Build Secure & Portable applications using AKS and its ecosystem

Transcript

1. Global Azure Bootcamp Singapore 2023

2. $whoami { “name” : “Nilesh Gule”, “website” : “https://www.HandsOnArchitect.com", “github”

   : “https://GitHub.com/NileshGule" “twitter” : “@nileshgule”, “linkedin” : “https://www.linkedin.com/in/nileshgule”, “YouTube” : “https://www.YouTube.com/@nilesh-gule” “likes” : “Technical Evangelism, Cricket”, “co-organizer” : “Azure Singapore UG” }

3. How to build Secure & Portable applications using AKS and

   its ecosystem
4. None

5. Native integration with Dapr

6. Dapr Components

7. Azure-Singapore-cluster demo-azure-singapore-rg ngacrregistry acrResourceGroup TechTalks with Dapr - AKS

8. Generate Workload – AKS

9. aci-dev-env azure-container-app-rg ngacrregistry acrResourceGroup TechTalks with Dapr – Azure Container

   Apps

10. Generate Workload – Container App

11. AKS Best Practices – Cluster Operator Multi-Tenancy Authentication and Authorization

    • Azure AD • Kubernetes RBAC • Azure RBAC • Pod Identities Cluster Isolation • Multi-tenancy and logical separation using namespaces Basic scheduler • Resource Quotas • Pod Disruption Budget Advanced scheduler • Taints & Tolerations • Node selectors and affinity • Inter-pod affinity and anti-affinity

12. AKS Best Practices Security • Cluster Security & Upgrades •

    Secure API Server • Limit container access • Manage upgrades & node reboots • Container Image Management • Secure images and runtimes • Automate builds on base image updates • Pod Security • Secure access to resources • Limit Credentials exposure • Use Pod Identities and Digital Key Vaults Network & Storage • Network Connectivity • Different network models using ingress and WAF • Secure node SSH access • Storage & Backup • Appropriate storage type & node size • Dynamically provision volumes • Data Backups Developer • Manage resources • Resource Requests & Limits • Pod Security • Secure access to resources • Limit credentials exposure • Use Pod Identities & Digital Vaults

13. Summary • Modern applications are loosely coupled and highly portable

    • AKS provides native integrations to Dapr and KEDA • KEDA helps to auto scale on metrics external to Kubernetes • Dapr tries to simplify the Microservices development and deployment • Dapr Components help to extract underlying functionality and provides abstractions • Best practices related to AKS • Make app portable to run in serverless as well as managed cloud services

14. References https://www.youtube.com/@nilesh-gule https://dapr.io/ Dapr Publish and Subscribe Kubernetes Event Driven

    Autoscaling Serverless - Dapr and Azure Container Apps AKS best-practices

15. Containerize Apps Resources https://github.com/NileshGule/cloud-native-ninja https://github.com/NileshGule/techtalks-azure-container-apps-demo Slides https://www.slideshare.net/nileshgule/ https://speakerdeck.com/nileshgule/

16. Nilesh Gule ARCHITECT | MICROSOFT MVP “Code with Passion and

    Strive for Excellence” nileshgule @nileshgule Nilesh Gule NileshGule www.handsonarchitect.com https://bit.ly/youtube-nileshgule

17. Q&A