Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech Forum

40 views

Published on

[SLIDES FROM MICROSOFT ONLINE TECH FORUM SESSION]
Kubernetes is the open source container orchestration system that supercharges applications with scaling and reliability and unlocks advanced features, like A/B testing, Blue/Green deployments, canary builds, and dead-simple rollbacks.

In this session, see how Tailwind Traders took a containerized application and deployed it to Azure Kubernetes Service (AKS).
You’ll walk away with a deep understanding of major Kubernetes concepts and how to put it all to use with industry standard tooling.

Published in: Software
  • Be the first to comment

  • Be the first to like this

Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech Forum

  1. 1. Davide Benvegnu Consolidating Infrastructure with Azure Kubernetes Service Microsoft Online Tech Forum
  2. 2. Davide Benvegnu DevOps Architect Azure DevOps Customer Advisory Team • Microsoft Certified Professional • Microsoft Certified Azure Solution Architect Expert • Microsoft MVP in VSALM - 3 years • Microsoft Event Speaker – Gold (2018 and 2019) • MMA fighter
  3. 3. Agenda App Intro AKS architecture Scale Network & Security Handling Failures Tailwind Traders Introduction to Kubernetes and components Scale your applications in and out Pod identity and Calico network policies Cluster and Application Error Management
  4. 4. App Intro Tailwind Traders
  5. 5. Tailwind Traders components
  6. 6. Management's Ask of Us Resiliency Security Flexibility Scale 4 2 1 3
  7. 7. Why Kubernetes? Standardized API for infrastructure abstractions Self-healing Scalability Extensibility 4 2 1 3
  8. 8. AKS Architecture
  9. 9. Kubernetes Architecture Kubernetes control API server replication, namespace, serviceaccounts, etc. -controller- manager -scheduler etcd Master node Worker node kubelet kube-proxy Docker Pods Pods Containers Containers Worker node kubelet kube-proxy Docker Pods Pods Containers Containers Internet
  10. 10. AKS Architecture API server Controller ManagerScheduler etcd Store Cloud Controller Self-managed master node(s) Customer VMs App/ workload definitionUser Docker Pods Docker Pods Docker Pods Docker Pods Docker Pods Schedule pods over private tunnel Kubernetes API endpoint Azure managed control plane
  11. 11. AKS Architecture - Networking Kubernetes cluster: Azure VNET App Gateway Worker node Pods Containers kubelet Control plane Internal Load Balancer Ingress Controller Worker node Pods Containers kubelet … Namespace External DNS
  12. 12. AKS Architecture - Virtual Node Azure Container Instances (ACI) Pods Virtual node Node Pods Node Pods Kubernetes control plane
  13. 13. Region* AKS AZs Region* AKS AZs Region* AKS AZs AKS Architecture - Availability Zones
  14. 14. Create vnet az network vnet create --resource-group myResGroup --name myVnet --address-prefixes 10.0.0.0/8 --subnet-name myVnetSub --subnet-prefix 10.240.0.0/16 az commands Also we create a subnet for our cluster
  15. 15. Create a subnet az network vnet subnet create --resource-group myResGroup --vnet-name myVnet --name VNSubnet --address-prefix 10.241.0.0/16  az commands Create a subnet for virtual node az commands
  16. 16. Create a service principal az ad sp create-for-rbac --name mySPk8s --role Contributor  az commands The service principal allows us to create other cloud resources az commands
  17. 17. Create a base AKS Cluster az aks create --resource-group myResGroup --name myAKSCluster --node-count 3 --generate-ssh-keys  az commands Basic cluster az commands
  18. 18. Create an AKS Cluster az aks create --resource-group myResGroup --name myAKSCluster --node-count 3 --service-principal <appId> --client-secret <password> --generate-ssh-keys --network-plugin azure --dns-service-ip $KUBE_DNS_IP --docker-bridge-address 172.17.0.1/16 --vnet-subnet-id <vnet id> --load-balancer-sku standard --enable-vmss --node-zones 1 2 3 --network-policy calico  az commands All addon flags az commands
  19. 19. Add virtual node az aks enable-addons --resource-group myResGroup --name myAKSCluster --addons virtual-node --subnet-name VNsubnet  az commands Add the virtual node addon az commands
  20. 20. Get the cluster connection az aks get-credentials --resource-group myResGroup --name myAKSCluster --admin kubectl get pods kubectl apply –f myfile.yaml ...  az commands Retrieves the configuration and keys for connecting to the AKS cluster az commands
  21. 21. Future proof your cluster by enabling Virtual Node, CNI and availability zones
  22. 22. Scale
  23. 23. Feature Request From Management Management has asked us for a new service. The service must: • Generate customer recommendations off previous orders • Have its own deployable artifact • Have a documented API to interface with existing services
  24. 24. Solution to the new request
  25. 25. Scaling Technologies Cluster Autoscaler
  26. 26. Scaling Technologies Horizontal Pod Autoscaler (HPA)
  27. 27. Virtual Node is Based Off Virtual Kubelet
  28. 28. Virtual Node Supports Linux containers Windows containers GPU Tip In the backend Virtual node is using Helm to deploy the binary needed to connect to ACI
  29. 29. Tell Your Pods to Use Virtual Node nodeSelector: beta.kubernetes.io/os: linux kubernetes.io/role: agent type: virtual-kubelet tolerations: - key: virtual-kubelet.io/provider operator: Equal value: azure effect: NoSchedule  Example.yamlExample.yaml When using virtual node you need to specify virtual node in the node selector
  30. 30. Demo Scaling with Virtual Node
  31. 31. Network and Security
  32. 32. Introduction into AKS security
  33. 33. Introduction into Pod Identity
  34. 34. Introduction into Pod Identity Node Management Identity (NMI) Managed Identity Controller (MIC)
  35. 35. Pod Identity
  36. 36. Network Policy Options in AKS
  37. 37. Network Policy Options in AKS
  38. 38. Azure Network Policy
  39. 39. Calico Network Policy
  40. 40. Demo Network Policies
  41. 41. Handling Failures
  42. 42. Availability Zones Region* AKS AZs Region* AKS AZs Region* AKS AZs
  43. 43. Availability Zones Resiliency to data centre failures Nodes are split across 3 datacenters in a region Gives us fault domains to plan our deployments around. 2 3 1
  44. 44. Availability zones is in public beta aka.ms/AKSavailability
  45. 45. Handling Application Failure Use deployments with replication set to the number of zones you are using Use an ingress controller that is highly available Understand your disk mounts in pods 2 3 1
  46. 46. Example deployment apiVersion: apps/v1 kind: Deployment metadata: name: webapp-deployment spec: selector: matchLabels: app: webapp replicas: 3 template: metadata: labels: app: webapp spec: containers: - name: webapp image: scottyc/webapp:latest ports: - containerPort: 3000 hostPort: 3000  Example.yaml To handle failure Example.yaml
  47. 47. In review… AKS architecture Scale Network & Security Handling Failures Kubernetes is complex, with AKS it’s easy Scalability is a first-class citizen Pod identity and Calico network policies FTW Manage failures with AZs and proper settings
  48. 48. © Copyright Microsoft Corporation. All rights reserved. Thank you

×