Global Azure Bootcamp Singapore 2023

$whoami { “name” : “Nilesh Gule”, “website” : “https://www.HandsOnArchitect.com", “github” : “https://GitHub.com/NileshGule" “twitter” : “@nileshgule”, “linkedin” : “https://www.linkedin.com/in/nileshgule”, “YouTube” : “https://www.YouTube.com/@nilesh-gule” “likes” : “Technical Evangelism, Cricket”, “co-organizer” : “Azure Singapore UG” }

How to build Secure & Portable applications using AKS and its ecosystem

No content

Native integration with Dapr

Dapr Components

Azure-Singapore-cluster demo-azure-singapore-rg ngacrregistry acrResourceGroup TechTalks with Dapr - AKS

Generate Workload – AKS

aci-dev-env azure-container-app-rg ngacrregistry acrResourceGroup TechTalks with Dapr – Azure Container Apps

Generate Workload – Container App

AKS Best Practices – Cluster Operator Multi-Tenancy Authentication and Authorization • Azure AD • Kubernetes RBAC • Azure RBAC • Pod Identities Cluster Isolation • Multi-tenancy and logical separation using namespaces Basic scheduler • Resource Quotas • Pod Disruption Budget Advanced scheduler • Taints & Tolerations • Node selectors and affinity • Inter-pod affinity and anti-affinity

AKS Best Practices Security • Cluster Security & Upgrades • Secure API Server • Limit container access • Manage upgrades & node reboots • Container Image Management • Secure images and runtimes • Automate builds on base image updates • Pod Security • Secure access to resources • Limit Credentials exposure • Use Pod Identities and Digital Key Vaults Network & Storage • Network Connectivity • Different network models using ingress and WAF • Secure node SSH access • Storage & Backup • Appropriate storage type & node size • Dynamically provision volumes • Data Backups Developer • Manage resources • Resource Requests & Limits • Pod Security • Secure access to resources • Limit credentials exposure • Use Pod Identities & Digital Vaults

Summary • Modern applications are loosely coupled and highly portable • AKS provides native integrations to Dapr and KEDA • KEDA helps to auto scale on metrics external to Kubernetes • Dapr tries to simplify the Microservices development and deployment • Dapr Components help to extract underlying functionality and provides abstractions • Best practices related to AKS • Make app portable to run in serverless as well as managed cloud services

References https://www.youtube.com/@nilesh-gule https://dapr.io/ Dapr Publish and Subscribe Kubernetes Event Driven Autoscaling Serverless - Dapr and Azure Container Apps AKS best-practices

Containerize Apps Resources https://github.com/NileshGule/cloud-native-ninja https://github.com/NileshGule/techtalks-azure-container-apps-demo Slides https://www.slideshare.net/nileshgule/ https://speakerdeck.com/nileshgule/

Nilesh Gule ARCHITECT | MICROSOFT MVP “Code with Passion and Strive for Excellence” nileshgule @nileshgule Nilesh Gule NileshGule www.handsonarchitect.com https://bit.ly/youtube-nileshgule

Q&A