@asksrihari

Azure Kubernetes
Service
The BIG Picture

Notes based on
Pluralsight course

Shared by The Ravit Show

Srihari Sridharan
@asksrihari Azure knbemetes Service
1110212022
The Big Picture
You will learn
Other courses
•
What is Aks ?
Azure Container Instances
☐
Ahs in Action Designing a
compute
strategy for Microsoft
Anne
1 .
What is Ans ?
" "

You should know about containers

@ The case for kubernetes

'm
Traditional software Development
Mondi Build Package Deploy Migrate
Cif hardware
Present dhiomsenices fails ]
Independent ,
Distributed ,
etc .

Horizontal vs .
Vertical scaling !
Scale
specific features of the service !

Explore the
pros
and cons of mionoserrices ?
"
we need automation which includes automatic
,

scheduling ,
automatic
configuration .
Supervision
and failure handling "
.

Srihari Sridharan
@asksrihari needs
Microsomes > Containers
need
<
Orchestration

Ahs = K8St Azure 2K¥

⑥ Containers 101

Containers
lightweight design of
a
j process
isolation of an operating
system .

Containers us . Virtualization

containers > Search and learn

use
namespaces offer isolation of system resources

Filesystems
process
User Ids
Ids
} Single
Namespace
Network Interfaces

The will only that

¥ .

process see resources

are inside the same namespace .

Process doesn't belong to one

namespace
but

one
namespace of each hind .

Namespace kinds
Mount lmnt ) Network Cnet)
process ED fpid)
( " P" User ID cases)
Srihari Sridharan
Inter process UTS
communication
@asksrihari determines
⑨ Uts namespace what

hostname and domain name the process

inside that
running namespace sees .

What network namespace a

process belongs
to determines which network interfaces the
the
application running inside process sees .

Each container uses its own network namespace

and therefore each container sees its own

set of network interfaces .

* How limit the amount B-

can
you system
resources a container can consume ?

Answer :
Cgnonps > Control Groups
Linux kernel feature that limits the resource

usage of a
process Cora
group of processed
than the
A process cannot use more

amount of CPU network

configured .
memory ,

bandwidth and so on .

from hogging
Cgnonps prevent processes
resources reserved for other processes .

Srihari Sridharan
@asksrihari Platform for packaging distributing
,
and

DOCKER running applications .

>
Host isolation
v

Simplifies tons .is tent

packaging Experience
application and
its dependencies BENEFITS

Offers
<
, Images are

Images ✓
much smaller
compared
Namespaces to
and cgnoupsto um
offer isolation
and resource controls
Images
the the
the
image
contains filesystem and

path to the application executable when

you
run the image .

Registries
D-
Docker registry is a repository that stores

and allows easy

your Docker images
sharing of those images between different
people and computers .

container
is
Aomning container process running a on

the host morning Docker but it's completely ,

isolated from host and other processes

Srihari Sridharan
.
@asksrihari
Docker Workflow
① Build image & ② Pull image ③ Run
push
to
registry image
see
csntainer Management
using Docker .

② What is kubernetes ?
Allows you to
easily deploy and manage containerized

applications on
top of it .

Exposes the
underlying infrastructure as a

single computational resource .

Consistent deployment experience regardless

of size of the cluster
cluster of
.

Master Nodes 3 Worker Nodes

a-
deploys
Dev submits
App Descriptor
KSS Cluster Architecture
Master Node Worker Nodes

API server
Kubeeet
Scheduler
Kuba Proxy
Controller
Container Runtime
etcd

Srihari Sridharan
@asksrihari
Running Applications in k8S

1.
Package your appln .
into one or more containers

2. Push those images to image registry

an

3. Post app descriptor to Kss API server

4. Scheduler schedules the containers on

available workers

s '

kubelet instincts nodes

1- download
container
images to
nodes the containers
G. kubelet instincts on
.

Benefits Simplifies appln .

deployment
Better hardware utilization
Health monitoring and self healing
Automatic scaling .

⑥ kubemetes Objects
Knbectl < <object > tressure name >
operation >
< optional
flags >
Pod_ Smallest hint that KSS
manages
Made up of one or more containers

Querying returns data structure

a
pod a

that contains information about containers

and its metadata .

Pods aren't durable !

Srihari Sridharan
@asksrihari All for will be
containers
pod
a

running on the same node

Any container
running within a
pod will
share the Node 's network with other
any
containers in the same pod
containers within a pod can share files
to containers
through volumes ,
attached .

A pod has an
explicit lifecycle and will
remain in a node it was started .

Namespaces
Pods are collected into namespaces , which
are used to group
Pods .

Namespaces can be used to provide quotas

and limits around resource
usage and
have DNS that KSS
an
impact on names

creates internal to the cluster .

If no
namespace
is mentioned KSS assumes

you are working with default namespace .

Nodes
Node is a machine that is added to

the kubemetes cluster .

Srihari Sridharan
@asksrihari the brain of less
The master node is

while the worker nodes do the actual work -

of pulling container images and

running pods .

Networks All the containers in a Pod share

the Node 's network

All nodes in Kss

cluster are
expected to be
each other
connected to and share a
private
cluster wide -

network .

Kss runs containers within a

pod within

this isolated network -

Handling IPs , DNS entries etc .

Controllers
Desired state
deployment
controllers are the brain behind this

Replica Sets Associated with a Pod and

indicates how instances of that pod

many
should be
running within the cluster
✓
also implies a controller that watches
ongoing
state and knows how many of your pod
to
keep running .

Replica set is commonly wrapped

in turn

by a
deployment
Srihari Sridharan
.
@asksrihari
Deployment Recommended way to om

code on Kss

✓
Wraps around and extends the
replica set

Includes metadata to know how

settings
many pods to keep running -

Services Kgs to
resource used
provide an

abstraction to your pod

through agnostic
of the instances that
specific are
running .

Can contain a
policy .

Emulates a
software load balances within

kubernetes .

② What is AKS ?
Self hosting Kss cluster

Need to consider
Manually install the
master and worker high availability
nodes .

of the master ,

adding additional
LOT OF WORK ! worker nodes ,

patching upgrades. ,

etc
Handled by .

L
Aks
Srihari Sridharan
@asksrihari
Aks .
Deployment ,
management and operations of
kubernetes

Provisioning ,
upgrading
and
scaling on

demand .

Master node is
managed by Azure
Offload responsibility to Azure
Pay for agents only

trubectl cloud shell

is
part of
.

Benefits
and
• Version upgrades patching
cluster
•
Easy scaling
o self healing hosted control plane ( master)
cost
☐
savings
kss
⑧ Beyond managed
Think about the of cloud
ecosystem the

vendor .

Azure Container Instances CACI)

Azure container
Registry ( ACR)

Azure Service fabric ( Sf)

Azure App Service ( AAS)

Azure Batch Service CABS ]

Srihari Sridharan
@asksrihari ACI

Deploy containers without worrying about

infrastructure
underlying
Easily start
deploying containers for

"
targeted usecases .

and execute
your application
Dockeoize
'

it in one click .

ACR
Repository for container
images .

SF Foundational technology powering core Azure

infrastructure as well as other Microsoft
services .

and durable services

Highly available at

cloud scale .

Microsoft's container orchestrator .

AAS PaaS Platform

Bait in autos eating and load balancing
and CI /CD with GitHub .

ABS cloud scale and

job scheduling compute
management .

Batch bod to om tasks in Docker

containers .

Tool Bath Shipyard !

Srihari Sridharan
@asksrihari
2. Ahs in Action

@ Arrick tour of the sample app .

https://githnb.csmlmanojnair/myapp
Docker images
https :/I hwb.dscher.am/r1monojnair1myappltags
Run

> docker container run --

name
my app
- d -

p 8081 : 80

manojnairlmyapp : v1
visit http://lscalhost : 8081

✓ and V4 in 8082,8083
V2 V3
Similarly run ,

and 8084
NOTE : You can use the ones above or

write own apps and build

your
images

⑥ Deploying a Alcs cluster

postal /
RG aks rgl
-

Stuff using Azure CLI

various blades in
create KSS cluster
< postal
Basic Node Pools Authentication / Networking
,
I Better to Integration
me

set defaults system assigned

✓ managed identity Tags .

Relieves the burden of renewing the

Srihari Sridharan
@asksrihari credentials
for service principal .

RBAC : enable
> Look at
Network > Azure CNI course

Configuration Implementing Managed

Identities for Microsoft
Azure Resources
Integration
Azure monitor default workspace for
log analytics .

tags Tag your resources as

required

In Azure CLI

az account show
az configure - -

defaults group _-aks rgl

-

Set RG
forsubsequent AKS credentials name <cluster
AZ
get
- - -

ciscommanas
name>

@ as aks get - credentials - -

name aksdemol

<

Fetch the c
Whatever you used

credentials and in Basic section .

it into current
merge
context .

az ahs install - di ← to install kubectl

Srihari Sridharan
@asksrihari
② Deploy the application to Ahs cluster
imperatively .

Kss
management techniques .

Imperative -
for development how learning
commands
projects more

Imperative Moderate
object configuration
-

for production
projects learning
curve

Declarative
object -
for production high learning
came
configuration projects
This sample uses imperative approach
commands
Kubectl create deployment myapp
image Manoj nair / myapp v1
-
-
=
:

replicas =\
- -

Service

creating a service of type load balancer

In Ahs this creates an azure load
balancer

Srihari Sridharan
@asksrihari
knbectl expose deployment my app
-
-

type Load Balancer

-_

port
= 80
target port = 80
- -
-
- -

^
Before running the above command

have another terminal with watch

enabled .

kubectl get svc - -

watch

creates the toad balancer ! ✓

⑥ Scaling deployment manually

the

To scale
deployments
Kubectl scale deployment myapp - -

replicas =3

Application is powered by 3 replicas !

To get Max pods that can

be supported by
a cluster and agent pod

aks node pool show cluster -

name aksdemol
az - -

Pods
" "

name
agentpool query
Max
-
- -
-

Note If Max Pods is 110 Kss cannot create

these
many pods for your application as

Srihari Sridharan
@asksrihari
Knbectl babe system
get pods namespace
-
- -

Add more worker nodes incase

you
wish to

increase the number of replicas (

pods ] beyond
the node's Max pods .

⑨ Seating nodes manually

Kudoecte get nodes returns the number of
modes .

to scale nodes

az aks scale
- -
resource
-

group aks -

rgl
-
-
name ahsdemol
- -

nodecsont 2
- -
no - wait
,

returns immediately we

don't need to wait !

To check the status

az ales node pool show - -

name
agent pool
- -
cluster - name ahsdemol
"
"
State]
-
-

query [ count ,
provisioning

kubeete nodes
use
get
Srihari Sridharan
@asksrihari
⑤ Updating the application
Rollout
Manage the rollout of a resource

valid resource types include deployments ,

daemonsets and stateful sets .

usage
Kubectl rollout SUBCSMMAND

To check the rollout history

kubectl rollout history deployment/ my app

the
Describe deployment

tuebecte describe deployment myapp

You can find the

and details
container image
Image
v1
Manoj nair / my app :

Method I
kurbectl set image
deployment /my app
myapp
=
manojnairlmyapp : v2
- -
record = true

Tracks the charge

-
Srihari Sridharan
@asksrihari As of 2022 FEB there is a warning
that - - record will be deprecated .

Refresh the and

You will see V2
app
.

Method 2 kubecte edit

deployment myapp
- -
record = true

Refresh the app and

you
will see V3 .

Check kutoecte rollout history deployment / myapp

⑧ Rolling back the applications to

previous
versions
Shows the
history of
To undo a
deployment
charges .

kuloecte rollout undo deployment / myapp

NOTE : If you keep running this command

repeatedly ,
then you will basically keep
toggling between the last 2 deployments .

To revert to specific version in history

Kubectl rollout undo deployment / my app
- -
to -
revision I

Srihari Sridharan
@asksrihari
IMPORTANT NOTE

When we undo a rollout ,

Kss creates a

new item in
history and removes the
old entry .
Chis explains why it keeps
between last two notbnts when
swapping
we undo twice or more ]

⑥
Using declarative approach to
deploy
lcubeonetes objects
myapp2.y.nl
api version :
apps / v1
kind :
Deployment
metadata ;

name :
my app 2
labels :

app :
my app 2
spec :

replicas :3
selector :

matchlabels :

app :
my app 2
template :

metadata :

labels :

app : my app 2
spec :

containers :
Srihari Sridharan
@asksrihari -
name :
myapp2
image :
mansjnairlmyapp : v2

pools : n
-
container Post : so
- -

>
-

Pod
Api version : v1 image
separator kind : service
for
multiple metadata :
resources in
a file
name :
myappz
spec :

selector : bad balancing

app
:
myapp2 service
<
type : Load Balancer

posts :
-
protocol : Tep
80
post :

targetPost : 80

Build KSS objects declarative and

source control
manage using

Ihubectl apply -
f. lmyappziyml

To clean -

up
kubectl delete deployment myapp
Kubectt delete service my app

Srihari Sridharan
@asksrihari
① Pushing the images to ACB

Azure
L
Container
Registry
ACRT Aks -
Best of both worlds !

ACR
Create in
postal or
using IAC .

Registry .name ,
location .
SKU ,
>
Basic
s Premium
Stock
/ keeping
azurecr.io unit
registry - name .
.

eg .

myappacrol Networking encryption and

are available
only for
premium Suv .

Validate and create

to pull
AKS agent pool nodes need permission
images from ACR .

Access control → Add Role Assignment

Role -
reader

select the system assigned managed

identity I
aksdemol -
agent pool identity .

SAVE ! Srihari Sridharan

@asksrihari
Push to ACR
images
docker image ls

dscheo tag mansjnair / my app : v1

myappaorol.azureor.io/myapp:viazaor
login -
-
name =
myappaoro
'

docker push myappacrol.azurecr.io/myapp:v1

the ACR image

Create deployment with the

kubectl create deployment myappacr

- -

image
=
myappacrol.azurecr.io/myapp:v1
n

This command be and the

can run
images
be by agent pool nodes
can
pulled only .

knbectl expose deployment myappacr

- -

type Load Balancer

=

- -

target post 80 - =

--
post = So

Image is
securely stored in ACR !
Srihari Sridharan
@asksrihari
Next steps

Plurals ight KGS

•
Learning paths on

certified kubernetes Administrator

certified knbernetes Application
Developer
tubemetes Administration
Using kubernetes as a developer
o Azure Huber notes Service Workshop
https://aka.ms/learn/aksworshsp

Srihari Sridharan