Slide 1

Slide 1 text

Azure F.A.Q. about… ... building cloud native apps with Kubernetes on Azure Dennis Zielke GBB - Cloud native [email protected]

Slide 2

Slide 2 text

No content

Slide 3

Slide 3 text

DevOps is the union of people, processand productsto enable continuous delivery of valueto our end users. What do we need for continuous innovation ?

Slide 4

Slide 4 text

Kubernetes Why do we need Kubernetes ?

Slide 5

Slide 5 text

Where can I store my container images and helm charts?

Slide 6

Slide 6 text

Kubernetes

Slide 7

Slide 7 text

Azure Kubernetes Service (AKS) A fully managed Kubernetes cluster Managed Azure infrastructure services Docker Kubernetes • Managed control pane • Automated upgrades, patches • Easy cluster scaling • Self-healing • Cost savings Application architect Infrastructure architect Applications Operations

Slide 8

Slide 8 text

What is AKS?

Slide 9

Slide 9 text

apps

Slide 10

Slide 10 text

DevOps pipeline for containers Build/CI, Integrate, Test Run, Manage, Integrate Kubernetes Service Service Fabric Batch App Services … Azure Container Registry Code Run Validate Debug CD, Deploy Source Code Control (SCC) Functions Analyze, Understand, Improve ACI

Slide 11

Slide 11 text

How is application doing? Available Is my application available and performing for users? One Dashboard Succeeding Performing What’s wrong? Show me suspicious code and test cases Where do we invest next? Show me top features and customer Usage patterns Health Dashboards Notifications & Deep Insights Usage Dashboards

Slide 12

Slide 12 text

Debugging applications?

Slide 13

Slide 13 text

How is infrastructure doing?

Slide 14

Slide 14 text

How to scale correctly? Kubernetes control pane Azure Container Instances (ACI) ACI Connector Pod Pod Pod Pod Pod Pod Pod Pod Pod Pod Pod Pod VM VM VM VM Deployment/ tasks Pod Pod Pod Pod Pod Pod Pod Pod Pod Pod Pod Pod Pod Pod Pod Pod Pod Pod Pod Pod Pod Pod Pod Pod Pod Waste Waste Waste Waste

Slide 15

Slide 15 text

security

Slide 16

Slide 16 text

Kubectl 1. API Server Security AKS Object ARM API Networking Compute Storage AKS RP Admins User Kube Event Dev Pull images Azure resources in MC_* Resource Group 6. Pod Security and Network Policy 4. Secrets to access external resources 2. Securing ingress and egress traffic towards users and services 3. Securing images 5. Network segmentation Lots of security issues?

Slide 17

Slide 17 text

Giving apps an aad-pod-identity

Slide 18

Slide 18 text

Compliance via openpolicyagent.org

Slide 19

Slide 19 text

How can I get started ? https://azure.microsoft.com/en-us/features/devops-projects/

Slide 20

Slide 20 text

Azure Q & A Demos: https://github.com/denniszielke/phoenix https://github.com/Azure-Samples/virtual-node-autoscale https://github.com/Azure/aad-pod-identity Dennis Zielke [email protected] @denzielke