You will deliver a production-shaped cloud application on Azure: infrastructure as code, a Kubernetes platform, a CI/CD pipeline, monitoring, and security controls. By the end the entire environment is reproducible from a Git repository.

Learning Objectives

  • Provision the platform with Terraform.
  • Deploy the app to AKS via CI/CD.
  • Add monitoring, alerts, and security guardrails.
  • Time: ~25 hours · Difficulty: Advanced · Prereqs: the Azure, AKS, IaC, and CI/CD labs.

Architecture Overview

Environment Setup

  • Azure subscription, Terraform, kubectl, and a CI/CD runner.
  • A containerized app with tests.
  • Remote Terraform state in Azure Storage.

Step-by-Step Execution

01
Provision the platform with Terraform
terraform init && terraform apply -auto-approve
Creates VNet, AKS, and the database tier.
02
Deploy the app via CI/CD
git push origin main # pipeline builds, scans, and deploys to AKS
03
Verify monitoring and posture
$ kubectl get deploy && az monitor metrics alert list -o table
app 3/3 Available cpu-high Enabled

Progress So Far

Testing & Validation

curl -s -o /dev/null -w "%{http_code}\n" https://app.lab.tyfsadik.org && terraform plan -detailed-exitcode

The app should return 200 and Terraform plan should show no drift. If both pass, the whole environment is reproducible and live.

Troubleshooting
  • Pipeline cannot reach AKS: grant the CI service principal the AKS cluster-user role.
  • Drift after deploy: ensure app changes go through CI, not manual kubectl edits.
  • Cost creep: destroy the environment when not in use (terraform destroy).

Extension Ideas

  • Add blue/green or canary deployments.
  • Integrate SOC monitoring for the workload.
  • Add a DR region and test failover.

Key Results

  • Delivered a full cloud app reproducible from Git.
  • Automated build, scan, and deploy to AKS.
  • Added monitoring, alerts, and posture scanning.
  • Confirmed zero drift between code and cloud.