ExpertsliveNL 2019: Containers on Azure the: overview

Transcript

1. Think ahead. Act now. Running Docker containers on Azure: the

   overview Pascal Naber

2. Think ahead. Act now. Pascal Naber @pascalnaber

3. Azure Web App for Containers Azure Service Fabric (Mesh) Azure

   Batch Azure Red Hat OpenShift Azure Kubernetes Service (AKS) Azure Container Instances (ACI) Azure Container Registry (ACR) Run containers on Azure

4. Think ahead. Act now.

5. Think ahead. Act now. WHY I LIKE Containers

6. Think ahead. Act now. They are FAST

7. Think ahead. Act now. They are PORTABLE

8. Think ahead. Act now. They are ISOLATED

9. None

10. Think ahead. Act now. How HOT are containers actually?

11. https://insights.stackoverflow.com/survey/2019 2019 Developer Survey Nearly 90.000 developers

12. https://insights.stackoverflow.com/survey/2019 Nearly 90.000 developers 2019 Developer Survey

13. https://insights.stackoverflow.com/survey/2019 Nearly 90.000 developers 2019 Developer Survey

14. Azure Web App for Containers Azure Service Fabric (Mesh) Azure

    Batch Azure Red Hat OpenShift Azure Kubernetes Service (AKS) Azure Container Instances (ACI) Azure Container Registry (ACR) Run containers on Azure

15. Source code Build Pipeline Container Registry Docker Images

16. Azure Web App for Containers Azure Service Fabric (Mesh) Azure

    Batch Azure Red Hat OpenShift Azure Kubernetes Service (AKS) Azure Container Instances (ACI) Azure Container Registry (ACR) Run containers on Azure

17. Think ahead. Act now. Azure Container Registry Private Container Image

    registry Based on Open Standard Helm Repo Geo replication ACR Tasks

18. Azure Web App for Containers Azure Service Fabric (Mesh) Azure

    Batch Azure Red Hat OpenShift Azure Kubernetes Service (AKS) Azure Container Instances (ACI) Azure Container Registry (ACR) Run containers on Azure

19. Backend process No UI Every hour, 5 minutes Project Rome

    v1:

20. Azure Web App for Containers Azure Service Fabric (Mesh) Azure

    Batch Azure Red Hat OpenShift Azure Kubernetes Service (AKS) Azure Container Instances (ACI) Azure Container Registry (ACR) Run containers on Azure

21. Azure Web App for Containers Azure Service Fabric (Mesh) Azure

    Batch Azure Red Hat OpenShift Azure Kubernetes Service (AKS) Azure Container Registry (ACR) Run containers on Azure Azure Container Instances (ACI)

22. Azure Container Instances (ACI) Pay for use Serverless containers Public

    or Private accessible For short lived workloads like Bursts Scheduled work From € 1.05 for 1 CPU with 1 GB for 24 hours To € 5.22 for 4 CPU with 14 GB for 24 hours

23. Project Rome Backend process No UI Every hour, 5 minutes

    Backend process & Front end With public available UI Run Continuously Over SSL with authentication Regularly new releases No downtime Auto scaling v2: v1:

24. Azure Container Instances (ACI) Pay for use Serverless containers Public

    or Private accessible 1 container instance only No High Availability No zero-downtime deployment No scale out Limited scale up No autoscaling No out of the box SSL support No cache for pulled containers Pay extra for Windows containers For short lived workloads like Bursts Scheduled work

25. Think ahead. Act now. Azure Service Fabric (Mesh) Azure Batch

    Azure Red Hat OpenShift Azure Kubernetes Service (AKS) Azure Container Registry (ACR) Azure Container Instances (ACI) Run containers on Azure Azure Web App for Containers

26. WebApp for Container Pay for Hostingplan as long as it

    exists Scale up Scale out Auto scaling Zero-downtime deployment SSL by default Authentication Identity Custom domains Hostingplan From € 3.59 for 1 CPU with 3.5 GB for 24 hours To € 14.37 for 4 CPU with 14 GB for 24 hours

27. WebApp for Container - Scaling

28. Think ahead. Act now. WebApp for Container - Scaling

29. WebApp for Container – Zero-downtime deployment Deployment slots webapp staging

    Release Pipeline production 1. deploy 3. swap 2. ready? Container Registry https://myapp.azurewebsites.net https://myapp-staging.azurewebsites.net

30. WebApp for Container != WebApp WebApp WebApp for Container

31. WebApp for Container: in control vs managed Your container Traffic

    webapp az resource update --name web --resource-group $RESOURCEGROUP --namespace Microsoft.Web --resource-type config --parent sites/$WEBAPP_NAME --set properties.cors.allowedOrigins=null --api-version 2015-06-01 Before After "cors": { "allowedOrigins": null, "supportCredentials": false }, "cors": null, Intermediate container • CORS • EasyAuth .NET Core application Kestrel → Max 25 MB upload

32. Webapp for Container: in control vs managed Proactive Auto Heal

    Restart when: 80% requests > 200 seconds 90% memory WEBSITE_PROACTIVE_AUTOHEAL_ENABLED=false

33. WebApp for Container: in control vs managed West Europe North

    Europe

34. Think ahead. Act now. Project Rome Level 7 Firewall for

    all traffic Lots of containers Better density of our resources Make use of some CNCF projects - Mesh: Istio - Logging: Prometheus, Jaeger - Service discovery: CoreDNS - Messaging: NATS v3: v2: Backend process & Front end With public available UI Run Continuously Over SSL with authentication Regularly new releases No downtime Auto scaling

35. Firewall Application Gateway & Firewall traffic https://myapp.azurewebsites.net

36. Firewall Application Gateway & Firewall vnet App Service Environment Certificate

    DevOps Agent Azure Container Instances traffic AKS https://myapp.azurewebsites.net

37. WebApp for Container Pay for Hostingplan as long as it

    exists Scale up Scale out Auto scaling Zero downtime deployment SSL by default Authentication Identity Custom domains Scaling out is slow No optimal use of resources No firewall possibility (yet) Limited logging possibilities No health check functionality Only support for port 80 & 443 Not suitable for lots of containers Not portable Cannot debug

38. Azure Service Fabric (Mesh) Azure Batch Azure Red Hat OpenShift

    Azure Container Registry (ACR) Azure Container Instances (ACI) Azure Web App for Containers Run containers on Azure Azure Kubernetes Service (AKS)

39. Kubernetes De facto standard container orchestrator Started by Google Since

    v1 Open Source by Large, rapidly growing ecosystem Declarative configuration

40. Google trends

41. Azure Kubernetes Service (AKS) Running containers at scale Scaling up

    & scaling out Autoscaling Zero downtime deployment High Availability Public & Private endpoints Health management Enormous ecosystem Portable SSL Support* Identity management* Keyvault integration*

42. Azure Kubernetes Service (AKS) master master master worker worker worker

    AKS 100% managed by Microsoft IaaS managed by Microsoft € 0 € … (VM pricing)

43. Azure resources for AKS MC_expertslive_aksdemo_westeurope expertslive

44. Public & Private Endpoints - Services Service (LoadBalancer) Service (LoadBalancer)

    Service (LoadBalancer) Service (LoadBalancer) IP-Address IP-Address IP-Address IP-Address

45. Public & Private Endpoints - Ingress Service (ClusterIP) Service (ClusterIP)

    Service (ClusterIP) Service (ClusterIP) Service (Loadbalancer) Ingress controller IP-Address Ingress OurExternalAPI.com Ingress Myproject.com Ingress AdminSite.com Ingress Myproject.com/apis

46. SSL Service (ClusterIP) Service (ClusterIP) Service (ClusterIP) Service (ClusterIP) Service

    (Loadbalancer) Ingress controller IP-Address Ingress OurExternalAPI.com Ingress Myproject.com Ingress AdminSite.com Ingress Myproject.com/apis Works on ingress Auto request certificate Auto renewal https://github.com/jetstack/cert-manager DNS Zone

47. Azure Kubernetes Service (AKS) - Scaling worker worker worker worker

    replicas replicas 4 5 Pod Autoscaler 4-20 > 60% CPU Cluster Autoscaler

48. Kubernetes - Health monitoring Every n seconds check: Restarts container

    During rolling update deployment: Stop deployment During container startup No traffic Default endpoint Health endpoint (/health) Health endpoints returns != 200?

49. Kubernetes - Ecosystem Kubernetes Ecosystem

50. AKS master master master worker worker worker AKS 100% managed

    by Microsoft IaaS managed by Microsoft

51. AKS + ACI AKS 100% managed by Microsoft 100% managed

    by Microsoft worker master master master

52. AKS as the Silver bullet Kubernetes created an ecosystem of

    expandable standards but this still needs configuration. For example: • Deployments • Network Policies • Role Based Access Controls • Pod Security Policies • Pod Priority and more... Common integration points can be different across cloud providers • Authentication • Logging • Metrics • Storage

53. Azure Kubernetes Service (AKS) Running containers at scale Scaling up

    & scaling out Autoscaling Zero downtime deployment High Availability Public & Private endpoints Health management Enormous ecosystem Portable SSL Support* Identity management* Keyvault integration* Authentication A lot of management for a couple of containers Steep learning curve Not all Azure functionality is mature (yet) • Scale sets • Network policies • Multiple Node pools No turnkey configuration

54. Azure Service Fabric (Mesh) Azure Batch Azure Kubernetes Service (AKS)

    Azure Container Registry (ACR) Azure Container Instances (ACI) Azure Web App for Containers Run containers on Azure Azure Red Hat OpenShift

55. Azure Red Hat OpenShift Based on, and extends Kubernetes No

    virtual machine operation or patching Enterprise minded Support from RedHat Build in: Small cluster - 1st year: 4.502,40 OpenShift Kubernetes Container Registry Docker, Azure Container Registry Monitoring Prometheus Log aggregator EFK stack Certificate management cert-manager CI/CD Jenkins/Azure DevOps Authentication dex

56. Azure Service Fabric (Mesh) Azure Kubernetes Service (AKS) Azure Container

    Registry (ACR) Azure Container Instances (ACI) Azure Web App for Containers Azure Red Hat OpenShift Run containers on Azure Azure Batch

57. Azure Batch For large-scale parallel and high-performance computing (HPC) batch

    jobs Native imperative Batch Shipyard declarative yaml Task Task Task Compute node Compute node Compute node Azure Batch Job Pool Azure Storage https://github.com/Azure/batch-shipyard

58. pool.yaml job.yaml Azure Batch config.yaml credentials.yaml

59. Azure Batch Azure Kubernetes Service (AKS) Azure Container Registry (ACR)

    Azure Container Instances (ACI) Azure Web App for Containers Azure Red Hat OpenShift Run containers on Azure Azure Service Fabric (Mesh)

60. Service Fabric Application platform providing rich programming models - Reliable

    services - Reliable actors - Reliable collections Portable Run containers

61. Service Fabric powers Azure

62. Service Fabric Mesh Serverless Seamless integration with Azure Deploy &

    scale in seconds High availability Per second billing Not Portable Container only (Preview v2 soon) Responsibility You Azure Application Deployment Hardware OS Patching Runtime upgrades Micro-billing Capacity planning Network & Storage

63. Service Fabric Mesh - Evolution Mesh

64. Azure Web App for Containers Azure Service Fabric (Mesh) Azure

    Batch Azure Red Hat OpenShift Azure Kubernetes Service (AKS) Azure Container Instances (ACI) Azure Container Registry (ACR) Run containers on Azure

65. Think ahead. Act now. Please review my session in the

    Yellenge App! Pascal Naber Coding Azure Architect Xpirit Netherlands @pascalnaber http://pascalnaber.wordpress.com https://github.com/pascalnaber/expertslivenl19

66. Think ahead. Act now. Next session: 13:30 PM - 14:30

    PM Lets take a look at Azure Monitor! Dieter Wijckmans