Skip to content

ty4mcq/azure-kubernetes-service-project

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

42 Commits
deploy
deploy
 
 
.gitattributes
.gitattributes
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

ty4mcq-aks-project

Tyler McQueen's AKS project for Qualyfi.

To deploy, please run line: ./deploy/deploy.sh

Please ensure Docker is running locally before running deployment.

Spec/Requirements:

  • Deploy a ‘free’ sku AKS cluster with a public control plane
  • Deploy the voting application: https://github.com/Azure-Samples/azure-voting-app-redis
  • Use a ‘basic’ sku ACR to store the application in your subscription and deploy from there
  • Use Linux node pools using the Mariner OS (Microsoft Linux)
  • Create two node pools, one for system and one for the application – use default sku for node pool vm’s which is ‘Standard_DS2_v2’
  • Use ‘containerd’ for the container runtime
  • Set the node pools to auto scale using the cluster autoscaler
  • Set the pods to auto scale using the horizontal pod autoscaler
  • Use an application namespace called ‘production’
  • Use Azure CNI networking with dynamic allocation of IPs and enhanced subnet support
  • Use AKS-managed Microsoft Entra integration, use the existing EID group ‘AKS EID Admin Group’ for Azure Kubernetes Service RBAC Cluster Admin access
  • Use Azure role-based access control for Kubernetes Authorization
  • Disable local user accounts
  • Use an Application Gateway for ingress traffic
  • Use a NAT gateway for internet egress traffic
  • Use a system assigned managed identity for the cluster
  • Use the Azure Key Vault provider to secure Kubernetes secrets in AKS, create an example secret and attach it to the backend pods
  • Use a ‘standard’ sku Bastion and public/private keys to SSH to the pods
  • Enable IP subnet usage monitoring for the cluster
  • Enable Container Insights for the cluster
  • Enable Prometheus Monitor Metrics and Grafana for the cluster

Success/Acceptance Criteria:

  • Connect to the application front end via the App Gateway public ip
  • User node pool running without error with the front and back-end application
  • SSH to a node via the Bastion and the SSH keys
  • From the node load a web page via the NAT Gateway: curl ifconfig.me
  • Check cluster autoscaler logs for correct function of the cluster
  • Confirm the Pod autoscaler is running
  • Connect to a pod using kubectl bash command
  • Display the value of the example secret in the pod bash shell: kubectl exec (podName) --namespace (namespace) -- cat ./secrets-store-(front/back)/(secretName)
  • Check Container Insights is running, via the portal
  • Check Prometheus Monitor Metrics in Grafana instance
  • Use Azure Loading Testing to load the AKS cluster resulting in autoscaling of the nodes and pods: kubectl get pods --namespace (namespace)

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages