About Hands-On Linux Administration on Azure, Second Edition
Thanks to its flexibility in delivering scalable cloud solutions, Microsoft Azure is a
suitable platform for managing all your workloads. You can use it to implement Linux
virtual machines and containers, and to create applications in open source languages
with open APIs.
This Linux administration book first takes you through the fundamentals of Linux and
Azure to prepare you for the more advanced Linux features in later chapters. With the
help of real-world examples, you’ll learn how to deploy virtual machines (VMs) in Azure,
expand their capabilities, and manage them efficiently. You will manage containers
and use them to run applications reliably, and in the concluding chapter, you’ll explore
troubleshooting techniques using a variety of open source tools.
By the end of this book, you’ll be proficient in administering Linux on Azure and
leveraging the tools required for deployment.
Whether you are new to distributed systems or have been deploying cloud-native systems for years, containers and Kubernetes can help you achieve new levels of velocity, agility, reliability, and efficiency. This book describes the Kubernetes cluster orchestrator and how its tools and APIs can be used to improve the development, delivery, and maintenance of distributed applications. Though no previous experience with Kubernetes is assumed, to make maximal use of the book you should be comfortable building and deploying server-based applications. Familiarity with concepts like load balancers and network storage will be useful, though not required. Likewise, experience with Linux, Linux containers, and Docker, though not essential, will help you make the most of this book.
Microsoft Azure Cloud Services is evolving really fast with New solutions and features every day for your business. In the following step-by-step guide we will see all the options and features when you create a virtual machine in the Azure Cloud. For this you need a Microsoft Azure subscription to start. When you are in the Azure Portal you begin with + Create a Resource and from there you see all the create items. Click on Computeand you will see the picture above what you can create. I’m going to create a Windows Server 2019 datacenter edition Virtual Machine in the Microsoft Azure Cloud. In the Azure Portal is a step by step wizard to help you with your choices.
Basic tab
We start by selecting the right Azure subscription ( if you have Multiple) like a Hub-Spoke model design
you can choose for your deployment. Then select a Resource Group or Create New. I made a new Resource Group called RSG-Winserv.
When you go further down, you must give your Virtual Machine a name and select the Microsoft Azure region where your VM will run. I Choose West Europe because I life in the Netherlands. For availability options of the Virtual Machine you can choose out of three options :
No infrastructure redundancy required
Availability zone
Availability set
Availability Zones is a high-availability offering that protects your applications and data from datacenter failures. Availability Zones are unique physical locations within an Azure region. Each zone is made up of one or more datacenters equipped with independent power, cooling, and networking
An Availability Set is a logical grouping capability that you can use in Azure to ensure that the VM resources you place within it are isolated from each other when they are deployed within an Azure datacenter. Azure ensures that the VMs you place within an Availability Set run across multiple physical servers, compute racks, storage units, and network switches
Microsoft Azure got a lot of software operating images, I installed Windows Server 2019 Datacenter but have a look at Browse all Public and Private images :
Small Disk Images
More images like Kali and Red Hat
The next step is the VM Size, the “hardware” requirements of the Virtual Machine. When you choose your VM size you have to know the possibilities and feature set of the Virtual Machine. This articledescribes the available sizes and options for the Azure virtual machines you can use to run your Windows apps and workloads. It also provides deployment considerations to be aware of when you’re planning to use these resources.
Here is Microsoft Azure showing 250 different VM sizes
In this window you see the following items of the Virtual Machine specs :
VM Size
Offering
Family
vCPUs
Memory RAM
Data Disks
Max IOPS
Temporary Storage
Premium Disks (Yes or No)
Cost / Month Estimated
So pick the right VM Size for your solution to do the job.
Allow Public Internet Inbound Port Rules
If you need this for example a website, then you can set it right away, but you can set it on None and change the Network Security Group (NSG) or Azure App Gateway or Azure Firewall later and keep it Closed for now. I will show this in the NSG later to get RDP access.
Hybrid Benefit
You can enable great savings in Azure with Windows Server Software Assurance by using Azure Hybrid Benefit for Windows Server. Azure Hybrid Benefit for Windows Server allows you to use your on-premises Windows Server licenses and run Windows virtual machines in Microsoft Azure at a reduced cost (i.e. at Linux rates). You can use your licenses for Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016. The Azure Hybrid Benefit for Windows Server is applicable to Windows Server Standard and Datacenter editions as well as other versions obtained via custom images. With Azure Hybrid Benefit for Windows Server, you can save 40 percent or more1 on Windows Server virtual machines by paying only the base compute2 rates—adding value to your Software Assurance investments. The benefit is available across all Azure regions. Read more here
Disks tab
Disk storage is important for performance, that’s why you can choose for Standard HDD, Standard SSD or
Premium SSD for your OS Disk. When your server need a Data disk, you can add it here or later on.
Here you can read more on Managed disks What disk types are available in Azure?
Networking tab
Here you create your Virtual Network / subnet with a public IP. You can see here when you choose for a specific Virtual machine, you can not use accelerated networking because It’s not supported by the VM size selection.
Here you can choose for a Load Balancer or a Application Gateway
Azure Application Gatewayis a web traffic load balancer that enables you to manage traffic to your web applications. Traditional load balancers operate at the transport layer (OSI layer 4 – TCP and UDP) and route traffic based on source IP address and port, to a destination IP address and port.
Azure Application Gateway
With Azure Load Balancer, you can scale your applications and create high availability for your services. Load Balancer supports inbound and outbound scenarios, provides low latency and high throughput, and scales up to millions of flows for all TCP and UDP applications.
Load Balancer distributes new inbound flows that arrive on the Load Balancer’s frontend to backend pool instances, according to rules and health probes.
Additionally, a public Load Balancer can provide outbound connections for virtual machines (VMs) inside your virtual network by translating their private IP addresses to public IP addresses.
Azure Load Balancer is available in two SKUs: Basic and Standard. There are differences in scale, features, and pricing. Any scenario that’s possible with Basic Load Balancer can also be created with Standard Load Balancer, although the approaches might differ slightly. As you learn about Load Balancer, it is important to familiarize yourself with the fundamentals and SKU-specific differences.
Management tab
When you have deployed your virtual machine, you want to manage it like monitoring and backup for example.
You can do these options also after the Virtual Machine deployment.
Backup of the Virtual Machine can be added when you deploy the VM.
I have a existing Backup Vault called WACvault1
From here you can create your own backup recovery Vault with your Own backup policy and retention times.
The feature provides Azure services with an automatically managed identity in Azure AD. You can use the identity to authenticate to any service that supports Azure AD authentication, including Key Vault, without any credentials in your code. What is managed identities for Azure resources?
Advanced tab
In the advanced tab you can select extensions for your Virtual Machine. These are add-ons and will installed during the deployment. You can now also select Gen 2 VM in Preview. Microsoft Azure has a lot of extensions for your Virtual machine :
List of extensions for your VM
Click on Create for adding Microsoft Antimalware on your VM
Select the options and exclusions
Tags tab
Here you can Tag your deployment
After you apply tags, you can retrieve all the resources in your subscription with that tag name and value. Tags enable you to retrieve related resources from different resource groups. This approach is helpful when you need to organize resources for billing or management. Read more on Tags here
At this moment the validation has passed for deployment with all your settings, but don’t forget to have a look at “Download a template for Automation” before you hit Create.
Here you can download or save the JSON ARM Template
When you you go Back and click on Create the Virtual Machine, this will deploy the VM in Minutes.
The following Azure items are deployed in RSG-Winserv
Now your Virtual Machine is deployed in Microsoft Azure Cloud and is running, you can have a look at all the features of the Virtual Machine in the Portal.
To connect to the Virtual Machine you have to Manage access for your RDP session via the NSG in my case:
Double click on the NSG
I added a new rule to give my IP-address access to the VM
From here you can access the Windows Server 2019 Datacenter Virtual Machine in Microsoft Azure Cloud.
Management of your Virtual Machine
When your Azure Virtual Machine with Windows Server 2019 is running, you want to monitor the VM and see what is happening inside the Virtual Machine. Azure Monitor Insights can help you with this.
Health State of the VM
Connections
When Microsoft Azure Monitoring is on and running you want have important alerts on your Mobile by sms or
via E-mail notification to take action.
Alerts on Winserv2019 VM
High CPU Alert
Here we make an Alert about the CPU which is going higher then 80% average.
Making an Action group for email notification of the Alert
Action Group made
Alert made for the VM
Alert details
Alert rule is set and running for this Virtual Machine.
Conclusion
You can create every virtual machine you want for your business, Windows Server or Linux..
You can mange your own performance for the VM on demand by selecting the right VM Size.
You can set Networking and High Availability
You can set Disk Performance for your IOPS
You can configure your management settings and dashboard for Monitoring.
Security can be set on different levels.
Backup of the Virtual Machine can be set with the right policy before deployment.
and more…….
And keep watching your Azure Advisor for better changes :
New Advise will come !
and of course there are more features and options on this Virtual Machine, Have a look :
Start Creating Azure Kubernetes Cluster for your Containers.
Managed Azure Kubernetes Service (AKS) makes deploying and managing containerized applications easy. It offers serverless Kubernetes, an integrated continuous integration and continuous delivery (CI/CD) experience, and enterprise-grade security and governance. As a hosted Kubernetes service, Azure handles critical tasks like health monitoring and maintenance for you. The Kubernetes masters are managed by Azure. You only manage and maintain the agent nodes. As a managed Kubernetes service, AKS is free – you only pay for the agent nodes within your clusters, not for the masters. In the following steps you can see the different ways for creating Azure Kubernetes Cluster via the Azure Portal, or via Azure Cloud Shell, or via Azure Resource Template. When the Microsoft Azure Kubernetes Cluster is running, then I will explain the different ways for deploying container workloads on AKS. When your workload is running on Azure Kubernetes Services, you also have to monitor your Container workloads with Azure Monitor Container Insights to keep in Controle. Let’s start with installing Azure Kubernetes Services (AKS)
Installing Azure Kubernetes Cluster via the Portal.
To begin you need of course a Microsoft Azure Subscription and you can start for free here
Basics information of the Azure Kubernetes Cluster
To Create the Azure Kubernetes Cluster, you have to follow these steps and type the right information in the Portal:
Basics
Scale
Authentication
Networking
Monitoring
Tags
Review + Create
At the basics screen you select the right Azure Subscription and the Resource Group. You can create a New Resource Group or one you already made.
At Cluster details, you give your Cluster a name and select the Kubernetes version.
Here you select the Kubernetes Node size for your Container workload and the number of nodes.
You can start a Cluster already with One node, but choose to start with the right size for your workloads.
When you click on Change size, you can choose your nodes to do the job. 😉
Select the right Size node
Then we go to step 2 and that is Scale.
2. Scale options in Azure Kubernetes Cluster
Here you have two options :
Virtual Nodes
VM Scale sets (Preview)
To quickly deploy workloads in an Azure Kubernetes Service (AKS) cluster, you can use virtual nodes. With virtual nodes, you have fast provisioning of pods, and only pay per second for their execution time. In a scaling scenario, you don’t need to wait for the Kubernetes cluster autoscaler to deploy VM compute nodes to run the additional pods. Virtual nodes are only supported with Linux pods and nodes. More information here about Virtual Nodes
To create an AKS cluster that can use multiple node pools, first enable two feature flags on your subscription. Multi-node pool clusters use a virtual machine scale set (VMSS) to manage the deployment and configuration of the Kubernetes nodes. With this Preview feature you can run Linux Containers and Windows Containers on the same Cluster. More information here about VM Scale sets (Preview)
3, Authentication
The service principal is needed to dynamically create and manage other Azure resources such as an Azure load balancer or container registry (ACR). To interact with Azure APIs, an AKS cluster requires an Azure Active Directory (AD) service principal. More information about the Service Principal can be found here
Azure Kubernetes Service (AKS) can be configured to use Azure Active Directory (Azure AD) for user authentication. In this configuration, you can sign in to an AKS cluster by using your Azure AD authentication token.
Cluster administrators can configure Kubernetes role-based access control (RBAC) based on a user’s identity or directory group membership. More information about RBAC for AKS
4. Networking
Configuring the virtual Networks for your Azure Kubernetes Cluster is important for the right IP range but later on also for the Network Security Groups (NSG).
Here you see an example of the Kubernetes NSG which is connected to the Internet by Default after installation, you can deep dive into security but be careful which settings you do here because Microsoft resources must have access to service the Azure Kubernetes Cluster.
NSG created after installation is finished
NSG Rule set Inbound and outbound
In a container-based microservices approach to application development, application components must work together to process their tasks. Kubernetes provides various resources that enable this application communication. You can connect to and expose applications internally or externally. To build highly available applications, you can load balance your applications. More complex applications may require configuration of ingress traffic for SSL/TLS termination or routing of multiple components. For security reasons, you may also need to restrict the flow of network traffic into or between pods and nodes.
Best practices for network connectivity and security in Azure Kubernetes Service (AKS):
Keep Azure Monitoring Enabled and Connect to your Log Analytics workspace or create a new workspace for Container monitoring of your Azure Kubernetes Cluster.
Azure Monitor for containers is a feature designed to monitor the performance of container workloads deployed to either Azure Container Instances or managed Kubernetes clusters hosted on Azure Kubernetes Service (AKS). Monitoring your containers is critical, especially when you’re running a production cluster, at scale, with multiple applications.
Azure Monitor for containers gives you performance visibility by collecting memory and processor metrics from controllers, nodes, and containers that are available in Kubernetes through the Metrics API. Container logs are also collected. After you enable monitoring from Kubernetes clusters, metrics and logs are automatically collected for you through a containerized version of the Log Analytics agent for Linux. Metrics are written to the metrics store and log data is written to the logs store associated with your Log Analytics workspace.
6. Tags
When you build more Azure Kubernetes Clusters for different departments or teams you can TAG your Clusters for organizing your billing and security for example. Here you find more information about tagging.
After this you click on the last step Review and Create The Azure portal will do a validation of your Azure Kubernetes Cluster settings, and when it’s validated you hit Create. But when you want more Automation, you can download the JSON ARM template first and use that.
Installing Azure Kubernetes Cluster via Cloud Shell
Azure Cloud Shell AKS CLI
Azure hosts Azure Cloud Shell, an interactive shell environment that you can use through your browser. Cloud Shell lets you use either bash or PowerShell to work with Azure services. You can use the Cloud Shell pre-installed commands to run the code in this article without having to install anything on your local environment.
Here you see an Example of AKS CLI with Auto Scaler with max count of nodes 😉
Installing Azure Kubernetes Cluster via Template
Create Azure Kubernetes Cluster via Template in the Portal
Now you have your Microsoft Azure Kubernetes Cluster (AKS) running in the Cloud, you want to deploy your Container workloads on the Cluster. In the following steps you see different deployments.
Deploy Container workload with Azure DevOps Project
Deployment Center
First you select your repository where your source code is of your workload.
Set the information right and click Next.
Simple example Click Next
Create a Container Registry.
Building Pipeline with Azure DevOps.
Here you see the Building in Microsoft Azure DevOps.
Build, test, and deploy in any language, to any cloud—or on-premises. Run in parallel on Linux, macOS, and Windows, and deploy containers to individual hosts or Kubernetes.
Here you find all the information about Microsoft Azure DevOpsfor your workloads, code and Deployments.
Deploying Container workload completed with Azure DevOps.
Deploy Container Workloads via Visual Studio Code
When you download and install Visual Studio Code on your computer, you can install the Azure Kubernetes extension for VSCode.
Here you see Microsoft Visual Studio Code connected with my Azure subscription where my Azure Kubernetes Cluster is running. With the standard Helm Repository packages for deployment to your AKS Cluster. Here you see a WordPress yaml file which I deployed to the Kubernetes Cluster on Azure.
Just Select your Package and Install on Azure Kubernetes.
From here you can into the Container and read the logs.
I’m using Visual Studio Code a lot for Azure Kubernetes but also for Docker Containers and images.
Making Azure ARM JSON templates and this great for Infrastructure as Code.
Azure Monitoring with Container Insights
In One Dashboard you can see the Status of all your Clusters
Azure Monitor Container Insights Live View
Because we installed Azure Monitor for Containers on the Microsoft Azure Kubernetes Cluster, we can live see what is happening inside the Kubernetes Cluster with the containers. This is a great feature when you have a issue with a Container for troubleshooting fast and see what is happening.
Conclusion
Microsoft Azure Kubernetes Cluster is fast and easy to manage. You can upgrade your Cluster without downtime of your Container workload. With Azure Monitor for Containers you can see what’s happening inside the container and you can set alerts when something went wrong. This keeps you in Controle of the solution. With Deployment center alias Azure DevOps Projects you can deploy your workload via Azure DevOps Pipeline and work on versioning, testplans, Azure DevOps repo and work together with a Team on the following releases. Working with Azure Kubernetes Multi node pools with Linux and Windows on the same Cluster is possible. Try it yourself and start with a Proof of Concept for your Business.
Install AKS-Preview extension via Azure Cloudshell
NOTE ! This is a Preview blogpost, do not use in production! (only for test environments)
To create an AKS cluster that can use multiple node pools and run Windows Server containers, first enable the WindowsPreview feature flags on your subscription. The WindowsPreview feature also uses multi-node pool clusters and virtual machine scale set to manage the deployment and configuration of the Kubernetes nodes. Register the WindowsPreview feature flag using the az feature register command as shown in the following example:
I Have registered the following Preview Features from the Azure CloudShell :
az feature register –name WindowsPreview –namespace Microsoft.ContainerService
az feature register –name MultiAgentpoolPreview –namespace Microsoft.ContainerService
az feature register –name VMSSPreview –namespace Microsoft.ContainerService
This will take a few minutes and you can check the registration with the following command :
az feature list -o table –query “[?contains(name, ‘Microsoft.ContainerService/WindowsPreview’)].{Name:name,State:properties.state}”
When ready, refresh the registration of the Microsoft.ContainerService resource provider using the az provider register command:
Creating Azure Kubernetes Cluster
First you create a Resource Group in the right Azure Region for your AKS Cluster to run:
az group create –name myResourceGroup –location eastus
I created Resource Group KubeCon in location West-Europe.
Creating KubeCluster
With the following CLI command in Azure Cloudshell, I created the Kubernetes Cluster with a single node:
The Azure Kubernetes Cluster “KubeCluster”is created in the resource group “KubeCon” in a view minutes.
Adding a Windows Pool
Adding a Windows Server Node Pool
By default, an AKS cluster is created with a node pool that can run Linux containers. Use az aks nodepool add command to add an additional node pool that can run Windows Server containers.
az aks nodepool add –resource-group KubeCon –cluster-name KubeCluster –os-type Windows –name pool02 –node-count 1 –kubernetes-version 1.14.0
I added the Windows Server Pool via the Azure Portal.
When this has finished, we have an Azure Kubernetes Cluster with Multi node Pools for Linux and Windows Server Containers :
Pools for Linux and Windows Server Containers
The following will be created in Microsoft Azure too :
VNET, NSG and Virtual Machine Scale Set (VMSS)
Azure Monitor for containers is a feature designed to monitor the performance of container workloads deployed to either Azure Container Instances or managed Kubernetes clusters hosted on Azure Kubernetes Service (AKS). Monitoring your containers is critical, especially when you’re running a production cluster, at scale, with multiple applications.
Azure Monitor for containers gives you performance visibility by collecting memory and processor metrics from controllers, nodes, and containers that are available in Kubernetes through the Metrics API. Container logs are also collected. After you enable monitoring from Kubernetes clusters, these metrics and logs are automatically collected for you through a containerized version of the Log Analytics agent for Linux and stored in your Log Analytics workspace.
Container Insights Monitoring of the Linux Node
Container Insights Monitoring of the Windows Server Node
Watch live as technology leaders from across industries share the latest breakthroughs and trends, and explore innovative ways to create solutions. After the keynotes, select Microsoft Build sessions will stream live—dive deep into what’s new and what’s next for developer tools and tech.
Discover and experience new ways to build, modernize, and migrate your applications. Get hands-on experiences with tools like Azure Kubernetes Service (AKS) that can help you dynamically scale your application infrastructure.
Quickly and easily build, train, and deploy your machine learning models using Azure Machine Learning, Azure Databricks, and ONNX. Uncover insights from all your content—documents, images, and media—with Azure Search and Cognitive Services.
Join Microsoft for hands-on learning to discover how tools like Visual Studio live share can help you collaborate with your peers instantly.
Come learn how to build an end-to-end continuous delivery pipeline that is fast and secure with Azure DevOps technologies. Spend less time maintaining your toolset and more time focusing on customer value.
Understand how frameworks like Xamarin and .NET can help you reach customers on all platforms. Learn how to use the same languages, APIs, and data structures across all mobile development platforms.
Learn how mixed reality helps you bring your work and data to life when you need it, and where you need it. Start building secure, collaborative mixed reality solutions today using intelligent services, best-in-class hardware, and cross-platform tools.
Learn to connect your devices to the cloud using flexible IoT solutions that integrate with your existing infrastructure. Collect untapped data and form valuable insights that help you create better customer experiences and generate new streams of revenue.
