• +000 0000 000
  • [email protected]
    • Contact Us

    Yearly Archives: 2024

    1. Home / 
    2. 2024
    Sep 4, 2024
    Deploying AKS 2 – Creating and Configuring Containers
    1. Next, we have the Authentication tab; here, you will note we can modify the setting for the Authentication method type to either Service principal or System-assigned managed identity. This will be used by AKS for managing the infrastructure related to the service. For this exercise, we will leave this at its default setting. Then, you have the Role-based access control (RBAC) option. By default, this is set to Enabled; this is the best option to manage the service as it allows fine-grained access control over the resource; leave this as Enabled. You will also have the choice to enable AKS-managed Azure Active Directory. Checking this will enable you to manage permissions for users on the service based on their group membership within Azure AD. Note that once this function has been enabled, it can’t be disabled again, so leave this unchecked for this exercise. Finally, you have the option of the Encryption type value you want. For this exercise, leave it as the default setting. Click Next: Networking >. The process is illustrated in the following screenshot:

    Figure 11.47 – Creating a Kubernetes cluster: Authentication tab

    1. For the Networking section, we will leave most of the settings as their default configuration. Note that for Network configurations we have two options here, one for Kubenet and another for Azure CNI. kubenet is a new VNet for the cluster whereby Pods are allocated an IP address and containers have network address translation (NAT) connections over the shared Pod IP. Azure Container Networking Interface (Azure CNI) enables Pods to be directly connected to a VNet. In association, this allows containers to have an IP mapped to them directly, removing the need for NAT connection. Next, we have the DNS name prefix field, which will form the first part of your FQDN for the service. You will then notice Traffic routing options available to us for the service—we will discuss this more in one of the next exercises, as well as the Security options available to us. Select Calico under Network policy. Click Next: Integrations >. The process is illustrated in the following screenshot:

    Figure 11.48 – Creating a Kubernetes cluster: Networking tab

    1. On the Integrations tab, you will note the option to select a container registry. We will select the registry that we previously deployed. You will also note you have the option to deploy a new registry directly from this creation dialog. Next, we have the option to deploy container monitoring into the solution on creation. We will leave the default setting here, but monitoring will not be covered under the scope of this chapter. Finally, you have the option of applying Azure Policy directly to the solution; this is recommended where you want to enhance and standardize your deployments. This solution enables you to deliver consistently and control your deployments on AKS more effectively. Click Review + create, then click Create. The process is illustrated in the following screenshot:

    Figure 11.49 – Creating a Kubernetes cluster: deployment

    You have just successfully deployed your first Kubernetes cluster; you now know how to deploy and manage containers at scale and in a standardized way. Next, we will look at how we configure storage for Kubernetes and make persistent storage available to our solution.

    More Details
    Sep 3, 2024
    Deploying AKS – Creating and Configuring Containers

    Deploying AKS

    Thisexercise is to help you gain familiarity with AKS. We will deploy our first AKS instance, and then with the corresponding exercises, we will explore the different management components for this. Proceed as follows:

    1. Sign in to the Azure portal at https://portal.azure.com.
    2. Open the resource group you will be using for this exercise, click Overview on the left menu, then clickCreate.
    3. On the left Category menu, select Containers, then click Create under Kubernetes Service, as illustrated in the following screenshot:

    Figure 11.43 – Creating an Azure Kubernetes service

    1. Select your Resource group type, enter your Kubernetes cluster name value, select your Region type, and then leave all the other settings on their default configuration and click Next: Node pools >. The process is illustrated in the following screenshot:

    Figure 11.44 – Creating a Kubernetes cluster

    1. Scroll down the page, and note that we can change the Node size value. Changing this option allows you to choose a size very similar to what you saw in the previous chapter with VMs. Next, you can select how you would like to manage scaling; this can be either Manual or Autoscale. Manual means that you would like to modify the scale count yourself whenever you would like to change the count of nodes for your pool, whereas Autoscale will allow you to scale automatically based on a scaling rule. For this option, you select a range being the minimum number of nodes you want and the maximum you would like to scale it up to. As you can see, there is a lot of room for scaling with this service. Click Next: Node pools >. The process is illustrated in the following screenshot:

    Figure 11.45 – Primary node pool sizing

    1. On the Node pools tab, you will note the ability to add additional pools that can also be configured to scale in the same fashion as the Primary node pool type we configured in the previous step. You also have the Enable virtual nodes option, which enables you to scale your containers beyond your VM specified in the previous steps, and scale to use ACI as additional nodes when AKS needs to scale out. The final option available is Enable virtual machine scale sets. You will note that it is already checked for our deployment, the reason being that it’s required to support the Availability zones configuration we have from Step 4. Scale sets enable us to have a scaling VM supporting the container service; this allows better scaling of resources when it’s required since a single VM will be limited in the number of containers it can host. This also enables dynamic scaling (no downtime) due to horizontal scaling ability. Having to change the size vertically (such as more or fewer resources—essentially, the stock-keeping unit (SKU)) would result in losing access to the resource temporarily while it’s resized and restarted. This is a more static type of scaling. Next, click Next: Authentication >. The process is illustrated in the following screenshot:

    Figure 11.46 – Creating a Kubernetes cluster: Node pools tab

    More Details
    Jun 4, 2024
    Configuring storage for AKS – Creating and Configuring Containers

    Configuring storage for AKS

    AKS enables different storage options available for containers; you can leverage either local (non-persistent) storage or shared storage (persistent storage) for your containers through AKS. For persistent storage options, you can leverage Azure Managed Disks, which is primarily focused on premium storage solutions, such as for fast input/output (I/O) operations, as we discussed in Chapter 6, Understanding and Managing Storage. Azure File Shares is another option available and the default storage mechanism for enabling persistent storage on containers. This is typically cheaper to deploy and provides decent levels of performance for most workloads. For better performance, premium file shares can be used. Azure File Shares is also great for sharing data between containers and other services, whereas a managed disk will be restricted to a single Pod but is easier to deploy.

    The following diagram illustrates the different storage options available:

    Figure 11.50 – Kubernetes: Storage layers

    In this exercise, we will configure shared storage using Azure File Shares in your AKS cluster. Proceed as follows:

    1. Sign in to the Azure portal at https://portal.azure.com.
    2. Create a storage account and a file share named fileshare01. Once created, note the primary storage account key.
    3. Launch Azure Cloud Shell and run the following commands. Replace the resource group name with your name and the AKS cluster name for the Name field:

    Az login

    Install-AzAksKubectl

    Import-AzAksCredential -ResourceGroupName AZ104-Chapter11 -Name myfirstakscluster

    1. Modify the following script with your storage account name and storage account key, then paste it into Cloud Shell and press Enter:

    kubectl create secret generic azure-secret –from-literal =azurestorageaccountname=storageaccountname –from-litera l=azurestorageaccountkey=storageaccountkey

    1. Navigate to the AKS cluster you created in the previous section. Click on Storage on the left menu, then ensure you are on thePersistent volume claims tab, and click Add, as illustrated in the following screenshot:

    Figure 11.51 – Adding a persistent volume claim

    1. Click Add with YAML, as illustrated in the following screenshot:

    Figure 11.52 – Add with YAML

    1. Paste or type the following YAML document into the window:

    apiVersion: v1

    kind: PersistentVolume

    metadata:

    name: azurefile

    spec:

    capacity:

    storage: 5Gi

    accessModes:

    • ReadWriteMany azureFile:

    secretName: azure-secret

    shareName: fileshare01

    readOnly: false mountOptions:

    • dir_mode=0777
    • file_mode=0777
    • uid=1000
    • gid=1000
    • mfsymlinks
    • nobrl

    Then, click Add, as illustrated in the following screenshot. Thiswill create your persistent volume:

    Figure 11.53 – Adding a persistent volume using YAML

    1. Now, to create a persistent volume claim, click Add again, and paste the following YAML. Click Add:

    apiVersion: v1

    kind: PersistentVolumeClaim

    metadata:

    name: azurefile

    spec:

    accessModes:

    • ReadWriteMany storageClassName: “” resources:

    requests: storage: 5Gi

    1. You now have a persistent volume claim. Click on the Persistent volume claims tab, as illustrated in the following screenshot:

    Figure 11.54 – Persistent volume claims tab

    1. Note your persistent volumes by clicking on the Persistent volumes tab, as illustrated in the following screenshot:

    Figure 11.55 – Persistent volumes tab

    You have successfully added persistent storage to your AKS cluster. You now know the tasks involved to achieve this goal. In the next section, we will explore AKS scaling.

    More Details
    Apr 6, 2024
    Configuring scaling for AKS – Creating and Configuring Containers

    Configuring scaling for AKS

    You will note that from our previous exercises, there was no option to automatically scale and resize containers. The only way to change this was to redeploy our container instances and groups. With Kubernetes, this dynamic changes as you can change the scale settings before and after your deployment, and they can be configured to scale manually or automatically. For this exercise, we will run through changing the auto-scale settings of our AKS cluster. Proceed as follows:

    1. Sign in to the Azure portal at https://portal.azure.com.
    2. Navigate to the AKS cluster you created in the previous section. On the left menu, select the Node pools option and click on your deployed agentpool node pool, as illustrated in the following screenshot:

    Figure 11.56 – Configuring a Kubernetes cluster: Node pools

    1. Selecting either the Overview or Configuration pane will present you with the option to change your pool scale settings. Click Scale node pool, as illustrated in the following screenshot:

    Figure 11.57 – Configuring a Kubernetes cluster: Overview

    1. To change the automatic scale option, set the Scale method type to Autoscale, enter a value for your Min and Max node count, then click Apply. The process is illustrated in the following screenshot:

    Figure 11.58 – Configuring a Kubernetes cluster: Scale node pool

    1. For the manual scale option, set the Scale method type to Manual, enter a Node count value (this will be the number of nodes you want to run), and click Apply. The process is illustrated in the following screenshot:

    Figure 11.59 – Configuring a Kubernetes cluster: Scale node pool (continued)

    1. After applying the settings, you will notice your agent pool goes into an Updating state, as illustrated in the following screenshot:

    Figure 11.60 – Configuring a Kubernetes cluster: Updating

    You now know how to scale your agent pools within AKS and can feel confident about managing this aspect. If you would like to change the VM size for the agent pool, you will need to redeploy the pool. In the next section, we will look at managing network configurations on your AKS cluster.

    More Details
    Mar 10, 2024
    Configuring network connections for AKS – Creating and Configuring Containers

    Configuring network connections for AKS

    We have covered AKS cluster deployment in one of the previous exercises. In this section, we will elaborate on some networking configurations to give you a better understanding of the options available to you.

    Network configuration

    The first component in your network configuration is the different types of networks that are available for you to deploy.

    kubenet

    This is the most basicnetworking service for AKS. With kubenet, an IP address is allocated from an Azure VNet to the nodes for a Pod. The Pods receive an IP address from an internal network that is deployed in a logically different address space from the VNet. Connections to these Pods are then performed through NAT connections that allow Pods to communicate to resources on the Azure VNet. This approach reduces the number of IP addresses required for your solution but disables the ability to directly connect to your containers.

    Azure CNI

    This is a moreadvanced implementation networking service for AKS. Azure CNI enables Pods to be directly connected to an Azure VNet, and therefore every Pod is allocated an IP address on the VNet. Without careful planning, you may exhaust your IP allocation on the subnet you are connecting to.

    Regardless of the solution you choose, external traffic is still conducted over a NAT connection to nodes within AKS from a public IP interface.

    Traffic routing

    Traffic routing comprisesthe load balancing and application routing configurations available to your AKS cluster.

    Load balancer

    The AKS cluster can be deployed using both a standard SKU and a basic SKU. A standard SKU enforces traffic securely, restrictstraffic by default, andrequires explicit allow rules to enable traffic flow. The default option Standardis and is the recommended choice unless there is a specific reason for Basic, such as your organization only allowing private IP access. Basic can only be deployed using the Azure command-line interface (CLI), PowerShell, or an ARM template.

    Enabling HTTP application routing

    Please note before enabling this feature that it is currently not designed or ready for production environments and is something I would advise being cautious about enabling until Microsoft’s documentation reflects that this is ready for production use.

    The solution deploys two components, one being an External-DNS controller component, which creates DNS host A records for the cluster DNS zone, and the second resource being an ingress controller component, which is responsible for routing ingress traffic to application endpoints.

    More Details
    Feb 5, 2024
    Security – Creating and Configuring Containers

    Security

    When configuring your network for AKS, you should consider the security components that also impact your design and management decisions. There are several items to consider (which we discuss in the following sections) that can improve the security of your containers.

    Enabling a private cluster

    For enhanced security, you can enable a private cluster. This ensures that trafficbetween your application programming interface (API) server and node pools is conducted over private network paths only. When configured, the control plane (API server) is run within the AKS-managed Azure subscription while your AKS cluster runs in your own subscription. This separation is key. Communication will thenoccur over a private endpoint (private link) from your AKS cluster to the private link service for the AKS VNet.

    Setting authorized IP ranges

    These are ranges that you will limit to accessing your AKS cluster. This can be specified as a single IP, as a list of IP addresses, or as a range of IP addresses in classless inter-domain routing (CIDR) notation.

    The following screenshot is an example of setting authorized IP addresses:

    Figure 11.61 – Authorized IP addresses

    You now understand the role that authorized IP ranges play in your AKS deployment.

    Next, we will explore the impact that network policy has on deployments.

    Network policy

    This is used tomanage traffic flow between Pods in an AKS cluster. By default, alltraffic is allowed, and by utilizing network policy, you enable the mechanism to manage this traffic using Linux iptables. Two implementations can be followed: Calico and Azure Network Policies. Calico is an open source solution provided by Tigera, whereas Azure has its ownimplementation of the same type of technology. Both services are fully compliant with the Kubernetes specification. The choice of network policy provider can only be chosen on the creation of the AKS cluster and can’t be changed, so it’s pivotal that you understand the differences between the solutions prior to making your choice.

    The key differences between the solutions are presented here:

    More Details
    Jan 4, 2024
    Upgrading an AKS cluster – Creating and Configuring Containers

    Upgrading an AKS cluster

    You have the choice to automatically upgrade your AKS clusters or to manually manage upgrades yourself. As part of your upgrade decisions, you can decide if you would like to upgrade both the node pools and control plane or the control plane only. Automatic upgrades have the option of choosing different channels that best apply to your requirements; these are listed as follows:

    • None: Used for disabling auto upgrading.

    • Patch: The cluster is automatically updated to the latest support patch version.

    • Stable: The cluster is automatically updated to the latest stable version.

    • Rapid: The cluster is automatically updated to the latest N-2 minor version.

    • Node-image: The cluster is automatically updated to the latest version available.

    Top Tip

    It’s important to note that when upgrading your AKS clusters, you will upgrade to a supported patch version for your cluster, one version at a time where more than one version upgrade exists.

    We will now perform the exercise of upgrading your cluster with the following steps:

    1. Sign in to the Azure portal at https://portal.azure.com.
    2. Navigate to the AKS cluster you created in the previous section. On the left menu, select the Cluster configuration option and click Upgrade version on the right, as illustrated in the following screenshot:

    Figure 11.62 – Cluster configuration

    1. Select your desired Kubernetes version and select an Upgrade scope type, then click Save. The process is illustrated in the following screenshot:

    Figure 11.63 – Upgrading the version of Kubernetes

    You have just successfully upgraded your Kubernetes version and understood the various automated options also available to do this. Next, we will run through the chapter summary and all that we have covered in this chapter.

    Summary

    In this chapter, we discovered what containers are and how we deploy and manage them, we learned about Docker, the limitations of Docker, and container deployments, and finally, we found out how we can extend default container services through orchestration tools such as Kubernetes that greatly enhance the way we manage and scale containers. As part of your learning, you have discovered how to work with ACI Instances and learned how to also attach persistent storage to containers using AKS, how to enhance the security around containers, and about the various networking options available to you as part of AKS. You also experienced working with deployments and administrative tasks such as creating an Azure container registry, deploying Azure container instances, and creating and configuring Azure container groups.

    You should now feel confident about the administration of containers within Azure, the methods of deployment, and how to orchestrate and manage these.

    In the next chapter, we will explore Azure App Service, what this is, how to configure and deploy it, and becoming confident in how to use this on Azure.

    More Details