Azure Container Services - Operate containerized applications professionally

Transcript

1. Azure Container Services Operate containerized applications professionally Thorsten Hans @ThorstenHans

   Consultant

2. What you’ll see • Docker • Azure Container Registry (ACR)

   • Kubernetes • Azure Container Services (AKS) What you won’t see • Introduction for frameworks like • Angular • .NET Core

3. Consultant @ Thinktecture AG thinktecture.com [email protected] thorsten-hans.com @ThorstenHans Thorsten Hans

4. • Docker • Azure Container Registry • Kubernetes • Azure

   Container Services • Recap Talking Points

5. Docker

6. DEMO

7. Azure Container Registry ACR

8. ACR § Private Docker registry based on Docker Registry 2.0

   § Fully managed Azure Service § Seamless integration with Docker CLI § Available in three SKUs (Basic, Standard Premium) § Provides webhooks for further automation like Continuous Deployment (CD) Azure Container Registry

9. Get access to your Azure Container Registry § Azure AD-based

   login mechanism for regular usage § Tokens requested by Azure CLI will be used to authenticate with ACR § Headless Authentication using Azure AD Service Principals § Used by Orchestrators or other Services § Admin Account § Designed for Single User scenarios § Should be disabled on all (pre)-production ACRs Authentication

10. Assign permissions in the context of ACR § RBAC can

    be applied to § Azure AD users § Service Principals § Available roles § Reader (pull images) § Contributor (pull and push images) § Owner (pull and push images / assign roles to other users) Authorization

11. Feature Comparison Basic Standard Premium Storage 10 GB 100 GB

    500 GB Max read Ops. per Minute 1.000 300.000 10.000.000 Max write Ops. per Minute 100 500 2.000 Max download bandwidth 30 MBps 60 MBps 100 MBps Max upload bandwidth 10 MBps 20 MBps 50 MBps Webhooks 2 10 100 Geo Replication Not supported Not supported In Preview ACR SKUs

12. Using Azure CLI # Create a new ResourceGroup az group

    create --name tt-demo --location westeurope # Create a new ACR inside of the tt-demo Resource Group az acr create --resource-group tt-demo --name ttdemo --sku Standard Create a new Azure Container Registry

13. Using Azure CLI # Login to ttdemo ACR az acr

    login --name ttdemo ACR Authentication

14. Using Docker CLI # pull nginx from public docker hub

    docker pull nginx:alpine # re-tag the image to have prefix matching our ACR instance docker tag nginx:alpine ttdemo.azurecr.io/demo/nginx:alpine # push the image docker push ttdemo.azurecr.io/demo/nginx:alpine Pushing an image to ACR

15. How much is ACR? ACR pricing § Azure Container Registry

    § Prices are shown for Azure region West Europe § Bandwidth § Regular Azure Bandwidth costs has to be added on top § https://thns.io/2FQkVDs Basic Standard Premium Price per Day 0,141 € 0,562 € 1,406 € Price per extra GB Storage and Day 0,003 € 0,003 € 0,003 €

16. https://thns.io/2DGTUwp

17. Kubernetes k8s

18. Open-Source Container Orchestrator § Initially founded by Google / now

    maintained by CNCF (Cloud Native Computing Foundation) § Successor of Google’s Borg § Original Codename Seven (https://en.wikipedia.org/wiki/Seven_of_Nine) § Greek for pilot or helmsman of a ship § Written in go Kubernetes

19. What is k8s § Container platform § Runs Docker containers

    § Takes care about Networking / Isolation of applications § Abstracting hardware from the developer § Cloud-Agnostic § Container Lifecycle Management § Deployment, Rolling Upgrades, Scaling, Load-Balancing Kubernetes

20. The concept of desired state In Kubernetes you describe your

    deployment by using code. You define a desired state like “I want 5 instances of this Docker image”. Kubernetes ensures that actual state is always matching your desired state. So there will always be 5 instances of the requested Docker image. If the cluster is facing hardware issues, k8s spins up new instances of the Docker image on a different node till the actual state is again matching the desired state. Kubernetes

21. Deployment as Code § All Kubernetes building blocks are created

    using code § YAML or JSON can be used § YAML is almost industry standard for Kubernetes § Deployment Code goes to Source Control § Continuous Deployment triggered by Source Control hooks § git push webhook Kubernetes

22. 10.000 foot view Kubernetes architecture

23. 10.000 foot view Kubernetes architecture – With HA Master

24. 10.000 foot view Kubernetes architecture – With HA Master and

    ACI Connector

25. Including system namespace Namespaces

26. With Pods and Service Namespace

27. With LabelSelector and Labels Pods and Service

28. Azure Container Services AKS

29. AKS § Fully managed Kubernetes cluster § Frictionless operation of

    containerized apps § Easy to scale-out, upgrade, replicate § Seamless integration with other Azure resources § Self healing for k8s Masters § Cost efficient – you pay for your Nodes Azure Container Services

30. AKS § Currently in technical preview (April 2018) § Preview

    is only available in the following Regions § East US, West Europe, Central US, Canada Central, Canada East § Service quotas and limits* § Max 100 nodes per cluster § Max 110 pods per node § Max 20 clusters per subscription * Due to preview, can be increased by creating an Azure Service Request Azure Container Services

31. Azure AKS § K8s Load Balancer will spin up an

    Azure Load Balancer § Easily mount Azure Files Shares and Disks as Volumes § Consume Docker Images from Azure Container Registry § Communicate with other Azure Resources like Redis, SQL Azure § Traffic inside the same region is always free AKS Azure Integration

32. Using Azure CLI # Create a resource group az group

    create --name thh-demo --location westeurope --tags @{resp="THH"} # Create a Service Principal az ad sp create-for-rbac --name thh-demo-aks-sp --skip-assignment # Will print something like { "appId": "7248f250-0000-0000-0000-dbdeb8400d85", # --> identifier ($SP-ID) "displayName": "thh-demo-aks-sp", "name": "http://thh-demo-aks-sp", "password": "77851d2c-0000-0000-0000-cb3ebc97975a", # --> client secret ($SP_PWD) "tenant": "72f988bf-0000-0000-0000-2d7cd011db47“ } Prepare a new AKS Cluster

33. Using Azure CLI # Create a AKS Cluster az aks

    create --name thh-demo-aks --resource-group thh-demo --location westeurope --service-principal $SP-ID --client-secret $SP_PWD --node-count 3 --node-vm-size Standard_DS1_v2 --tags @{resp="THH"} Create a new AKS Cluster

34. Using Azure CLI # Scale-Out an AKS Cluster (increase Node

    count to 5) az aks scale --name thh-demo-aks --resource-group thh-demo --node-count 5 Scale-Out an AKS Cluster

35. Using Azure CLI # Scale-In an AKS Cluster (reduce Node

    count to 1) az aks scale --name thh-demo-aks --resource-group thh-demo --node-count 1 Scale-In an AKS Cluster

36. Using Azure CLI # Get current k8s version az aks

    get-upgrades --name thh-demo-aks --resource-group thh-demo --output table # Name ResourceGroup MasterVersion NodePoolVersion Upgrades # ------- --------------- --------------- ----------------- -------------- # thh... thh-demo 1.9.1 1.9.1, 1.9.2, 1.9.6 Get AKS Cluster Upgrades

37. Using Azure CLI # Start k8s upgrade az aks upgrade

    --name thh-demo-aks --resource-group thh-demo --kubernetes-version 1.9.6 Upgrade an AKS Cluster