | ||
| png |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,37 +1,122 @@ | ||
| # What The Hack - AKS Integration with Azure Services | ||
| # What The Hack - AKS Enterprise-Grade - Coach Guide | ||
|
|
||
| ## Introduction | ||
|
|
||
| The main goal of this What The Hack is for participants who are already familiar with Kubernetes how to interact with the rest of the Azure platform. | ||
| Welcome to the coach's guide for the AKS Enterprise-Grade What The Hack. Here you will find links to specific guidance for coaches for each of the challenges. | ||
|
|
||
| ## Notes | ||
| This hack assumes attendees have a base level of knowledge of Kubernetes, including understanding core concepts & features such as: | ||
| - Pods | ||
| - Deployments | ||
| - Services | ||
| - Ingress | ||
| - Helm | ||
| - YAML configuration files | ||
| - Kubernetes CLI => `kubectl` | ||
|
|
||
| The focus of this hack is how Kubernetes and the Azure Kubernetes Service (AKS) interact with the rest of the Azure platform. If your organization is not familiar with the basics of Kubernetes, we recommend they complete the [Introduction To Kubernetes](../../001-IntroToKubernetes/) hack first. | ||
|
|
||
| This hack includes an optional [lecture presentation](Lectures.pptx?raw=true) that features short presentations to introduce key topics associated with each challenge. It is recommended that the host present each short presentation before attendees kick off that challenge. | ||
|
|
||
| **NOTE:** If you are a Hackathon participant, this is the answer guide. Don't cheat yourself by looking at these during the hack! Go learn something. :) | ||
|
|
||
| ## Coach's Guides | ||
|
|
||
| - Challenge 00: **[Prerequisites - Ready, Set, GO!](./Solution-00.md)** | ||
| - Prepare your workstation to work with Azure. | ||
| - Challenge 01: **[Containers](./Solution-01.md)** | ||
| - Get familiar with the application for this hack, and roll it out locally or with Azure Container Instances | ||
| - Challenge 02: **[AKS Network Integration and Private Clusters](./Solution-02.md)** | ||
| - Deploy the application in an AKS cluster with strict network requirements | ||
| - Challenge 03: **[AKS Monitoring](./Solution-03.md)** | ||
| - Monitor the application, either using Prometheus or Azure Monitor | ||
| - Challenge 04: **[Secrets and Configuration Management](./Solution-04.md)** | ||
| - Harden secret management with the help of Azure Key Vault | ||
| - Challenge 05: **[AKS Security](./Solution-05.md)** | ||
| - Explore AKS security concepts such as Azure Policy for Kubernetes | ||
| - Challenge 06: **[Persistent Storage in AKS](./Solution-06.md)** | ||
| - Evaluate different storage classes by deploying the database in AKS | ||
| - Challenge 07: **[Service Mesh](./Solution-07.md)** | ||
| - Explore the usage of a Service Mesh to further protect the application | ||
| - Challenge 08: **[Arc-Enabled Kubernetes and Arc-Enabled Data Services](./Solution-08.md)** | ||
| - Leverage Arc for Kubernetes to manage a non-AKS cluster, and Arc for data to deploy a managed database there | ||
|
|
||
| ## Coach Prerequisites | ||
|
|
||
| This hack has pre-reqs that a coach is responsible for understanding and/or setting up BEFORE hosting an event. Please review the [What The Hack Hosting Guide](https://aka.ms/wthhost) for information on how to host a hack event. | ||
|
|
||
| The guide covers the common preparation steps a coach needs to do before any What The Hack event, including how to properly configure Microsoft Teams. | ||
|
|
||
| ### Student Resources | ||
|
|
||
| Before the hack, it is the Coach's responsibility to download and package up the contents of the `/Student/Resources` folder of this hack into a "Resources.zip" file. The coach should then provide a copy of the Resources.zip file to all students at the start of the hack. | ||
|
|
||
| Always refer students to the [What The Hack website](https://aka.ms/wth) for the student guide: [https://aka.ms/wth](https://aka.ms/wth) | ||
|
|
||
| **NOTE:** Students should **not** be given a link to the What The Hack repo before or during a hack. The student guide does **NOT** have any links to the Coach's guide or the What The Hack repo on GitHub. | ||
|
|
||
| ## Coach Guidance | ||
|
|
||
| * Let participants find their own solutions, even if they are wrong. Let them hit walls and learn from their mistakes, unless you see them investing too much time and effort. Give them hints that put them on the right track, but not solutions | ||
| * Most challenges can be solved in multiple ways, all of them correct solutions | ||
| * If there is any concept not clear for everybody, try to make participants explain to each other. Intervene only when no participant has the knowledge | ||
| * **Make sure no one is left behind** | ||
| * Make sure participants have a way to share code, ideally git-based | ||
| * Most challenges involve some level of subscription ownership to create identities or service principals, or for the AAD integration challenge. | ||
| * Leave participants try options even if you know it is not going to work, let them explore on themselves. Stop them only if they consume too much time | ||
| * Let participants try options even if you know it is not going to work, let them explore on themselves. Stop them only if they consume too much time | ||
| * For each challenge, you can ask the least participative members to describe what has been done and why | ||
|
|
||
| **NOTE**: The code snippets provided here are just an orientation for you as a coach, and might not work 100% in your particular environment. They have been tested, but the rapid nature of Azure CLI versions, Kubernetes, AKS, helm, etc makes it very difficult constantly reviewing them on a regular basis. If you find errors in the code, please send a PR to this repo with the correction. | ||
|
|
||
| ## Challenges | ||
|
|
||
| - Challenge 1: **[Containers](./01-containers.md)** | ||
| - Get familiar with the application for this hack, and roll it out locally or with Azure Container Instances | ||
| - Challenge 2: **[AKS Network Integration and Private Clusters](./02-aks_private.md)** | ||
| - Deploy the application in an AKS cluster with strict network requirements | ||
| - Challenge 3: **[AKS Monitoring](./03-aks_monitoring.md)** | ||
| - Monitor the application, either using Prometheus or Azure Monitor | ||
| - Challenge 4: **[Secrets and Configuration Management](./04-aks_secrets.md)** | ||
| - Harden secret management with the help of Azure Key Vault | ||
| - Challenge 5: **[AKS Security](./05-aks_security.md)** | ||
| - Explore AKS security concepts such as Azure Policy for Kubernetes | ||
| - Challenge 6: **[Persistent Storage in AKS](./06-aks_storage.md)** | ||
| - Evaluate different storage classes by deploying the database in AKS | ||
| - Challenge 7: **[Service Mesh](./07-aks_mesh.md)** | ||
| - Explore the usage of a Service Mesh to further protect the application | ||
| - Challenge 8: **[Arc-Enabled Kubernetes and Arc-Enabled Data Services](./08-arc.md)** | ||
| - Leverage Arc for Kubernetes to manage a non-AKS cluster, and Arc for data to deploy a managed database there | ||
| ## Azure Requirements | ||
|
|
||
| This hack requires students to have access to an Azure subscription where they can create and consume Azure resources. These Azure requirements should be shared with a stakeholder in the organization that will be providing the Azure subscription(s) that will be used by the students. | ||
|
|
||
| - Attendees should have the “Azure account administrator” (or "Owner") role on the Azure subscription in order to authenticate their AKS clusters against their Azure Container Registries. For more info: <https://docs.microsoft.com/en-us/azure/aks/cluster-container-registry-integration> | ||
| - Each student will spin up the following resources in Azure: | ||
| - 1 Azure Container Registry | ||
| - 3 Azure Container Instances (if not deploying Docker containers locally) | ||
| - 3 x 2 vCPUs VMs for the AKS cluster | ||
| - 3 Public IPs (1 for AKS cluster, 1 for sample web app, 1 for ingress controller) | ||
|
|
||
| ## Suggested Hack Agenda | ||
|
|
||
| This hack is designed to be run as a 3 day event, for a total of approximately 18 hours to complete all challenges. | ||
|
|
||
| There are multiple variations of this hack that enable you run it for a shorter periods of time and still provide value to attendees. Different groups of students will complete the challenges at different paces based on their comfort level with Linux and/or using Command Line Interface (CLI) tools. | ||
|
|
||
| ### Challenges 1-2: Multiple Paths to Choose From | ||
|
|
||
| Challenge 1 has attendees start by taking the sample application's source code, learn how to containerize it, run the application in Docker, then publish the container images to the Azure Container Registry. | ||
|
|
||
| Challenge 2 has the students deploy an AKS cluster and get the sample application deployed to it. | ||
|
|
||
| Students are given two options to deploy the AKS cluster: | ||
| - A regular AKS cluster with public IP addresses, or | ||
| - A private AKS cluster with no public IP addresses | ||
|
|
||
| Deploying a private AKS cluster is more complex and will take students more time to figure out how to do it. Using a private cluster will also result in variations of how to solve the other challenges. | ||
|
|
||
| If students choose to deploy a private cluster, the coach should be prepared to explain key networking concepts and how a private AKS cluster works differently from a non-private AKS cluster. | ||
|
|
||
| ### Challenge 1 & 2 Accelerator | ||
|
|
||
| Some organizations may wish to complete this hack as a follow-on to, or even a continuation of, the [Introduction to Kubernetes](../../001-IntroToKubernetes/) hack. | ||
|
|
||
| The Coach's Solution folder for Challenge 2 contains a set of YAML files and a README file that has instructions that will help students quickly deploy the sample application from pre-staged container images in Docker Hub to an existing AKS cluster. | ||
|
|
||
| For students that are already familiar with deploying applications in Kubernetes, but want to focus on the Azure integrations, you may wish to provide these files to "accelerate" them so they can start the hack with Challenge 3. | ||
|
|
||
| For more information, see the Coach's guide for [Challenge 2](Solution-02.md). | ||
|
|
||
| ### Challenges 3-8: Choose Your Own Adventure | ||
|
|
||
| Challenges 3 through 8 do not build on each other. You may "choose your own adventure" once Challenge 2 is completed and focus on only the Challenges that are a priority for your organization. | ||
|
|
||
| ## Repository Contents | ||
|
|
||
| - `./Coach` | ||
| - Coach's Guide and related files | ||
| - `./Coach/Solutions` | ||
| - Solution files with completed example answers to a challenge | ||
| - `./Student` | ||
| - Student's Challenge Guide | ||
| - `./Student/Resources` | ||
| - Resource files, sample code, scripts, etc meant to be provided to students. (Must be packaged up by the coach and provided to students at start of event) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,68 @@ | ||
| # Challenge 00 - Prerequisites - Ready, Set, GO! - Coach's Guide | ||
|
|
||
| **[Home](./README.md)** - [Next Solution >](./Solution-01.md) | ||
|
|
||
| ## Notes & Guidance | ||
|
|
||
| There are a lot of important things covered in each challenge's Coach guide. Be sure to read this one all the way. It's one of the most important! | ||
|
|
||
| ### Solution Files & In-Line Sample Scripts | ||
|
|
||
| If you clone or download this repo to your local workstation, you will find YAML files that represent the solutions for the challenges in the `/Solutions` folder of this hack: [`039-AKS-EnterpriseGrade/Coach/Solutions`](./Solutions/). | ||
|
|
||
| The YAML files have multiple placeholders in them that need to be replaced with values in order to deploy them to an AKS cluster. | ||
|
|
||
| Throughout this hack's coach guide, you will fine multiple in-line bash script blocks that demonstrate how to solve the challenges. These scripts: | ||
| - Deploy and configure the Azure resources that are needed to solve the challenges. (i.e. VNet, AKS cluster, Azure SQL Database, etc). | ||
| - Deploy (apply) the YAML files to the AKS cluster. | ||
|
|
||
| These script blocks are designed to be run from the `/Solutions` folder. The script blocks reference the YAML files in the relative sub-folders for each challenge and replace the placeholders in the YAML files with values when the script blocks are run. | ||
|
|
||
| To use these script blocks: | ||
| - Open a bash prompt (WSL/Terminal) | ||
| - Navigate to the `/Solutions` folder on your workstation | ||
| - Copy the script blocks from this guide, then paste and run them | ||
|
|
||
| **NOTE**: The code snippets provided in this Coach's Guide are just an orientation for you as a coach, and might not work 100% in your particular environment. They have been tested, but the rapid nature of Azure CLI versions, Kubernetes, AKS, helm, etc makes it very difficult constantly reviewing them on a regular basis. If you find errors in the code, please send a PR to this repo with the correction. | ||
|
|
||
| ## Student Resources | ||
|
|
||
| Before the hack, it is the Coach's responsibility to download and package up the contents of the `/Student/Resources` folder of this hack from the [WTH Coach's Repo](https://aka.ms/wthrepo) into a "Resources.zip" file. The coach should then provide a copy of the Resources.zip file to all students at the start of the hack. | ||
|
|
||
| **HINT: The students cannot complete Challenge 0 until you do this for them!** | ||
|
|
||
| Always refer students to the [What The Hack website](https://aka.ms/wth) for the student guide: [https://aka.ms/wth](https://aka.ms/wth) | ||
|
|
||
| **NOTE:** Students should **not** be given a link to the What The Hack repo before or during a hack. The student guide does **NOT** have any links to the Coach's guide or the What The Hack repo on GitHub. | ||
|
|
||
| ### Local Workstation or Azure Cloud Shell | ||
|
|
||
| The majority of challenges of this hack can be completed using the Azure Cloud Shell in a web browser. However, it is worth the students taking the time to install all of the tools on their local workstation if they will be working with Azure and AKS going forward. | ||
|
|
||
| If students will use the Azure Cloud Shell, they should upload the `Resources.zip` file provided by the coach and unzip its contents there to complete the challenges. | ||
|
|
||
| ### Windows Subsystem for Linux and the Azure CLI | ||
|
|
||
| Here are some things to be aware of that we have run into when hosting this hack previously: | ||
|
|
||
| - Installing the Windows Subsystem for Linux requires administrator privileges on a Windows 10 or 11 device. If the student does not have administrator privileges on their workstation, they will need to use the Azure Cloud Shell. | ||
| - We recommend students install the Azure CLI into their WSL environment on Windows. | ||
| - We have observed that if students install the Azure CLI on Windows (via PowerShell or the Command Prompt), then install the Azure CLI again in the WSL environment, it can cause issues with the WSL environment's PATH environment variable. | ||
| - The Azure CLI will show up twice in the PATH, once for Windows, and once for WSL. | ||
| - WSL will attempt to call the Azure CLI version installed on Windows, not the WSL environment. | ||
| - To resolve this, either: | ||
| - Modify the PATH environment variable to move the Azure CLI + WSL location higher in the priority. | ||
| - Uninstall the Azure CLI from Windows (PowerShell or Command Prompt) | ||
|
|
||
| ### Docker Desktop | ||
|
|
||
| Installing [Docker Desktop](https://www.docker.com/products/docker-desktop/) is optional for students. Docker Desktop will install the Docker CLI and container engine on a Windows or Mac workstation. Students can use Docker Desktop in Challenge 1 to build and run the sample application's container images on their local workstation. They can also use Docker desktop to publish those container images to Azure Container Registry. | ||
|
|
||
| The SQL Server container image referenced in Challenge 1 will not run in Docker Desktop on a Mac device with Apple Silicon (ARM). | ||
|
|
||
| Docker Desktop requires administrator privileges on a Windows 10 or 11 device. | ||
|
|
||
| If the student does not have administrator privileges on their workstation, or is using a Mac with Apple Silicon, they can use the Azure CLI (`az acr build`) to build and publish their container images to the Azure Container Registry from their local workstation OR from the Azure Cloud Shell. However, they will not be able to run the containers locally before attempting to deploy them to AKS in Challenge 2. | ||
|
|
||
| Instead, students can test the containers out by running them in Azure Container Instances. See the [Coach Guide for Challenge 1](Solution-01.md) for more information. | ||
|
|
Oops, something went wrong.