Slides related to the Global Azure Singapore 2023 talk about building secure and portable applications using AKS and its ecosystem. The demo showcases the integrations with Dapr and KEDA

1. Global Azure Bootcamp
Singapore 2023

2. $whoami
{
“name” : “Nilesh Gule”,
“website” : “https://www.HandsOnArchitect.com",
“github” : “https://GitHub.com/NileshGule"
“twitter” : “@nileshgule”,
“linkedin” : “https://www.linkedin.com/in/nileshgule”,
“YouTube” : “https://www.YouTube.com/@nilesh-gule”
“likes” : “Technical Evangelism, Cricket”,
“co-organizer” : “Azure Singapore UG”
}

3. How to build
Secure & Portable applications
using AKS and its ecosystem

5. Native integration with Dapr

6. Dapr Components

7. Azure-Singapore-cluster
demo-azure-singapore-rg
ngacrregistry
acrResourceGroup
TechTalks with Dapr - AKS

8. Generate Workload – AKS

9. aci-dev-env
azure-container-app-rg
ngacrregistry
acrResourceGroup
TechTalks with Dapr – Azure Container Apps

10. Generate Workload – Container App

11. AKS Best Practices – Cluster Operator Multi-Tenancy
Authentication and Authorization
• Azure AD
• Kubernetes RBAC
• Azure RBAC
• Pod Identities
Cluster Isolation
• Multi-tenancy and logical separation
using namespaces
Basic scheduler
• Resource Quotas
• Pod Disruption Budget
Advanced scheduler
• Taints & Tolerations
• Node selectors and affinity
• Inter-pod affinity and anti-affinity

12. AKS Best Practices
Security
• Cluster Security & Upgrades
• Secure API Server
• Limit container access
• Manage upgrades & node reboots
• Container Image Management
• Secure images and runtimes
• Automate builds on base image updates
• Pod Security
• Secure access to resources
• Limit Credentials exposure
• Use Pod Identities and Digital Key Vaults
Network & Storage
• Network Connectivity
• Different network models using ingress and
WAF
• Secure node SSH access
• Storage & Backup
• Appropriate storage type & node size
• Dynamically provision volumes
• Data Backups
Developer
• Manage resources
• Resource Requests & Limits
• Pod Security
• Secure access to resources
• Limit credentials exposure
• Use Pod Identities & Digital Vaults

13. Summary
• Modern applications are loosely coupled and highly portable
• AKS provides native integrations to Dapr and KEDA
• KEDA helps to auto scale on metrics external to Kubernetes
• Dapr tries to simplify the Microservices development and
deployment
• Dapr Components help to extract underlying functionality and
provides abstractions
• Best practices related to AKS
• Make app portable to run in serverless as well as managed cloud
services

14. References
https://www.youtube.com/@nilesh-gule
https://dapr.io/
Dapr Publish and Subscribe
Kubernetes Event Driven Autoscaling
Serverless - Dapr and Azure Container Apps
AKS best-practices

15. Containerize Apps Resources
https://github.com/NileshGule/cloud-native-ninja
https://github.com/NileshGule/techtalks-azure-container-apps-demo
Slides
https://www.slideshare.net/nileshgule/
https://speakerdeck.com/nileshgule/

16. Nilesh Gule
ARCHITECT | MICROSOFT MVP
“Code with Passion and
Strive for Excellence”
nileshgule
@nileshgule Nilesh Gule
NileshGule
www.handsonarchitect.com
https://bit.ly/youtube-nileshgule

17. Q&A