Sign in to the Azure portal using an account with Owner or Contributor role in the Azure subscription and Global Administrator role in the Azure AD tenant.
Open the Cloud Shell and ensure Bash is selected.

Create a new resource group for the lab:

az group create --name AZ500LAB09 --location southcentralus

Verify the resource group creation:

az group list --query "[?name=='AZ500LAB09']" -o table

Create a new Azure Container Registry (ACR) instance:

az acr create --resource-group AZ500LAB09 --name az500$RANDOM$RANDOM --sku Basic

Confirm the ACR creation:

az acr list --resource-group AZ500LAB09

Create a Dockerfile for an Nginx-based image:

  echo FROM nginx > Dockerfile

Build the image and push it to ACR: Set the ACR name:

ACRNAME=$(az acr list --resource-group AZ500LAB09 --query '[].{Name:name}' --output tsv)

Build and push the image:

Note: The trailing period at the end of the command line is required. It designates the current directory as the location of Dockerfile.

az acr build --resource-group AZ500LAB09 --image sample/nginx:v1 --registry $ACRNAME --file Dockerfile .

Verify the image in ACR:
Navigate to the ACR instance in the Azure portal, go to Repositories, and check the sample/nginx:v1 image.

v1 image

• Search for Kubernetes services in the Azure portal.
  

• Click + Create and select + Create a Kubernetes cluster.
  

  

• Configure the cluster settings and deploy it.
  

• Verify the deployment and review the resources in the created resource group.

  az aks update -n MyKubernetesCluster -g AZ500LAB09 --attach-acr $ACRNAME

Grant AKS cluster Contributor role to its virtual network:
Define variables:

RG_AKS=AZ500LAB09, AKS_VNET_NAME=AZ500LAB09-vnet, AKS_CLUSTER_NAME=MyKubernetesCluster

Grant Contributor role:

AKS_VNET_ID=$(az network vnet show --name $AKS_VNET_NAME --resource-group $RG_AKS --query id -o tsv) and az role assignment create --assignee $AKS_MANAGED_ID --role "Contributor" --scope $AKS_VNET_ID

Upload the manifest files for the external service. In the Bash session within the Cloud Shell pane, run the following to identify the name of the Azure Container Registry instance:

 echo $ACRNAME

Note: Record the Azure Container Registry instance name. You will need it later in this task.

In the Bash session within the Cloud Shell pane, run the following to open the nginxexternal.yaml file, so you can edit its content.

code ./nginxexternal.yaml

Note: This is the external yaml file.

In the editor pane, scroll down to line 24 and replace the placeholder with the ACR name.

In the editor pane, in the upper right corner, click the ellipses icon, click Save and then click Close editor.

Replace the ACR name in the nginxexternal.yaml file. Apply the changes to the cluster:

 kubectl apply -f nginxexternal.yaml

In the Bash session within the Cloud Shell pane, review the output of the command you run in the previous task to verify that the deployment and the corresponding service have been created.

 deployment.apps/nginxexternal created
 service/nginxexternal created

Retrieve information about the nginxexternal service:

kubectl get service nginxexternal

Access the external service using the External-IP in a web browser.

Edit the nginxinternal.yaml file to replace the ACR name. In the Bash session within the Cloud Shell pane, run the following to open the nginxintenal.yaml file, so you can edit its content.

 code ./nginxinternal.yaml

Apply the changes to the cluster:

kubectl apply -f nginxinternal.yaml

Retrieve information about the nginxinternal service:

kubectl get service nginx internal

Open the Bash session within the Cloud Shell pane.

Run the following command to list the pods in the default namespace on the AKS cluster:

kubectl get pods

Locate the first entry in the NAME column of the pod listing and make note of its name. This pod will be used in the subsequent steps.

Step 2: Connect interactively to the first pod

In the same Bash session within the Cloud Shell pane, run the following command, replacing <pod_name> with the name of the pod you copied in the previous step:

kubectl exec -it <pod_name> -- /bin/bash

This command will connect you interactively to the selected pod, enabling you to run commands within its environment.

Step 3: Verify the availability of the internal service

In the Bash session within the Cloud Shell pane (connected to the pod), run the following command, replacing <internal_IP> with the IP address you recorded in the previous task:

curl http://<internal_IP>

This command will verify that the nginx web site is accessible via the private IP address of the internal service.

Step 4: Close the Cloud Shell pane

Close the Cloud Shell pane to conclude this task.

Note: You have successfully verified access to an internal AKS-hosted service within your AKS cluster. By following the steps in this lesson, you gained hands-on experience in listing pods, connecting to a specific pod, and verifying the availability of an internal service using the recorded IP address.

Clean up resources: As a best practice, it is essential to remove any unused Azure resources to avoid unexpected costs. In this lab, you created resource groups specifically for this exercise. To clean up these resources:

Open the Azure portal and click the first icon in the top right to access the Cloud Shell.

Select PowerShell from the drop-down menu in the upper-left corner of the Cloud Shell pane and confirm when prompted.

Run the following command in the PowerShell session within the Cloud Shell pane to remove the resource groups created in this lab:

Remove-AzResourceGroup -Name "AZ500LAB09" -Force -AsJob

Close the Cloud Shell pane to complete the cleanup process.

By removing the unnecessary resources, you ensure a clean and cost-effective environment for future deployments.