More Related Content Similar to All Things Cloud Native Meetup: Azure Kubernetes Service Basics (20) More from Nico Meisenzahl (20) All Things Cloud Native Meetup: Azure Kubernetes Service Basics2. Nico Meisenzahl
• Senior Cloud & DevOps Consultant at white duck
• Microsoft MVP, Docker Community Leader &
GitLab Hero
• loves Kubernetes, DevOps and Cloud
© white duck GmbH 2020
Phone: +49 8031 230159 0
Email: nico.meisenzahl@whiteduck.de
Twitter: @nmeisenzahl
LinkedIn: https://www.linkedin.com/in/nicomeisenzahl
Blog: https://meisenzahl.org
5. Where containers can help
• isolation
• dependencies
• scalability
• immutability
© white duck GmbH 2020
6. But …
• containers itself are not production-ready
• we need to manage, scale and monitor them
• examples
• scaling container workload across multiple nodes
• service discovery and load balancing
• self-healing of applications
• secret, configuration and storage management
© white duck GmbH 2020
7. What is Kubernetes?
Kubernetes is an open source system for automating
deployment, scaling, and management of containerized
applications using a declarative approach.
© white duck GmbH 2020
8. Declarative and self healing
• Me: „I would like to run 3 instances of my app.“
• K8s: „Ok, I will run 3 instances and ensure they are always up.“
• K8s: „Oh, one instance died. Let me start another one instead.“
© white duck GmbH 2020
9. Kubernetes facts
• greek for helmsman/captain
• introduced by Google in June 2014
• hosted by Cloud Native Computing Foundation (CNCF)
– Microsoft, IBM, RedHat and Docker joined the project six weeks after the
first release
• third container management tool build by Google
– Borg
– Omega
• Kubernetes is the container orchestration tool
© white duck GmbH 2020
18. Resource manifests
• are defined in YAML or JSON using a
declarative approach
• needs to be passed to the API server
• are verified and processed by the API
server
© white duck GmbH 2020
19. Working with Kubernetes
• kubectl
• CLI for Windows, MacOS & Linux
• get/create/delete resources
• get API resources/details
• attach to containers
• “port-forward” functionality
• extendable (Plugins)
• Dashboard
• Helm, Kustomize, …
© white duck GmbH 2020
21. Azure Container Registry (ACR)
• fully managed and scalable container registry
• integrated security
• Azure AD
• role-based access
• supports container builds à no need to build them locally
• supports OCI which allows to also store Helm charts
• pricing based on service tier and usage (storage, build-time)
• integrates with Azure DevOps
© white duck GmbH 2020
24. Azure Container Instances (ACI)
• abstracts everything except your container
• Linux, Windows & GPU workload
• can be used for
• event-driven applications
• data processing jobs
• can be integrated with AKS via virtual nodes
• fast scaling
• isolated compute
• pay as you go pricing (CPU, memory)
© white duck GmbH 2020
25. Azure Kubernetes Service (AKS)
• fully managed Kubernetes Cluster
• scalable and secure by default
• runs Linux, Windows and GPU workload
• end-to-end developer experience
• Azure Dev Spaces, VS Code integration
• pricing is based on compute (VM size of worker nodes)
• free-of-charge control plane (master nodes)
© white duck GmbH 2020
26. AKS integrates with
• Azure Monitor for monitoring
• Azure Policies for governance
• Azure Files & Azure Disks for persistent storage
• Azure AD for authentication and authorization
• Azure Virtual Network for advanced networking
• Azure Application Gateway for application ingress security
• Azure Key Vault for secret management
• Azure DevOps for CI/CD
• Azure Portal for easy administration
• …
© white duck GmbH 2020
29. Private Cluster support
© white duck GmbH 2020
• expose API Server via Private Link into an internal subnet
• expose Services into an internal subnet using internal
Load Balancer
• access PaaS Services via Private Link Endpoints
• Container Registry
• Storage Services
33. AAD Pod Identity
© white duck GmbH 2020
Node Managed Identity
Managed Service Identity