Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

AKS

Download as PPTX, PDF
G
girish goudar

AKS reduces the complexity of managing Kubernetes by offloading operations to Azure. It allows easy creation and management of Kubernetes clusters through simple CLI commands. AKS supports advanced networking features in Azure like VNET integration and ingress controllers. It also enables integration with other Azure services for storage, databases, and monitoring through open service brokers.

1 of 56
7 things to know before using AKS
AKS
What is Kubernetes? Kubernetes comes from the Greek word κυβερνήτης:, which means helmsman or ship pilot, ie: the captainer of a container ship. "Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications."
Elements of Orchestration Scheduling Affinity/anti- affinity Health monitoring Failover Scaling Networking Service discovery Coordinated app upgrades
Kubernetes architecture Master API Server Scheduler Controller Manager Node (Minion) etcd kubelet Kube- Proxy cAdvisor Pod Pod Pod Kubectl (CLI) Dashboard (UI) REST client (Code)
Azure Kubernetes Service (AKS) AKS reduces the complexity and operational overhead of managing Kubernetes by offloading much of that responsibility to Azure.
Kubernetes Cluster Node Node Node Node Node Node
Azure Kubernetes Service (AKS) Get started easily $ az aks create $ az aks install-cli $ az aks get-credentials $ kubectl get nodes
Azure Kubernetes Service (AKS) Manage an AKS cluster $ az aks list $ az aks upgrade $ kubectl get nodes $ az aks scale
7 things • Cluster Creation : Cluster Isolation and Networking • Configuring Cluster • Tools: Draft and Azure Dev Spaces • Azure Services • Scaling your Applications and Cluster • Logging and Monitoring • Deployment
AKS
Dev Cluster PodA PodB PodDPodC Node0 Node1 PodE PodF PodHPodG Prod Team1 Cluster PodA PodB PodDPodC Node0 Node1 PodE PodF PodHPodG Staging Cluster PodA PodB PodDPodC Node0 Node1 PodE PodF PodHPodG Prod Team2 Cluster PodA PodB PodDPodC Node0 Node1 PodE PodF PodHPodG
Dev and Staging Cluster DevTeam1 Staging DevTeam2 Node0 Node1 Node2 Node3 Pod Pod PodPod Pod Pod PodPod Pod Pod PodPod Pod Pod PodPod Prod Cluster Team1 Team2 Team3 Node0 Node1 Node3 Node4 Pod Pod PodPod Pod Pod PodPod Pod Pod PodPod Pod Pod PodPod
Kubernetes Namespaces • Namespaces Object is the logical Isolation boundary • Kubernetes has features to help us safely isolate tenants • Scheduling: Resource Quota • CPU and memory • Number of pods • Network Isolation using Network Policies • Azure • Calico • Authentication and Authorization: • Role -> RoleBinding ->Namespace • ClusterRole -> ClusterRoleBinding -> Cluster
AKS Basic Networking • Done using Kubenet network plugin and has the following features • Nodes and Pods are placed on different IP subnets • User Defined Routing and IP Forwarding is for connectivity between Pods across Nodes. • Drawbacks • 2 different IP CIDRs to manage • Performance impact • Peering or On-Premise connectivity is hard to achieve
AKS Advanced Networking • Done using the Azure CNI (Container Networking Interface) • CNI is a vendor-neutral protocol, used by container runtimes to make requests to Networking Providers • Azure CNI is an implementation which allows you to integrate Kubernetes with your VNET • Advantages • Single IP CIDR to manage • Better Performance • Peering and On-Premise connectivity is out of the box
AKS with Advanced Networking AKS subnet Backend services subnet Azure VNet A On-premises infrastructure Enterprise system Other peered VNets VNet B VNet peering Azure Express Route AKS cluster SQL Server
AKS
AKS
• Service Type LoadBalancer • Basic Layer4 Load Balancing (TCP/UDP) • Each service as assigned an IP on the ALB apiVersion: v1 kind: Service metadata: name: frontendservice spec: loadBalancerIP: X.X.X.X type: LoadBalancer ports: - port: 80 selector: app: frontend Azure AKS VNet AKS subnet AKS cluster FrontEndService Pod1 label:Frontend Pod2 label:Frontend Pod3 label:Frontend Public LB Public IP
• Used for internal services that should be accessed by other VNETs or On- Premise only apiVersion: v1 kind: Service metadata: name: internalservice annotations: service.beta.kubernetes.io/azure-load- balancer-internal: "true" spec: type: LoadBalancer loadBalancerIP: 10.240.0.25 ports: - port: 80 selector: app: internal Azure AKS VNet AKS subnet AKS cluster InternalService Pod1 label:Internal Pod2 label:Internal Pod3 label:Internal Internal LB Internal IP Other peered VNets VNet B VNet peering On-premises infrastructure Enterprise system Azure Express Route
Ingress and Ingress Controllers • Ingress is a Kubernetes API that manages external access to the services in the cluster • Supports HTTP and HTTPs • Path and Subdomain based routing • SSL Termination • Save on public Ips • Ingress controller is a daemon, deployed as a Kubernetes Pod, that watches the Ingress Endpoint for updates. Its job is to satisfy requests for ingresses. • Most popular one being Nginx. • Azure Application Gateway Ingress Controller.
AKS
West Europe VNET Traffic Manager AKS cluster Application Gateway & Firewall Public IP-Address North Europe VNETAKS cluster Application Gateway & Firewall Public IP-Address High Available AKS
Azure Front Door Global Load Balancer Traffic Manager + Application Gateway + CDN in one product Global Http Load Balancing URL redirection SSL termination WAF rules Static Content Cache StaticContentCache
AKS
AKS
Tools • Draft This is used to faster inner loop for a developer • Draft Create • Draft Up • Azure Dev spaces This is used to debug microservices without needing to mock the other services
AKS
AKS
Azure Services • Azure Key vault • Secrets in kubernetes are base64 encoded • Azure Storage • Store state • Azure Managed Services • CosmosDB • Azure SQL
Azure Key Vault • Managed Identity • AAD Pod Identity • Key Vault Flex Volume
Azure Storage - Azure files and disk • Volumes • Persistent Volumes • Static • Dynamic
Open Service Broker for Azure (OSBA) An implementation of the Open Service Broker API OpenShift Cloud Foundry Service Fabric (Coming soon) Kubernetes (AKS) Azure SQL Database Redis Cache CosmosDB And more! Open Service Broker for Azure (OSBA)
AKS
AKS
Manual scaling is tedious and ineffective • Horizontal pod autoscaling(HPA) -> Scaling pods/containers • Cluster Autoscaling -> Scaling infrastructure/VM’s • AKS + ACI + VK for burst scenarios -> Scaling pods/containers
Pod Pod Kublet cAdvisor Node1 Horizontal Pod Autoscaler Deployment ReplicaSet replicas++ replicas-- Pod Kublet cAdvisor Node2 NodeX Metrics Server Collects metrics from all nodes Gets metrics from Collects metrics from all containers on the node
• Scales nodes based on pending pods • Scale up and scale down • Reduces dependency on monitoring • Removes need for users to manage nodes and monitor service usage manually Pod Pod CA Pod Pod Node Node 4. Pending pods are scheduled 3. Node is granted 2. Additional node(s) needed 1. Pods are in pending state Pod Pod AKS Cluster
VM Pods VM Pods VM Pods VM Pods Kubernetes control pane Azure Container Instances (ACI) Pods ACI Connector Application Architect Infrastructure Architect Deployment/ tasks
AKS
AKS
Monitoring/Logging your cluster • Azure Monitor for Containers
Overview health of AKS cluster
Node event Logs
Pod usage and details
Customer control plane logs • Use the Azure portal to enable diagnostics logs • Pipe logs to log analytics, event hub or a storage account • Metrics available today • Kube-controller-manager • Kube-api-server • Kube-scheduler • Audit logs on the roadmap
Example control plane logs
AKS
AKS
CI/CD Database tier AKS production cluster Source code control Helm chart Inner loop Test Debug VSCode AKS dev cluster Azure Container Registry Azure Pipelines/ DevOps Project Auto-build Business tier Web tier Azure Monitor CI/CD Aqua and Twistlock container security Aqua, Twistlock, Neuvector Container Security
AKS
AKS
Resources • AKS Best Practices GitHub: https://github.com/Azure/k8s-best-practices • AKS Hackfest: aka.ms/k8s-hackfest & https://github.com/Azure/kubernetes-hackfest • Distributed systems Labs by Brendan Burns • Kube Advisor: https://github.com/Azure/kube-advisor • VSCode Kubernetes Extension • Documentation resources • Ebook for distributed systems • AKS HoL • Kubernetes Learning Path
GDBC - 2019 Register at https://globaldevopsbootcamp.com/
AKS

More Related Content

AKS

  • 1. 7 things to know before using AKS
  • 3. What is Kubernetes? Kubernetes comes from the Greek word κυβερνήτης:, which means helmsman or ship pilot, ie: the captainer of a container ship. "Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications."
  • 4. Elements of Orchestration Scheduling Affinity/anti- affinity Health monitoring Failover Scaling Networking Service discovery Coordinated app upgrades
  • 5. Kubernetes architecture Master API Server Scheduler Controller Manager Node (Minion) etcd kubelet Kube- Proxy cAdvisor Pod Pod Pod Kubectl (CLI) Dashboard (UI) REST client (Code)
  • 6. Azure Kubernetes Service (AKS) AKS reduces the complexity and operational overhead of managing Kubernetes by offloading much of that responsibility to Azure.
  • 8. Azure Kubernetes Service (AKS) Get started easily $ az aks create $ az aks install-cli $ az aks get-credentials $ kubectl get nodes
  • 9. Azure Kubernetes Service (AKS) Manage an AKS cluster $ az aks list $ az aks upgrade $ kubectl get nodes $ az aks scale
  • 10. 7 things • Cluster Creation : Cluster Isolation and Networking • Configuring Cluster • Tools: Draft and Azure Dev Spaces • Azure Services • Scaling your Applications and Cluster • Logging and Monitoring • Deployment
  • 12. Dev Cluster PodA PodB PodDPodC Node0 Node1 PodE PodF PodHPodG Prod Team1 Cluster PodA PodB PodDPodC Node0 Node1 PodE PodF PodHPodG Staging Cluster PodA PodB PodDPodC Node0 Node1 PodE PodF PodHPodG Prod Team2 Cluster PodA PodB PodDPodC Node0 Node1 PodE PodF PodHPodG
  • 13. Dev and Staging Cluster DevTeam1 Staging DevTeam2 Node0 Node1 Node2 Node3 Pod Pod PodPod Pod Pod PodPod Pod Pod PodPod Pod Pod PodPod Prod Cluster Team1 Team2 Team3 Node0 Node1 Node3 Node4 Pod Pod PodPod Pod Pod PodPod Pod Pod PodPod Pod Pod PodPod
  • 14. Kubernetes Namespaces • Namespaces Object is the logical Isolation boundary • Kubernetes has features to help us safely isolate tenants • Scheduling: Resource Quota • CPU and memory • Number of pods • Network Isolation using Network Policies • Azure • Calico • Authentication and Authorization: • Role -> RoleBinding ->Namespace • ClusterRole -> ClusterRoleBinding -> Cluster
  • 15. AKS Basic Networking • Done using Kubenet network plugin and has the following features • Nodes and Pods are placed on different IP subnets • User Defined Routing and IP Forwarding is for connectivity between Pods across Nodes. • Drawbacks • 2 different IP CIDRs to manage • Performance impact • Peering or On-Premise connectivity is hard to achieve
  • 16. AKS Advanced Networking • Done using the Azure CNI (Container Networking Interface) • CNI is a vendor-neutral protocol, used by container runtimes to make requests to Networking Providers • Azure CNI is an implementation which allows you to integrate Kubernetes with your VNET • Advantages • Single IP CIDR to manage • Better Performance • Peering and On-Premise connectivity is out of the box
  • 17. AKS with Advanced Networking AKS subnet Backend services subnet Azure VNet A On-premises infrastructure Enterprise system Other peered VNets VNet B VNet peering Azure Express Route AKS cluster SQL Server
  • 20. • Service Type LoadBalancer • Basic Layer4 Load Balancing (TCP/UDP) • Each service as assigned an IP on the ALB apiVersion: v1 kind: Service metadata: name: frontendservice spec: loadBalancerIP: X.X.X.X type: LoadBalancer ports: - port: 80 selector: app: frontend Azure AKS VNet AKS subnet AKS cluster FrontEndService Pod1 label:Frontend Pod2 label:Frontend Pod3 label:Frontend Public LB Public IP
  • 21. • Used for internal services that should be accessed by other VNETs or On- Premise only apiVersion: v1 kind: Service metadata: name: internalservice annotations: service.beta.kubernetes.io/azure-load- balancer-internal: "true" spec: type: LoadBalancer loadBalancerIP: 10.240.0.25 ports: - port: 80 selector: app: internal Azure AKS VNet AKS subnet AKS cluster InternalService Pod1 label:Internal Pod2 label:Internal Pod3 label:Internal Internal LB Internal IP Other peered VNets VNet B VNet peering On-premises infrastructure Enterprise system Azure Express Route
  • 22. Ingress and Ingress Controllers • Ingress is a Kubernetes API that manages external access to the services in the cluster • Supports HTTP and HTTPs • Path and Subdomain based routing • SSL Termination • Save on public Ips • Ingress controller is a daemon, deployed as a Kubernetes Pod, that watches the Ingress Endpoint for updates. Its job is to satisfy requests for ingresses. • Most popular one being Nginx. • Azure Application Gateway Ingress Controller.
  • 24. West Europe VNET Traffic Manager AKS cluster Application Gateway & Firewall Public IP-Address North Europe VNETAKS cluster Application Gateway & Firewall Public IP-Address High Available AKS
  • 25. Azure Front Door Global Load Balancer Traffic Manager + Application Gateway + CDN in one product Global Http Load Balancing URL redirection SSL termination WAF rules Static Content Cache StaticContentCache
  • 28. Tools • Draft This is used to faster inner loop for a developer • Draft Create • Draft Up • Azure Dev spaces This is used to debug microservices without needing to mock the other services
  • 31. Azure Services • Azure Key vault • Secrets in kubernetes are base64 encoded • Azure Storage • Store state • Azure Managed Services • CosmosDB • Azure SQL
  • 32. Azure Key Vault • Managed Identity • AAD Pod Identity • Key Vault Flex Volume
  • 33. Azure Storage - Azure files and disk • Volumes • Persistent Volumes • Static • Dynamic
  • 34. Open Service Broker for Azure (OSBA) An implementation of the Open Service Broker API OpenShift Cloud Foundry Service Fabric (Coming soon) Kubernetes (AKS) Azure SQL Database Redis Cache CosmosDB And more! Open Service Broker for Azure (OSBA)
  • 37. Manual scaling is tedious and ineffective • Horizontal pod autoscaling(HPA) -> Scaling pods/containers • Cluster Autoscaling -> Scaling infrastructure/VM’s • AKS + ACI + VK for burst scenarios -> Scaling pods/containers
  • 38. Pod Pod Kublet cAdvisor Node1 Horizontal Pod Autoscaler Deployment ReplicaSet replicas++ replicas-- Pod Kublet cAdvisor Node2 NodeX Metrics Server Collects metrics from all nodes Gets metrics from Collects metrics from all containers on the node
  • 39. • Scales nodes based on pending pods • Scale up and scale down • Reduces dependency on monitoring • Removes need for users to manage nodes and monitor service usage manually Pod Pod CA Pod Pod Node Node 4. Pending pods are scheduled 3. Node is granted 2. Additional node(s) needed 1. Pods are in pending state Pod Pod AKS Cluster
  • 40. VM Pods VM Pods VM Pods VM Pods Kubernetes control pane Azure Container Instances (ACI) Pods ACI Connector Application Architect Infrastructure Architect Deployment/ tasks
  • 43. Monitoring/Logging your cluster • Azure Monitor for Containers
  • 44. Overview health of AKS cluster
  • 46. Pod usage and details
  • 47. Customer control plane logs • Use the Azure portal to enable diagnostics logs • Pipe logs to log analytics, event hub or a storage account • Metrics available today • Kube-controller-manager • Kube-api-server • Kube-scheduler • Audit logs on the roadmap
  • 51. CI/CD Database tier AKS production cluster Source code control Helm chart Inner loop Test Debug VSCode AKS dev cluster Azure Container Registry Azure Pipelines/ DevOps Project Auto-build Business tier Web tier Azure Monitor CI/CD Aqua and Twistlock container security Aqua, Twistlock, Neuvector Container Security
  • 54. Resources • AKS Best Practices GitHub: https://github.com/Azure/k8s-best-practices • AKS Hackfest: aka.ms/k8s-hackfest & https://github.com/Azure/kubernetes-hackfest • Distributed systems Labs by Brendan Burns • Kube Advisor: https://github.com/Azure/kube-advisor • VSCode Kubernetes Extension • Documentation resources • Ebook for distributed systems • AKS HoL • Kubernetes Learning Path
  • 55. GDBC - 2019 Register at https://globaldevopsbootcamp.com/