AKS reduces the complexity of managing Kubernetes by offloading operations to Azure. It allows easy creation and management of Kubernetes clusters through simple CLI commands. AKS supports advanced networking features in Azure like VNET integration and ingress controllers. It also enables integration with other Azure services for storage, databases, and monitoring through open service brokers.
3. What is Kubernetes?
Kubernetes comes from the Greek
word κυβερνήτης:, which
means helmsman or ship pilot, ie: the
captainer of a container ship.
"Kubernetes is an open-source system for
automating deployment, scaling, and management
of containerized applications."
4. Elements of Orchestration
Scheduling Affinity/anti-
affinity
Health
monitoring
Failover
Scaling Networking Service
discovery
Coordinated
app upgrades
5. Kubernetes architecture
Master
API Server Scheduler
Controller
Manager
Node
(Minion)
etcd
kubelet
Kube-
Proxy
cAdvisor
Pod Pod Pod
Kubectl
(CLI)
Dashboard
(UI)
REST client
(Code)
6. Azure Kubernetes Service (AKS)
AKS reduces the complexity and
operational overhead of managing
Kubernetes by offloading much of that
responsibility to Azure.
8. Azure Kubernetes Service (AKS)
Get started easily
$ az aks create
$ az aks install-cli
$ az aks get-credentials
$ kubectl get nodes
9. Azure Kubernetes Service (AKS)
Manage an AKS cluster
$ az aks list
$ az aks upgrade
$ kubectl get nodes
$ az aks scale
10. 7 things
• Cluster Creation : Cluster Isolation and Networking
• Configuring Cluster
• Tools: Draft and Azure Dev Spaces
• Azure Services
• Scaling your Applications and Cluster
• Logging and Monitoring
• Deployment
12. Dev Cluster
PodA PodB
PodDPodC
Node0 Node1
PodE PodF
PodHPodG
Prod Team1 Cluster
PodA PodB
PodDPodC
Node0 Node1
PodE PodF
PodHPodG
Staging Cluster
PodA PodB
PodDPodC
Node0 Node1
PodE PodF
PodHPodG
Prod Team2 Cluster
PodA PodB
PodDPodC
Node0 Node1
PodE PodF
PodHPodG
13. Dev and Staging Cluster
DevTeam1
Staging
DevTeam2
Node0 Node1
Node2 Node3
Pod Pod
PodPod
Pod Pod
PodPod
Pod Pod
PodPod
Pod Pod
PodPod
Prod Cluster
Team1
Team2
Team3
Node0 Node1
Node3 Node4
Pod Pod
PodPod
Pod Pod
PodPod
Pod Pod
PodPod
Pod Pod
PodPod
14. Kubernetes Namespaces
• Namespaces Object is the logical Isolation boundary
• Kubernetes has features to help us safely isolate tenants
• Scheduling: Resource Quota
• CPU and memory
• Number of pods
• Network Isolation using Network Policies
• Azure
• Calico
• Authentication and Authorization:
• Role -> RoleBinding ->Namespace
• ClusterRole -> ClusterRoleBinding -> Cluster
15. AKS Basic Networking
• Done using Kubenet network plugin and has the following features
• Nodes and Pods are placed on different IP subnets
• User Defined Routing and IP Forwarding is for connectivity between Pods across Nodes.
• Drawbacks
• 2 different IP CIDRs to manage
• Performance impact
• Peering or On-Premise connectivity is hard to achieve
16. AKS Advanced Networking
• Done using the Azure CNI (Container Networking Interface)
• CNI is a vendor-neutral protocol, used by container runtimes to make requests to
Networking Providers
• Azure CNI is an implementation which allows you to integrate Kubernetes with your
VNET
• Advantages
• Single IP CIDR to manage
• Better Performance
• Peering and On-Premise connectivity is out of the box
17. AKS with Advanced Networking
AKS subnet
Backend
services subnet
Azure VNet A
On-premises
infrastructure
Enterprise
system
Other peered VNets
VNet B
VNet peering
Azure
Express
Route
AKS cluster SQL Server
20. • Service Type LoadBalancer
• Basic Layer4 Load Balancing (TCP/UDP)
• Each service as assigned an IP on the
ALB
apiVersion: v1
kind: Service
metadata:
name: frontendservice
spec:
loadBalancerIP: X.X.X.X
type: LoadBalancer
ports:
- port: 80
selector:
app: frontend
Azure AKS VNet
AKS subnet
AKS cluster
FrontEndService
Pod1
label:Frontend
Pod2
label:Frontend
Pod3
label:Frontend
Public LB
Public IP
21. • Used for internal services that should
be accessed by other VNETs or On-
Premise only
apiVersion: v1
kind: Service
metadata:
name: internalservice
annotations:
service.beta.kubernetes.io/azure-load-
balancer-internal: "true"
spec:
type: LoadBalancer
loadBalancerIP: 10.240.0.25
ports:
- port: 80
selector:
app: internal
Azure AKS VNet
AKS subnet
AKS cluster
InternalService
Pod1
label:Internal
Pod2
label:Internal
Pod3
label:Internal
Internal LB
Internal IP
Other peered VNets
VNet B
VNet peering
On-premises
infrastructure
Enterprise
system
Azure Express Route
22. Ingress and Ingress Controllers
• Ingress is a Kubernetes API that manages external access to the services in the cluster
• Supports HTTP and HTTPs
• Path and Subdomain based routing
• SSL Termination
• Save on public Ips
• Ingress controller is a daemon, deployed as a Kubernetes Pod, that watches the Ingress
Endpoint for updates. Its job is to satisfy requests for ingresses.
• Most popular one being Nginx.
• Azure Application Gateway Ingress Controller.
25. Azure Front Door Global Load Balancer
Traffic Manager + Application
Gateway + CDN in one
product
Global Http Load Balancing
URL redirection
SSL termination
WAF rules
Static Content Cache
StaticContentCache
28. Tools
• Draft This is used to faster inner loop for a developer
• Draft Create
• Draft Up
• Azure Dev spaces This is used to debug microservices without needing to mock the other
services
31. Azure Services
• Azure Key vault
• Secrets in kubernetes are base64 encoded
• Azure Storage
• Store state
• Azure Managed Services
• CosmosDB
• Azure SQL
33. Azure Storage - Azure files and disk
• Volumes
• Persistent Volumes
• Static
• Dynamic
34. Open Service Broker for Azure (OSBA)
An implementation of the Open Service Broker API
OpenShift Cloud Foundry Service Fabric
(Coming soon)
Kubernetes
(AKS)
Azure SQL Database Redis Cache CosmosDB And more!
Open Service Broker
for Azure (OSBA)
37. Manual scaling is tedious and ineffective
• Horizontal pod autoscaling(HPA) -> Scaling pods/containers
• Cluster Autoscaling -> Scaling infrastructure/VM’s
• AKS + ACI + VK for burst scenarios -> Scaling pods/containers
39. • Scales nodes based on pending pods
• Scale up and scale down
• Reduces dependency on monitoring
• Removes need for users to manage
nodes and monitor service usage
manually
Pod Pod
CA
Pod Pod
Node Node
4. Pending pods
are scheduled
3. Node is granted
2. Additional
node(s) needed
1. Pods are in
pending state
Pod Pod
AKS Cluster
47. Customer control plane logs
• Use the Azure portal to enable diagnostics logs
• Pipe logs to log analytics, event hub or a
storage account
• Metrics available today
• Kube-controller-manager
• Kube-api-server
• Kube-scheduler
• Audit logs on the roadmap
51. CI/CD
Database tier
AKS production cluster
Source
code control
Helm
chart
Inner loop
Test
Debug
VSCode
AKS dev
cluster
Azure
Container
Registry
Azure Pipelines/
DevOps Project
Auto-build
Business tier
Web tier
Azure
Monitor
CI/CD
Aqua and Twistlock
container security
Aqua, Twistlock, Neuvector
Container Security
54. Resources
• AKS Best Practices GitHub: https://github.com/Azure/k8s-best-practices
• AKS Hackfest: aka.ms/k8s-hackfest & https://github.com/Azure/kubernetes-hackfest
• Distributed systems Labs by Brendan Burns
• Kube Advisor: https://github.com/Azure/kube-advisor
• VSCode Kubernetes Extension
• Documentation resources
• Ebook for distributed systems
• AKS HoL
• Kubernetes Learning Path