Cloud for Kubernetes : Session4

1. Introduction AKS Overview Introduction Top scenarios Open source culture Resources

2. Containers and Kubernetes momentum Nearly 50% of organizations1 running 1000 or more hosts have adopted containers. Larger companies are leading the adoption.1 50% Half of container environment is orchestrated.1 77% 77% of companies2 who use container orchestrators choose Kubernetes. 75% The average size of a container deployment has grown 75% in one year. 1 “By 2020, more than 50% of enterprises will run mission-critical, containerized cloud-native applications in production.” 1 Datadog report: 8 Surprising Facts About Real Docker Adoption 2 CNCF survey: cloud-native-technologies-scaling-production-applications

3. What is a container? Virtualize the hardware VMs as units of scaling Virtual machines App Containers Virtualize the operating system Applications as units of scaling Container App

4. Kubernetes: the industry leading orchestrator Portable Public, private, hybrid, multi-cloud Extensible Modular, pluggable, hookable, composable Self-healing Auto-placement, auto-restart, auto-replication, auto-scaling

5. 1. Kubernetes users communicate with API server and apply desired state 2. Master nodes actively enforce desired state on worker nodes 3. Worker nodes support communication between containers Kubernetes Kubernetes control API server replication, namespace, serviceaccounts, etc. -controller- manager -scheduler etcd Master node Worker node kubelet kube-proxy Docker Prod Prod Containers Containers Worker node kubelet kube-proxy Docker Prod Prod Containers Containers Internet 4. Worker nodes support communication from the Internet

6. API server Controller ManagerScheduler etcd Store Cloud Controller Self-managed master node(s) How managed Kubernetes on Azure works • Automated upgrades, patches • High reliability, availability • Easy, secure cluster scaling • Self-healing • API server monitoring • At no charge Customer VMs App/ workload definitionUser Docker Pods Docker Pods Docker Pods Docker Pods Docker Pods Schedule pods over private tunnel Kubernetes API endpoint Azure managed control plane

7. From infrastructure to innovation Responsibilities DIY with Kubernetes Managed Kubernetes on Azure Containerization Application iteration, debugging CI/CD Cluster hosting Cluster upgrade Patching Scaling Monitoring and logging Customer Microsoft Managed Kubernetes empowers you to do more Focus on your containers and code, not the plumbing of them

8. Azure Kubernetes Service (AKS) Overview AKS Overview Introduction Top scenarios Open source culture Resources

9. AKS: Simplify the deployment, management, and operations of Kubernetes Deploy and manage Kubernetes with ease Scale and run applications with confidence Secure your Kubernetes environment Accelerate containerized application development Work how you want with open-source tools & APIs Set up CI/CD in a few clicks

10. Azure Kubernetes momentum 10x Kubernetes on Azure usage grew 10x 5x Kubernetes on Azure customers grew 5x Last 12 months

11. Deploy and manage Kubernetes with ease Task The old way With Azure Create a cluster Provision network and VMs Install dozens of system components including etcd Create and install certificates Register agent nodes with control plane az aks create Upgrade a cluster Upgrade your master nodes Cordon/drain and upgrade worker nodes individually az aks upgrade Scale a cluster Provision new VMs Install system components Register nodes with API server az aks scale Azure makes Kubernetes easy

12. Database tier AKS production cluster Source code control Helm chart Inner loop Test Debug Azure DevSpaces AKS dev cluster Azure Container Registry Azure Pipelines/ DevOps Project Auto-build Business logic Front end Azure Monitor CI/CD

13. Secure your Kubernetes environment Compliant Kubernetes service with certifications covering SOC, HIPAA, and PCI Control access through AAD and RBAC Safeguard keys and secrets with Key Vault Secure network communications with VNET and CNI

14. Scale and run with confidence Built-in auto scaling Global data center Geo-replicated container registry Elastically burst using ACI Browser Traffic manager Geo-replicated container registry AKS clusters Azure Container Instances Pod Pod Pod Pod Pod Pod

15. Top scenarios AKS Overview Introduction Top scenarios Open source culture Resources

16. Performance Low latency processing Machine learning Portability Build once, run anywhere IoT Agility Faster application development Microservices Top scenarios for Kubernetes on Azure Cost saving without refactoring your app Lift and shift to containers

17. Lift and shift to containers Microservices Machine learning IoT App modernization without code changes • Speed application deployments by using container technology • Defend against infrastructure failures with container orchestration • Increase agility with continuous integration and continuous delivery Azure Container Registry Existing application Kubernetes cluster Cloud Database Modernized application Modernized application Modernized application CI/CD

18. Lift and shift to containers Microservices Machine learning IoT Microservices: for faster app development • Independent deployments • Improved scale and resource utilization per service • Smaller, focused teams Monolithic APP APP APP Microservices Large, all-inclusive app Small, independent services

19. Lift and shift to containers Microservices Machine learning IoT Microservices: for faster app development 1. Use Azure Dev Spaces to iteratively develop, test, and debug microservices targeted for AKS clusters. 2. Easily access to SLA-backed Azure Services such as Azure Database for MySQL using Open Service Broker for Azure (OSBA) 3. Azure Monitor provides a single pane of glass for monitoring over app telemetry, cluster-to-container level health analytics. Monolithic APP APP APP Microservices Large, all-inclusive app Small, independent services

20. Maersk uses AKS for a customer service process to elevate NSAT, an industry-wide challenge Needs: Get near-real-time data to provide better customer service Collect data for future Machine Learning driven features Challenges: Compute & memory intensive features Data integration difficulties Limited organisational experience in Cloud & Kubernetes Requirements: Spend less time on container software management Automation and continuous delivery Full visibility to application, container and infrastructure Fine grained security and access control Click icon to learn more

21. Architectural approach 1. Azure Pipelines for automation and CI/CD pipelines; adding Terraform for further automation 2. Key Vault to secure secrets and for persistent configuration store 3. Azure Monitor for containers provides better logging, troubleshooting, with no direct container access 4. RBAC control for fine grained Kubernetes resources access control Firewall App Gateway AKS w/ RBAC Azure Monitor Azure Pipeline SQL Database Cosmos DB Performance Document DB Key Vault Event Hub Batch processing Event Simulation Data Factory Data Management Gateway On-premises database Express Route Service Bus Internal Queuing SQL Database

22. Results Reduced environment provisioning time from 1+ weeks to 2.5 hours Deploy times reduced to minutes with the introduction of terraform Increased developer autonomy with ARM and terraform <> Less time spend on managing secrets with AKS and Key Vault AKS and CaaS can potentially save 33% on run cost 100% automated production deployments

23. Lift and shift to containers Microservices Machine learning IoT Data science in a box • Quick deployment and high availability • Low latency data processing • Consistent environment across test, control and production https://github.com/Azure/kubeflow-labs Compute Training data Algorithm GPU-enabled VMs AKS trained model AI model in production Developer <> Data Scientist Serve the model

24. OpenAI uses cloud to drive flexibility and scalability for deep learning experiments Challenge: OpenAI needed infrastructure for deep learning that would allow experiments to run either in the cloud or in its own data center, and to easily scale. Solution: OpenAI migrated its Kubernetes clusters to Azure, running key experiments in fields including robotics and gaming both in Azure and in its own data centers. Outcome: Researchers now spend far less time launching experiments and scaling them out to hundreds of GPUs. OpenAI has also benefited from greater portability and lower costs given the ability to use its own data centers when appropriate. Because Kubernetes provides a consistent API, we can move our research experiments very easily between clusters… [We] have a number of teams that run their experiments both in Azure and in our own data centers, just depending on which cluster has free capacity, and that's hugely valuable.” — Christopher Berner, Head of Infrastructure OpenAI “ Click icon to learn more

25. Lift and shift to containers Microservices Machine learning IoT Scalable Internet of Things solutions • Portable code, runs anywhere • Elastic scalability and manageability • Quick deployment and high availability AKS Database for MySQL Azure Cosmos DB SQL Database IoT Hub IoT Edge devices IoT Edge Connector

26. Azure IoT Edge Compress Encrypt Send to Cloud Azure Lift and shift to containers Microservices Machine learning IoT Consistent management between cloud and edge 2. Virtual node, an implementation of Virtual Kubelet, serves as the translator between cloud and edge 3. IoT Edge Provider in virtual node redirects containers to IoT Edge and extend AKS cluster to target millions of Edge devices 4. Consistent update, manage, and monitoring as one unit in AKS using single pod definition Kubernetes cluster Node Docker container Docker container Node Docker container Docker container Virtual node IoT Edge Provider Docker container Docker containers Decrypt Decompress Send to Storage 1. Azure IoT Edge encrypts data and send to Azure, which then decrypts the data and send to storage

27. Challenge: For the NobelPrize.org relaunch, Nobel needed simplicity at scale to modernize their 10,000+ page worldwide site ahead of the quickly-approaching Nobel Prize announcements, bringing millions of visits each year. Solution: To leverage the scalability and ease of PaaS, Nobel brought their containerized Linux application to Azure App Service Environment to ensure that their popular site can handle high traffic loads and meets their security requirements. Outcome: Because the Linux on ASE PaaS offering abstracts away the complications of maintaining infrastructure, it was simple for Nobel to quickly shift their traditional application to a modern, flexible app in time for announcement week. Simple to get started, but can seamlessly handle scale with little maintenance. Relaunching the home of Nobel Prize awarded laureates and their discoveries The use of [Azure App Service] allows us to rapidly test and implement new ideas with the mission to inform, inspire and engage our global audience on the Nobel Prize.” — Hans Mehlin, Chief Technology Office, Nobel Media Click icon to visit the Nobel Prize website

28. App Service Environment (ASE) Developer Docker Image App Service Plan …or… Webhook …or… Docker Hub Azure Container Registry Private Registry App Deployment Deployment Slots App Service Diagnostics Authentication/ Authorization Domains & Certs Docker Container(s) Azure Portal CLI ARM Template ( ( Autoscale Rules Testing & Production A look into a production-ready app on App Service… • Run containerized applications without worrying about the infrastructure • Leave the scaling orchestration to our PaaS platform for hassle-free scaling for higher traffic loads • Secure your applications in an Azure Virtual Network to meet security requirements Simple to get started, but also robust to handle global scale with little maintenance

29. Nobel Prize website Deploy a global website using Linux containers in a PaaS environment Visitor/editor/ developer Full page cache and SSL termination CDN Digital asset management Public-facing endpoint Microsoft Azure Linux on ASE Containerized apps Prod, staging slots, dev tools Container Registry ASE Azure Redis Cache Gateway Subnets VPN Azure Blob Storage Azure MySQL Azure Redis Cache Main virtual network Internet Elastic Search traffic Container Registry traffic Site 2 site VPN Candidator DC Network Point 2 site VPN Developer • Run containerized applications without worrying about the infrastructure • Leave the scaling orchestration to our PaaS platform for hassle-free scaling for higher traffic loads • Secure your applications in an Azure Virtual Network to meet security requirements Simple to get started, but also robust to handle global scale with little maintenance

30. Xerox Docushare Flex—Before • Each customer instance assigned to dedicated Java and Postgres VMs • Set of backing services for authentication, file sharing, common data sources Typical 3-tier architecture using VMs Problem: Due to overhead and management burden of VMs, adding a new customer takes 24 hours, slowing down customer onboarding through sales and partner network Postgres Java Customer A Postgres Java Customer B Postgres Java Customer C Virtual Machines Backing Services LDAP SFTP PRIZM Internet

31. Xerox Docushare Flex—After • Convert Postgres database to a shared backing service • Run Java application in containers with no code modification • Switch to NGINX-based web-tier with LetsEncrypt for free SSL/TLS • New Helm chart created to automate customer onboarding to AKS Typical 3-tier architecture using AKS Outcome: Run the Java application in containers on AKS, decreasing provisioning time from 24 hours to 10 minutes, accelerating sales and customer onboarding with no code changes required Java Customer A Java Customer B Java Customer C AKS Internet NGINX Backing Services LDAP SFTP PRIZM Postgres Azure Container Registry

32. Benefits: • Onboard prospective customers faster through automation • Enable self-service demo environments for large partners • Reduce administrative overhead for small Ops team • No code modification required Xerox moves to containers in Azure for faster demo environment releases Thanks to Azure Kubernetes Service, we can now spin up new demo environments in 10 minutes instead of 24 hours. Moving Docushare Flex from virtual machines to containers in Azure allows us to provision environments faster, empowering our sales and partner network.” — Robert Bingham, Director of DocuShare Cloud Operations at Xerox

33. Open source culture AKS Overview Introduction Top scenarios Open source culture Resources

34. Development DevOps Monitoring Networking Storage Security Take advantage of services and tools in the Kubernetes ecosystem …or… Leverage growing Azure support RBAC VS Code Azure DevOps ARM Azure Monitor Azure VNET Azure Storage Azure Container Registry AAD Key Vault Work how you want with opensource tools and APIs

35. #2 overall individual contributor to Kubernetes (Brendan Burns) #4 overall individual contributor to Docker (John Howard) #1-3 overall individual contributors to Helm 70 Microsoft employees have made contributions to Kubernetes Microsoft contributes open source containers

36. Resources AKS Overview Introduction Top scenarios Open source culture Resources

37. • Azure Kubernetes Service (AKS) • Containers on Azure pitch deck • Smart Hotel 360 Demo • Documentation resources • Ebook for distributed systems • Distributed system HoL • AKS HoL Sign up for a free Azure account Hone your skills with Azure training Check out the Azure container videos page Get the code from GitHub AKS resources

Cloud for Kubernetes : Session4

WhaTap Labs

Cloud for Kubernetes : Session4