The document discusses the evolution of container technologies over time, including Kubernetes. It then summarizes several Azure services for containers including Azure Kubernetes Service (AKS), Azure Container Instances (ACI), and Web App for Containers. The remainder of the document focuses on AKS, providing an overview and roadmap for implementing the AKS solution on Azure.
2. Azure Tech Lead | Microsoft Azure MVP
linkedin.com/in/pmsousa
pedro.sousa@bizdirect.pt
@psousa75
Pedro Sousa
3. Agenda Container Ecosystem Evolution Timeline
Kubernetes on Windows Server
Tooling
Azure ARC
Azure Kubernetes Service (AKS) solution
journey
Azure Kubernetes Service (AKS)
Azure Containers Instances (ACI)
Web App for Containers
Containers on Azure Service Fabric
Demo
Q&A
4. 7
6
4
2
1979
2000
2008
2014
2018
1970
2013
2016
Developed by Derrick
Woodworth and adopted
by Paul-Henning Kamp
FreeBSD jails
Linux kernel that isolates
and virtualizes system
resources of a collection
of processes.
Namespaces
Automating deployments,
scaling and management
of containerized
applications.
June 1st, 2014
Kubernetes
The Azure Kubernetes
Service (AKS) is generally
available.
June 13th, 2018
Azure AKS
Introduction of chroot
system call
Unix v7
Developed by
Google, Linux Kernel
feature that limits,
accounts for, and
isolates the resource
usage of a collection
of processes.
Process
Containers Software container
management platform
that automates
deployment of
applications.
Docker
Windows server
containers and Hyper-V
containers
Windows
Container
5.
6. AKS Baseline Cluster.
Networking
configuration
Network topology
Plan the IP addresses
Deploy Ingress
resources
Cluster compute
Compute for the
base cluster
Container image
reference
Policy management
Identity
Management
Integrate Azure AD
for the cluster
Integrate Azure AD
for the workload
Secure data flow
Secure the network
flow
Add secret
management
Business continuity
Scalability
Cluster and node
availability
Availability and
multi-region support
Operations
Cluster and workload
CI/CD pipelines
Cluster health and
metrics
Cost management
and reporting
Baseline architecture for an Azure Kubernetes Service (AKS) cluster
8. Tooling
The Kubernetes command-line interface (CLI)
kubetcl
Tool that lets you run Kubernetes locally. minikube runs a
single-node Kubernetes cluster on your personal computer
(including Windows, macOS and Linux PCs).
minicube
You can use the kubeadm tool to create and manage
Kubernetes clusters. It performs the actions necessary to get
a minimum viable, secure cluster up and running in a user-
friendly way.
kubeadm
10. Azure Kubernetes Service (AKS)
• Managed Kubernetes cluster in Azure
• You only manage and maintain the agent nodes
• Kubernetes Cloud adoption framework
• Reference architectures
Key points
Azure Kubernetes Service Roadmap (Public) (github.com)
11. Azure Container Instances (ACI)
• Run containers without managing servers
• Increase agility with containers on demand
• Deploy containers to the cloud with unprecedented
simplicity and speed—with a single command.
• Secure applications with hypervisor isolation
Key points
12. Web App for Containers
• Easy to deploy container-based web apps
• The platform automatically takes care of OS patching,
capacity provisioning, and load balancing
• Pull images from Docker Hub or private Azure Container
Registry (ACR) and deploy
Key points
13. Containers on Azure Service Fabric
Service Fabric is an open source project and it powers core
Azure infrastructure as well as other Microsoft services such as
Skype for Business, Intune, Azure Event Hubs, Azure Data
Factory, Azure Cosmos DB, Azure SQL Database, Dynamics
365, and Cortana.
Key points
19. Quick reference: KubeCon 2020 content overload
Everything You Should Be Doing, But Aren’t: DevSecOps
for K8s Workflows - Steven Terrana & Dan Papandrea
Notary v2: Redesigning the Secure Supply Chain for Containers -
Justin Cormack & Steve Lasker
A High-Schooler’s Guide to Kubernetes Network Observability -
Drew Ripberger
Kubernetes CronJobs - Does Anyone Actually Use This [in
Production]? - Kevin Yan
Stop Writing Operators - Joe Thompson
Notes de l'éditeur
From The CEO's Desk: Docker’s Moby and LinuxKit- Making Containers Mainstream! (opcito.com)
The History of Kubernetes on a Timeline | @RisingStack
Top 10 Networking Features in Windows Server 2019: #1 Container Networking with Kubernetes | Argon Systems
Baseline architecture for an Azure Kubernetes Service (AKS) cluster - Azure Architecture Center | Microsoft Docs
Networking configuration
Cluster compute
Identity management
Secure data flow
Business continuity
Operations
Concepts - Kubernetes basics for Azure Kubernetes Services (AKS) - Azure Kubernetes Service | Microsoft Docs
A Kubernetes cluster is divided into two components:
The Control plane provides the core Kubernetes services and orchestration of application workloads.
Nodes which run your application workloads.
The control plane includes the following core Kubernetes components:
kube-apiserver - The API server is how the underlying Kubernetes APIs are exposed. This component provides the interaction for management tools, such as kubectl or the Kubernetes dashboard.
etcd - To maintain the state of your Kubernetes cluster and configuration, the highly available etcd is a key value store within Kubernetes.
kube-scheduler - When you create or scale applications, the Scheduler determines what nodes can run the workload and starts them.
kube-controller-manager - The Controller Manager oversees a number of smaller Controllers that perform actions such as replicating pods and handling node operations.
Multiplayer Game Server Hosting Using AKS - Azure Gaming | Microsoft Docs
Multiplayer Game Server Hosting Using ACI - Azure Gaming | Microsoft Docs
Multiplayer Game Server Hosting Using Azure Service Fabric - Azure Gaming | Microsoft Docs
This reference implementation demonstrates the recommended starting (baseline) infrastructure architecture for a general purpose AKS cluster. This implementation and document is meant to guide an interdisciplinary team or multiple distinct teams like networking, security and development through the process of getting this secure baseline infrastructure deployed and understanding the components of it.
We walk through the deployment here in a rather verbose method to help you understand each component of this cluster, ideally teaching you about each layer and providing you with the knowledge necessary to apply it to your workload.
The Drone Delivery app
The Drone Delivery application is a sample application that consists of several microservices. Because it's a sample, the functionality is simulated, but the APIs and microservices interactions are intended to reflect real-world design patterns.
Ingestion service. Receives client requests and buffers them.
Scheduler service. Dispatches client requests and manages the delivery workflow.
Supervisor service. Monitors the workflow for failures and applies compensating transactions.
Account service. Manages user accounts.
Third-party Transportation service. Manages third-party transportation options.
Drone service. Schedules drones and monitors drones in flight.
Package service. Manages packages.
Delivery service. Manages deliveries that are scheduled or in-transit.
Delivery History service. Stores the history of completed deliveries.
Azure Kubernetes Service (AKS) solution journey - Azure Architecture Center | Microsoft Docs
- DevSecOps for K8s, sysdig. Really good overview. Covers app dependency scanning, static code analysis, container image scanning, and how to do this on kubernetes
-Notary v2: Supply Chain Security. Notary v1 was s docker project and since then there has been a lot of collaboration around it for v2. It essentially allows you as the container publisher to digitally sign collections and configure trusted publishers. Similar offering in ACR Content Trust and when you are pulling a signed docker image from ACR you are actually using the same library as the Notary CLI uses to validate the signature. Note ACR does not officially support the Notary CLI however but its compatible with some of its APIs
-A High-Schooler’s Guide to Kubernetes Network Observability – actually by a highschooler, he is in university now talks about the project kube-netc but also goes through some really good basics of Networking observability in a cluster,
K8s cronjobs: does anyone actually use this-Kevin is from Lyft, lots of cronjobs. Getting into some problems around distributed scheduling and pokes holes in the the cronjob object.
(1) Stop Writing Operators - Joe Thompson, talks a lot about when to use/not use the operator pattern. Theres beena lot of momentum around the number of k8s operators that have been popping up