├── .gitignore ├── Day-01 ├── 01-basics.md └── 02-important-concepts.md ├── Day-02 ├── 01-regions.md └── 02-IaaS-PaaS-SaaS.md ├── Day-03 └── 01-basics.md ├── Day-04 ├── 01-virtualization.md ├── 02-vm-types.md └── 03-useful-links.md ├── Day-05 └── concepts.md ├── Day-06 └── concepts.md ├── Day-07 └── 01-nginx-install.md ├── Day-08 └── interview-questions.md ├── Day-09 ├── 01-azure-blob.md ├── 02-azure-file-storage.md ├── 03-azure-tables.md └── 04-azure-queue-storage.md ├── Day-10 ├── 01-install.md └── 02-create-vm.md ├── Day-11 ├── 01-storage-account │ ├── 01-storage-account.json │ └── 02-deploy.md ├── 02-virtual-machine │ ├── 01-create-vm.json │ └── 02-deploy-vm.md └── README.md ├── Day-12 └── 01-commands.md ├── Day-15 ├── create-acr-secret-command.md ├── updateK8sManifests.sh └── vote-pipeline.yaml ├── Day-18 └── 01-azure-devops-interview-questions.md ├── Day-20 ├── 01-aks-setup.md ├── 02-secret-store-csi-driver-config.md ├── 03-verify-integration.md └── 04-delete-setup.md ├── Day-22 └── 01-create-function-app.sh ├── Day-23 ├── backend.tf └── main.tf ├── LICENSE └── README.md /.gitignore: -------------------------------------------------------------------------------- 1 | # If you prefer the allow list template instead of the deny list, see community template: 2 | # https://github.com/github/gitignore/blob/main/community/Golang/Go.AllowList.gitignore 3 | # 4 | # Binaries for programs and plugins 5 | *.exe 6 | *.exe~ 7 | *.dll 8 | *.so 9 | *.dylib 10 | 11 | # Test binary, built with `go test -c` 12 | *.test 13 | 14 | # Output of the go coverage tool, specifically when used with LiteIDE 15 | *.out 16 | 17 | # Dependency directories (remove the comment below to include it) 18 | # vendor/ 19 | 20 | # Go workspace file 21 | go.work 22 | -------------------------------------------------------------------------------- /Day-01/01-basics.md: -------------------------------------------------------------------------------- 1 | # Basics of Cloud Computing 2 | 3 | ## What is Cloud ? 4 | 5 | In simpler terms, imagine the cloud as a vast, virtual space where you can store files, run software, and access various services over the internet. 6 | 7 | It's like having a powerful computer somewhere out there on the web that you can use for tasks without needing to own or physically manage the hardware. This allows users to access data and applications from anywhere with an internet connection. 8 | 9 | ## What is Cloud Computing ? 10 | 11 | Cloud computing is a technology model that involves the delivery of computing services over the internet. Instead of owning and maintaining physical servers and infrastructure, users can access and use computing resources, applications, and storage provided by either third-party service providers (public cloud) or their own organization (private cloud) through the internet. These services are hosted in data centers located around the world. 12 | 13 | In essence, cloud computing can involve both third-party providers (public cloud) and an organization's internal resources (private cloud). The distinction lies in whether the computing resources are shared among multiple customers (public cloud) or dedicated to a single organization (private cloud). The flexibility of cloud computing allows organizations to choose the deployment model that best aligns with their needs and requirements. 14 | 15 | ## Public Cloud: 16 | 17 | **Who Uses It:** Everyone, like individuals, businesses, and organizations. 18 | 19 | **What It's Like:** Imagine a giant, shared computer space on the internet. It's like using apps, storing files, or doing tasks on the internet that anyone can access. 20 | 21 | **Example:** Think of Google Drive or Amazon Web Services (AWS). 22 | 23 | ## Private Cloud: 24 | 25 | **Who Uses It:** One specific organization or business. 26 | 27 | **What It's Like:** Picture having your own personal, private computer space. It's like a digital clubhouse where only you and your team have access. Others can't just drop in. 28 | 29 | **Example:** A company using its own server for all its digital needs. 30 | 31 | ## Hybrid Cloud: 32 | 33 | **Who Uses It:** A mix of everyone, depending on needs. 34 | 35 | **What It's Like:** It's like having your private computer space, but sometimes you use the shared internet space too. 36 | 37 | **Example:** A business storing sensitive data in its private space but using the public cloud for extra storage or specific tasks. 38 | 39 | ### In a Nutshell: 40 | 41 | **Public Cloud:** Shared digital space for everyone. 42 | 43 | **Private Cloud:** Your own exclusive digital space. 44 | 45 | **Hybrid Cloud:** Using both your private space and the shared online space when needed. -------------------------------------------------------------------------------- /Day-01/02-important-concepts.md: -------------------------------------------------------------------------------- 1 | # Vocabulary in Cloud Computing 2 | 3 | ## Virtualization 4 | 5 | Virtualization is the process of creating a virtual version of something, such as an operating system, server, storage, or network resources. 6 | 7 | ## Virtual Machine 8 | 9 | A Virtual Machine (VM) is a software-based emulation of a physical computer. It allows running multiple operating systems on a single physical machine. 10 | 11 | ## API (Application Programming Interface) 12 | 13 | API is a set of rules and protocols that allows different software applications to communicate with each other. It defines how software components should interact. 14 | 15 | ## Regions 16 | 17 | Regions in cloud computing refer to geographic locations where cloud providers have data centers. Each region contains multiple data centers. 18 | 19 | ## Availability Zones 20 | 21 | Availability Zones are isolated locations within a region that have their own power, cooling, and networking. They are designed to provide high availability and fault tolerance. 22 | 23 | ## Scalability 24 | 25 | Scalability is the ability of a system to handle an increasing amount of work or its potential to be enlarged to accommodate that growth. 26 | 27 | ## Elasticity 28 | 29 | Elasticity in cloud computing refers to the ability to dynamically scale resources up or down based on demand. 30 | 31 | ## Agility 32 | 33 | Agility is the capability of quickly and easily adapting to changes. In the context of cloud computing, it involves the rapid deployment of resources and applications. 34 | 35 | ## High Availability 36 | 37 | High Availability (HA) ensures that a system or application is operational and accessible for a high percentage of time, typically 99.9% or higher. 38 | 39 | ## Fault Tolerance 40 | 41 | Fault Tolerance is the ability of a system to continue operating without interruption in the presence of hardware or software failures. 42 | 43 | ## Disaster Recovery 44 | 45 | Disaster Recovery involves the planning and processes for restoring and recovering data and systems after a natural or human-induced disaster. 46 | 47 | ## Load Balancing 48 | 49 | Load Balancing is the distribution of network traffic or computing workload across multiple servers to ensure no single server is overwhelmed. 50 | -------------------------------------------------------------------------------- /Day-02/01-regions.md: -------------------------------------------------------------------------------- 1 | # Exploring Regions and Availability Zones in Azure 2 | 3 | ## Regions in Azure 4 | 5 | Azure is a cloud computing platform provided by Microsoft, and it is globally distributed across multiple geographic locations known as regions. Each Azure region is a set of data centers deployed within a defined geographic area, and it is designed to provide low-latency access to Azure services for users and applications in that region. 6 | 7 | ### Key Points about Azure Regions: 8 | 9 | - **Global Presence:** Azure has a vast global presence with data centers strategically located around the world. 10 | 11 | - **Region Pairing:** Azure regions are often paired for data redundancy and resiliency. In the event of a regional failure, paired regions can help ensure continuity. 12 | 13 | - **Compliance and Data Residency:** Organizations can choose specific regions to comply with data residency requirements and regulations. 14 | 15 | ## Availability Zones in Azure 16 | 17 | Azure Availability Zones are part of Azure's high-availability architecture, providing redundancy and resiliency for applications and data. Each Azure region is divided into multiple Availability Zones, which are essentially unique physical locations with independent power, cooling, and networking. 18 | 19 | ### Key Points about Azure Availability Zones: 20 | 21 | - **High Availability:** By distributing resources across Availability Zones, Azure ensures that applications remain available even in the face of localized failures, such as hardware or network failures. 22 | 23 | - **Fault Isolation:** Availability Zones are designed to be isolated from one another, meaning a failure in one zone does not impact the availability of resources in other zones. 24 | 25 | - **Multi-Data Center Architectures:** Availability Zones are essential for designing and deploying multi-data center architectures in Azure. 26 | 27 | ## How to Choose Regions and Availability Zones 28 | 29 | When deploying resources in Azure, it's crucial to consider factors such as: 30 | 31 | - **Proximity to Users:** Choose a region that is geographically close to your users to minimize latency. 32 | 33 | - **Compliance Requirements:** Ensure that the chosen region complies with regulatory and data residency requirements. 34 | 35 | - **High Availability Needs:** If high availability is a priority, distribute resources across multiple Availability Zones within a region. 36 | 37 | - **Disaster Recovery Planning:** Leverage region pairing for effective disaster recovery planning. 38 | 39 | 40 | -------------------------------------------------------------------------------- /Day-02/02-IaaS-PaaS-SaaS.md: -------------------------------------------------------------------------------- 1 | # IaaS vs PaaS vs SaaS models in Azure 2 | 3 | ## Infrastructure as a Service (IaaS) 4 | 5 | IaaS is a cloud computing model that provides virtualized computing resources over the internet. In Azure, IaaS offerings include virtual machines, storage, and networking components. Users have more control over the infrastructure but are responsible for managing and maintaining the operating system, middleware, and applications. 6 | 7 | ### Key Characteristics of Azure IaaS: 8 | 9 | - **Scalability:** Easily scale resources up or down based on demand. 10 | 11 | - **Full Control:** Users have control over the underlying infrastructure, including operating systems and applications. 12 | 13 | - **Flexibility:** IaaS is suitable for a wide range of applications, offering flexibility in terms of technology stack. 14 | 15 | ## Platform as a Service (PaaS) 16 | 17 | PaaS is a cloud computing model that provides a platform allowing customers to develop, run, and manage applications without dealing with the complexity of underlying infrastructure. In Azure, PaaS offerings include Azure App Service, Azure SQL Database, and Azure Functions. 18 | 19 | ### Key Characteristics of Azure PaaS: 20 | 21 | - **Simplified Development:** Developers can focus on coding and application logic, while Azure manages the underlying infrastructure. 22 | 23 | - **Automatic Scaling:** PaaS offerings often include built-in scaling capabilities, automatically adjusting resources based on demand. 24 | 25 | - **Reduced Maintenance:** Azure handles tasks like patching, updates, and maintenance, freeing up resources for innovation. 26 | 27 | ## Software as a Service (SaaS) 28 | 29 | SaaS is a cloud computing model that delivers software applications over the internet. Users can access the software through a web browser without the need for installation or maintenance. In Azure, SaaS offerings include Microsoft 365, Dynamics 365, and many third-party applications. 30 | 31 | ### Key Characteristics of Azure SaaS: 32 | 33 | - **Accessibility:** Access software applications from any device with an internet connection. 34 | 35 | - **Managed by Providers:** SaaS providers handle maintenance, updates, and security, reducing the burden on end-users. 36 | 37 | - **Subscription-Based:** SaaS applications are typically offered on a subscription basis, allowing users to pay for what they use. 38 | 39 | ## Choosing the Right Model in Azure 40 | 41 | When deciding between IaaS, PaaS, and SaaS in Azure, consider factors such as: 42 | 43 | - **Development Needs:** Choose PaaS for streamlined development, IaaS for more control, and SaaS for off-the-shelf solutions. 44 | 45 | - **Maintenance Preferences:** If you want to minimize maintenance tasks, opt for PaaS or SaaS. 46 | 47 | - **Resource Control:** Choose IaaS if you need more control over the underlying infrastructure. 48 | 49 | - **Cost Considerations:** Evaluate pricing models for each service and choose based on your budget and usage patterns. -------------------------------------------------------------------------------- /Day-03/01-basics.md: -------------------------------------------------------------------------------- 1 | # Azure Resources 2 | 3 | Azure resources are the building blocks of your cloud infrastructure in Microsoft Azure. These resources can be virtual machines, databases, storage accounts, or any other service offered by Azure. Each resource is a manageable item in Azure, and they are provisioned and managed individually. 4 | 5 | ## Resource Groups in Azure 6 | 7 | A **Resource Group** in Azure is a logical container for resources that share the same lifecycle, permissions, and policies. It helps you organize and manage related Azure resources efficiently. Resources within a group can be deployed, updated, and deleted together as a single management unit. 8 | 9 | ### Key Points about Resource Groups: 10 | 11 | - **Lifecycle Management:** Resources within a group can be managed collectively, making it easy to handle deployments, updates, and deletions. 12 | 13 | - **Resource Organization:** Grouping resources based on projects, environments, or applications helps keep your Azure environment well-organized. 14 | 15 | - **Role-Based Access Control (RBAC):** Permissions and access control are applied at the resource group level, allowing you to manage who can access and modify resources within a group. 16 | 17 | ## Azure Resource Manager (ARM) Overview 18 | 19 | **Azure Resource Manager (ARM)** is the deployment and management service for Azure. It provides a consistent management layer that enables you to deploy resources with declarative templates. ARM templates describe the resources you need and their configurations, allowing you to deploy and update resources in a predictable manner. 20 | 21 | ### Key Features of Azure Resource Manager: 22 | 23 | - **Template-Based Deployment:** ARM uses JSON templates to define the infrastructure and configuration of your Azure resources. This enables repeatable and consistent deployments. 24 | 25 | - **Dependency Management:** ARM automatically handles dependencies between resources, ensuring they are deployed in the correct order. 26 | 27 | - **Rollback and Roll-forward:** In case of deployment failures, ARM can automatically roll back changes to maintain the desired state, or roll forward to the last known good state. 28 | 29 | - **Tagging and Categorization:** You can use tags to label and categorize resources, making it easier to manage and organize your Azure environment. 30 | 31 | **Note:** Understanding Azure resources, resource groups, and Azure Resource Manager is fundamental to effectively utilize and manage your resources in the Azure cloud. 32 | 33 | -------------------------------------------------------------------------------- /Day-04/01-virtualization.md: -------------------------------------------------------------------------------- 1 | # Virtualization: An In-Depth Explanation 2 | 3 | ## Background 4 | 5 | In traditional computing, a single physical server runs a single operating system, and applications are installed directly on that OS. This approach has limitations, such as underutilization of hardware resources, difficulty in managing multiple servers, and lack of flexibility in scaling. 6 | 7 | **Virtualization** addresses these challenges by introducing a layer of abstraction between the hardware and the operating system. It enables the creation of multiple virtual instances, each running its own operating system and applications, on a single physical server. This technology has become fundamental in modern data centers and cloud computing environments. 8 | 9 | ## Components of Virtualization 10 | 11 | 1. **Hypervisor (Virtual Machine Monitor):** 12 | - The hypervisor is a crucial component of virtualization. It sits between the hardware and the operating systems, managing and allocating resources to virtual machines (VMs). 13 | - There are two types of hypervisors: Type 1 (bare-metal) runs directly on the hardware, while Type 2 (hosted) runs on top of an existing operating system. 14 | 15 | 2. **Virtual Machines (VMs):** 16 | - VMs are the instances created by the hypervisor. Each VM operates as an independent computer with its own virtualized hardware, including CPU, memory, storage, and network interfaces. 17 | - Multiple VMs can run on a single physical server, allowing for efficient resource utilization. 18 | 19 | ## Key Concepts in Virtualization 20 | 21 | 1. **Server Virtualization:** 22 | - In server virtualization, a physical server is divided into multiple VMs, each running its own OS. This allows for better utilization of hardware resources and easier management of servers. 23 | 24 | 2. **Resource Pooling:** 25 | - Virtualization enables the pooling of physical resources, such as CPU, memory, and storage. These resources can be dynamically allocated to VMs based on demand. 26 | 27 | 3. **Isolation:** 28 | - VMs operate independently of each other. This isolation ensures that issues in one VM do not affect others, providing a more secure and stable environment. 29 | 30 | 4. **Snapshotting and Cloning:** 31 | - Virtualization allows the creation of snapshots, which capture the state of a VM at a specific point in time. This facilitates easy backup and recovery. Cloning enables the rapid duplication of VMs for scalability. 32 | 33 | ## Benefits of Virtualization 34 | 35 | 1. **Server Consolidation:** 36 | - Multiple VMs can run on a single physical server, reducing the need for a large number of physical machines. This leads to cost savings and energy efficiency. 37 | 38 | 2. **Flexibility and Scalability:** 39 | - Virtualization allows for the easy creation, modification, and scaling of VMs. This flexibility is essential in dynamic computing environments. 40 | 41 | 3. **Disaster Recovery:** 42 | - Virtualization simplifies disaster recovery by enabling the quick restoration of VMs from snapshots or backups. 43 | 44 | 4. **Resource Optimization:** 45 | - Resources can be allocated and deallocated dynamically based on workload, optimizing resource utilization. 46 | 47 | 5. **Testing and Development:** 48 | - Virtualization provides a sandbox for testing and development. VMs can be easily created, modified, and discarded without affecting the production environment. -------------------------------------------------------------------------------- /Day-04/02-vm-types.md: -------------------------------------------------------------------------------- 1 | # Types of Virtual Machines on Azure 2 | 3 | Azure provides a variety of virtual machine (VM) offerings to cater to different workload requirements. Each VM type is designed with specific hardware configurations to meet diverse performance and scalability needs. 4 | 5 | ## General Purpose VMs 6 | 7 | **Example: Standard_D2s_v3** 8 | 9 | - **Description:** General-purpose VMs are well-balanced machines suitable for a variety of workloads. They offer a good balance of CPU-to-memory ratio and are suitable for development, testing, and small to medium-sized databases. 10 | 11 | - **Use Case:** Hosting websites, lightweight applications, or development and testing environments. 12 | 13 | ## Compute Optimized VMs 14 | 15 | **Example: Standard_F2s_v2** 16 | 17 | - **Description:** Compute optimized VMs are designed for compute-intensive workloads that require high CPU power. They provide a high CPU-to-memory ratio, making them suitable for data analytics and computational tasks. 18 | 19 | - **Use Case:** Batch processing, gaming applications, and other CPU-intensive workloads. 20 | 21 | ## Memory Optimized VMs 22 | 23 | **Example: Standard_E16s_v3** 24 | 25 | - **Description:** Memory optimized VMs are tailored for memory-intensive applications. They provide a high memory-to-CPU ratio, making them suitable for databases, in-memory caching, and analytics. 26 | 27 | - **Use Case:** Running large databases, in-memory caching, and analytics applications. 28 | 29 | ## Storage Optimized VMs 30 | 31 | **Example: Standard_L8s_v2** 32 | 33 | - **Description:** Storage optimized VMs are designed for workloads that require high storage throughput and I/O performance. They provide high local disk throughput, making them suitable for big data and large databases. 34 | 35 | - **Use Case:** Big data applications, data warehousing, and large-scale databases. 36 | 37 | ## GPU VMs 38 | 39 | **Example: Standard_NC6s_v3** 40 | 41 | - **Description:** GPU (Graphics Processing Unit) VMs are equipped with powerful graphics processors, suitable for graphics-intensive applications and parallel processing tasks. 42 | 43 | - **Use Case:** Machine learning, graphics rendering, and simulations that require GPU acceleration. 44 | 45 | ## High-Performance Compute VMs 46 | 47 | **Example: Standard_H16r** 48 | 49 | - **Description:** High-Performance Compute VMs are designed for demanding, parallel processing and high-performance computing (HPC) applications. 50 | 51 | - **Use Case:** Simulations, modeling, and scenarios that require massive parallel processing. 52 | 53 | ## Burstable VMs 54 | 55 | **Example: B1s** 56 | 57 | - **Description:** Burstable VMs provide a baseline level of CPU performance with the ability to burst above the baseline for a certain period. They are cost-effective for workloads with varying CPU usage. 58 | 59 | - **Use Case:** Development and testing environments, small websites, and applications with variable workloads. -------------------------------------------------------------------------------- /Day-04/03-useful-links.md: -------------------------------------------------------------------------------- 1 | # References 2 | 3 | ### Azure Virtual Machine Series 4 | https://azure.microsoft.com/en-in/pricing/details/virtual-machines/series/ 5 | 6 | ### Jenkins Installation Steps 7 | https://github.com/iam-veeramalla/Jenkins-Zero-To-Hero 8 | 9 | ### Download Git Bash 10 | https://git-scm.com/downloads 11 | -------------------------------------------------------------------------------- /Day-05/concepts.md: -------------------------------------------------------------------------------- 1 | # Azure Networking 2 | 3 | ## Virtual Network 4 | 5 | A Virtual Network (VNet) in Azure is a logically isolated network that securely connects Azure resources and extends on-premises networks. Key features include: 6 | 7 | - **Isolation**: VNets provide isolation at the network level for segmenting resources and controlling traffic. 8 | 9 | - **Subnetting**: Divide a VNet into subnets for resource organization and traffic control. 10 | 11 | - **Address Space**: VNets have an address space defined using CIDR notation, determining the IP address range. 12 | 13 | ## Subnets, CIDR 14 | 15 | ### Subnets 16 | 17 | Subnets are subdivisions of a Virtual Network, allowing for better organization and traffic management. 18 | 19 | ### CIDR (Classless Inter-Domain Routing) 20 | 21 | CIDR notation represents IP addresses and their routing prefix, specifying the range of IP addresses for a network. 22 | 23 | ## Routes and Route Tables 24 | 25 | ### Routes 26 | 27 | Routes dictate how network traffic is directed, specifying the destination and next hop. 28 | 29 | ### Route Tables 30 | 31 | Route Tables are collections of routes associated with subnets, enabling custom routing rules. 32 | 33 | ## Network Security Groups (NSGs) 34 | 35 | NSGs are fundamental for Azure's network security, allowing filtering of inbound and outbound traffic. Key aspects include: 36 | 37 | - **Rules**: NSGs define allowed or denied traffic based on source, destination, port, and protocol. 38 | 39 | - **Default Rules**: NSGs have default rules for controlling traffic within the Virtual Network and between subnets. 40 | 41 | - **Association**: NSGs can be associated with subnets or individual network interfaces. 42 | 43 | ## Application Security Groups (ASGs) 44 | 45 | ASGs group Azure virtual machines based on application requirements, simplifying network security: 46 | 47 | - **Simplification**: ASGs allow defining rules based on application roles instead of individual IP addresses. 48 | 49 | - **Dynamic Membership**: ASGs support dynamic membership based on tags or other attributes. 50 | 51 | - **Rule Association**: Security rules can be associated with ASGs for intuitive and scalable network security management. 52 | -------------------------------------------------------------------------------- /Day-06/concepts.md: -------------------------------------------------------------------------------- 1 | # Azure Networking Advanced 2 | 3 | ## Azure App Gateway & WAF 4 | 5 | Azure Application Gateway is a web traffic load balancer that enables you to manage and route traffic to your web applications. Web Application Firewall (WAF) provides protection against web vulnerabilities. Key features include: 6 | 7 | - **Load Balancing**: Distributes incoming traffic across multiple servers to ensure no single server is overwhelmed. 8 | 9 | - **SSL Termination**: Offloads SSL processing, improving the efficiency of web servers. 10 | 11 | - **Web Application Firewall (WAF)**: Protects web applications from common web vulnerabilities and exploits. 12 | 13 | ## Azure Load Balancer 14 | 15 | Azure Load Balancer distributes incoming network traffic across multiple servers to ensure no single server is overwhelmed. Key features include: 16 | 17 | - **Load Balancing Algorithms**: Supports different algorithms for distributing traffic, such as round-robin and least connections. 18 | 19 | - **Availability Sets**: Works seamlessly with availability sets to ensure high availability. 20 | 21 | - **Inbound and Outbound Traffic**: Balances both inbound and outbound traffic. 22 | 23 | ## Azure DNS 24 | 25 | Azure DNS is a scalable and secure domain hosting service. It provides name resolution using the Microsoft Azure infrastructure. Key features include: 26 | 27 | - **Domain Hosting**: Hosts domain names and provides name resolution within Azure. 28 | 29 | - **Integration with Azure Services**: Easily integrates with other Azure services like App Service and Traffic Manager. 30 | 31 | - **Global Availability**: Provides low-latency responses globally. 32 | 33 | ## Azure Firewall 34 | 35 | Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. Key features include: 36 | 37 | - **Stateful Firewall**: Allows or denies traffic based on rules and supports stateful inspection. 38 | 39 | - **Application FQDN Filtering**: Filters traffic based on fully qualified domain names. 40 | 41 | - **Threat Intelligence Integration**: Integrates with threat intelligence feeds for enhanced security. 42 | 43 | ## Virtual Network Peering and VNet Gateway 44 | 45 | ### Virtual Network Peering 46 | 47 | Virtual Network Peering allows connecting Azure Virtual Networks directly, enabling resources in one VNet to communicate with resources in another. Key features include: 48 | 49 | - **Global VNet Peering**: Peering can be established across regions. 50 | 51 | - **Transitive Routing**: Traffic between peered VNets flows directly, improving performance. 52 | 53 | ### VNet Gateway 54 | 55 | VNet Gateway enables secure communication between on-premises networks and Azure Virtual Networks. Key features include: 56 | 57 | - **Site-to-Site VPN**: Connects on-premises networks to Azure over an encrypted VPN tunnel. 58 | 59 | - **Point-to-Site VPN**: Enables secure remote access to Azure resources. 60 | 61 | ## VPN Gateway 62 | 63 | Azure VPN Gateway provides secure, site-to-site connectivity between your on-premises network and Azure. Key features include: 64 | 65 | - **IPsec/IKE VPN Protocols**: Ensures secure communication over the Internet. 66 | 67 | - **High Availability**: Supports active-active and active-passive configurations for high availability. 68 | 69 | - **BGP Support**: Allows dynamic routing between your on-premises network and Azure. 70 | -------------------------------------------------------------------------------- /Day-07/01-nginx-install.md: -------------------------------------------------------------------------------- 1 | # Install and Configure Nginx on Ubuntu 2 | 3 | ## Step 1: Update Package Lists 4 | 5 | Before installing any new software, it's a good practice to update the package lists to ensure you get the latest version. 6 | 7 | ```bash 8 | sudo apt update 9 | sudo apt upgrade 10 | ``` 11 | 12 | ## Step 2: Install Nginx 13 | 14 | Install Nginx using the following command: 15 | 16 | ``` 17 | sudo apt install nginx 18 | ``` 19 | 20 | ## Step 3: Start Nginx Service 21 | 22 | ``` 23 | sudo systemctl start nginx 24 | ``` 25 | 26 | ## Step 4: Create HTML File 27 | 28 | ``` 29 | sudo vim /var/www/html/index.html 30 | ``` 31 | 32 | Add the HTML content, for example. 33 | 34 | ``` 35 | 36 | 37 | 38 | 39 | 40 | Demo Page 41 | 42 | 43 |

I Learnt how networking works in Azure today

44 | 45 | 46 | ``` 47 | 48 | Save the file. 49 | 50 | ### Restart Nginx 51 | 52 | ``` 53 | sudo systemctl restart nginx 54 | ``` 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | -------------------------------------------------------------------------------- /Day-08/interview-questions.md: -------------------------------------------------------------------------------- 1 | # Azure Networking Interview Q&A 2 | 3 | ### What is the difference between NSG and ASG ? 4 | ASGs are applied to VMs and are used in conjunction with NSGs. By associating an ASG tag with a network security rule, you can define rules that apply to a group of VMs sharing the same tag. 5 | ASGs simplify the management of security rules in a multi-tier application by grouping VMs that belong to the same application tier. This makes it easier to apply and manage security policies for a specific application. 6 | 7 | ### How can you block the access to a your vm from a subnet ? 8 | By default traffic is allowed between subnets with in the VNet in Azure. This is because of a default NSG rule “AllowVnetInBound”. 9 | 10 | The priority of this rule is 65000, so we need to create a Deny rule with less than 65000 priority number. 11 | 12 | ### Are Azure NSGs stateful or stateless ? 13 | They are stateful in nature. That means if you allow a port for inbound traffic traffic to receive the request. You don’t have to open the port in outbound rules to send response back. 14 | 15 | Example: If you host a host an application on port 80 in azure vm and allow inbound traffic for customers to access it. You don’t need to open port 80 in outbound traffic to send response back to the customer. 16 | 17 | ### What is the difference between Azure Firewall and NSG ? 18 | Firewall: 19 | Designed for controlling both outbound and inbound traffic to and from resources within a Virtual Network (VNet). 20 | 21 | NSG: 22 | Typically associated with subnets or individual network interfaces to control traffic within a VNet and between VNets. 23 | 24 | ### What are the advantages of resource groups in azure ? 25 | - Logical Organization 26 | - Lifecycle Management 27 | - Resource Group Tagging 28 | - Role-Based Access Control (RBAC) 29 | - Cost Management 30 | - Resource Group Templates (Azure Resource Manager Templates) 31 | - Resource Locks 32 | 33 | ### What is the difference between Azure User Data and Custom Data ? 34 | User data is a new version of custom data and it offers added benefits. User data persists and lives in the cloud, accessible and updatable anytime. Custom data vanishes after first boot, accessible only during VM creation. 35 | 36 | ### What is the difference between Azure App Gateway and Azure LB ? 37 | 38 | #### Azure Application Gateway: 39 | Operates at Layer 7 (Application layer) of the OSI model. 40 | Provides advanced application-level routing, SSL termination, and web application firewall (WAF) capabilities. 41 | Suited for distributing traffic based on application awareness. 42 | 43 | #### Azure Load Balancer: 44 | Operates at Layer 4 (Transport layer) of the OSI model. 45 | Distributes network traffic based on IP address and port. 46 | Suitable for generic TCP/UDP load balancing without application-specific features. 47 | 48 | ### Assume your company is using all the ideal Azure Networking setup and your application is deployed in the web subnet , Explain the traffic flow to your app ? 49 | 50 | #### User Access: 51 | - External users access the application over the internet. 52 | - DNS resolves the application's domain name to the associated public IP address. 53 | 54 | #### Internet Traffic to Azure: 55 | -Incoming internet traffic reaches Azure through Azure Front Door, Azure Application Gateway, or Azure Load Balancer, depending on the specific requirements of the application. 56 | - These services provide load balancing, SSL termination, and other application-level features. 57 | 58 | #### Traffic Routing Within Azure: 59 | - Traffic is directed to the public IP address associated with the Azure Application Gateway or Load Balancer. 60 | - The gateway or load balancer routes traffic to the backend pool of the web servers in the web subnet. 61 | 62 | #### Network Security Group (NSG) Enforcement: 63 | - Network Security Groups associated with the web subnet control inbound and outbound traffic. 64 | - NSG rules ensure that only required traffic is allowed, providing security at the network layer. 65 | - Azure Virtual Network (VNet) Components: 66 | - The web subnet is part of an Azure Virtual Network, which acts as an isolated network environment. 67 | - Subnets within the VNet communicate with each other through the VNet's internal routing. 68 | 69 | #### Application Servers: 70 | - Web servers within the web subnet process incoming requests 71 | 72 | #### Describe the purpose of Azure Bastion and when it is used for secure remote access to virtual machines. 73 | - Secure Remote Access: 74 | - Elimination of Public Internet Exposure: 75 | - Reduced Attack Surface: 76 | - Azure Bastion Integration: 77 | - Simplified Connectivity: 78 | - Azure Portal-Based Access: 79 | - Role-Based Access Control (RBAC): 80 | - Multi-Factor Authentication (MFA): 81 | - Audit and Monitoring: 82 | 83 | 84 | 85 | 86 | -------------------------------------------------------------------------------- /Day-09/01-azure-blob.md: -------------------------------------------------------------------------------- 1 | # Azure Blob Storage 2 | 3 | 1. What is it? 4 | 5 | Azure Blob Storage is a cloud-based object storage solution provided by Microsoft Azure. 6 | It is designed to store and manage large amounts of unstructured data, such as documents, images, videos, and other types of binary and text data. 7 | Blobs are organized into containers, and each blob is assigned a unique URL for access. 8 | 9 | 2. When to use it? 10 | 11 | Use Azure Blob Storage when you need to store and retrieve large amounts of unstructured data. 12 | It is suitable for scenarios like serving images or videos to a website, storing backups, and handling data for analytics and big data processing. 13 | 14 | 3. Example from DevOps Engineer point of view? 15 | 16 | A DevOps engineer may use Azure Blob Storage to store artifacts and binaries produced during the build process, ensuring a centralized and scalable storage solution. 17 | Azure Storage Explorer or Azure CLI can be used to automate the uploading and retrieval of artifacts during deployment pipelines. 18 | 19 | 4. Equivalent service in AWS: 20 | 21 | The equivalent service in AWS is Amazon Simple Storage Service (S3). S3 is also an object storage service designed for scalable and secure storage of objects, such as files and data. -------------------------------------------------------------------------------- /Day-09/02-azure-file-storage.md: -------------------------------------------------------------------------------- 1 | # Azure File Storage 2 | 3 | 1. What is it? 4 | 5 | Azure File Storage is a fully managed file share service in the cloud. 6 | It provides the Server Message Block (SMB) protocol for sharing files across applications and VMs in the Azure cloud. 7 | Azure File Storage is useful for applications that require shared file access, such as configuration files or data files. 8 | 9 | 2. When to use it? 10 | 11 | Use Azure File Storage when you need a shared file system that can be accessed from multiple VMs or applications. 12 | It is suitable for scenarios like storing configuration files, sharing data between applications, and serving as a common storage location for applications in a cloud environment. 13 | 14 | 3. Example from DevOps Engineer point of view? 15 | 16 | A DevOps engineer may leverage Azure File Storage to store configuration files that are shared among multiple application instances. 17 | In a deployment pipeline, scripts or configuration files stored in Azure File Storage can be mounted to VMs or containers during the deployment process. 18 | 19 | 4. Equivalent service in AWS: 20 | 21 | The equivalent service in AWS is Amazon Elastic File System (EFS). EFS provides scalable file storage for use with Amazon EC2 instances, supporting the Network File System (NFS) protocol. -------------------------------------------------------------------------------- /Day-09/03-azure-tables.md: -------------------------------------------------------------------------------- 1 | # Azure Tables 2 | 3 | 1. What is it? 4 | 5 | Azure Tables is a NoSQL data store service provided by Azure. 6 | It stores large amounts of semi-structured data and allows for fast and efficient querying using a key-based access model. 7 | Data is organized into tables, and each table can store billions of entities. 8 | 9 | 2. When to use it? 10 | 11 | Use Azure Tables when you need a highly scalable NoSQL data store for semi-structured data with simple key-based access. 12 | It is suitable for scenarios like storing configuration data, user profiles, and other data where a key-value or key-attribute data model is appropriate. 13 | 14 | 3. Example from DevOps Engineer point of view? 15 | 16 | A DevOps engineer may use Azure Tables to store configuration settings for applications or services. 17 | During the deployment process, scripts can retrieve configuration data from Azure Tables to customize the behavior of deployed applications. 18 | 19 | 4. Equivalent service in AWS: 20 | 21 | While AWS does not have a direct equivalent service for Azure Tables, Amazon DynamoDB is a similar NoSQL database service that provides key-value and document storage. DynamoDB can be used for similar use cases. -------------------------------------------------------------------------------- /Day-09/04-azure-queue-storage.md: -------------------------------------------------------------------------------- 1 | # Azure Queue Storage 2 | 3 | 1. What is it? 4 | 5 | Azure Queue Storage is a message queue service that allows decoupling of components in a distributed application. 6 | It provides a reliable way to store and retrieve messages between application components, ensuring asynchronous communication. 7 | 8 | 2. When to use it? 9 | 10 | Use Azure Queue Storage when you need to enable communication and coordination between different parts of a distributed application. 11 | It is suitable for scenarios like handling background jobs, managing tasks asynchronously, and facilitating communication between loosely coupled components. 12 | 13 | 3. Example from DevOps Engineer point of view? 14 | 15 | A DevOps engineer may use Azure Queue Storage to implement a message queue for processing background tasks or managing communication between microservices. 16 | During deployment, scripts can enqueue messages to trigger specific actions or coordinate tasks between different components. 17 | 18 | 4. Equivalent service in AWS: 19 | 20 | The equivalent service in AWS is Amazon Simple Queue Service (SQS). SQS provides a fully managed message queue service for decoupling components in a distributed system. -------------------------------------------------------------------------------- /Day-10/01-install.md: -------------------------------------------------------------------------------- 1 | # Install Azure CLI 2 | 3 | ### Installation Overview 4 | https://learn.microsoft.com/en-us/cli/azure/install-azure-cli 5 | 6 | ### Install on Windows 7 | https://learn.microsoft.com/en-us/cli/azure/install-azure-cli-windows?tabs=azure-cli 8 | 9 | ### Install on Linux 10 | https://learn.microsoft.com/en-us/cli/azure/install-azure-cli-linux?pivots=apt 11 | 12 | ### Install on Mac 13 | https://learn.microsoft.com/en-us/cli/azure/install-azure-cli-macos 14 | -------------------------------------------------------------------------------- /Day-10/02-create-vm.md: -------------------------------------------------------------------------------- 1 | # Create VM using Azure CLI 2 | 3 | ### Start with creating a Resource Group 4 | 5 | ``` 6 | az group create --name learn-azure-cli --location eastus 7 | ``` 8 | 9 | ### Set the Resource Group as default (Optional) 10 | 11 | ``` 12 | az config set defaults.group=learn-azure-cli 13 | ``` 14 | 15 | ### Create VM with Vnet 16 | 17 | ``` 18 | az vm create \ 19 | --resource-group learn-azure-cli \ 20 | --name vmName \ 21 | --image Ubuntu2204 \ 22 | --vnet-name default \ 23 | --subnet default \ 24 | --generate-ssh-keys \ 25 | --output json \ 26 | --verbose 27 | ``` 28 | 29 | ### Delete the Resource Group to delete all the resources 30 | 31 | ``` 32 | az group delete --name learn-azure-cli 33 | ``` 34 | 35 | -------------------------------------------------------------------------------- /Day-11/01-storage-account/01-storage-account.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", 3 | "contentVersion": "1.0.0.0", 4 | "parameters": {}, 5 | "functions": [], 6 | "variables": {}, 7 | "resources": [ 8 | { 9 | "name": "abhioshekveeramalla11232", 10 | "type": "Microsoft.Storage/storageAccounts", 11 | "apiVersion": "2023-01-01", 12 | "tags": { 13 | "displayName": "abhioshekveeramalla11232" 14 | }, 15 | "location": "[resourceGroup().location]", 16 | "kind": "StorageV2", 17 | "sku": { 18 | "name": "Premium_LRS", 19 | "tier": "Premium" 20 | } 21 | } 22 | ], 23 | "outputs": {} 24 | } -------------------------------------------------------------------------------- /Day-11/01-storage-account/02-deploy.md: -------------------------------------------------------------------------------- 1 | # Steps to deploy storage account arm template 2 | 3 | ### Create resource group 4 | 5 | ``` 6 | az group create --name vscode --location 'Central US' 7 | ``` 8 | 9 | ### Create the storage account 10 | 11 | Switch to the folder where you have the `01-storage-account.json` or similar file 12 | 13 | ``` 14 | az deployment group create --resource-group vscode --template-file 01-storage-account.json 15 | ``` -------------------------------------------------------------------------------- /Day-11/02-virtual-machine/01-create-vm.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", 3 | "contentVersion": "1.0.0.0", 4 | "parameters": {}, 5 | "functions": [], 6 | "variables": {}, 7 | "resources": [ 8 | { 9 | "name": "[toLower('ubuntuVM1storageabhi')]", 10 | "type": "Microsoft.Storage/storageAccounts", 11 | "apiVersion": "2023-01-01", 12 | "location": "[resourceGroup().location]", 13 | "tags": { 14 | "displayName": "ubuntuVM1 Storage Account" 15 | }, 16 | "sku": { 17 | "name": "Standard_LRS" 18 | }, 19 | "kind": "Storage" 20 | }, 21 | { 22 | "name": "ubuntuVM1-PublicIP", 23 | "type": "Microsoft.Network/publicIPAddresses", 24 | "apiVersion": "2023-04-01", 25 | "location": "[resourceGroup().location]", 26 | "tags": { 27 | "displayName": "PublicIPAddress" 28 | }, 29 | "properties": { 30 | "publicIPAllocationMethod": "Dynamic", 31 | "dnsSettings": { 32 | "domainNameLabel": "[toLower('ubuntuVM1')]" 33 | } 34 | } 35 | }, 36 | { 37 | "name": "ubuntuVM1-nsg", 38 | "type": "Microsoft.Network/networkSecurityGroups", 39 | "apiVersion": "2023-04-01", 40 | "location": "[resourceGroup().location]", 41 | "properties": { 42 | "securityRules": [ 43 | { 44 | "name": "nsgRule1", 45 | "properties": { 46 | "description": "description", 47 | "protocol": "Tcp", 48 | "sourcePortRange": "*", 49 | "destinationPortRange": "22", 50 | "sourceAddressPrefix": "*", 51 | "destinationAddressPrefix": "*", 52 | "access": "Allow", 53 | "priority": 100, 54 | "direction": "Inbound" 55 | } 56 | } 57 | ] 58 | } 59 | }, 60 | { 61 | "name": "ubuntuVM1-VirtualNetwork", 62 | "type": "Microsoft.Network/virtualNetworks", 63 | "apiVersion": "2023-04-01", 64 | "location": "[resourceGroup().location]", 65 | "dependsOn": [ 66 | "[resourceId('Microsoft.Network/networkSecurityGroups', 'ubuntuVM1-nsg')]" 67 | ], 68 | "tags": { 69 | "displayName": "ubuntuVM1-VirtualNetwork" 70 | }, 71 | "properties": { 72 | "addressSpace": { 73 | "addressPrefixes": [ 74 | "10.0.0.0/16" 75 | ] 76 | }, 77 | "subnets": [ 78 | { 79 | "name": "ubuntuVM1-VirtualNetwork-Subnet", 80 | "properties": { 81 | "addressPrefix": "10.0.0.0/24", 82 | "networkSecurityGroup": { 83 | "id": "[resourceId('Microsoft.Network/networkSecurityGroups', 'ubuntuVM1-nsg')]" 84 | } 85 | } 86 | } 87 | ] 88 | } 89 | }, 90 | { 91 | "name": "ubuntuVM1-NetworkInterface", 92 | "type": "Microsoft.Network/networkInterfaces", 93 | "apiVersion": "2023-04-01", 94 | "location": "[resourceGroup().location]", 95 | "dependsOn": [ 96 | "[resourceId('Microsoft.Network/publicIPAddresses', 'ubuntuVM1-PublicIP')]", 97 | "[resourceId('Microsoft.Network/virtualNetworks', 'ubuntuVM1-VirtualNetwork')]" 98 | ], 99 | "tags": { 100 | "displayName": "ubuntuVM1-NetworkInterface" 101 | }, 102 | "properties": { 103 | "ipConfigurations": [ 104 | { 105 | "name": "ipConfig1", 106 | "properties": { 107 | "privateIPAllocationMethod": "Dynamic", 108 | "publicIPAddress": { 109 | "id": "[resourceId('Microsoft.Network/publicIPAddresses', 'ubuntuVM1-PublicIP')]" 110 | }, 111 | "subnet": { 112 | "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', 'ubuntuVM1-VirtualNetwork', 'ubuntuVM1-VirtualNetwork-Subnet')]" 113 | } 114 | } 115 | } 116 | ] 117 | } 118 | }, 119 | { 120 | "name": "ubuntuVM1", 121 | "type": "Microsoft.Compute/virtualMachines", 122 | "apiVersion": "2023-03-01", 123 | "location": "[resourceGroup().location]", 124 | "dependsOn": [ 125 | "[resourceId('Microsoft.Network/networkInterfaces', 'ubuntuVM1-NetworkInterface')]" 126 | ], 127 | "tags": { 128 | "displayName": "ubuntuVM1" 129 | }, 130 | "properties": { 131 | "hardwareProfile": { 132 | "vmSize": "Standard_A2_v2" 133 | }, 134 | "osProfile": { 135 | "computerName": "ubuntuVM1", 136 | "adminUsername": "azureuser", 137 | "adminPassword": "azureuser@123" 138 | }, 139 | "storageProfile": { 140 | "imageReference": { 141 | "publisher": "Canonical", 142 | "offer": "UbuntuServer", 143 | "sku": "16.04-LTS", 144 | "version": "latest" 145 | }, 146 | "osDisk": { 147 | "name": "ubuntuVM1-OSDisk", 148 | "caching": "ReadWrite", 149 | "createOption": "FromImage" 150 | } 151 | }, 152 | "networkProfile": { 153 | "networkInterfaces": [ 154 | { 155 | "id": "[resourceId('Microsoft.Network/networkInterfaces', 'ubuntuVM1-NetworkInterface')]" 156 | } 157 | ] 158 | }, 159 | "diagnosticsProfile": { 160 | "bootDiagnostics": { 161 | "enabled": true, 162 | "storageUri": "[reference(resourceId('Microsoft.Storage/storageAccounts/', toLower('ubuntuVM1storageabhi'))).primaryEndpoints.blob]" 163 | } 164 | } 165 | } 166 | } 167 | ], 168 | "outputs": {} 169 | } -------------------------------------------------------------------------------- /Day-11/02-virtual-machine/02-deploy-vm.md: -------------------------------------------------------------------------------- 1 | # Deploy Azure VM using Arm templates 2 | 3 | ### Create resource group if it does not exist 4 | 5 | ``` 6 | az group create --name vscode --location 'Central US' 7 | ``` 8 | 9 | ### Create virtual machine 10 | 11 | Switch to the folder where you have the `01-create-vm.json` file available. 12 | 13 | ``` 14 | az deployment group create --resource-group vscode --template-file 01-create-vm.json 15 | ``` -------------------------------------------------------------------------------- /Day-11/README.md: -------------------------------------------------------------------------------- 1 | # Azure Resource Manager Templates -------------------------------------------------------------------------------- /Day-12/01-commands.md: -------------------------------------------------------------------------------- 1 | # Commands to access Blob from the Virtual Machine 2 | 3 | ### Fetch the access token 4 | 5 | ``` 6 | access_token=$(curl 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fstorage.azure.com%2F' -H Metadata:true | jq -r '.access_token') 7 | ``` 8 | 9 | 10 | ### Access the blob from Virtual Machine 11 | 12 | storage_account_name="" 13 | container_name="" 14 | blob_name="" 15 | 16 | ``` 17 | curl "https://$storage_account_name.blob.core.windows.net/$container_name/$blob_name" -H "x-ms-version: 2017-11-09" -H "Authorization: Bearer $access_token" 18 | ``` 19 | 20 | -------------------------------------------------------------------------------- /Day-15/create-acr-secret-command.md: -------------------------------------------------------------------------------- 1 | # Command to create ACR ImagePullSecret 2 | 3 | ``` 4 | kubectl create secret docker-registry \ 5 | --namespace \ 6 | --docker-server=.azurecr.io \ 7 | --docker-username= \ 8 | --docker-password= 9 | ``` -------------------------------------------------------------------------------- /Day-15/updateK8sManifests.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -x 4 | 5 | # Set the repository URL 6 | REPO_URL="https://@dev.azure.com//voting-app/_git/voting-app" 7 | 8 | # Clone the git repository into the /tmp directory 9 | git clone "$REPO_URL" /tmp/temp_repo 10 | 11 | # Navigate into the cloned repository directory 12 | cd /tmp/temp_repo 13 | 14 | # Make changes to the Kubernetes manifest file(s) 15 | # For example, let's say you want to change the image tag in a deployment.yaml file 16 | sed -i "s|image:.*|image: /$2:$3|g" k8s-specifications/$1-deployment.yaml 17 | 18 | # Add the modified files 19 | git add . 20 | 21 | # Commit the changes 22 | git commit -m "Update Kubernetes manifest" 23 | 24 | # Push the changes back to the repository 25 | git push 26 | 27 | # Cleanup: remove the temporary directory 28 | rm -rf /tmp/temp_repo 29 | -------------------------------------------------------------------------------- /Day-15/vote-pipeline.yaml: -------------------------------------------------------------------------------- 1 | # Docker 2 | # Build and push an image to Azure Container Registry 3 | # https://docs.microsoft.com/azure/devops/pipelines/languages/docker 4 | 5 | trigger: 6 | paths: 7 | include: 8 | - vote/* 9 | 10 | resources: 11 | - repo: self 12 | 13 | variables: 14 | # Container registry service connection established during pipeline creation 15 | dockerRegistryServiceConnection: '6d98ab55-5471-477e-b47c-a3c92999a578' 16 | imageRepository: 'votingapp' 17 | containerRegistry: 'abhishekazurecicd.azurecr.io' 18 | dockerfilePath: '$(Build.SourcesDirectory)/result/Dockerfile' 19 | tag: '$(Build.BuildId)' 20 | 21 | pool: 22 | name: 'azureagent' 23 | 24 | 25 | stages: 26 | - stage: Build 27 | displayName: Build 28 | jobs: 29 | - job: Build 30 | displayName: Build 31 | steps: 32 | - task: Docker@2 33 | displayName: Build an image 34 | inputs: 35 | containerRegistry: '$(dockerRegistryServiceConnection)' 36 | repository: '$(imageRepository)' 37 | command: 'build' 38 | Dockerfile: 'vote/Dockerfile' 39 | tags: '$(tag)' 40 | - stage: Push 41 | displayName: Push 42 | jobs: 43 | - job: Push 44 | displayName: Push 45 | steps: 46 | - task: Docker@2 47 | displayName: Build an image 48 | inputs: 49 | containerRegistry: '$(dockerRegistryServiceConnection)' 50 | repository: '$(imageRepository)' 51 | command: 'push' 52 | tags: '$(tag)' 53 | - stage: Update 54 | displayName: Update 55 | jobs: 56 | - job: Update 57 | displayName: Update 58 | steps: 59 | - task: ShellScript@2 60 | inputs: 61 | scriptPath: 'scripts/updateK8sManifests.sh' 62 | args: 'vote $(imageRepository) $(tag)' 63 | -------------------------------------------------------------------------------- /Day-18/01-azure-devops-interview-questions.md: -------------------------------------------------------------------------------- 1 | # Azure DevOps Interview Questions 2 | 3 | ### Complete CI/CD Pipeline process: 4 | 5 | Scenario: How does the Azure DevOps CI/CD Pipeline look in your organization ? 6 | 7 | Continuous Integration (CI): 8 | 9 | Triggers on code changes. 10 | Clones code from repository. 11 | Runs unit tests and static code analysis. 12 | Builds artifacts (e.g., compiled code, container images). 13 | Stores artifacts in Azure Pipelines artifacts for deployment. 14 | 15 | Continuous Delivery (CD): 16 | 17 | Triggers on successful CI completion or manually. 18 | Deploys artifacts to designated environments (staging, production). 19 | Runs environment-specific tests (e.g., integration, acceptance). 20 | Approvals or gates can be implemented before deployment. 21 | Optionally, rolls back deployments if issues arise. 22 | 23 | ### Securing Sensitive Information in Pipelines: 24 | 25 | Scenario: You need to securely store API keys and other secrets used in your pipeline tasks. How would you ensure their protection while maintaining pipeline functionality? 26 | 27 | Answer: Explain using Azure Key Vault to store secrets and access them using managed identities or service connections with minimal privileges. Emphasize avoiding hardcoding secrets in the pipeline script. 28 | 29 | ### Integrating Azure Container Registry (ACR) with Pipelines: 30 | 31 | Scenario: Your application uses Docker containers. How would you integrate ACR with Azure Pipelines for building, pushing, and deploying container images? 32 | 33 | Answer: Describe the process of configuring Docker tasks in the pipeline to build images, authenticate with ACR using service connections, push images to the registry, and deploy them to specific environments. 34 | 35 | ### Debugging Pipeline Failures: 36 | 37 | Scenario: Your pipeline consistently fails at a specific stage. How would you approach troubleshooting and identifying the root cause of the issue? 38 | 39 | Answer: Highlight utilizing built-in debugging tools like logs, pipeline diagnostics, and Azure Monitor, alongside manual code review and environment checks. Mention potential causes like resource constraints, task configuration errors, or infrastructure issues. 40 | 41 | ### Handling Code Merges and Rollbacks in Pipelines: 42 | 43 | Scenario: You discover a critical bug in the recently deployed production environment. How would you leverage Azure Pipelines for a rollback and ensure safe merging of a fix? 44 | 45 | Answer: Explain using deployment environments and conditional triggers to target specific environments. Discuss leveraging branching strategies and continuous deployment practices to revert changes and integrate a fix seamlessly. 46 | 47 | ### Utilizing Azure Runners for Self-Hosted Environments: 48 | 49 | Scenario: Your company has specific infrastructure requirements and needs to run pipelines on self-hosted machines. How would you leverage Azure Runners for this purpose? 50 | 51 | Answer: Discuss configuring and managing self-hosted runners, ensuring security considerations like network isolation and access control. Mention using the appropriate runner OS and tools based on your project needs. 52 | 53 | ### Implementing Role-Based Access Control (RBAC) in Pipelines: 54 | 55 | Scenario: Your team has various roles with different access needs. How would you configure RBAC within Azure Pipelines to ensure users have appropriate permissions? 56 | 57 | Answer: Explain leveraging built-in roles and custom definitions to grant access to pipelines, repositories, and resources. Highlight the importance of least privilege and separation of duties principles. 58 | 59 | ### Automating Infrastructure Provisioning with Pipelines: 60 | 61 | Scenario: You want to automate infrastructure provisioning and deployment alongside your application code. How would you integrate infrastructure as code (IaC) tools like Terraform with Azure Pipelines? 62 | 63 | Answer: Discuss using tasks like Azure Resource Manager or Terraform tasks to manage infrastructure creation and deletion within the pipeline workflow. Mention benefits like faster deployments and improved consistency. 64 | 65 | ### Maintaining Pipeline Security Throughout the CI/CD Process: 66 | 67 | Scenario: How would you ensure overall security within your Azure Pipelines throughout the CI/CD process, from code building to deployment? 68 | 69 | Answer: Discuss a holistic approach, including secure code practices, vulnerability scanning, container image scanning, service principal usage with least privilege, and regular pipeline audits. 70 | -------------------------------------------------------------------------------- /Day-20/01-aks-setup.md: -------------------------------------------------------------------------------- 1 | # AKS setup using CLI 2 | 3 | ## Create Azure Resource Group 4 | 5 | ``` 6 | az group create --name keyvault-demo --location eastus 7 | ``` 8 | 9 | ## AKS Creation and Configuration 10 | 11 | ### Create an AKS cluster with Azure Key Vault provider for Secrets Store CSI Driver support 12 | 13 | ``` 14 | az aks create --name keyvault-demo-cluster -g keyvault-demo --node-count 1 --enable-addons azure-keyvault-secrets-provider --enable-oidc-issuer --enable-workload-identity 15 | ``` 16 | 17 | ### Get the Kubernetes cluster credentials (Update kubeconfig) 18 | 19 | ``` 20 | az aks get-credentials --resource-group keyvault-demo --name keyvault-demo-cluster 21 | ``` 22 | 23 | #### Verify that each node in your cluster's node pool has a Secrets Store CSI Driver pod and a Secrets Store Provider Azure pod running 24 | 25 | ``` 26 | kubectl get pods -n kube-system -l 'app in (secrets-store-csi-driver,secrets-store-provider-azure)' -o wide 27 | ``` 28 | 29 | ## Keyvault creation and configuration 30 | 31 | - Create a key vault with Azure role-based access control (Azure RBAC). 32 | 33 | ``` 34 | az keyvault create -n aks-demo-abhi -g keyvault-demo -l eastus --enable-rbac-authorization 35 | ``` -------------------------------------------------------------------------------- /Day-20/02-secret-store-csi-driver-config.md: -------------------------------------------------------------------------------- 1 | # Connect your Azure ID to the Azure Key Vault Secrets Store CSI Driver 2 | 3 | ### Configure workload identity 4 | 5 | ``` 6 | export SUBSCRIPTION_ID=fe4a1fdb-6a1c-4a6d-a6b0-dbb12f6a00f8 7 | export RESOURCE_GROUP=keyvault-demo 8 | export UAMI=azurekeyvaultsecretsprovider-keyvault-demo-cluster 9 | export KEYVAULT_NAME=aks-demo-abhi 10 | export CLUSTER_NAME=keyvault-demo-cluster 11 | 12 | az account set --subscription $SUBSCRIPTION_ID 13 | ``` 14 | 15 | ### Create a managed identity 16 | 17 | ``` 18 | az identity create --name $UAMI --resource-group $RESOURCE_GROUP 19 | 20 | export USER_ASSIGNED_CLIENT_ID="$(az identity show -g $RESOURCE_GROUP --name $UAMI --query 'clientId' -o tsv)" 21 | export IDENTITY_TENANT=$(az aks show --name $CLUSTER_NAME --resource-group $RESOURCE_GROUP --query identity.tenantId -o tsv) 22 | ``` 23 | 24 | ### Create a role assignment that grants the workload ID access the key vault 25 | 26 | ``` 27 | export KEYVAULT_SCOPE=$(az keyvault show --name $KEYVAULT_NAME --query id -o tsv) 28 | 29 | az role assignment create --role "Key Vault Administrator" --assignee $USER_ASSIGNED_CLIENT_ID --scope $KEYVAULT_SCOPE 30 | ``` 31 | 32 | ### Get the AKS cluster OIDC Issuer URL 33 | 34 | ``` 35 | export AKS_OIDC_ISSUER="$(az aks show --resource-group $RESOURCE_GROUP --name $CLUSTER_NAME --query "oidcIssuerProfile.issuerUrl" -o tsv)" 36 | echo $AKS_OIDC_ISSUER 37 | ``` 38 | 39 | ### Create the service account for the pod 40 | 41 | ``` 42 | export SERVICE_ACCOUNT_NAME="workload-identity-sa" 43 | export SERVICE_ACCOUNT_NAMESPACE="default" 44 | ``` 45 | 46 | ``` 47 | cat < 106 | 107 | ## Day 15: Azure DevOps - CD Setup - (PROJECT 3) 108 | - Implementing Continuous Deployment (CD) 109 | - Using AKS for CD 110 | - Creating AKS cluster on Azure 111 | - Configuring Virtual Machine Scale Sets as Node pools in AKS 112 | - Hands on sessions on AKS 113 | - End to End CI/CD Demonstration 114 | 115 | ## Day 16: Azure Kubernetes Services(AKS Deep Dive) 116 | - AKS Deep Dive 117 | - Understanding AKS vs Self managed Kubernetes clusters 118 | 119 | ## Day 17: Deploying a Three Tier architecture E-commerce (8 Services, 2 Databases) on AKS - (PROJECT 4) 120 | - Understand what is three tier architecuture 121 | - How different services connect to each other in three tier architecture 122 | - How to create Dockerfiles for each service ? 123 | - How to create Deployment, Service and Ingress 124 | - How does Ingress controller work ? 125 | - Expose the three tier application to end users. 126 | 127 | ![Screenshot 2024-02-16 at 1 43 25 PM](https://github.com/iam-veeramalla/Azure-zero-to-hero/assets/43399466/0623a010-d8f1-4632-abce-d06f5755b1fa) 128 | 129 | ## Day 18: Azure DevOps Interview Questions 130 | - Beginner level Azure DevOps Interview Q&A 131 | - Advanced level Azure DevOps Interview Q&A 132 | 133 | ## Day 19: Azure Cloud Watch(Monitor) and Monitoring Services 134 | - Monitoring Overview 135 | - Setting Up Monitoring in Azure 136 | 137 | ## Day 20: Azure Key Vault 138 | - Secrets Management with Key Vault 139 | - Security Best Practices 140 | - **PROJECT** - Integrate Azure Keyvault with Secrets Store CSI Driver 141 | 142 | ## Day 21: Azure Serverless 143 | - Understanding Azure Serverless Services 144 | - Going Serverless with Azure 145 | 146 | ## Day 22: Event Driven Serverless - (PROJECT 5) 147 | - Create Azure Functions that are triggered by Azure Blob creation 148 | 149 | ## Day 23: Manage Azure Resources using Terraform - (PROJECT 7) 150 | - How to connect Azure with Terraform 151 | - How to create resources on Azure with Terraform 152 | - State file management of Terraform in Azure 153 | - Best Practices 154 | 155 | ## Day 24: Azure DevOps Resume preparation for Freshers and Experienced 156 | - How to create an impressive resume on Azure DevOps 157 | - How to add projects to the Resume 158 | 159 | ## Day 25: Azure Interview Preparion 160 | - Review of Key Concepts 161 | - Interviews Questions and Practice Sessions 162 | --------------------------------------------------------------------------------