arc-enabled k8s - virgin version

.gitignore

@@ -39,6 +39,9 @@ MANIFEST
 # to change depending on the environment.
 *.tfvars
 *.tfvars.json
+# exclude the provider.tf file on arc-enabled k8s microhack (contains subscription id)
+03-Azure/01-03-Infrastructure/03_Hybrid_Azure_Arc_Kubernetes/**/provider.tf
+
 # PyInstaller
 #  Usually these files are written by a python script from a template
 #  before PyInstaller builds the exe, so as to inject date/other infos into it.
@@ -202,4 +205,6 @@ id_rsa.pub
 *.private.pub
 
 # Ignore ARM Parameter files
-*.parameters.json
+*.parameters.json
+03-Azure/01-05-SAP/01_MicroHack-SAP-Cashflow-Prediction/SAP-Data-MicroHack.pptx
+03-Azure/01-03-Infrastructure/03_Hybrid_Azure_Arc_Kubernetes/walkthrough/challenge-04/templates/parameters-my.json

03-Azure/01-03-Infrastructure/03_Hybrid_Azure_Arc_Kubernetes/Readme.md

@@ -1 +1,106 @@
-Coming soon stay tuned
+![image](img/banner.png)
+
+# MicroHack Azure Arc-enabled Kubernetes
+
+* [**MicroHack Introduction**](#microhack-introduction)
+  * [What is Azure Arc for Kubernetes?](#what-is-azure-arc-for-kubernetes)
+* [**MicroHack Context**](#microhack-context)
+* [**Objectives**](#objectives)
+* [**General Prerequisites**](#general-prerequisites)
+* [**MicroHack Challenges**](#microhack-challenges)
+  * [Challenge 01 - Onboarding your Kubernetes Cluster](challenges/challenge-01.md))
+  * [Challenge 02 - Enable Azure Monitor for Containers](challenges/challenge-02.md)
+  * [Challenge 03 - Deploy CPU based Large & Small Language Models (LLM/SLM) on Azure Arc-enabled Kubernetes](challenges/challenge-03.md)
+  * [Challenge 04 - Deploy SQL Managed Instance](challenges/challenge-04.md)
+  * [Challenge 05 - Configure GitOps for Cluster Management](challenges/challenge-05.md)
+* [**Contributors**](#contributors)
+
+
+## MicroHack Introduction
+
+### What is Azure Arc for Kubernetes?
+
+Azure Arc-enabled Kubernetes allows you to attach Kubernetes clusters running anywhere so that you can manage and configure them in Azure. By managing all of your Kubernetes resources in a single control plane, you can enable a more consistent development and operation experience, helping you run cloud-native apps anywhere and on any Kubernetes platform.
+
+![image](./img/architectural-overview.png)
+
+Once your Kubernetes clusters are connected to Azure, you can:
+
+- View all connected Kubernetes clusters for inventory, grouping, and tagging, along with your Azure Kubernetes Service (AKS) clusters.
+
+- Configure clusters and deploy applications using GitOps-based configuration management.
+
+- View and monitor your clusters using Azure Monitor for containers.
+
+- Enforce threat protection using Microsoft Defender for Kubernetes.
+
+- Ensure governance through applying policies with Azure Policy for Kubernetes.
+
+- Grant access and connect to your Kubernetes clusters from anywhere, and manage access by using Azure role-based access control (RBAC) on your cluster.
+
+- Deploy machine learning workloads using Azure Machine Learning for Kubernetes clusters.
+
+- Deploy and manage Kubernetes applications from Azure Marketplace.
+
+- Deploy Azure PaaS services that allow you to take advantage of specific hardware, comply with data residency requirements, or enable new scenarios. Examples of services include:
+
+    - Azure Arc-enabled data services
+    - Azure Machine Learning for Kubernetes clusters
+    - Workload Orchestration
+    - Event Grid on Kubernetes
+    - App Services on Azure Arc
+    - Open Service Mesh
+
+## MicroHack Context
+
+This MicroHack is a challenge-based experience which will walk you through the onboarding process and step by step enabling additional use cases.
+
+💡 *Optional*: Have a look at the following resources after completing this lab to deepen your learning:
+
+* [Azure Arc-enabled Kubernetes documentation](https://learn.microsoft.com/en-us/azure/azure-arc/kubernetes/)
+* [Azure Arc Jumpstart - Arc-enabled Kubernetes](https://jumpstart.azure.com/azure_arc_jumpstart/azure_arc_k8s)
+* [Azure Arc Jumpstart - Data Services](https://jumpstart.azure.com/azure_arc_jumpstart/azure_arc_data)
+* [Azure Arc - Workload Orchestration](https://learn.microsoft.com/en-us/azure/azure-arc/workload-orchestration/overview)
+* [Azure Arc Jumpstart - Machine Learning](https://jumpstart.azure.com/azure_arc_jumpstart/azure_arc_ml)
+* [Azure Arc Jumpstart - Iot Operations](https://jumpstart.azure.com/azure_arc_jumpstart/azure_edge_iot_ops)
+* [Speed Innovation with Arc-enabled Kubernetes Applications](https://techcommunity.microsoft.com/blog/azurearcblog/speed-innovation-with-arc-enabled-kubernetes-applications/4298658)
+* [Azure Arc-Enabled Kubernetes now available on Azure Marketplace](https://techcommunity.microsoft.com/blog/azurearcblog/azure-arc-enabled-kubernetes-now-available-on-azure-marketplace/4034060)
+* [Introduction to Azure Arc landing zone accelerator for hybrid and multicloud](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/hybrid/enterprise-scale-landing-zone)
+
+## Objectives
+
+After completing this MicroHack you will be familiar with:
+
+* How to connect your Kubernetes cluster running anywhere to Azure Arc
+* Understand how you can streamline your operations and development processes for your Kubernetes clusters running anywhere
+* Deploying Azure PaaS services such as SQL Managed Instance in your Kubernetes cluster running anywhere 
+
+## MicroHack Challenges
+
+In order to play through the challenges, your microhack coach prepared a k8s cluster for you, which you will use as your onprem environment. In the case of this microhack, we are using an K3s cluster. 
+
+For each user there are two resource groups pre-created by your coach. 
+| Name            | Description                                                                                 |
+|-----------------|---------------------------------------------------------------------------------------------|
+| xy-k8s-onprem   | In this resource group you can find the k8s cluster which simulates your onprem environment |
+| xy-k8s-arc      | Into this resource group your arc resources will be stored                                  | 
+(xy is a placeholder for your LabUser number you will receive from your coach to access the environment)
+### General Prerequisites
+
+In order to successfully work through the challenges in this MicroHack, you will need the following prerequisites:
+
+* [An Azure account with owner permissions on an active subscription](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) 
+* [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli) (Hint: Make sure to use the lastest version)
+* [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/#install-using-native-package-management)
+* [Helm](https://helm.sh/docs/intro/install/)
+
+💡*Hint*: 
+* The solution has been verified using [Visual Studio Code](https://code.visualstudio.com/) with integrated Linux Bash Shell ([WSL](https://learn.microsoft.com/en-us/windows/wsl/install)). 
+* In order to clone this repository to your local system, use either git or the github plugin for VSC. 
+
+## Contributors
+* Simon Schwingel [GitHub](https://github.com/skiddder); [LinkedIn](https://www.linkedin.com/in/simon-schwingel-b602869a/)
+* Lars Fischer [GitHub](https://github.com/MSFT-LarsFisch); [LinkedIn](https://www.linkedin.com/in/lars-fischer-5464a5175/)
+
+## Get Started
+[Challenge-01](challenges/challenge-01.md)

03-Azure/01-03-Infrastructure/03_Hybrid_Azure_Arc_Kubernetes/challenges/challenge-01.md

@@ -0,0 +1,30 @@
+# Challenge 1 - Onboarding your Kubernetes Cluster
+
+## Goal
+In challenge 1 you will connect/onboard your existing K8s cluster to Azure Arc. 
+
+## Actions
+* Verify all prerequisites are in place
+  * Resource Providers
+  * Azure CLI extensions
+  * Resource group (Name: mh-arc-k8s-<xy>)
+  * Connectivity to required Azure endpoints
+* Deploy the Azure Arc agent pods to your k8s cluster
+* Assign permissions to view k8s resources in the Azure portal
+
+## Success Criteria
+* Your k8s cluster appears in the Azure portal under Azure Arc > Infrastructure > Kubernetes clusters and is in status "Connected". Which arc agent version is running?
+* In the Azure portal below Kubernetes resources > Workloads you can see all deployments and pods running on your cluster. What arc-specific namespaces were deployed during onboarding?
+
+## Learning Resources
+* (https://learn.microsoft.com/en-us/azure/azure-arc/kubernetes/overview)
+* (https://learn.microsoft.com/en-us/azure/azure-arc/kubernetes/quickstart-connect-cluster?tabs=azure-cli)
+* (https://learn.microsoft.com/en-us/azure/azure-arc/kubernetes/cluster-connect)
+* (https://learn.microsoft.com/en-us/azure/azure-arc/kubernetes/azure-rbac)
+* (https://learn.microsoft.com/en-us/azure/azure-arc/kubernetes/kubernetes-resource-view)
+* (https://learn.microsoft.com/en-us/cli/azure/connectedk8s?view=azure-cli-latest)
+
+## Solution - Spoilerwarning
+[Solution Steps](../walkthroughs/challenge-01/solution.md)
+
+[Next challenge](challenge-02.md) | [Back](../Readme.md)

03-Azure/01-03-Infrastructure/03_Hybrid_Azure_Arc_Kubernetes/challenges/challenge-02.md

@@ -0,0 +1,37 @@
+# Challenge 2 - Enable Azure Monitor for Containers
+
+In this challenge, you’ll configure the core monitoring and governance capabilities that turn an Arc‑enabled k8s cluster into an enterprise‑ready platform. 
+* Azure Monitor Container Insights provides real‑time visibility into cluster health, performance, and workload behavior, while
+* Microsoft Defender for Kubernetes adds runtime threat detection and security hardening to protect your applications and infrastructure. 
+* Azure Policy for Kubernetes ensures consistent governance by enforcing configuration and compliance standards across the cluster.
+
+All telemetry, logs, and security signals generated by these services flow into Log Analytics, which serves as the central, scalable persistence layer for querying, alerting, and correlating operational and security data.
+
+💡*Hint*: There is a [Monitoring microhack](../07_Azure_Monitor/README.md) which guides you on how to create alerts, dashboards and workbooks to operationalize your monitoring experience.
+
+💡*Hint*: In this microhack we are focusing on infrastructure monitoring. But you easily can add application monitoring using either [Application Insights](https://learn.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview) or [Azure Managed Prometheus](https://learn.microsoft.com/en-us/azure/azure-monitor/metrics/prometheus-metrics-overview) for workloads running in your k8s cluster.
+
+## Goal
+* Establish foundational monitoring, security, and governance for an Arc‑enabled Kubernetes cluster
+
+## Actions
+* Create a Log Analytics workspace as centralized storage for all logs and metrics.
+* Enable Azure Monitor – Container Insights via the Arc extension to collect cluster, node, pod, and container telemetry.
+* Onboard the cluster to Microsoft Defender for Kubernetes to activate runtime threat detection and security posture management.
+* Assign Azure Policy for Kubernetes to enforce governance rules and ensure consistent configuration and compliance across the cluster.
+
+## Success Criteria
+* In the Azure portal navigate to your arc-enabled k8s cluster. Under Monitoring > Insights you can see node performance etc, workload status and container logs
+* Defender for Kubernetes displays active security assessments, no onboarding errors, and visible recommendations and alerts.
+* Azure Policy shows evaluated policy results with compliant/non‑compliant resources and enforcement functioning as expected.
+* Telemetry from all components is visible and queryable in Log Analytics, confirming correct data ingestion and workspace linkage.
+
+## Learning Resources
+* https://learn.microsoft.com/en-us/azure/azure-monitor/containers/kubernetes-monitoring-overview
+* https://learn.microsoft.com/en-us/azure/azure-monitor/containers/kubernetes-monitoring-enable-arc
+* https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-containers-arc-enable-programmatically
+
+## Solution - Spoilerwarning
+[Solution Steps](../walkthroughs/challenge-02/solution.md)
+
+[Next challenge](challenge-03.md) | [Back](../Readme.md)

03-Azure/01-03-Infrastructure/03_Hybrid_Azure_Arc_Kubernetes/challenges/challenge-03.md

@@ -0,0 +1,25 @@
+## Challenge 3 - Deploy CPU based Large & Small Language Models (LLM/SLM)
+
+### Goal
+In challenge 3 you will deploy a LLM/SLM to your Azure Arc-enabled Kubernetes Cluster to run an AI prompt.
+
+### Actions
+* Login to your Kubernetes via Azure CLI Kubernetes Proxy and use kubectl
+* Create a new namespace and deploy a AIMH for CPU based compute resources
+* Deploy openwebUI, access it and link it to the local ollama API
+
+### Success Criteria
+* In the Azure portal navigate to your arc-enabled k8s cluster. Under Namespaces > you can see a new namespace called AIMH
+* In the AIMH namespace you see your Ollama and OpenWebUI deployment
+* you entered your first prompt "What is a Microsoft MicroHack?" and you see a result.
+
+### Learning Resources
+* (https://learn.microsoft.com/en-us/azure/aks/aksarc/deploy-ai-model?tabs=portal)
+* (https://github.com/otwld/ollama-helm) CPU based LLM/SLM
+* (https://docs.openwebui.com/getting-started/quick-start/)
+* (https://github.com/kaito-project/kaito) GPU Based LLM/SLM
+
+### Solution - Spoilerwarning
+[Solution Steps](../walkthroughs/challenge-03/solution.md)
+
+[Next challenge](challenge-04.md) | [Back](../Readme.md)

03-Azure/01-03-Infrastructure/03_Hybrid_Azure_Arc_Kubernetes/challenges/challenge-04.md

@@ -0,0 +1,30 @@
+# Challenge 4 - Deploy SQL Managed Instance to your cluster
+
+## Goal
+In challenge 4 you will deploy Azure Arc-enabled Data Services to your cluster and create a SQL Managed Instance. This enables you to run Azure SQL services on-premises or at the edge while maintaining cloud management and control through Azure Arc.
+
+## Actions
+* Register the Microsoft.AzureArcData resource provider in your subscription
+* Deploy an Azure Arc Data Controller to your Arc-enabled K8s cluster
+* Create a custom location that represents your on-premises K8s cluster as a deployment target in Azure
+* Deploy a SQL Managed Instance to your cluster through the Arc Data Controller
+* Connect to the SQL Managed Instance and query the database version
+
+## Success Criteria
+* The Azure Arc Data Controller is successfully deployed and visible in the Azure portal under your resource group
+* A SQL Managed Instance resource appears in Azure portal with status "Ready"
+* In your Kubernetes cluster, you can see the SQL MI pods running in the custom location namespace
+* You can successfully connect to the SQL Managed Instance using the master node's public IP and the assigned NodePort
+* You can execute a test query (e.g., `SELECT @@VERSION`) and see the query result
+
+## Learning Resources
+* [Deploy a SQL Managed Instance enabled by Azure Arc](https://learn.microsoft.com/en-us/azure/azure-arc/data/create-sql-managed-instance)
+* [Azure Arc-enabled data services overview](https://learn.microsoft.com/en-us/azure/azure-arc/data/overview)
+* [What is Azure Arc-enabled SQL Managed Instance?](https://learn.microsoft.com/en-us/azure/azure-arc/data/managed-instance-overview)
+* [Custom locations on Azure Arc-enabled Kubernetes](https://learn.microsoft.com/en-us/azure/azure-arc/kubernetes/custom-locations)
+* [Azure Arc Data Controller deployment](https://learn.microsoft.com/en-us/azure/azure-arc/data/create-data-controller)
+
+## Solution - Spoilerwarning
+[Solution Steps](../walkthroughs/challenge-04/solution.md)
+
+[Next challenge](challenge-05.md) | [Back](../Readme.md)

03-Azure/01-03-Infrastructure/03_Hybrid_Azure_Arc_Kubernetes/challenges/challenge-05.md

@@ -0,0 +1,26 @@
+# Challenge 5 - Configure GitOps for cluster management
+
+## Goal
+Configure GitOps with Flux for cluster management. In this microhack we chose to manage Kubernetes namespaces from a Git repository as an example how GitOps can be used to centralize configuration of multiple clusters from a single source of truth.
+
+## Actions
+1. Ensure the Flux extension is installed on your Arc-enabled Kubernetes cluster.
+2. Fork the MicroHack repository (public for ease of use) and clone only the required `namespaces` folder via sparse checkout.
+3. Create a Flux configuration that points to the `namespaces` folder in your fork.
+4. Verify the initial namespace from the repo is created automatically.
+5. Add a new namespace manifest (team1) and push it to your fork.
+
+## Success Criteria
+* A Flux configuration exists and is in a healthy state for your Arc-enabled cluster.
+* The initial namespace from the repository is created in the cluster.
+* A second namespace (team1) appears after you push the new manifest.
+
+## Learning Resources
+* [GitOps for Azure Kubernetes Service](https://learn.microsoft.com/en-us/azure/architecture/example-scenario/gitops-aks/gitops-blueprint-aks)
+* [GitOps with Flux on Azure Arc-enabled Kubernetes clusters](https://learn.microsoft.com/en-us/azure/azure-arc/kubernetes/conceptual-gitops-flux2)
+* [Flux documentation - Get started](https://fluxcd.io/docs/get-started/)
+
+## Solution - Spoilerwarning
+[Solution Steps](../walkthroughs/challenge-05/solution.md)
+
+[Next challenge](challenge-06.md) | [Back](../Readme.md)

03-Azure/01-03-Infrastructure/03_Hybrid_Azure_Arc_Kubernetes/lab/container-registry.tf

@@ -0,0 +1,17 @@
+# will be used in challenge 04-gitops
+
+resource "azurerm_container_registry" "this" {
+    count               = length(local.indices)
+    name                = "${format("%02d", local.indices[count.index])}${var.acr_name}"
+    resource_group_name = azurerm_resource_group.mh_k8s_arc[count.index].name
+    location            = azurerm_resource_group.mh_k8s_arc[count.index].location
+    sku                 = var.container_registry_sku
+    admin_enabled       = var.container_registry_admin_enabled
+}
+
+output "acr_names" {
+    value = {
+        for i, acr in azurerm_container_registry.this :
+        local.indices[i] => acr.name
+    }
+}