Integrating Azure Services with Azure Kubernetes Service

Integrating Azure Services with Azure Kubernetes Service

Azure Kubernetes Service can act as the central piece of large-scale application infrastructure requirements, but besides AKS, other services are required to run an entire cloud-native application. Things like SQL Azure, Application Insights or Azure KeyVault are just a few, but important services which you may use to craft your application. Thorsten Hans will demonstrate in this talk how you integrate those and other Azure Services with Azure Kubernetes Service in order to build robust and scalable applications.


Thorsten Hans

November 28, 2018


  1. Integrating Azure Services with Azure Kubernetes Service Thorsten Hans @ThorstenHans

    Consultant @ Thinktecture AG
  2. The guy who’s talkin’ Consultant @ Thinktecture AG @ThorstenHans Thorsten Hans
  3. 1. What is Azure Kubernetes Service 2. Azure Kubernetes Service

    101 3. Integrating AKS with Azure Services Talking Points
  4. What is Azure Kubernetes Service

  5. AKS § Managed k8s cluster on Azure § AKS supports

    § Cluster auto-scaling § GPU enabled nodes § Development Tooling Integration (Azure DevSpaces) § Cost efficient § you pay ONLY for your worker nodes Azure Kubernetes Services
  6. Azure Kubernetes Services 1 Fully managed Kubernetes Master 2 Seamless

    Azure Integration 3 Simplified Cluster Operations
  7. Azure Kubernetes Service 101

  8. Using Azure CLI # Create a resource group az group

    create --name thh-demo --location westeurope --tags @{resp="THH"} # Create a Service Principal az ad sp create-for-rbac --name thh-demo-aks-sp --skip-assignment # Will print something like { "appId": "7248f250-0000-0000-0000-dbdeb8400d85", # --> identifier ($SP_ID) "displayName": "thh-demo-aks-sp", "name": "http://thh-demo-aks-sp", "password": "77851d2c-0000-0000-0000-cb3ebc97975a", # --> client secret ($SP_PWD) "tenant": "72f988bf-0000-0000-0000-2d7cd011db47“ } Prepare a new AKS Cluster
  9. Using Azure CLI # Create a AKS Cluster az aks

    create --name thh-demo-aks --resource-group thh-demo --location westeurope --service-principal $SP_ID --client-secret $SP_PWD --node-count 3 --node-vm-size Standard_DS1_v2 --tags @{resp="THH"} Create a new AKS Cluster
  10. Using Azure CLI # Scale-Out an AKS Cluster (increase Node

    count to 5) az aks scale --name thh-demo-aks --resource-group thh-demo --node-count 5 Scale-Out an AKS Cluster
  11. Using Azure CLI # Scale-In an AKS Cluster (reduce Node

    count to 1) az aks scale --name thh-demo-aks --resource-group thh-demo --node-count 1 Scale-In an AKS Cluster
  12. Using Azure CLI # Get current k8s version az aks

    get-upgrades --name thh-demo-aks --resource-group thh-demo --output table # Name ResourceGroup MasterVersion NodePoolVersion Upgrades # ------- --------------- --------------- ----------------- -------------- # thh... thh-demo 1.9.6 1.9.6, 1.9.8, 1.10.1 Get AKS Cluster Upgrades
  13. Using Azure CLI # Start k8s upgrade az aks upgrade

    --name thh-demo-aks --resource-group thh-demo --kubernetes-version 1.10.1 Upgrade an AKS Cluster
  14. Integrating AKS with Azure Services

  15. Integrating AKS with Azure Services 1 Container Registry 2 Storage

    3 Container Instances 4 Key Vault 5 Analytics
  16. Consume private images § Pull Docker images from ACR §

    Authentication done via Service Principal § Grant Reader permissions to AKS’s underlying SP for ACR Azure Container Registry
  17. Using Azure CLI # Get ACR Identifier az acr show

    --name thhdemo --resource-group thh --query id # --> identifier ($ACR_ID) # Create Role Assignment for SP az role assignment create --assignee $SP_ID --role Reader --scope $ACR_ID Authenticate with ACR
  18. Use persistent volumes § Support for Azure Disks and Azure

    Files § Static consumption § Storage is attached to Cluster and app developer uses it (eg in a Pod) § Dynamic consumption § Cluster knows how to dynamically create Azure Disks or Azure Files Shares Azure Storage Account
  19. Scale cluster dynamically and support hybrid workloads § Deploy Pods

    to ACI § Execute both Windows and Linux containers § Feels like one or more native k8s node § Implemented using Virtual Kubelet Azure Container Instances
  20. Extend AKS using a virtual-kubelet # Start k8s upgrade az

    aks install-connector --name thh-demo-aks --resource-group thh-demo --connector-name virtual-kubelet --aci-resource-group thh-demo --service-principal $SP_ID --client-secret $SP_PWD --os-type Windows Azure Container Instances
  21. Keep sensitive data secured § Consume secrets, keys and certificates

    from a secured resource § Final, native integration for Key Vault and competitors not yet landed in k8s § Two different integration scenarios available § Authenticate via Client-Id and –Secret from within an application component § Use AAD to generate a Pod Identity (think of MSI) § Best solution … for NOW Azure Key Vault
  22. All Insights at one place § Use Application Insights to

    collect application logs § Use Log Insights to collect infrastructure logs § Seamless integration of Log Insights for AKS § Centralized experience in Azure Monitor Azure Monitor
  23. Enable Monitoring Add-on to stream logs to Azure Monitor #

    Enable Monitoring Add-on on AKS az aks enable-addons --name thh-demo-aks --resource-group thh-demo --addons monitoring --workspace-resource-id $WS_R_ID Azure Log Insights
  24. Q&A If you’ve further questions later on: shoot me a

    mail at / or tweet at @ThorstenHans slides at