Added more updates to logging and ACR CI/CD

_entries/02-05 challenge3.md

@@ -33,7 +33,49 @@ Use a combination of the available tools to setup alerting capabilities for your
 
 - Identify which pods are causing trouble
   ![Pod utilization](media/podmetrics.png)
-  
+
+#### View the live container logs
+
+If the cluster is RBAC enabled, you have to create the appropriate `ClusterRole` and `ClusterRoleBinding`.
+
+Save the YAML below as `logreader-rbac.yaml` or download it from [logreader-rbac.yaml](yaml-solutions/01. challenge-03/logreader-rbac.yaml)
+
+```yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+   name: containerHealth-log-reader
+rules:
+   - apiGroups: [""]
+     resources: ["pods/log"]
+     verbs: ["get"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+   name: containerHealth-read-logs-global
+roleRef:
+  kind: ClusterRole
+  name: containerHealth-log-reader
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+   - kind: User
+     name: clusterUser
+     apiGroup: rbac.authorization.k8s.io
+```
+
+And deploy it using
+
+```sh
+kubectl apply -f logreader-rbac.yaml
+```
+
+If you have a Kubernetes cluster that is not configured with Kubernetes RBAC authorization or integrated with Azure AD single-sign on, you do not need to follow the steps above. Because Kubernetes authorization uses the kube-api, read-only permissions is required.
+
+Head over to the AKS cluster on the Azure portal, click on **Insights** under **Monitoring**, click on the **Containers** tab and pick a container to view its live logs and debug what is going on.
+
+![media/livelogs.png]
+
 {% endcollapsible %}
 
 > **Resources**

_entries/03-01 acr.md

@@ -14,7 +14,7 @@ Instead of using the public Docker Hub registry, create your own private contain
 {% collapsible %}
 
 ```sh
-az acr create --resource-group akschallenge --name <unique-acr-name> --sku Standard
+az acr create --resource-group akschallenge --name <unique-acr-name> --sku Standard --location eastus
 ```
 
 {% endcollapsible %}

_entries/03-02 cicd.md

@@ -20,11 +20,29 @@ You are required to create a robust DevOps pipeline supporting CI/CD to deploy c
 
 If you peek into the solutions, they're using Azure DevOps. You may choose doing the same process on Jenkins or another CI/CD tool of your choice.
 
+#### Create an Azure DevOps account
+
+{% collapsible %}
+
+Go to <https://dev.azure.com> and sign-in with your Azure subscription credentials.
+
+If this is your first time to provision an Azure DevOps account, you'll be taken through a quick wizard to create a new organization.
+
+![media/getstarted-devops.png]
+
+{% endcollapsible %}
+
+### Create a project
+
+Create a new private project, call it **azch-captureorder**
+
+![media/createproject.png]
+
 #### Fork the source repositories on GitHub or import them to Azure Repos
 
 {% collapsible %}
 
-Create a new project on Azure DevOps then import the code of `captureorder` service located at <http://github.com/Azure/azch-captureorder.git>
+Click on **Repos** then import the code of the `captureorder` service from the public GitHub repository located at <http://github.com/Azure/azch-captureorder.git>
 
 ![Import repository to Azure Repos](media/cicd/0-import-repo.png)
 

yaml-solutions/01. challenge-03/logreader-rbac.yaml

@@ -0,0 +1,21 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+   name: containerHealth-log-reader
+rules:
+   - apiGroups: [""]
+     resources: ["pods/log"]
+     verbs: ["get"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+   name: containerHealth-read-logs-global
+roleRef:
+  kind: ClusterRole
+  name: containerHealth-log-reader
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+   - kind: User
+     name: clusterUser
+     apiGroup: rbac.authorization.k8s.io