You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: learn-pr/wwl-azure/deploy-applications-azure-kubernetes-service/4-configure-application-azure-kubernetes-cluster.yml
Copy file name to clipboardExpand all lines: learn-pr/wwl-azure/deploy-applications-azure-kubernetes-service/5-deploy-application-azure-kubernetes-cluster.yml
Copy file name to clipboardExpand all lines: learn-pr/wwl-azure/deploy-applications-azure-kubernetes-service/6-configure-storage-applications-run-azure-kubernetes.yml
Copy file name to clipboardExpand all lines: learn-pr/wwl-azure/deploy-applications-azure-kubernetes-service/7-exercise-deploy-application-azure-kubernetes.yml
- content: "Deployments allow for more resource allocation to each pod"
21
21
isCorrect: false
22
-
explanation: "Incorrect. Deployments don't allocate more resources to each pod, but rather manage a group of identical pods."
22
+
explanation: "Incorrect. Resource requests and limits are defined in pod specifications. A Deployment manages pod replicas, but it doesn't allocate more resources to each pod."
23
23
- content: "Deployments provide higher security for the pods"
24
24
isCorrect: false
25
-
explanation: "Incorrect. Deployments don't provide higher security for the pods, but rather ensure high availability and redundancy."
26
-
- content: "Deployments enable automation and validation of the creation and teardown of environments to help deliver secure and stable application hosting platforms"
25
+
explanation: "Incorrect. Deployments don't provide higher security for pods. They improve workload availability and resiliency by managing pod replicas."
26
+
- content: "Deployments manage replicas, support rolling updates and rollbacks, and ensure replacement pods are created when pods or nodes fail"
27
27
isCorrect: true
28
-
explanation: "Correct. Deployments enable automation and validation of the creation and teardown of environments, which helps deliver secure and stable application hosting platforms by ensuring high availability and redundancy."
28
+
explanation: "Correct. Deployments help maintain the desired number of pod replicas, support controlled rollouts and rollbacks, and use ReplicaSets to ensure replacement pods are created and scheduled on available nodes when failures occur."
29
29
- content: "What is the purpose of a StorageClass in AKS?"
30
30
choices:
31
31
- content: "To determine the access mode of the persistent volume"
32
32
isCorrect: false
33
-
explanation: "Incorrect. The access mode is determined by the PersistentVolumeClaim, not the StorageClass."
33
+
explanation: "Incorrect. Access modes are specified in PersistentVolumeClaims and supported by PersistentVolumes, not selected by the StorageClass."
34
34
- content: "To define the size of the persistent volume claim"
35
35
isCorrect: false
36
36
explanation: "Incorrect. The StorageClass defines storage characteristics, not size."
@@ -41,21 +41,43 @@ quiz:
41
41
choices:
42
42
- content: "To deploy a pod with a persistent volume mount"
43
43
isCorrect: false
44
-
explanation: "Incorrect. A custom storage class is created before creating a persistent volume claim."
44
+
explanation: "Incorrect. A pod uses a PersistentVolumeClaim and volume mount after the storage class and claim are created."
45
45
- content: "To list the content of a directory in the AKS cluster"
46
46
isCorrect: false
47
47
explanation: "Incorrect. Listing the content of a directory isn't related to creating a custom storage class."
48
-
- content: "To define the properties of a persistent volume that will be used by a persistent volume claim"
48
+
- content: "To define the parameters used to dynamically provision persistent volumes for persistent volume claims"
49
49
isCorrect: true
50
-
explanation: "Correct. A custom storage class defines the properties of a persistent volume that will be used by a persistent volume claim, such as the storage class name, the provisioner, and the reclaim policy."
50
+
explanation: "Correct. A custom StorageClass can define parameters such as the provisioner, SKU, reclaim policy, volume binding mode, and volume expansion behavior used when dynamically provisioning persistent volumes."
51
51
- content: "What are the storage options available for AKS containerized workloads?"
52
52
choices:
53
53
- content: "Use only Azure Premium SSD v2 for applications that require consistently low latency, high I/O operations per second (IOPS), and high throughput."
54
54
isCorrect: false
55
-
explanation: "Incorrect. Azure Premium SSD v2 is one of the options for blocklevel access to data, but it isn't the only option."
55
+
explanation: "Incorrect. Azure Premium SSD v2 is one option for block-level access to data, but it isn't the only storage option for AKS workloads."
56
56
- content: "Use only Azure NetApp Files for shared application data that requires high performance."
57
57
isCorrect: false
58
-
explanation: "Incorrect. Azure NetApp Files is one of the options for filelevel access to data, but it isn't the only option."
59
-
- content: "Choose from platform managed databases, disks, and file and blob storage."
58
+
explanation: "Incorrect. Azure NetApp Files is one option for file-level access to data, but it isn't the only storage option for AKS workloads."
59
+
- content: "Choose from managed databases, Azure Disks, Azure Files, Azure NetApp Files, Azure Blob Storage, and Azure Container Storage based on workload requirements."
60
60
isCorrect: true
61
-
explanation: "Correct. AKS supports both stateless and stateful workloads. To accommodate this requirement, you can apply a range of native Azure services, including managed databases, disks, and file and blob storage. Each of these options offers different SKUs, sizes, and performance characteristics."
61
+
explanation: "Correct. AKS supports both stateless and stateful workloads. You can use native Azure services such as managed databases, Azure Disks, Azure Files, Azure NetApp Files, Azure Blob Storage, and Azure Container Storage, with different SKUs, sizes, and performance characteristics."
62
+
- content: "What is the role of the Azure Policy add-on for AKS?"
63
+
choices:
64
+
- content: "It checks for Azure Policy assignments, deploys policy definitions to the cluster as Gatekeeper resources and, for supported CEL policies, Kubernetes ValidatingAdmissionPolicy resources, and reports compliance details back to Azure Policy."
65
+
isCorrect: true
66
+
explanation: "Correct. The Azure Policy add-on for AKS monitors assignments, deploys Gatekeeper constraint or mutation resources and supported Kubernetes-native ValidatingAdmissionPolicy resources, and reports auditing and compliance details back to Azure Policy."
explanation: "Incorrect. Azure Resource Manager templates can help provision Azure resources, but the Azure Policy add-on doesn't replace Kubernetes Deployments."
70
+
- content: "It creates StorageClasses and PersistentVolumeClaims for every pod in the cluster."
71
+
isCorrect: false
72
+
explanation: "Incorrect. StorageClasses and PersistentVolumeClaims manage storage. The Azure Policy add-on manages policy assignment enforcement and compliance reporting."
73
+
- content: "What should you expect when validating the effect of a deny Azure Policy assignment on an AKS cluster?"
74
+
choices:
75
+
- content: "Existing noncompliant pods are immediately deleted from the cluster."
76
+
isCorrect: false
77
+
explanation: "Incorrect. A deny policy doesn't affect the operational status of existing noncompliant resources."
78
+
- content: "Admission requests for the resource type evaluated by the policy — for example, the noncompliant Pod in this exercise — are blocked. Existing noncompliant resources keep running, controller-created replacement Pods that violate the policy are blocked, and compliance details are reported to Azure Policy."
79
+
isCorrect: true
80
+
explanation: "Correct. The deny effect blocks admission of new resources of the type the policy evaluates. For pod-scoped policies, that means the noncompliant Pod is rejected by Gatekeeper or a generated ValidatingAdmissionPolicy; a parent Deployment or ReplicaSet object can still be created, with the rejection visible in the ReplicaSet's events. Existing noncompliant resources continue running, and the add-on reports compliance details to Azure Policy."
81
+
- content: "The policy changes the node pool operating system so pods can be admitted."
82
+
isCorrect: false
83
+
explanation: "Incorrect. Azure Policy evaluates and enforces Kubernetes resource configuration; it doesn't change the node pool operating system to admit noncompliant pods."
In this module, you'll learn how to use Azure Policy to enforce organizational standards and assess compliance at scale for AKS clusters. You explore the Azure Policy add-on for AKS and learn how to assign built-in and custom policy definitions to individual or groups of clusters referred to as policy initiatives.<br>
1
+
In this module, you'll learn how to use Azure Policy to enforce organizational standards and assess compliance at scale for Azure Kubernetes Service (AKS) clusters. You explore the Azure Policy add-on for AKS and learn how to assign a built-in Azure Policy initiative to an AKS cluster.<br>
2
2
3
-
Azure Policy helps manage and report on the compliance state of your AKS environment. You also learn how to implement security policies for individual Azure Kubernetes Service clusters without relying on Azure Policyby using Pod Security Admission.
3
+
Azure Policy helps manage and report on the compliance state of your AKS environment. You also learn that Pod Security Admission can enforce namespace-level security policies for individual AKS clusters without relying on Azure Policy. The module then introduces AKS storage options, including managed databases, Azure Disks, Azure Files, Azure NetApp Files, Azure Blob Storage, and Azure Container Storage, and shows how to configure persistent storage for pods by using StorageClasses and PersistentVolumeClaims. Finally, you learn why Kubernetes Deployments are preferred over individual pods for resilient workloads, and you create and update a Deployment in your AKS cluster.
4
4
5
5
## Learning objectives
6
6
7
7
After completing this module, you'll be able to:
8
8
9
-
- Provision an Azure Kubernetes Service cluster.
10
-
- Install the Azure Policy add-on for Azure Kubernetes Service.
11
-
- Assign an Azure Policy initiative to an Azure Kubernetes Service cluster.
12
-
- Validate the effect of Azure Policy.
9
+
- Provision an Azure Kubernetes Service cluster.
10
+
- Install the Azure Policy add-on for Azure Kubernetes Service.
11
+
- Assign an Azure Policy initiative to an Azure Kubernetes Service cluster.
12
+
- Validate the effect of Azure Policy.
13
+
- Select storage options for AKS containerized workloads.
14
+
- Configure persistent storage for pods by using StorageClasses and PersistentVolumeClaims.
15
+
- Describe why Kubernetes Deployments are preferred over individual pods, and create and update a Deployment in AKS.
13
16
14
17
## Goals
15
18
16
-
By the end of this module, you provision an AKS cluster, install the Azure Policy add-on for Azure Kubernetes Service, assign an Azure Policy initiative to an Azure Kubernetes Service cluster, and validate the effect of Azure Policy.<br>
19
+
By the end of this module, you provision an AKS cluster, install and use the Azure Policy add-on for Azure Kubernetes Service, configure persistent storage for pods, and create and update a Kubernetes Deployment.
0 commit comments