AZURE KUBERNETES
USE CASE:
This blog will give you insights regarding the azure kubernetes service and the real industry use case.
So, as the world is moving towards the containarisation technology , managing the containers have become much more crucial. So there emerged a container management technology→ kubernetes
Basics of Kubernetes :
Kubernetes is a portable, extensible, open source platform for container orchestration. It allows developers and engineers to manage containerized workloads and services through both declarative configuration and automation.
Basic benefits of Kubernetes include:
- Run distributed systems resiliently
- Automatically mount a storage system.
- Automated rollouts and rollbacks
- Self-healing
- Secret and configuration management
Key Terms:
- API Server: Exposes the underlying Kubernetes API. This is how various management tools interact with the Kubernetes cluster
- Controller Manager: Watches the state of the cluster through API server and when necessary makes changes attempting to move the current state towards the desired state.
- Etcd: Highly available key value store which maintains the Kubernetes cluster state.
- Scheduler: Schedules unassigned pods to nodes. Determines the most optimal node to run your pod
- Node: A physical or virtual machine which is where Kubernetes runs your containers.
- Kube-proxy: A network proxy that proxies requests to Kubernetes services and their backend pods
- Pods: One or more containers logically grouped together. Usually they need to share the same resources.
- Kublet: Agent that processes orchestration requests and handles starting pods that have been assigned to its node by the scheduler
Why Use Kubernetes?
When running containers in a production environment, containers need to be managed to ensure they are operating as expected in an effort to ensure there is no downtime.
Some features are:
- Container Orchestration
- Cloud Agnostic
- Prevents vendor lock-in
- Increased Developer Agility and Faster Time-to-Market
- Cloud aware
You can read about kubernetes in much more detail in my previous blog 👇
“All about KUBERNETES…” by Jyotisp https://medium.com/@jyotisp710/all-about-kubernetes-b107a5307c6c
Basics of Azure Kubernetes Services
Azure Kubernetes Service (AKS) is a fully-managed service that allows you to run Kubernetes in Azure without having to manage your own Kubernetes clusters. Azure manages all the complex parts of running Kubernetes, and you can focus on your containers. Basic features include:
- Pay only for the nodes (VMs)
- Easier cluster upgrades
- Integrated with various Azure and OSS tools and services
- Kubernetes RBAC and Azure Active Directory Integration
- Enforce rules defined in Azure Policy across multiple clusters
- Kubernetes can scale your Nodes using cluster autoscaler
- Expand your scale even greater by scheduling your containers on Azure Container Instances
Features of Azure Kubernetes:
1.Cluster Multi-Tenancy
- Logically isolate clusters to separate teams and projects in an effort to try to minimize the number of physical AKS clusters you deploy
- Namespace allows you to isolate inside of a Kubernetes cluster
- Same best practices with hub-spoke but you do it within the Kubernetes cluster itself.
2.Scheduling and Resource Quotas:
- Enforce resource quotas – Plan out and apply resource quotas at the namespace level
- Plan for availability
- Define pod disruption budgets
- Limit resource intensive applications – Apply taints and tolerations to constrain resource intensive applications to specific nodes
3.Cluster Security:
Azure AD and Kubernetes RBAC integration:
- Bind your Kubernetes RBAC roles with Azure AD Users/Groups
- Grant your Azure AD users or groups access to Kubernetes resources within a namespace or across a cluster
Kubernetes Cluster Updates:
- Kubernetes releases updates at a quicker pace than more traditional infrastructure platforms. These updates usually include new features, and bug or security fixes.
- AKS supports four minor versions of Kubernetes
- Upgrading AKS clusters are as simple as executing a Azure CLI command. AKS handles a graceful upgrade by safely cordon and draining old nodes in order to minimize disruption to running applications. Once new nodes are up and containers are running, old nodes are deleted by AKS.
Pod Identities:
If your containers require access to the ARM API, there is no need to provide fixed credentials that must be rotated periodically. Azure’s pod identities solution can be deployed to your cluster which allows your containers to dynamically acquire access to Azure API and services through the use of Managed Identities (marked Azure MSI in the diagram below).
Limit container access:
Avoid creating applications and containers that require escalated privileges or root access.
Monitoring:
As AKS is already integrated with other Azure services, you can use Azure Monitor to monitor containers in AKS.
- Toggled based implementation, can be enabled after the fact or enforced via Azure Policy
- Multi and Cluster specific views
- Integrates with Log Analytics
- Ability to query historic data
- Analyze your Cluster, Nodes, Controllers, and Containers
- Alert on Cluster & Container performance by writing customizable Log Analytics search queries
- Integrate Application logging and exception handling with Application Insights
EY’s usecase of Azure Kubernetes:
EY is among the largest professional services firms in the world. The firm is a global leader in assurance, tax, transaction, and advisory services.
The EY Client Technology function develops advanced technology solutions and constantly assesses its operations, services, and ability to react to market trends to meet clients’ needs. Standardized development tools help achieve these goals, enabling EY to quickly adopt new practices and increase development efficiency. EY adopted Microsoft Azure DevOps and Azure Kubernetes Service to standardize development, and it’s using the power of DevOps and containerization to deliver even more valuable software faster and at less cost.
Making the most of containerization:
With Kubernetes, EY uses containerization to accelerate development by employing consistent, compliant environments across different teams and applications. And because many EY clients are bound by strict data sovereignty regulations, the Client Technology team plans to use Kubernetes to deploy solutions on-premises, at the edge of a distributed network, in the cloud, or across multiple clouds—helping address clients’ needs wherever they are.
“We’ve been able to use Azure Pipelines to mitigate deployment complexities in Kubernetes,” says Abhishek Mitra, EY Cloud and DevOps Engineer, Client Technology. “The integration between Azure Pipelines and AKS is much smoother than other tools I’ve seen people use to deploy Kubernetes clusters.”
While EY uses AKS and Azure Pipelines to accelerate container deployments, it also set up Azure Pipelines to trigger releases by pushing images to Azure Container Registry. At the same time, this helps it maintain the right checks and bounds by preserving approvals at every stage of deployment to Azure Kubernetes clusters.
More visibility, velocity, and value
When it combined these advanced resources, the Client Technology team delivered better project visibility to EY development leads. “With the environments feature in AKS, we get a single view of code in each AKS pod without having to leave Azure Pipelines,” says Mitra. “As a result, I can run Azure Pipelines and simultaneously check my AKS deployments at the pod or node level in real time.”
“By using Azure, we’ve been able to develop and deploy solutions faster and with more confidence across a wide range of infrastructures. ”
Pablo Cebro: EY Director, Platform Engineering, Client Technology
EY
You can read the entire case study at:
https://customers.microsoft.com/en-in/story/751345-ey-partner-professional-services-azure
Hope you all would like this blog and do share with others too.😌😌
Thanks in advance for reading ✍️✍️
