Kubernetes on Azure AKS - Fundamentals

Welcome to the Kubernetes on Azure AKS workshop! This training consists of 31 hands-on lab exercises grouped into 11 modules, guiding you through Kubernetes fundamentals with Azure AKS integration.

Environment Setup

1. Log in to Azure Portal

Go to portal.azure.com and sign in with the credentials provided by the instructor (e.g. banqsoft-XX@protopialabs.onmicrosoft.com).

2. Launch Codespaces

1. Open the repository ProtopiaTech/training-k8s-basic-codespaces (optionally fork it)
2. Click Code → Codespaces → New codespace (the + button)
3. Wait for the environment to start — it includes kubectl, helm, kubectx/kubens, and az CLI

You can work directly in the browser or connect from VS Code on your machine — install the GitHub Codespaces extension (part of the Remote Development pack), then Ctrl+Shift+P / Cmd+Shift+P → Codespaces: Connect to Codespace.

3. Log in to Azure CLI

In the Codespaces terminal, authenticate to Azure using device code flow:

az login --use-device-code

Open the link shown in the terminal, enter the code, and sign in with the same account you used in step 1.

Then set the training subscription:

az account set --subscription 103f4802-c71c-4ee1-8701-516512df9a8b

4. Configure kubeconfig

The kubeconfig file configures your connection to the Kubernetes cluster. It contains the API server address, certificates, and credentials. kubectl looks for it at ~/.kube/config by default.

After launching your environment, install the tools and download the kubeconfig. The instructor will provide the resource group name and cluster name.

# Install kubectl and kubelogin
az aks install-cli

# Download kubeconfig from AKS
az aks get-credentials --resource-group <RESOURCE_GROUP> --name <CLUSTER_NAME>

# Convert kubeconfig to use kubelogin for Azure authentication
kubelogin convert-kubeconfig -l azurecli

# Verify connection
kubectl get nodes

Your Namespace

Each participant works in their own namespace (e.g. student-XX). Set it as default:

kubectl config set-context --current --namespace=student-XX

ACR Image

Exercises use the kuard application image hosted in Azure Container Registry. Replace <ACR_NAME> with the ACR name provided by the instructor:

<ACR_NAME>.azurecr.io/kuard:1

Exercise List

Module 1: Cluster Architecture

• 00: Kubernetes Architecture Overview — K8s architecture, AKS specifics, managed control plane
• 01: Exploring the AKS Cluster — Guided tour: node pools, kubectl get nodes, cluster config
• 02: Namespaces — Resource isolation with namespaces

Module 2: Pods

• 03: Pod from YAML — Pod spec, lifecycle, declarative approach
• 04: Multi-Container Pods — Sidecar pattern, shared volumes
• 05: Pod Operations — kubectl debug, Container Insights Live Logs, Workload Identity intro

Module 3: Configuration

• 06: Environment Variables — Passing config via env vars
• 07: ConfigMaps — Creating and using ConfigMaps as env and volumes
• 08: Secrets — Secrets basics, volumes, TLS certificates
• 09: Azure Key Vault Integration — Key Vault CSI Driver, SecretProviderClass

Module 4: Reliability & Deployments

• 10: Resources and Limits — CPU/Memory requests, limits, QoS classes
• 11: Liveness & Readiness Probes — Health checks for containers
• 12: Deployments — Deployment basics, scaling, full config
• 13: Update Strategies — Rolling updates, maxSurge/maxUnavailable

Module 5: Services

• 14: Service ClusterIP — Internal cluster communication
• 15: DNS in Kubernetes — Service discovery via DNS
• 16: Service LoadBalancer — Azure Load Balancer, public & internal LB
• 17: Load Balancer Health Probes — Azure LB health probes, NSG, diagnostics
• 18: Readiness Probe & Service — How readiness probes affect endpoints

Module 6: Networking

• 19: Azure CNI & Networking — Azure CNI Overlay, Pod CIDR, private clusters

Module 7: Network Policies & Disruption

• 20: Network Policies — NetworkPolicy basics, Cilium, default deny
• 21: Pod Disruption Budgets — PDB, voluntary disruptions, node drain

Module 8: Ingress

• 22: Ingress Basics — Managed NGINX Ingress with application routing add-on
• 23: Ingress Path-Based Routing — Routing by URL paths
• 24: Ingress Advanced — URL rewriting, NGINX annotations

Module 9: Scaling

• 25: Horizontal Pod Autoscaler — HPA with CPU-based scaling, VPA overview
• 26: Cluster Scaling — Cluster Autoscaler, NAP/Karpenter, KEDA

Module 10: Security

• 27: RBAC — Roles, ClusterRoles, RoleBindings, Azure RBAC, Entra ID
• 28: Security Operations — Defender for Containers, image scanning, upgrades

Module 11: Monitoring

• 29: Container Insights — Live Logs, log queries, basic KQL
• 30: Prometheus & Alerts — Azure Monitor managed Prometheus, Grafana, alerts