Cloud Capstone: End-to-End Azure Application Deployment
You will deliver a production-shaped cloud application on Azure: infrastructure as code, a Kubernetes platform, a CI/CD pipeline, monitoring, and security controls. By the end the entire environment is reproducible from a Git repository.
Learning Objectives
- Provision the platform with Terraform.
- Deploy the app to AKS via CI/CD.
- Add monitoring, alerts, and security guardrails.
- Time: ~25 hours · Difficulty: Advanced · Prereqs: the Azure, AKS, IaC, and CI/CD labs.
Architecture Overview
graph LR
Git[Git repo] -->|CI/CD| Pipe[Pipeline]
TF[Terraform] --> Infra[VNet + AKS + DB]
Pipe -->|deploy| AKS[AKS workload]
AKS --> Mon[Azure Monitor]
CSPM[CSPM scan] --> Infra
Environment Setup
- Azure subscription, Terraform, kubectl, and a CI/CD runner.
- A containerized app with tests.
- Remote Terraform state in Azure Storage.
Step-by-Step Execution
01
Provision the platform with Terraform
terraform init && terraform apply -auto-approveCreates VNet, AKS, and the database tier.
02
Deploy the app via CI/CD
git push origin main # pipeline builds, scans, and deploys to AKS03
Verify monitoring and posture
$ kubectl get deploy && az monitor metrics alert list -o table
app 3/3 Available
cpu-high Enabled
Progress So Far
graph LR
A[01 IaC] -->|done| B[02 CI/CD deploy]
B -->|done| C[03 Monitor + posture]
style A fill:#1a4a1a,stroke:#00ff00,color:#fff
style B fill:#1a4a1a,stroke:#00ff00,color:#fff
style C fill:#1a4a1a,stroke:#00ff00,color:#fff
Testing & Validation
curl -s -o /dev/null -w "%{http_code}\n" https://app.lab.tyfsadik.org && terraform plan -detailed-exitcodeThe app should return 200 and Terraform plan should show no drift. If both pass, the whole environment is reproducible and live.
Troubleshooting
- Pipeline cannot reach AKS: grant the CI service principal the AKS cluster-user role.
- Drift after deploy: ensure app changes go through CI, not manual kubectl edits.
- Cost creep: destroy the environment when not in use (
terraform destroy).
Extension Ideas
- Add blue/green or canary deployments.
- Integrate SOC monitoring for the workload.
- Add a DR region and test failover.
Key Results
- Delivered a full cloud app reproducible from Git.
- Automated build, scan, and deploy to AKS.
- Added monitoring, alerts, and posture scanning.
- Confirmed zero drift between code and cloud.