Downloaded 32 times
![Quick reference: KubeCon 2020 content overload
Everything You Should Be Doing, But Aren’t: DevSecOps
for K8s Workflows - Steven Terrana & Dan Papandrea
Notary v2: Redesigning the Secure Supply Chain for Containers -
Justin Cormack & Steve Lasker
A High-Schooler’s Guide to Kubernetes Network Observability -
Drew Ripberger
Kubernetes CronJobs - Does Anyone Actually Use This [in
Production]? - Kevin Yan
Stop Writing Operators - Joe Thompson](https://image.slidesharecdn.com/letstalkaks-210310201142/85/Lets-talk-about-Azure-Kubernetes-Service-AKS-19-320.jpg)
Uploaded byPedro Sousa
Lets talk about: Azure Kubernetes Service (AKS)
The document discusses the evolution of container technologies over time, including Kubernetes. It then summarizes several Azure services for containers including Azure Kubernetes Service (AKS), Azure Container Instances (ACI), and Web App for Containers. The remainder of the document focuses on AKS, providing an overview and roadmap for implementing the AKS solution on Azure.
More Related Content
Similar to Lets talk about: Azure Kubernetes Service (AKS)
Lets talk about: Azure Kubernetes Service (AKS)
- 1.
- 2. Azure Tech Lead| Microsoft Azure MVP linkedin.com/in/pmsousa pedro.sousa@bizdirect.pt @psousa75 Pedro Sousa
- 3. Agenda Container EcosystemEvolution Timeline Kubernetes on Windows Server Tooling Azure ARC Azure Kubernetes Service (AKS) solution journey Azure Kubernetes Service (AKS) Azure Containers Instances (ACI) Web App for Containers Containers on Azure Service Fabric Demo Q&A
- 4. 7 6 4 2 1979 2000 2008 2014 2018 1970 2013 2016 Developed by Derrick Woodworthand adopted by Paul-Henning Kamp FreeBSD jails Linux kernel that isolates and virtualizes system resources of a collection of processes. Namespaces Automating deployments, scaling and management of containerized applications. June 1st, 2014 Kubernetes The Azure Kubernetes Service (AKS) is generally available. June 13th, 2018 Azure AKS Introduction of chroot system call Unix v7 Developed by Google, Linux Kernel feature that limits, accounts for, and isolates the resource usage of a collection of processes. Process Containers Software container management platform that automates deployment of applications. Docker Windows server containers and Hyper-V containers Windows Container
- 6. AKS Baseline Cluster. Networking configuration Networktopology Plan the IP addresses Deploy Ingress resources Cluster compute Compute for the base cluster Container image reference Policy management Identity Management Integrate Azure AD for the cluster Integrate Azure AD for the workload Secure data flow Secure the network flow Add secret management Business continuity Scalability Cluster and node availability Availability and multi-region support Operations Cluster and workload CI/CD pipelines Cluster health and metrics Cost management and reporting Baseline architecture for an Azure Kubernetes Service (AKS) cluster
- 7.
- 8. Tooling The Kubernetes command-lineinterface (CLI) kubetcl Tool that lets you run Kubernetes locally. minikube runs a single-node Kubernetes cluster on your personal computer (including Windows, macOS and Linux PCs). minicube You can use the kubeadm tool to create and manage Kubernetes clusters. It performs the actions necessary to get a minimum viable, secure cluster up and running in a user- friendly way. kubeadm
- 9. Azure ARC enabledKubernetes (preview)
- 10. Azure Kubernetes Service(AKS) • Managed Kubernetes cluster in Azure • You only manage and maintain the agent nodes • Kubernetes Cloud adoption framework • Reference architectures Key points Azure Kubernetes Service Roadmap (Public) (github.com)
- 11. Azure Container Instances(ACI) • Run containers without managing servers • Increase agility with containers on demand • Deploy containers to the cloud with unprecedented simplicity and speed—with a single command. • Secure applications with hypervisor isolation Key points
- 12. Web App forContainers • Easy to deploy container-based web apps • The platform automatically takes care of OS patching, capacity provisioning, and load balancing • Pull images from Docker Hub or private Azure Container Registry (ACR) and deploy Key points
- 13. Containers on AzureService Fabric Service Fabric is an open source project and it powers core Azure infrastructure as well as other Microsoft services such as Skype for Business, Intune, Azure Event Hubs, Azure Data Factory, Azure Cosmos DB, Azure SQL Database, Dynamics 365, and Cortana. Key points
- 14. Azure Kubernetes Service(AKS) Baseline Cluster https://github.com/pmsousa/aks-secure-baseline
- 15. Microservices architecture onAzure Kubernetes Service (AKS) https://github.com/pmsousa/microservices-reference-implementation
- 16.
- 17. Azure Kubernetes Service(AKS) solution journey https://docs.microsoft.com/en-us/learn/paths/intro-to- kubernetes-on-azure/ Learn about Azure Kubernetes Service https://docs.microsoft.com/en-us/azure/cloud-adoption- framework/innovate/kubernetes/ Organizational readiness https://docs.microsoft.com/en- us/azure/architecture/reference- architectures/containers/aks/secure-baseline-aks Path to production https://docs.microsoft.com/en- us/azure/architecture/operator-guides/aks/aks-triage- practices Operations Guide Azure Kubernetes Service (AKS) solution journey - Azure Architecture Center | Microsoft Docs
- 18. Azure Kubernetes ServiceRoadmap github.com/Azure/AKS/projects/1
- 19. Quick reference: KubeCon2020 content overload Everything You Should Be Doing, But Aren’t: DevSecOps for K8s Workflows - Steven Terrana & Dan Papandrea Notary v2: Redesigning the Secure Supply Chain for Containers - Justin Cormack & Steve Lasker A High-Schooler’s Guide to Kubernetes Network Observability - Drew Ripberger Kubernetes CronJobs - Does Anyone Actually Use This [in Production]? - Kevin Yan Stop Writing Operators - Joe Thompson
Editor's Notes
- #5 From The CEO's Desk: Docker’s Moby and LinuxKit- Making Containers Mainstream! (opcito.com) The History of Kubernetes on a Timeline | @RisingStack
- #6 Top 10 Networking Features in Windows Server 2019: #1 Container Networking with Kubernetes | Argon Systems
- #7 Baseline architecture for an Azure Kubernetes Service (AKS) cluster - Azure Architecture Center | Microsoft Docs Networking configuration Cluster compute Identity management Secure data flow Business continuity Operations
- #11 Concepts - Kubernetes basics for Azure Kubernetes Services (AKS) - Azure Kubernetes Service | Microsoft Docs A Kubernetes cluster is divided into two components: The Control plane provides the core Kubernetes services and orchestration of application workloads. Nodes which run your application workloads. The control plane includes the following core Kubernetes components: kube-apiserver - The API server is how the underlying Kubernetes APIs are exposed. This component provides the interaction for management tools, such as kubectl or the Kubernetes dashboard. etcd - To maintain the state of your Kubernetes cluster and configuration, the highly available etcd is a key value store within Kubernetes. kube-scheduler - When you create or scale applications, the Scheduler determines what nodes can run the workload and starts them. kube-controller-manager - The Controller Manager oversees a number of smaller Controllers that perform actions such as replicating pods and handling node operations. Multiplayer Game Server Hosting Using AKS - Azure Gaming | Microsoft Docs
- #12 Multiplayer Game Server Hosting Using ACI - Azure Gaming | Microsoft Docs
- #14 Multiplayer Game Server Hosting Using Azure Service Fabric - Azure Gaming | Microsoft Docs
- #15 This reference implementation demonstrates the recommended starting (baseline) infrastructure architecture for a general purpose AKS cluster. This implementation and document is meant to guide an interdisciplinary team or multiple distinct teams like networking, security and development through the process of getting this secure baseline infrastructure deployed and understanding the components of it. We walk through the deployment here in a rather verbose method to help you understand each component of this cluster, ideally teaching you about each layer and providing you with the knowledge necessary to apply it to your workload.
- #16 The Drone Delivery app The Drone Delivery application is a sample application that consists of several microservices. Because it's a sample, the functionality is simulated, but the APIs and microservices interactions are intended to reflect real-world design patterns. Ingestion service. Receives client requests and buffers them. Scheduler service. Dispatches client requests and manages the delivery workflow. Supervisor service. Monitors the workflow for failures and applies compensating transactions. Account service. Manages user accounts. Third-party Transportation service. Manages third-party transportation options. Drone service. Schedules drones and monitors drones in flight. Package service. Manages packages. Delivery service. Manages deliveries that are scheduled or in-transit. Delivery History service. Stores the history of completed deliveries.
- #18 Azure Kubernetes Service (AKS) solution journey - Azure Architecture Center | Microsoft Docs
- #20 - DevSecOps for K8s, sysdig. Really good overview. Covers app dependency scanning, static code analysis, container image scanning, and how to do this on kubernetes -Notary v2: Supply Chain Security. Notary v1 was s docker project and since then there has been a lot of collaboration around it for v2. It essentially allows you as the container publisher to digitally sign collections and configure trusted publishers. Similar offering in ACR Content Trust and when you are pulling a signed docker image from ACR you are actually using the same library as the Notary CLI uses to validate the signature. Note ACR does not officially support the Notary CLI however but its compatible with some of its APIs -A High-Schooler’s Guide to Kubernetes Network Observability – actually by a highschooler, he is in university now talks about the project kube-netc but also goes through some really good basics of Networking observability in a cluster, K8s cronjobs: does anyone actually use this-Kevin is from Lyft, lots of cronjobs. Getting into some problems around distributed scheduling and pokes holes in the the cronjob object. (1) Stop Writing Operators - Joe Thompson, talks a lot about when to use/not use the operator pattern. Theres beena lot of momentum around the number of k8s operators that have been popping up