Migrated Content

README.md

@@ -1,31 +1,61 @@
+# Azure Kubernetes Service(AKS) Solution Factory Aligned to Cloud Adoption Framework # 
+The AKS CAF Solution Factory is collection of eBook, TaskList in DevOps Project and Excel, Security Policies suggestions that can help Microsoft customers and partners to deploy and manage AKS in alignment to Cloud Adoption Framework (CAF).  
 
-# Contributing
+The Azure Cloud Adoption Journey
+ ![CAF](https://github.com/faridabharmal/WVD_CAF_SolutionFactory/blob/master/TechnicalEnablement/CAF.png)
 
-This project welcomes contributions and suggestions.  Most contributions require you to agree to a
-Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us
-the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
+## AKS CAF Solution Factory Contents
 
-When you submit a pull request, a CLA bot will automatically determine whether you need to provide
-a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions
-provided by the bot. You will only need to do this once across all repos using our CLA.
+## Pre-Sales Contents    
+ * [AKS CAF PreSales](https://github.com/faridabharmal/AKS_CAF_SolutionFactory/blob/master/TechnicalEnablement)   
+ Sell-To and Sell-Through guidance on customer and partner business model including licensing and pricing driving the sales motions with cost savings.
+ * [Cloud Adoption Framework - Overview Deck](https://github.com/faridabharmal/AKS_CAF_SolutionFactory/blob/master/SalesEnablement/Cloud%20Adoption%20Framework%20-%20Overview_partner.pptx)
+ This presentation is designed to provide a brief introduction to the Cloud Adoption Framework for Azure.
+ * [Cloud Adoption Framework - Governance Workshop partner](https://github.com/faridabharmal/AKS_CAF_SolutionFactory/blob/master/SalesEnablement/Cloud%20Adoption%20Framework%20-%20Governance%20Workshop_partner.pptx)
+ * [Cloud Adoption Framework_Strategy-Plan-Ready Workshop partner](https://github.com/faridabharmal/AKS_CAF_SolutionFactory/blob/master/SalesEnablement/Cloud%20Adoption%20Framework_Strategy-Plan-Ready%20Workshop_partner.pptx)
+* [Kubernetes on Azure Pitch Deck](https://github.com/faridabharmal/AKS_CAF_SolutionFactory/blob/master/SalesEnablement/Kubernetes%20on%20Azure%20Pitch%20Deck.pptx): Provide overview of Kubernetes on Azure and articulate the differentiators as well as benefits
 
-This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
-For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or
-contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
+## Technical Contents
+*  [AKS Adoption Aligned To Cloud Adoption Framework](TechnicalEnablement/AKS-adoption-aligned-to-cloud-adoption-framework.md):
+Guidance about what one needs to do in each of the Cloud Adoption phases for AKS Deployment starting from Strategy, Plan, Ready, Adopt, Govern and Manage. We have supplied detailed step by step guidance(from our experiences) that will provide the steps necessary to go from zero to a complete AKS deployment and management aligned to the Cloud Adoption Framework methodology.  
 
-# Legal Notices
+*  [AKS CAF Project DevOps Project TaskList](TechnicalEnablement/AKS_CAF_DevOps_Project_TaskList.zip):
+When you go through the AKS deployment, there are multiple tasks that needs to completed. We have supplied Azure DevOps Project that will provide the steps necessary to go from zero to a complete AKS deployment and management. 
 
-Microsoft and any contributors grant you a license to the Microsoft documentation and other content
-in this repository under the [Creative Commons Attribution 4.0 International Public License](https://creativecommons.org/licenses/by/4.0/legalcode),
-see the [LICENSE](LICENSE) file, and grant you a license to any code in the repository under the [MIT License](https://opensource.org/licenses/MIT), see the
-[LICENSE-CODE](LICENSE-CODE) file.
+    Steps to import the DevOps Project:  
+    * Sign in to the [Azure DevOps Demo Generator site](https://azuredevopsdemogenerator.azurewebsites.net/)  
+    * Provide project name, select your Org, and choose the "AKS_CAF_DevOps_Project_TaskList.zip" template from this GitHub Repo 
 
-Microsoft, Windows, Microsoft Azure and/or other Microsoft products and services referenced in the documentation
-may be either trademarks or registered trademarks of Microsoft in the United States and/or other countries.
-The licenses for this project do not grant you rights to use any Microsoft names, logos, or trademarks.
-Microsoft's general trademark guidelines can be found at http://go.microsoft.com/fwlink/?LinkID=254653.
+*  [AKS CAF Project TaskList](TechnicalEnablement/AKS_CAF_Project_TaskList.xlsx):
+In case if you are not leveraging Azure DevOps for project management, no worries...We have provided all the necessary steps in an excel sheet which can be leveraged as is or imported into your own project management tool of choice.  
 
-Privacy information can be found at https://privacy.microsoft.com/en-us/
+ *  [AKS CAF Governance Security_Policy](TechnicalEnablement/AKS_CAF_Governance_Security_Policy.xlsx):
+ One common question that we get is what are the security considerations for AKS Deployment. So we have provided guidance about how to leverage the Azure policies to secure your environment. This can act as a good starting point for your security consideration. 
+
+* [Application Gateway Ingress Controller](TechnicalEnablement/aks-appgw-ingress-controller.md)
+The Application Gateway Ingress Controller (AGIC) enables exposing applications running within AKS to the Internet by leveraging Azure’s native Application Gateway L7 load-balancer. This document details out this implementation.
+This document speaks to the security best practices around AKS.
+* [AKS Deployment Guide](TechnicalEnablement/aks-getting-started.md): This document details out the deployment guide for a sample AKS cluster.
+* [Decision Tree](TechnicalEnablement/aks-decision-tree.md): A decision tree document that talks to some of the major decision points when deciding an AKS cluster deployment.
+
+## Additional Links
+
+ * [Azure Cloud Adoption Framework Documentation](https://azure.microsoft.com/en-us/cloud-adoption-framework)
+
+ * [Additional Cloud Adoption Framework Resources](https://www.microsoft.com/azure/partners/b/enable/cloud-adoption-framework)
+
+* [AKS Documentation](https://docs.microsoft.com/en-us/azure/aks/) 
+
+
+## Key Contributors
+Thanks to our contributors:  
+Microsoft Team: Farida Bharmal, Manish Dhall, Ali Hussain   
+We have leveraged help from Microsoft Partner [Fyrsoft](https://www.fyrsoft.com/) to create the contents.
+
+## Support for future scenarios
+The contents are provided as-is. We periodically update and enhance the contents. 
+
+
+## Disclaimer  
+MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT.Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, our provision of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. The descriptions of other companies’ products in this document, if any, are provided only as a convenience to you. Any such references should not be considered an endorsement or support by Microsoft. Microsoft cannot guarantee their accuracy, and the products may change over time. Also, the descriptions are intended as brief highlights to aid understanding, rather than as thorough coverage. For authoritative descriptions of these products, please consult their respective manufacturers. © 2016 Microsoft Corporation. All rights reserved. Any use or distribution of these materials without express authorization of Microsoft Corp. is strictly prohibited. Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
 
-Microsoft and any contributors reserve all other rights, whether under their respective copyrights, patents,
-or trademarks, whether by implication, estoppel or otherwise.

TechnicalEnablement/README.md

@@ -0,0 +1,12 @@
+# Technical Enablement
+
+These docs are designed to walk you through the technical enablement for creating an [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) Practice aligned to the [Cloud Adoption Framework](https://azure.microsoft.com/en-us/cloud-adoption-framework/).
+
+## Sections
+
+- [Getting Started](aks-getting-started.md)
+- [AKS Adoption](AKS-adoption-aligned-to-cloud-adoption-framework.md)
+- [Decision Tree](aks-decision-tree.md)
+- [Application Gateway Ingress Controller](aks-appgw-ingress-controller.md)
+- [Resources](aks-resources.md)
+

TechnicalEnablement/aks-appgw-ingress-controller.md

@@ -0,0 +1,16 @@
+# Application Gateway Ingress Controller
+
+The Application Gateway Ingress Controller (AGIC) enables exposing applications running within AKS to the Internet by leveraging Azure's native Application Gateway L7 load-balancer. AGIC monitors the Kubernetes cluster on which it is hosted and continuously updates an Application Gateway so that selected services are exposed to the Internet. The most notable features are
+
+- URL routing
+- Cookie-based affinity
+- Secure Sockets Layer (SSL) termination
+- End-to-end SSL
+- Support for public, private, and hybrid web sites
+- Integrated web application firewall
+
+The App Gateway Ingress Controller architecture looks as follows. The Ingress Resource as defined in a YAML file specifies routing rules. The App Gateway Ingress Controller runs as a pod that takes the ingress resource and configures the Azure App Gateway so that ingress traffic can go to the appropriate application and pods. The AGIC needs to have the appropriate permission to configure the App Gateway.
+
+![](media/appgw-ingress-controller.png)
+
+The Application Gateway Ingress Controller can achieve up to 50 percent lower network latency than in-cluster ingress controllers. App Gateway can be shared with other Azure resources such as a VM and/or Azure App Service. Therefore, making it more cost effective as it is being shared.

TechnicalEnablement/aks-decision-tree.md

@@ -0,0 +1,76 @@
+# Decision Tree
+
+
+## [Horizontal Pod Autoscaler](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale)
+
+- Why
+  - HPA changes the shape of your Kubernetes workload by automatically increasing or decreasing the number of Pods in response to the workload's CPU or memory consumption, or in response to custom metrics reported from within Kubernetes or external metrics from sources outside of your cluster
+- Alternatives
+    - Manually or programmatically monitor and alert on pod CPU utilization or [custom metrics](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-custom-metrics) and adjusting the [ReplicaSet](https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/) via the Kubernetes API
+- Limitations :
+  - Do not use HPA together with Vertical Pod Autoscaling (VPA) on CPU or memory. However, you can use HPA with VPA if HPA evaluates metrics other than CPU or memory
+  - If you have a Deployment, don't configure HPA on the ReplicaSet or Replication Controller backing it. When you perform a rolling update on the Deployment or Replication Controller, it is effectively replaced by a new Replication Controller. Instead configure HPA on the Deployment itself
+  - HPA cannot be used for workloads that cannot be scaled, such as DaemonSets.
+
+## Cluster Autoscaler
+
+- Why
+  - The Kubernetes Cluster Autoscaler automatically adjusts the number of nodes in your cluster when the pods fail to launch due to lack of resources or when nodes in the cluster are underutilized and their pods can be rescheduled onto other nodes in the cluster. When demand is high, cluster autoscaler adds nodes to the node pool. When demand is low, cluster autoscaler scales back down to a minimum size that you designate. This can increase the availability of your workloads when you need it, while controlling costs
+- Limitations
+    - Local PersistentVolumes.
+    - Scaling up a node group of size 0, for Pods requesting resources beyond CPU, memory and GPU (ex. ephemeral-storage)
+    - Cluster autoscaler supports up to 5000 nodes running 30 Pods each. For more details on scalability guarantees, refer to [Scalability report](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/proposals/scalability_tests.md)
+    - When scaling down, cluster autoscaler honors a graceful termination period of 10 minutes for rescheduling the node's Pods onto a different node before forcibly terminating the node
+    - Occasionally, cluster autoscaler cannot scale down completely and an extra node exists after scaling down. This can occur when required system Pods are scheduled onto different nodes, because there is no trigger for any of those Pods to be moved to a different node. See [I have a couple of nodes with low utilization, but they are not scaled down. Why?](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#i-have-a-couple-of-nodes-with-low-utilization-but-they-are-not-scaled-down-why). To work around this limitation, you can configure a [Pod disruption budget](https://kubernetes.io/docs/concepts/workloads/pods/disruptions/)
+    - Custom scheduling with altered Filters is not supported
+- Considerations
+    - Enable [logging of the Cluster Autoscaler](https://docs.microsoft.com/en-us/azure/aks/cluster-autoscaler#retrieve-cluster-autoscaler-logs-and-status) so you can understand why it is autoscaling…or not.
+- Alternatives
+    - Manually or programmatically monitor and alert on Kubernetes scheduler failures or node CPU/RAM utilization and [adjusting the node count](https://docs.microsoft.com/en-us/azure/aks/scale-cluster) via the Azure CLI or Azure Portal
+
+## CNI (vs kubenet)
+
+- Why
+    - Kubenet is a very basic, simple network plugin, on Linux only. It does not, of itself, implement more advanced features like cross-node networking or network policy. It is typically used together with a cloud provider that sets up routing rules for communication between nodes, or in single-node environments.
+    - With kubenet, nodes get an IP address from the Azure Virtual Network subnet. Pods receive an IP address from a logically different address space (POD CIDR - POD Classless Inter-Domain Routing) to the Azure Virtual Network Subnet of the nodes. Network address translation (NAT) is then configured so that the pods can reach resources on the Azure Virtual Network. The source IP address of the traffic is NAT'd to the node's primary IP address. NAT is under Layer 3 operations. This approach greatly reduces the number of IP addresses that you need to reserve in your network space for pods to use.
+
+- [Alternatives](https://docs.microsoft.com/en-us/azure/aks/concepts-network#compare-network-models)
+
+- Use kubenet when:
+
+    - You have limited IP address space.
+    - Most of the pod communication is within the cluster.
+    - You don't need advanced AKS features such as virtual nodes or Azure Network Policy. Use Calico network policies.
+
+- Use Azure CNI when:
+
+    - You have available IP address space.
+    - Most of the pod communication is to resources outside of the cluster.
+    - You don't want to manage the UDRs.
+    - You need AKS advanced features such as virtual nodes or Azure Network Policy. Use Calico network policies.
+    - You need a nodepool for Windows Containers.
+
+## [Azure Monitor for Containers](https://docs.microsoft.com/en-us/azure/azure-monitor/insights/container-insights-overview)
+
+- Why
+
+    - Azure Monitor for containers collects lots of data to effectively monitor Kubernetes clusters. Full observability into your applications, infrastructure, and network. It provides sophisticated tools for collecting and analyzing telemetry that allow you to maximize the performance and availability of your cloud and on-premises resources and applications
+
+    - Store and analyze operational telemetry, advanced analytic engine ,interactive query language, allows you to configure charts, dashboards, alerting and [triggering](https://docs.microsoft.com/en-us/azure/azure-monitor/platform/action-groups#create-an-action-group-by-using-the-azure-portal) of Automation Runbook, Azure Function, Email Azure Resource Manager Role, Email/SMS/Push/Voice, ITSM, Logic App, Secure Webhook, Webhook
+
+- Alternatives
+
+    - There are a wide range of other tools to consider:
+
+    - [Loki](https://grafana.com/oss/loki/) - a horizontally-scalable, highly-available, multi-tenant log aggregation system inspired by Prometheus.
+    - [Prometheus](https://prometheus.io/docs/introduction/overview/) - is an open-source systems monitoring and alerting toolkit
+    - [Grafana](https://grafana.com/grafana/) - allows you to query, visualize, alert on and understand your metrics no matter where they are stored. Create, explore, and share dashboards with your team and foster a data driven culture.
+    - Splunk
+    - Journald
+
+- Logging considerations
+    - Why
+        - Diagnostic logs should be enabled when needed - as excessive logging can hurt performance.
+        - However, we recommend enabling logging for the following components:
+            - [Cluster Autoscaler](https://docs.microsoft.com/en-us/azure/aks/cluster-autoscaler#retrieve-cluster-autoscaler-logs-and-status) - understand why it is autoscaling…or not
+            - [KubeControllerManager](https://kubernetes.io/docs/tasks/debug-application-cluster/debug-cluster/#master) - visibility into the replication controller and any impact of using Azure Policy

TechnicalEnablement/aks-getting-started.md

@@ -0,0 +1,176 @@
+- [Prerequisites:](#prerequisites)
+  - [Register required resources in the subscription](#register-required-resources-in-the-subscription)
+
+# Prerequisites:
+
+1. An [Azure](https://azure.microsoft.com/en-us/) account with a [subscription](https://theithollow.com/2016/07/11/azure-subscriptions/)
+2. [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest) installed and configured
+3. Kubernetes command-line tool [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) installed
+4. Lastly, make sure the Azure subscription you use has the following required resources: Storage, Compute, Networking, and ContainerService
+
+## Register required resources in the subscription
+
+Go to the subscription page by clicking on the "All services" link (1) in the top-left panel, then click on the "Subscriptions" link (2). You can see the steps indicated in the screenshot below.
+
+![](media/prereq-register-resources-1.png)
+
+Select the subscription to to create the AKS cluster.
+
+![](media/prereq-register-resources-2.png)
+
+
+Scroll down and click on the "Resource providers" link to register or review the resources needed.
+
+![](media/prereq-register-resources-3.png)
+
+Search (1) for the resources listed before: Storage, Compute, Networking, and ContainerService. If it's not registered, click on the "Register" (2) link and wait.
+
+![](media/prereq-register-resources-4.png)
+
+There are two methods that can be followed, which are given below:
+
+Method 1: Creating an AKS/Azure Container Service cluster using the Azure Portal
+It is recommended to check the official AKS documents before proceeding further.
+Create a new Azure resource
+Go to your Azure portal and in the top-left panel, click the “Create a resource” (1) button. Then select “Containers” (2) and click on the “Kubernetes Service” (3) link.
+
+
+![](media/prereq-register-resources-5.png)
+
+Fill In the Basics configuration:
+
+![](media/prereq-register-resources-6.png)
+
+
+Choose your subscription and use an existing resource group, but for our use let us just create a new one. A resource group is a way for Azure to keep all the related resources together so that you can make templates, share permissions and policies, or clean out everything by simply deleting the resource group. So choose “Create new” and name it—I put “coolapp” (2).
+
+Choose a name for the cluster. I went with “coolk8s” (3). Choose a region where the cluster should be created (4). Ideally, it should be one that’s physically near your users (so if your users are based in the US, you want to create your virtual machine in a US region).
+
+Select the latest version of Kubernetes (5) cluster. Then, write a DNS name (6) to identify your cluster—this should be unique for all the Azure users, so if you’re getting an error, it could be because someone else has already chosen the name you are trying to use. Go to the “Authentication” tab to see this:
+
+
+![](media/prereq-register-resources-7.png)
+
+Azure has made the service principal integration simpler—in case you're just starting out, you can leave this option on default. A [service principal](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-application-objects) is needed so that AKS can interact securely with Azure to create resources like load balancers. Kubernetes' services will sometimes need to be configured as load balancers, so AKS will create a real load balancer from Azure. In case you want to have more control and reuse a service principal, you can [create your own, too](https://docs.microsoft.com/en-us/azure/aks/kubernetes-service-principal).
+
+Now it's time to select which type of instance the cluster will use. You might see an error screen like this:
+
+![](media/prereq-register-resources-8.png)
+
+If you are having an "error," I can tell you it happened to me, too. Don't worry, it doesn't necessarily mean that you' are doing something wrong, it can also be because g—it might just be because your subscription has some limitations. The reason can be It could also mean that you' have reached the instances limit or that creating the cluster will put you over the limit. All you need to do is to get rid of the error message is click on the "Change size" link and choose a different instance type.
+
+Node Size:
+
+When I was creating my cluster, I was having problems and I didn't know why. Azure support guys are amazing, seriously—DM them and they will help you. Otherwise, you can post your question on Stack Overflow and the community there will help you. I was having problems While creating the cluster, because if I was using a small instance for AKS, then it can cause an error. According to the support guys, yIn this scenario ouone would be required need to select an instance with at least 3.5 GB of memory. If not, otherwise the cluster would not be created.n't come up Tand you'll see weird errors.
+
+Even if you don't have this error, let's change the size so that you don't spend too much on this test. heThe givenfollowing screen should be followed for helpshould appear:
+
+![](media/prereq-register-resources-9.png)
+
+Type "a2" (1) so that the " **Standard A2\_v2″**  instance type appears and click it. Next, click on the blue "Select" (2) button. It will take you back to the previous screen.
+
+![](media/prereq-register-resources-10.png)
+
+Set "Node count" option to 2. Once done, click on the "Next: Networking" button.
+
+3. Fill in the networking configuration
+
+Networking is one of the most important things to configure when you start integrating services, or if you want to create a VPN tunnel. This is the part where where you need to avoid any networking conflict to access the Kubernetes nodes that AKS configures. Click on the "Networking" tab.You should now beable to view the below seeing thismentioned screen:
+
+![](media/prereq-register-resources-11.png)
+
+You can leave this section as default and continue with those settings., but let me explain a few things iIn case you want to do something specific with networking, then follow the given steps:.
+
+Start with the HTTP application routing (1). When you create a Kubernetes "LoadBalancer" service type, a public IP address is assigned to you. At some point, you may encounter a few issues might have problems whenwhile creating a new service because you've reached an Azure [limit](https://docs.microsoft.com/en-us/azure/azure-subscription-service-limits). Kubernetes has "a collection of rules that allow inbound connections to reach the cluster services" called Ingress, as indicated in the [official docs](https://kubernetes.io/docs/concepts/services-networking/ingress/). Ingress will allow you to have SSL termination and DNS endpoints for your services.
+
+If you want to dive deeper into the subject, you can [check out this post](https://pascalnaber.wordpress.com/2017/10/27/configure-ingress-on-kubernetes-using-azure-container-service/).
+
+For networking configuration (2), choose "Basic" for now and let Azure configure the networking for you. This is where you can'll define network ranges to allocate IPs—usually known as [CIDR](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing). This section is crucial for avoiding network conflicts with your on-prem network or other network resources in Azure. Click on the "Next: Monitoring" button to continue.
+
+4. Fill in the monitoring configuration
+
+There's not a lot for me to say in this section other than, "This is freaking awesome!"
+
+By default, AKS will give you metrics about the performance of the cluster, and if you choose (which I highly recommend you do!), you can get performance metrics for containers. You may access all the can also get logs to troubleshoot. These monitoring features are invaluable extremely useful when you are integratinge [APM](https://stackify.com/avoid-apm-vanity-metrics/) into your application.
+
+![](media/prereq-register-resources-12.png)
+
+Finally, cIf you'd like to get an idea of what your monitoring results might look like, take a look at this document. Let's not worry about the tags section for now, so click on the blue "Review + create" button to continue.
+
+5. Review and create
+
+We're almost there!
+
+Azure will start creating the service principal and will validate the information you have entered. , so the following screen should appear:The image given below may be used for reference:
+
+![](media/prereq-register-resources-13.png)
+
+Click on the blue "Create" button to create the cluster. Now's the time to pause and refill your cup with fresh coffee. It will take a little time for Azure to finish creating the cluster—mine took twenty minutes.
+
+![](media/prereq-register-resources-14.png)
+
+Congratulations! You've created a Kubernetes-managed cluster is created in Azure.
+
+Method 2: Creating an Azure Container Service cluster using the command line
+
+The UI has been changing throughout is changing all the time, but the command line has stayed pretty is constant. I find it valuable to use tThe GUI because it gives me us a chance to understand visually how to create the cluster. On the other hand, using the CLI will helps you to automate theis process or use tools like [Terraform](https://stackify.com/setup-an-elasticsearch-cluster-on-azure-w-terraform/)Terraform.
+
+Before we start creating the cluster using the command line e, make sure you have all of the prerequisites that I described above. Also, if you created a cluster using the portal from the previous steps, make sure you delete it or change the names of the resources in the commands you have used earlier.run.
+
+1. Create a new resource group
+
+As I said before, aA resource group is a way for Azure to keep all related resources together so that you can make templates, share permissions and policies, or clean out everything by simply deleting the resource group. So run the following command to create it:
+
+`az group create --name coolapp --location eastus`
+
+2. Create the AKS cluster
+
+Run the following command to create the cluster:
+
+`az aks create --resource-group coolapp --name coolk8s --node-count 2--node-vm-size Standard_A2_v2--generate-ssh-keys`
+
+So what exactly did we just do? Let's explore the parameters and values we entered here:The parameters used are explained below:
+
+- – **resource-group**  is the name of the resource group we just created.
+- – **name**  is the name of the cluster to identify it.
+- – **node-count**  is the number of nodes we want for our cluster.
+- – **node-vm-size**  is the name of the instance type we choose. It's better to be specific here to avoid potential problems with the limitations of our subscription.
+- – **generate-ssh-keys**  will generate SSH keys on your local machine so it's easier for you to connect to any node if need be.
+
+Specifying only those arguments means that Azure will use the default values for things like networking or monitoring that we saw when creating the cluster in the portal. . Let's keep it simple for now, but in case you want to explore the other arguments, you can take a look at the [docs](https://docs.microsoft.com/en-us/cli/azure/aks?view=azure-cli-latest#az-aks-create).
+
+Finally In the meantime, Azure will create the cluster.. Mine took twenty minutes or so to finish. And that's it! You created the cluster with just two commands. Now let's make sure the cluster is actually working.
+
+Accessing the Kubernetes UI locally
+
+Whether you created the cluster using the portal, the command line, or both, the following instructions will are to be followedwork to access the Kubernetes dashboard. It is required This is where you need to have the latest version of [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest) and [kubetcl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) installed and configured.
+
+1. Download cluster credentials
+
+Firstly Start by ddownloading the cluster credentials to your computer by running the below givenis command:
+
+`az aks get-credentials --resource-group=coolapp --name=coolk8s`
+
+Specify the resource group with the  **–resource-group**  parameter and the name of the cluster with the **–name**  parameter. Doing thisThis makes it easy to togglinge between different Kubernetes clusters effortless.that you've connected previously (for example, a local version of Kubernetes).
+
+2. Browse the cluster
+
+Run the following command. A new browser tab or window will open with the Kubernetes dashboard automatically.
+
+`az aks browse --resource-group coolapp --name coolk8s`
+
+Wait a few more seconds, and the Kubernetes dashboard will appear:
+
+![](media/prereq-register-resources-15.png)
+
+If the your screen appears similar to the one mentioned above, then the cluster is functioninglooks like this one, congratulations! That means your cluster works and you can connect to it with ease.
+
+Clean up your resources
+
+Delete the AKS cluster by running the following command and then confirming the delete :
+
+az aks delete--resource-group coolapp --name coolk8s
+
+It will take some time to finish, but please keep an eye on the results of the command. The cluster might not be deleted, and you'll end up [paying](https://azure.microsoft.com/en-us/pricing/details/container-service/) until you delete it. If you want to delete the resource group, run the below givenis command:
+
+az group delete -n coolapp

TechnicalEnablement/aks-resources.md

@@ -0,0 +1,190 @@
+# AKS Resources
+
+- [AKS Resources](#aks-resources)
+  - [**Visual Studio Code**](#visual-studio-code)
+  - [**Docker for Windows**](#docker-for-windows)
+  - [Minikube](#minikube)
+  - [**Command Line Interface (CLI)**](#command-line-interface-cli)
+    - [Docker](#docker)
+    - [Docker Compose](#docker-compose)
+    - [Minikube](#minikube-1)
+    - [Kubectl](#kubectl)
+    - [Helm](#helm)
+    - [Git](#git)
+    - [Azure CLI](#azure-cli)
+    - [**VS Code Extension** : **Azure Resource Manager Tools**](#vs-code-extension--azure-resource-manager-tools)
+    - [**VS Code Extension** : Kubernetes](#vs-code-extension--kubernetes)
+    - [Skaffold](#skaffold)
+    - [Istio as a service mesh](#istio-as-a-service-mesh)
+    - [Prometheus for monitoring](#prometheus-for-monitoring)
+
+    - [Skaffold](#skaffold)
+    - [Istio as a service mesh](#istio-as-a-service-mesh)
+    - [Prometheus for monitoring](#prometheus-for-monitoring)
+
+Machine operating system is Windows 10
+
+## [**Visual Studio Code**](https://code.visualstudio.com/docs)
+
+Lightweight but powerful source code editor. Free.
+[https://code.visualstudio.com/download](https://code.visualstudio.com/download)
+
+This tool as it is very light weight and very popular in the general developer community and not just with Microsoft-centric communities and its plugin extensions. Alternative IDEs, are any code editor you choose, including the latest version [Visual Studio](https://visualstudio.microsoft.com/) which has more rich capabilities.
+
+## [**Docker for Windows**](https://docs.docker.com/docker-for-windows/)
+
+Docker is a full development platform to build, run, and share containerized applications. Docker Desktop is the best way to get started with Docker on a Windows machine.
+
+![](media/docker-desktop.png)
+
+Docker Desktop has Kubernetes [integrated](https://www.docker.com/blog/docker-windows-desktop-now-kubernetes/). So you have a simple local Kubernetes cluster.
+
+![](media/docker-kubernetes.png)
+
+Using docker for windows is a main starting point for a developer to build and test containerized applications in your local machine.
+
+## [Minikube](https://github.com/kubernetes/minikube)
+
+Minikube implements a local Kubernetes cluster on macOS, Linux, and Windows. minikube's primary goals are to be the best tool for local Kubernetes application development and to support all Kubernetes features that fit.
+
+This is another option to Docker Desktop's OOTB Kubernetes cluster. I found this initially tricky to install and setup, especially with the hyper-v virtual switch on my windows 10 machine. This is solely for local development scenarios and not production. I tried this setup on an Azure VM and I don't think it is supported well, so don't bother trying.
+
+## **Command Line Interface (CLI)**
+
+CLIs are text-based interfaces to execute commands against an application or system.
+
+### [Docker](https://docs.docker.com/engine/reference/commandline/cli/)
+
+This is installed as part of Docker for Windows. Here is a [Docker cheat sheet](https://www.docker.com/sites/default/files/d8/2019-09/docker-cheat-sheet.pdf)
+
+Example commands
+
+Build an image from the Docker file in the current directory
+`docker build -t helloworldimage:1.0`
+
+Run a container from the image
+`docker container run –name myApp -p 5000:80 helloworldimage:1.0`
+
+### [Docker Compose](https://docs.docker.com/compose/)
+
+Compose is a tool for defining and running multi-container Docker applications. With Compose, you use a YAML file to configure your application's services. I typically use this for testing the app locally and is optional as part of the Kubernetes app lifecycle.
+
+Compose has commands for managing the whole lifecycle of your application:
+
+- Start, stop, and rebuild services
+- View the status of running services
+- Stream the log output of running services
+- Run a one-off command on a service
+
+Example command:
+
+Starts and runs your multi-container app based on the yaml file in the current directory
+`docker-compose up`
+
+### [Minikube](https://minikube.sigs.k8s.io/docs/examples/)
+
+Minikube has its own CLI.
+
+Example commands:
+
+Start a cluster
+`minikube start`
+
+Access the Kubernetes Dashboard running within the minikube cluster
+`minikube dashboard`
+
+minikube makes it easy to open this exposed endpoint in your browser
+`minikube service hello-minikube`
+
+### [Kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/#install-kubectl-on-windows)
+
+Helps manage and configure a kubernetes cluster, including Azure Kubernetes Service (AKS).
+
+For the commands cheat sheet read [https://kubernetes.io/docs/reference/kubectl/cheatsheet/](https://kubernetes.io/docs/reference/kubectl/cheatsheet/)
+
+Example commands:
+
+List all services in the namespace
+`kubectl get services`
+
+Show pods
+`kubectl get pods`
+
+Create a Kubernetes resource
+`kubectl apply -f ./my-manifest.yaml`
+
+Knowing kubectl is core to being a kubernetes developer or engineer.
+
+### [Helm](https://helm.sh/)
+
+Helm helps you manage Kubernetes applications — Helm Charts help you define, install, and upgrade even the most complex Kubernetes application. Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources.
+
+![](RackMultipart20200714-4-i3szmq_html_fdce5468f81883cf.png)
+
+Use Helm to:
+
+- Find and use popular software packaged as Helm Charts to run in Kubernetes
+- Share your own applications as Helm Charts
+- Create reproducible builds of your Kubernetes applications
+- Intelligently manage your Kubernetes manifest files
+- Manage releases of Helm packages
+
+Helm is integral in packaging up your applications for deployment. It is fairly easy to work with, but have to understand its syntax and really useful to deploy applications freely available. A good example would be the nginx controller when setting up a kubernetes cluster.
+
+### [Git](https://git-scm.com/)
+
+For source control management. This is a standard tool these days.
+
+### [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/get-started-with-azure-cli?view=azure-cli-latest)
+
+Designed to get you working quickly and efficiently with Azure services, with an emphasis on automation.
+
+For managing Azure Kubernetes, most examples lean towards Azure CLI vs Azure PowerShell. They both work well.
+
+You can find the azure aks related commands at [https://docs.microsoft.com/en-us/cli/azure/aks?view=azure-cli-latest](https://docs.microsoft.com/en-us/cli/azure/aks?view=azure-cli-latest)
+
+Example command
+
+Creating an AKS cluster
+
+```
+az aks create -g MyResourceGroup -n MyManagedCluster –kubernetes-version 1.13.9 –vm-set-type AvailabilitySet
+```
+
+[ARM Templates](https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/overview)
+
+To implement infrastructure as code for your Azure solutions, use Azure Resource Manager templates. The template is a JavaScript Object Notation (JSON) file that defines the infrastructure and configuration for your project. This is typically when you built your AKS cluster manually and have a good idea on the settings and relationships with other azure resources such as ACR, virtual networks and load balancers, that you want to build ARM templates to have an automated and repeatable deployment across dev, test and production environments.
+
+You can find sample ARM templates related to AKS at [https://github.com/Azure/azure-quickstart-templates/tree/master/101-aks](https://github.com/Azure/azure-quickstart-templates/tree/master/101-aks). You can find other AKS related samples in this repo. At first it is a learning curve to get going and understand the syntax and how it all works. In my experiences it works well.
+
+### **VS Code Extension** : [**Azure Resource Manager Tools**](https://marketplace.visualstudio.com/items?itemName=msazurermtools.azurerm-vscode-tools)
+
+Provides language support for Azure Resource Manager deployment templates and template language expressions. This is used to provide a better developer experience in VS Code when building out ARM Templates for AKS and its dependent azure resources such as virtual networks.
+
+### **VS Code Extension** : [Kubernetes](https://marketplace.visualstudio.com/items?itemName=ms-kubernetes-tools.vscode-kubernetes-tools)
+
+The extension for developers building applications to run in Kubernetes clusters and for DevOps staff troubleshooting Kubernetes applications.
+
+![](media/vscode-extension-kubernetes.png)
+
+Works with any Kubernetes anywhere (Azure, Minikube, AWS, GCP and more!).
+
+### [Skaffold](https://skaffold.dev/)
+
+Skaffold handles the workflow for building, pushing and deploying your application, allowing you to focus on what matters most: writing code.
+
+![](media/skaffold.png)
+
+This tool is more for the app developer in a dev environment. A scenario that is cool is when a developer makes a change in the code, scaffold will build an image and can deploy the helm chart into your development Kubernetes environment. It basically streamlines the process from code to running app in Kubernetes. It is a mini CI/CD pipeline, although it an integrate into a rigorous CI/CD pipeline tool such as Azure DevOps Pipelines.
+
+### [Istio](https://istio.io/docs/concepts/what-is-istio/) as a service mesh
+
+Istio helps reduce the complexity of these deployments, and eases the strain on your development teams. It is a completely open source service mesh that layers transparently onto existing distributed applications. It is also a platform, including APIs that let it integrate into any logging platform, or telemetry or policy system.
+
+### [Prometheus](https://prometheus.io/docs/introduction/overview/) for monitoring
+
+Prometheus is a popular open source monitoring and alerting toolkit. Prometheus can integrate with [Azure Monitor for containers](https://azure.microsoft.com/en-ca/blog/azure-monitor-for-containers-with-prometheus-now-in-preview/).
+
+![](media/prometheus.png)
+
+Typically, to use Prometheus you need to setup and manage a Prometheus server with a database. With the Azure Monitor integration, no Prometheus server is needed.