{"id":38535567,"url":"https://github.com/georges034302/az-kubernetes-mastery","last_synced_at":"2026-01-17T07:01:06.006Z","repository":{"id":328266687,"uuid":"1112735773","full_name":"Georges034302/az-kubernetes-mastery","owner":"Georges034302","description":"A hands-on advanced AKS training program covering scaling, security, networking, observability, deployments, service mesh, and Databricks integration across real-world enterprise scenarios.","archived":false,"fork":false,"pushed_at":"2025-12-12T07:26:41.000Z","size":296,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-12-13T09:17:58.502Z","etag":null,"topics":["apache-spark","azure-acr","azure-aks","azure-kql","azure-monitor","databricks","docker","flagger","fluent-bit","github-actions","grafana","helm-charts","istio","jaeger","keda","kiali","mlflow","osm","prometheus","rbac"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Georges034302.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-12-09T03:05:09.000Z","updated_at":"2025-12-12T07:26:44.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/Georges034302/az-kubernetes-mastery","commit_stats":null,"previous_names":["georges034302/az-kubernetes-mastery"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/Georges034302/az-kubernetes-mastery","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Georges034302%2Faz-kubernetes-mastery","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Georges034302%2Faz-kubernetes-mastery/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Georges034302%2Faz-kubernetes-mastery/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Georges034302%2Faz-kubernetes-mastery/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Georges034302","download_url":"https://codeload.github.com/Georges034302/az-kubernetes-mastery/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Georges034302%2Faz-kubernetes-mastery/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28503021,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-17T06:57:29.758Z","status":"ssl_error","status_checked_at":"2026-01-17T06:56:03.931Z","response_time":85,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["apache-spark","azure-acr","azure-aks","azure-kql","azure-monitor","databricks","docker","flagger","fluent-bit","github-actions","grafana","helm-charts","istio","jaeger","keda","kiali","mlflow","osm","prometheus","rbac"],"created_at":"2026-01-17T07:00:56.549Z","updated_at":"2026-01-17T07:01:05.922Z","avatar_url":"https://github.com/Georges034302.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# AKS Professional Training: Hands-On Lab Series\n### Advanced Kubernetes on Azure – 6 Structured Sessions with 25 Labs\n\n## πŸ“š Technical Introduction\n\nThis hands-on training series provides practical, end-to-end experience with **Azure Kubernetes Service (AKS)**, covering cluster scaling, governance, security, networking, observability, deployments, service mesh, and data/ML integration using Databricks. \n\nAcross **6 in-depth sessions**, you will build real-world AKS architectures, enforce enterprise-grade controls, and deploy production-ready workloads through modern DevOps and cloud-native patterns.\n\n---\n\n### **Prerequisites**\n- Understanding of cloud fundamentals (IaaS/PaaS/SaaS).\n- Familiarity with Kubernetes concepts (pods, deployments, services).\n- Azure CLI, kubectl, and basic YAML knowledge.\n- Access to an Azure subscription (personal or sandbox).\n- Optional: Experience with Helm, GitHub Actions, or Databricks.\n\n---\n\n# πŸ“˜ Lab Sessions\n\n---\n\n\u003cdetails\u003e\n \u003csummary\u003e\u003cstrong\u003eSession 01: Cluster Auto Scaling \u0026 Upgrades\u003c/strong\u003e\u003c/summary\u003e\n\nMaster AKS autoscaling from **cluster-level** (CA) to **pod-level** (HPA/VPA), and implement **safe upgrade strategies** using surge settings and node pool separation.\n\n**Labs for this session:**\n- **[lab_1_a_hpa-autoscaling.md](session01/lab_1_a_hpa-autoscaling.md)** \n *Deploy CPU-intensive workload and observe HPA-driven pod autoscaling.*\n\n- **[lab_1_b_create-user-nodepool.md](session01/lab_1_b_create-user-nodepool.md)** \n *Create a user node pool and schedule batch workloads using labels, taints, and tolerations.*\n\n- **[lab_1_c_nodepool-upgrade-surge.md](session01/lab_1_c_nodepool-upgrade-surge.md)** \n *Perform a node pool upgrade using `--max-surge` and validate workload continuity.*\n\n\u003c/details\u003e\n\n---\n\n\u003cdetails\u003e\n \u003csummary\u003e\u003cstrong\u003eSession 02: Manage Add-Ons and RBAC\u003c/strong\u003e\u003c/summary\u003e\n\nEnable enterprise-grade governance through AKS add-ons such as **Azure Policy**, **KEDA**, **OSM**, and **Key Vault CSI**, and design multi-team RBAC frameworks using Microsoft Entra ID.\n\n**Labs for this session:**\n- **[lab_2_a_enable-azure-policy.md](session02/lab_2_a_enable-azure-policy.md)** \n *Enforce DenyPrivilegedContainer with the Azure Policy add-on.*\n\n- **[lab_2_b_keda-queue-autoscaling.md](session02/lab_2_b_keda-queue-autoscaling.md)** \n *Deploy KEDA and observe event-driven scaling using Azure Queue Storage.*\n\n- **[lab_2_c_rbac-auth-with-entra.md](session02/lab_2_c_rbac-auth-with-entra.md)** \n *Authenticate to AKS using Entra ID and test RBAC permissions.*\n\n- **[lab_2_d_namespace-rbac.md](session02/lab_2_d_namespace-rbac.md)** \n *Create namespace-scoped RBAC for multi-team isolation.*\n\n\u003c/details\u003e\n\n---\n\n\u003cdetails\u003e\n \u003csummary\u003e\u003cstrong\u003eSession 03: Security \u0026 Networking\u003c/strong\u003e\u003c/summary\u003e\n\nImplement layered security using **Key Vault CSI**, **Pod Security Admission**, **Network Policies**, and **Ingress/LoadBalancer patterns**, and validate runtime protection using Defender.\n\n**Labs for this session:**\n- **[lab_3_a_keyvault-csi-mount.md](session03/lab_3_a_keyvault-csi-mount.md)** \n *Mount Key Vault secrets into pods using the CSI driver.*\n\n- **[lab_3_b_psa-deny-privileged.md](session03/lab_3_b_psa-deny-privileged.md)** \n *Enforce restricted Pod Security admission and block privileged pods.*\n\n- **[lab_3_c_networkpolicy-denyall.md](session03/lab_3_c_networkpolicy-denyall.md)** \n *Apply deny-all policy and verify pod-to-pod isolation.*\n\n- **[lab_3_d_expose-with-loadbalancer.md](session03/lab_3_d_expose-with-loadbalancer.md)** \n *Expose workloads using a public LoadBalancer.*\n\n- **[lab_3_e_ingress-routing.md](session03/lab_3_e_ingress-routing.md)** \n *Deploy NGINX Ingress and configure dynamic path-based routing.*\n\n- **[lab_3_f_defender-egress-validation.md](session03/lab_3_f_defender-egress-validation.md)** \n *Simulate threats and validate egress control using Azure Firewall.*\n\n\u003c/details\u003e\n\n---\n\n\u003cdetails\u003e\n \u003csummary\u003e\u003cstrong\u003eSession 04: Monitoring, Logging \u0026 Multi-Region Awareness\u003c/strong\u003e\u003c/summary\u003e\n\nBuild complete observability pipelines using **Azure Monitor**, **Log Analytics (KQL)**, **Prometheus**, **Grafana**, and **Fluent Bit**, then extend operations across regions with multi-cluster failover.\n\n**Labs for this session:**\n- **[lab_4_a_kql-pod-restarts.md](session04/lab_4_a_kql-pod-restarts.md)** \n *Query restarts and failed deployments with KQL.*\n\n- **[lab_4_b_prometheus-grafana.md](session04/lab_4_b_prometheus-grafana.md)** \n *Deploy Prometheus \u0026 Grafana and visualize cluster metrics.*\n\n- **[lab_4_c_fluentbit-central-logging.md](session04/lab_4_c_fluentbit-central-logging.md)** \n *Forward AKS logs to Log Analytics using Fluent Bit.*\n\n- **[lab_4_d_multi-region-failover.md](session04/lab_4_d_multi-region-failover.md)** \n *Deploy workloads across two AKS regions and simulate failover.*\n\n\u003c/details\u003e\n\n---\n\n\u003cdetails\u003e\n \u003csummary\u003e\u003cstrong\u003eSession 05: Deployments \u0026 Service Mesh Integration\u003c/strong\u003e\u003c/summary\u003e\n\nDeploy applications using **Helm**, implement **rolling/blue-green/canary** deployments with **Flagger**, and secure microservices with **Istio** through mTLS, traffic rules, and mesh observability.\n\n**Labs for this session:**\n- **[lab_5_a_helm-microservice-deployment.md](session05/lab_5_a_helm-microservice-deployment.md)** \n *Package and deploy a microservice using Helm.*\n\n- **[lab_5_b_flagger-canary.md](session05/lab_5_b_flagger-canary.md)** \n *Automate canary rollout (10–50–100) with Flagger + Prometheus.*\n\n- **[lab_5_c_istio-mtls.md](session05/lab_5_c_istio-mtls.md)** \n *Enable strict mTLS and secure service-to-service communication.*\n\n- **[lab_5_d_kiali-jaeger-observability.md](session05/lab_5_d_kiali-jaeger-observability.md)** \n *Trace requests and visualize mesh topology using Kiali + Jaeger.*\n\n\u003c/details\u003e\n\n---\n\n\u003cdetails\u003e\n \u003csummary\u003e\u003cstrong\u003eSession 06: AKS \u0026 Databricks Integration\u003c/strong\u003e\u003c/summary\u003e\n\nIntegrate ML workflows end-to-endβ€”from Databricks notebooks and MLflow tracking to AKS-based model deployment using CI/CD, managed identities, and secure connectivity.\n\n**Labs for this session:**\n- **[lab_6_a_explore-databricks.md](session06/lab_6_a_explore-databricks.md)** \n *Explore Databricks workspace, Spark cluster, and MLflow experiments.*\n\n- **[lab_6_b_aks-api-query-databricks.md](session06/lab_6_b_aks-api-query-databricks.md)** \n *Deploy AKS API that securely queries Databricks datasets.*\n\n- **[lab_6_c_mlflow-automated-deployment.md](session06/lab_6_c_mlflow-automated-deployment.md)** \n *Automate ML model packaging and deployment to AKS.*\n\n- **[lab_6_d_managed-identity-keyvault.md](session06/lab_6_d_managed-identity-keyvault.md)** \n *Enable secure authentication between AKS β†’ Key Vault β†’ Databricks.*\n\n\u003c/details\u003e\n\n---\n\n# πŸ§‘β€πŸ« Author: Georges Bou Ghantous, Ph.D.\n\nThis repository delivers advanced AKS training through hands-on labs spanning cluster scaling, governance, pod security, networking, observability, deployment automation, service mesh, and ML/Databricks integration.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgeorges034302%2Faz-kubernetes-mastery","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgeorges034302%2Faz-kubernetes-mastery","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgeorges034302%2Faz-kubernetes-mastery/lists"}