Integrating Azure Services with Azure Kubernetes Service

Transcript

1. Integrating Azure Services with Azure Kubernetes Service Thorsten Hans @ThorstenHans

   Consultant @ Thinktecture AG

2. The guy who’s talkin’ Consultant @ Thinktecture AG [email protected] [email protected]

   thinktecture.com thorsten-hans.com https://thns.io/slides @ThorstenHans Thorsten Hans

3. 1. What is Azure Kubernetes Service 2. Azure Kubernetes Service

   101 3. Integrating AKS with Azure Services Talking Points

4. What is Azure Kubernetes Service

5. AKS § Managed k8s cluster on Azure § AKS supports

   § Cluster auto-scaling § GPU enabled nodes § Development Tooling Integration (Azure DevSpaces) § Cost efficient § you pay ONLY for your worker nodes Azure Kubernetes Services

6. Azure Kubernetes Services 1 Fully managed Kubernetes Master 2 Seamless

   Azure Integration 3 Simplified Cluster Operations

7. Azure Kubernetes Service 101

8. Using Azure CLI # Create a resource group az group

   create --name thh-demo --location westeurope --tags @{resp="THH"} # Create a Service Principal az ad sp create-for-rbac --name thh-demo-aks-sp --skip-assignment # Will print something like { "appId": "7248f250-0000-0000-0000-dbdeb8400d85", # --> identifier ($SP_ID) "displayName": "thh-demo-aks-sp", "name": "http://thh-demo-aks-sp", "password": "77851d2c-0000-0000-0000-cb3ebc97975a", # --> client secret ($SP_PWD) "tenant": "72f988bf-0000-0000-0000-2d7cd011db47“ } Prepare a new AKS Cluster

9. Using Azure CLI # Create a AKS Cluster az aks

   create --name thh-demo-aks --resource-group thh-demo --location westeurope --service-principal $SP_ID --client-secret $SP_PWD --node-count 3 --node-vm-size Standard_DS1_v2 --tags @{resp="THH"} Create a new AKS Cluster

10. Using Azure CLI # Scale-Out an AKS Cluster (increase Node

    count to 5) az aks scale --name thh-demo-aks --resource-group thh-demo --node-count 5 Scale-Out an AKS Cluster

11. Using Azure CLI # Scale-In an AKS Cluster (reduce Node

    count to 1) az aks scale --name thh-demo-aks --resource-group thh-demo --node-count 1 Scale-In an AKS Cluster

12. Using Azure CLI # Get current k8s version az aks

    get-upgrades --name thh-demo-aks --resource-group thh-demo --output table # Name ResourceGroup MasterVersion NodePoolVersion Upgrades # ------- --------------- --------------- ----------------- -------------- # thh... thh-demo 1.9.6 1.9.6, 1.9.8, 1.10.1 Get AKS Cluster Upgrades

13. Using Azure CLI # Start k8s upgrade az aks upgrade

    --name thh-demo-aks --resource-group thh-demo --kubernetes-version 1.10.1 Upgrade an AKS Cluster

14. Integrating AKS with Azure Services

15. Integrating AKS with Azure Services 1 Container Registry 2 Storage

    3 Container Instances 4 Key Vault 5 Analytics

16. Consume private images § Pull Docker images from ACR §

    Authentication done via Service Principal § Grant Reader permissions to AKS’s underlying SP for ACR Azure Container Registry

17. Using Azure CLI # Get ACR Identifier az acr show

    --name thhdemo --resource-group thh --query id # --> identifier ($ACR_ID) # Create Role Assignment for SP az role assignment create --assignee $SP_ID --role Reader --scope $ACR_ID Authenticate with ACR

18. Use persistent volumes § Support for Azure Disks and Azure

    Files § Static consumption § Storage is attached to Cluster and app developer uses it (eg in a Pod) § Dynamic consumption § Cluster knows how to dynamically create Azure Disks or Azure Files Shares Azure Storage Account

19. Scale cluster dynamically and support hybrid workloads § Deploy Pods

    to ACI § Execute both Windows and Linux containers § Feels like one or more native k8s node § Implemented using Virtual Kubelet Azure Container Instances

20. Extend AKS using a virtual-kubelet # Start k8s upgrade az

    aks install-connector --name thh-demo-aks --resource-group thh-demo --connector-name virtual-kubelet --aci-resource-group thh-demo --service-principal $SP_ID --client-secret $SP_PWD --os-type Windows Azure Container Instances

21. Keep sensitive data secured § Consume secrets, keys and certificates

    from a secured resource § Final, native integration for Key Vault and competitors not yet landed in k8s § Two different integration scenarios available § Authenticate via Client-Id and –Secret from within an application component § Use AAD to generate a Pod Identity (think of MSI) § Best solution … for NOW Azure Key Vault

22. All Insights at one place § Use Application Insights to

    collect application logs § Use Log Insights to collect infrastructure logs § Seamless integration of Log Insights for AKS § Centralized experience in Azure Monitor Azure Monitor

23. Enable Monitoring Add-on to stream logs to Azure Monitor #

    Enable Monitoring Add-on on AKS az aks enable-addons --name thh-demo-aks --resource-group thh-demo --addons monitoring --workspace-resource-id $WS_R_ID Azure Log Insights

24. Q&A If you’ve further questions later on: shoot me a

    mail at [email protected] / [email protected] or tweet at @ThorstenHans slides at https://thns.io/slides