Skip to content

Latest commit

 

History

History
128 lines (106 loc) · 7.05 KB

4.4. Using containers and orchestration.md

File metadata and controls

128 lines (106 loc) · 7.05 KB
Raw

Using containers and orchestration

Azure Kubernetes Service (AKS)

  • Managed service to deploy Kubernetes cluster.
    • Much of complexity and operational overhead of managing Kubernetes is handled by Azure (e.g.. health monitoring and maintenance)
  • Free, pay for the agent nodes within clusters, not for the masters.
  • Deployment & configuration
    • Through Portal, CLI or ARM
    • Configures all nodes e.g. advanced networking, AAD integration and monitoring
  • Identities
    • AKS clusters support RBAC.
    • Can be integrated with AAD.
  • Logging
    • Collects container logs (from stdout and stderr streams) and memory/processor metrics from containers, nodes and controllers.
    • Stored in Log Analytics workspace
    • If RBAC is enabled in Kubernetes, you'll need to grant access to log reader application.
  • Cluster nodes
    • Scaling: Scale out/in via Azure portal or the Azure CLI.
    • Upgrades: Offers multiple Kubernetes versions and upgrading with coordination of nodes to minimize disruption to running applications.
  • HTTP application routing
    • Configures ingress controller in AKS cluster.
    • As applications are deployed, they're publicly accessible with auto-configured DNS names.
  • GPU enabled nodes: Supports GPU enabled node pools, provides single/multiple GPU enabled VMs.
  • Development tooling integration:
    • Tools like heml, Draft, Visual Studio Code Kubernetes works seamlessly.
    • You can run & debug containers directly in AKS.
  • Virtual network integration: Can be deployed to existing VNet.
    • Every pod is assigned an IP address in the VNet, and can communicate with other pods in the cluster and other nodes in the VNet.
    • Can connect other services in a peered VNet, and on-prem networks over ExpressRoute or site-to-site VPN connections.
  • Private container registry: Integration with Azure Container Registry (ACR) for Docker images.

Virtual Kubelet

  • Connecting Kubernetes to other APIs
  • Creates a Virtual Kubernetes node backed by e.g. Azure, AWS, Alibaba etc.
  • Virtual node acts as a normal managed node in the cluster.
  • Kubernetes API on top, programmable back.

Deploy an AKS cluster Using CLI

  1. Create a resource group: az group create --name myAKSCluster --location eastus
  2. Create AKS cluster with health monitoring addon: az aks create --resource-group myAKSCluster --name myAKSCluster --node-count 1 --enable-addons monitoring --generate-ssh-keys
  3. Connect to the cluster
    1. Download credentials & configure Kubernetes CLI: az aks get-credentials --resource-group myAKSCluster --name myAKSCluster
    2. Get all nodes: kubectl get nodes
      • If you are using Azure Cloud Shell, kubectl is already installed.
      • If you want to install it locally, use the az aks install-cli command.

Azure Container Registry (ACR)

  • Managed service based on open-source Docker Registry.
  • Gives you build automation with build triggers: With such as VSTS or Jenkins. Can be integrated with GIT.
  • Use-cases
    • Scalable orchestration systems: Can be orchestrated via DC/OS, Docker Swam, Kubernetes.
    • Azure services: Azure Kubernetes Service, App Service, Batch, Service Fabric. etc... can build and run applications
  • Azure Container Registry Build (ACR Build) can build docker images to automate container OS, framework patching pipeline.

Registry

  • SKUs: Basic, Standard Premium.
  • All support, webhook integration, authentication with AAD, delete functionality.
  • You use Azure storages for container images.
  • You can use geo-replication in Premium registrations.
  • Control access with AAD-backed service principal or provided admin account.

Repository

  • A register contains one ore more repositories.
  • A repository is group of container images.
  • ACR supports multilevel repository namespaces.
  • So you can group your repositories.

Image

  • Read-only snapshot of a Docker container.
  • An Azure container registry can include both Windows and Linux images.
  • Control image names for all of container deployments.

Container

  • Application and its dependencies wrapped in a filesystem including code, runtime, system tools and libraries.
  • Containers running on a single machine share the operating system kernel.
  • Containers are fully portable to all major Linux distros, macOS and Windows.

Deploy an image to ACR using Azure CLI

  1. Create a resource group: az group create --name myResourceGroup --location eastus

  2. Create a container registry: az acr create --resource-group myResourceGroup --name myContainerRegistry007 --sku Basic

    • Must have unique name.
    • SKUs
      • Basic: Have size and usage constraints.
      • Standard: Increased storage limits and image throughput.
      • Premium: Higher limit on constraints, such as storage & concurrent operations, including enhanced storage capabilities.
        • Higher image throughput capacity.
        • Features like geo-replication for managing a single registry across multiple regions, maintaining a network-close registry to each deployment.

  3. Log in to ACR: az acr login --name <acrName>

  4. Push image to ACR

       docker pull microsoft/aci-helloworld
   az acr list --resource-group myResourceGroup --query "[].{acrLoginServer:loginServer}" --output table
   docker tag microsoft/aci-helloworld <acrLoginServer>/aci-helloworld:v1
   docker push <acrLoginServer>/aci-helloworld:v1

  5. List container images: az acr repository list --name <acrName> --output table

    • Or list tags: az acr repository show-tags --name <acrName> --repository aci-helloworld --output table

  6. Deploy image to ACI

    • Using Azure CLI
      • Enable admin user in the registry: az acr update --name <acrName> --admin-enabled true
        • 💡 In production you should use service principal.
      • Retrieve admin password: az acr credential show --name <acrName> --query "passwords[0].value"
      • Create container image with 1 CPU and 1 GB of memory: az container create --resource-group myResourceGroup --name acr-quickstart --image <acrLoginServer>/aci-helloworld:v1 --cpu 1 --memory 1 --registry-username <acrName> --registry-password <acrPassword> --dns-name-label aci-demo --ports 80
      • Monitor status of the container: az container show --resource-group myResourceGroup --name acr-quickstart --query instanceView.state
      • Retrieve container public IP address: az container show --resource-group myResourceGroup --name acr-quickstart --query ipAddress.fqdn
    • or using docker CLI
      • Log in to registry: az acr login --name myregistry
      • Tag your image: docker tag nginx myregistry.azurecr.io/samples/nginx
      • Push your image: docker push myregistry.azurecr.io/samples/nginx

  7. Docker-push

Azure Container Instances

  • Good for simple applications, task automation and build jobs.
  • Depreciated, replacement: Azure Kubernetes Service (AKS)
  • Features: Full container orchestration including, service discovery across multiple containers, automatic scaling, coordinated application upgrades.
  • You deploy an image from a public / private registry