In the following steps I will install some containers (Pods) on my Azure Arc enabled Kubernetes so I have some data to work with in my MVP LAB. I did that with Microsoft Visual Studio Code and with Helm predefined templates. Install the VSCode and install the Kubernetes extension, more information here
In the following steps we install DAPRand Redis on the Azure Arc enabled Kubernetes.
When you open your Kubernetes Cluster
Click then on Helm Repos
There you see Dapr repo.
Click on version 1.6.0.
Right click on version 1.6.0
Click on Install.
Dapr is installed by default on the Azure Arc enabled Kubernetes.
Type in Powershell : dapr status -k You will see the running pods of Dapr.
Dapr Dashboard is running Important: This is running in a test environment and is now http.
For production you have to make it save! Azure Arc Services and Azure Defender for Containers will help you with that.
But next to these security best practices from the software vendor, we also have Microsoft Azure Arc Security (Preview) on this kubernetes Cluster active. In the following steps you will see Security rules, Fixes and Azure Policies for Azure Arc Kubernetes to make your environment more secure and compliant.
Click on your Azure Arc enabled Kubernetes Cluster
This is my Dockkube. Click then on Security (preview)
Here you see that I don’t have Azure Policy active to be compliant
on my Azure Arc enabled Kubernetes Cluster.
A lot of security issues are managed by policies. Click on View Additional recommendations in Defender for Cloud
See Related recommendation (17)
Here you see all the dependent policies for your Azure Arc enabled Kubernetes Cluster.
Select your Azure Arc Enabled Kubernetes Cluster (Dockkube) Click on Fix
Confirm and click on Fix 1 resource.
Remediation in progress.
It can take some minutes to see your resources in the Healthy state.
Just refresh 😉
In Azure Policy you will see how Compliant you are with your
Azure Arc enabled Kubernetes. Click on the ASC compliance.
Here you see the 10 Policies that are not Compliant.
Select a policy which is not compliant like here Kubernetes Cluster containers should only use allowed images Click on Details
Here you see the Component ID’s on my Azure Arc enabled Kubernetes Cluster
which are not compliant on this policy 😉 See the Tab bar, you are now on Component Compliance
Click on Policies tab
Dubbel click on the policy.
From here you can Assign the policy to your Azure Arc enabled Kubernetes Cluster.
A New example and you can see the Affected Components
on my Azure Arc enabled Kubernetes Cluster Dockkube.
When you work in a DevOps way with Kubernetes containers and microservices, you want them as secure as possible. With application security and best practices from the software vendors. Security monitoring and compliance are important to keep you in control and to keep your environment safe. With Azure Arc enabled Kubernetes you get Azure Defender for Containers and Azure policy for security compliance to your Kubernetes Cluster.
Important: This is still in preview and should not be used in production environment yet until Microsoft makes it General Available for the world. Now you can test it in your test environment like me in my MVPLAB.
Microsoft Azure Arc allows you to manage the following resource types hosted outside of Azure:
Servers: Manage Windows and Linux physical servers and virtual machines hosted outside of Azure.
Kubernetes clusters: Attach and configure Kubernetes clusters running anywhere, with multiple supported distributions.
Azure data services: Run Azure data services on-premises, at the edge, and in public clouds using Kubernetes and the infrastructure of your choice. SQL Managed Instance and PostgreSQL Hyperscale (preview) services are currently available.
SQL Server: Extend Azure services to SQL Server instances hosted outside of Azure.
I have a Kubernetes Cluster enabled with Azure Arc Services in my MVP LAB:
It’s Called Dockkube.
The Kubernetes Cluster is running on-premises and is enabled with Microsoft Azure Arc Services. With that said we get Azure Services available for management in the Cloud in a hybrid way. In the following step by step guide we activate Azure Monitor Insights for Containers on the Azure Arc enabled Kubernetes Cluster.
Container Insights Alerts / Actions on Azure Arc Enabled Kubernetes
When you open Dockkube Azure Arc enabled Kubernetes, you will see on the left Monitoring Insights.
Then you have the options :
Click on Containers, and you will see all the containers on the Azure Arc enabled kubernetes.
Then you have recommended Alerts (Preview) at the top, when you Click on it you will see all the predefined recommended alerts in preview. I have selected Node CPU % and Enabled the alert. With that you see on the above screenshot there is no action group assigned. That is the next step, click on No Action Group Assigned.
Click on Create a new action group.
Select the Azure Subscription, Resource group and give the
Action Group a name.
Click on Next: Notifications
Here you can select your type of Alert communication.
I have selected the option Email.
Setting the Name : Dock Kube Notify.
The next step you can select an action type :
In my MVP LAB, I don’t need an action but just a notification by email.
You can set a TAG here
Before you create the Alert rule with the action group, you get the option
to test the action group.
Click on Test Action Group.
Select a sample type.
I did Resource health alert
Click on Test.
The test is running.
I’m getting the Alert email in my box from Microsoft Azure.
Test is successful and click on Done.
Click on Create
Select the Action group for me is that DockKube CPU.
Click on Apply to Rule.
Now this Alert is active on my Azure Arc enabled Kubernetes 😉
When you go to Alert Rules, you will see the new Alert rule.
Here you can modify it if necessary.
For example, I want the severity from 3 Information to 2 Warning.
I made a severity 2 Warning.
Don’t forget to click on Save at the left top.
More Container Insights information on Microsoft docs :
Microsoft Azure Arc enabled kubernetes is Awesome for management in a hybrid way. I just showed you the power of Alert rules with action groups from the Azure Cloud to get Container Insights. Of course there are more Azure features for your Azure Arc enabled Kubernetes like Security (Preview) Kubernetes Resources, Policies, Gitops and more. Making your own dashboard with Container Insight information. Go for hybrid IT Management with Azure Arc enabled Kubernetes!
I’m working with Windows Admin Center every day to manage our datacenter and to mange my MVP LAB. When you have to install Windows Server Core
or Microsoft Azure Stack HCI Operating system, then Windows Admin Center is the right tool for you as an Administrator. You can use all the Server Manager tools via WAC
and you don’t have to work with Command-line tools only like CMD and PowerShell.
In my MVP LAB I have a Microsoft Windows Server 2022 Datacenter Edition Hyper-V Host, and I like to make a Docker Host Server for my Containers.
With Windows Admin Center it’s easy to roll out a Docker host Server for your Containers.
In the following steps I will Install a Docker Host Server on Windows Server 2022.
Open Windows Admin Center and connect to your Server.
I Have Container Extension installed version 1.150.0
Click on Containers and Click on Install Windows Admin Center will Restart your Server for the Docker Installation!
Hang on while Docker Host will be Installed on Windows Server 2022.
Docker Host Installed Successfully.
Docker Host Container Overview Screen on Windows Server 2022.
From here you can Pull containers images to the Docker Host.
This is what I did but…..
Instead of pulling a Container Image you can also Create your Own Container Image.
Here I’m Pulling a ASP.NET Container Image from Microsoft.
Pulled Container Image Successfully.
The ASP.NET Container Image is now Available on the Docker Host.
Select the Container Image and Click on Run.
Give the Docker Container a name.
You can Manage the ports,
And add addition Docker Run options,
Click on Run.
The ASP.NET Docker Container is running on Windows Server 2022.
When you Click on the running Container you will get options like :
Stats, Details, Logs, Console and Events.
When you Click on Console you will go remote by PowerShell to the Docker Host.
Here you got all the Docker commands 😉
And of course when you want to develop Containers as a developer you can use Microsoft Visual Studio Code as well.
(I’m using Visual Studio Code Insiders version in my MVP LAB)
Microsoft Azure Container Instances
Containers are becoming the preferred way to package, deploy, and manage cloud applications. Azure Container Instances offers the fastest and simplest way to run a container in Azure, without having to manage any virtual machines and without having to adopt a higher-level service.
Azure Container Instances is a great solution for any scenario that can operate in isolated containers, including simple applications, task automation, and build jobs. For scenarios where you need full container orchestration, including service discovery across multiple containers, automatic scaling, and coordinated application upgrades, we recommend Azure Kubernetes Service (AKS).
For my MVP LAB Azure Container Instances (ACI) is a great way to run Containers fast in the Cloud and have a overview with Windows Admin Center for :
Here you have a overview of your Azure Container Instances in Windows Admin Center.
In the following steps I will create an Azure Container Instance via the Microsoft Azure Portal and show it in Windows Admin Center. For this you need to integrate Windows Admin Center with your Microsoft Azure Subscription. This you can do in settings of WAC:
When you have your Azure Account active in Windows Admin Center, go to the Microsoft Azure Portal and search for Container instances.
Click on Create Container Instances
Here you set the basics of your Azure Container Instance
Here you set the following items for your Azure Container Instance (ACI) :
Select your Azure Subscription which is integrated with your Microsoft Windows Admin Center.
Select or Create the Resource Group for your Azure Container Instance.
Give your Container a name.
Select the Region in Microsoft Azure where you want your Azure Container Instance to run.
Availability zones to select.
Select your Image Source, I selected Quickstart images of Microsoft, but you can also select your own Container image.
Then select the size for vcpu, memory, gpus for your Azure Container Instance application.
Click on Next for Networking.
I Selected Public for testing but here you can select private too
with your own DNS name Label with the
right ports and protocols.
At Advanced settings you can configure additional container properties and variables
here you can TAG the Owner of the Azure Container Instance.
Click on Review + Create.
Now you can Click Create or Download the template for Automation.
Have a look at the Options here what you can do with the Template from here.
Microsoft Azure Container Instance is Deployed and running.
Nginx Container Instance is running on Azure.
Now we have the Microsoft Azure Container Instance with Nginx running in the Cloud, we can see that in Windows Admin Center.
Azure Container Instance in Windows Admin Center in running state.
When you don’t need it anymore you can end it here or in the Azure Portal.
Azure Container Instance is stopped by Windows Admin Center.
Run your Own Azure Container Instances from the ACR via
Windows Admin Center.
Manage Kubernetes Clusters and Containers with Windows Admin Center
Azure Kubernetes Service (AKS) on Azure Stack HCI is an on-premises implementation of Azure Kubernetes Service, which automates running containerized applications at scale. Azure Kubernetes Service is available on Azure Stack HCI, Windows Server 2019 Datacenter, and Windows Server 2022 Datacenter, making it quicker to get started hosting Linux and Windows containers in your datacenter. This is the High Available Container Solution on-premises from Microsoft, where you can run Containers and microservices in a isolated way in your datacenter with your DevOps Team. But you can also make your Azure Stack HCI Cluster hybrid with Azure integration and Azure Arc Services to benefit of Azure Hybrid Services.
Create your Own locally Azure Stack HCI Cluster with Azure Kubernetes Services
Microsoft product team of Windows Admin Center | Windows Server | Azure Stack HCI are working hard to make the Windows Admin Center Tool better and better to install and manage Container / microservices solutions. With Microsoft Azure extensions in Windows Admin Center and Azure Arc Services, Microsoft features from the Azure Cloud becomes available for your Containers like Azure Defender for Cloud with Container Insights, Azure Monitor, Azure App Services and much more.
Windows Admin Center is a Great Server Manager tool for your Windows Servers in your Datacenter. Especially when you use Windows Server Core or Azure Stack HCI.
Azure Monitor Insights for Monitoring your Containers.
In the last blogpost I wrote about Microsoft Azure Arc Services and how to connect a Docker for Desktop Kubernetes Cluster for testing your DevOps solution like Container Apps, Functions, App Services in a test environment. Here you find the Link to the Installation.
One of the Microsoft Azure Arc features is Azure Monitor Insights for monitoring your Kubernetes Cluster and the Containers.
Azure Arc Insights for Kubernetes Cluster anywhere
In the following step-by-step guide we will configure Azure Monitor Insights for your Kubernetes Cluster.
I Connected my Analytics Workspace CloudMVPLab.
Click on Configure.
Onboarding your Kubernetes Cluster will take some minutes.
After a while your Kubernetes Cluster Analytics data will show in Insights.
Here you see a navigation bar with the following topics
Insights reports of the Kubernetes Cluster
Here you can Click on default reports of your Kubernetes Cluster.
Storage Capacity and Health Status report of your Kubernetes Cluster.
Storage Capacity more in Details.
Deployments Report of your Kubernetes Cluster.
Workload details Report of your Kubernetes Cluster.
Kubelet report of your Kubernetes Cluster
Data Usage of your Kubernetes Cluster
Insights the Nodes of the Kubernetes Cluster
Insights of the Nodes and on the right you can view Analytics.
Here you can work with Log Analytics on your Cluster.
Insights in Controllers of your Kubernetes Cluster
Insights of your Controllers
Insights Containers of your Kubernetes Cluster
Container Insights of your Kubernetes Cluster
Container Insights with Azure Log Analytics.
So with Azure Arc Enabled Kubernetes Clusters you can monitoring your Cluster and running Containers to keep you in Control on what is happening on the Cluster but also with your Container Apps and microservices. After this you can set Alerts and notifications when something is going wrong or offline. With this running you can start running your own App services, Containers or Azure functions on your Kubernetes Cluster.
This configuration with Docker for Desktop Kubernetes Cluster is for testing purpose only and can be used for your own DevOps solutions before you deploy on Production Ready Clusters. With Azure Arc Enabled Kubernetes Clusters you get the powerful Microsoft Azure Features and solutions in a secure way on your Kubernetes Cluster. I wish you lot of success with Azure Arc Enabled Kubernetes Clusters to make Awesome Apps and IT solutions for the Business 😉
I Hope everyone had a Great Microsoft Build 2021 Online Conference this week. Microsoft announced a lot of new features and Hybrid Cloud Solutions at Build 2021 🙂 If you missed this Awesome Build 2021 event, you can watch the highlights on demand here.
DevOps and developers are increasingly using microservices-based architectures with containerized applications for agility and flexibility. Azure Arc extends the single control plane from Azure to enable you to build apps consistently across hybrid and multi-cloud environments. With this information I was thinking, can I connect Microsoft Azure Arc Services to my Surface Book 3 with Windows 10 Preview Insiders Build 21390 and Docker for Windows with Kubernetes Cluster 1.19.7 active?
IMPORTANT: The following step-by-step guide is for testing purpose only.
Installing Docker for Windows with Kubernetes Cluster on Windows 10
First you need to have Docker for Windows 10.
Your Windows machine must meet the following requirements to successfully install Docker Desktop.
WSL 2 backend
Hyper-V backend and Windows containers
WSL 2 backend
Windows 10 64-bit: Home, Pro, Enterprise, or Education, version 1903 (Build 18362 or higher).
With docker desktop for Windows you can switch between Windows Containers and Linux Containers. When you want to have a Kubernetes Cluster on your Windows 10 device active you have to switch to Linux Containers in the taskbar like this :
It’s now active for Linux Containers. (Default)
Right Click on the Docker tray icon and go to Settings.
Then go to Kubernetes to enable your Cluster locally on your Windows 10 Device.
When you apply it take some minutes for the installation.
When you see the Kubernetes icon on green, then your Cluster is running.
When you do a lot of DevOps work you use Microsoft Visual Studio Code for Free, because here you can see your Kubernetes Cluster and try your own code or Apps.
Kubernetes Cluster is running locally on your Windows 10 device.
Installing Microsoft Azure Arc Agent
The next step is to install the Microsoft Azure Arc agent on your Windows 10 device.
Login in your Azure Subscription, if you don’t have one you can start here
Search for Azure Arc in your subscription.
Click on Servers and Click on Add.
Click on add a Single Server.
Click on Generate Script.
Prerequisites for the Azure Arc Agent.
Select your Azure Subscription and Resource Group
Choose your Region.
Operating System is Windows. ( your Windows10 device)
Click on Next.
More Features like Security, Monitoring, Automation :
Features for Kubernetes in Azure Arc Services.
Here you see in Visual Studio Code your Azure-Arc Helm Release.
“Learn how to write once and run anywhere using your preferred cloud-native application services. Ensure governance, compliance and security for your deployments, all through a single pane of glass management experience in Azure.”
With Microsoft Azure Arc Services you bring Azure Cloud Technology anywhere for your Apps, Containers, microservices.
I Hope this is a first start for exploring and testing your Hybrid Cloud solution. Wish you a lot of fun and happy coding 😉
Azure Stack HCI is a Hyper-Converged Infrastructure (HCI) cluster solution that hosts virtualized Windows and Linux workloads and their storage in a hybrid on-premises environment. Azure hybrid services enhance the cluster with capabilities such as cloud-based monitoring, Site Recovery, and VM backups, as well as a central view of all of your Azure Stack HCI deployments in the Azure portal. You can manage the cluster with your existing tools including Windows Admin Center, System Center, and PowerShell.
Azure Stack HCI, version 20H2 is a new operating system now in Public Preview and available for download. It’s intended for on-premises clusters running virtualized workloads, with hybrid-cloud connections built-in. As such, Azure Stack HCI is delivered as an Azure service and billed on an Azure subscription. Azure Stack HCI also now includes the ability to host the Azure Kubernetes Service; for details, see Azure Kubernetes Service on Azure Stack HCI.
Get Started with Azure Stack HCI and Windows Admin Center
Windows Admin Center is a locally deployed, browser-based app for managing Azure Stack HCI. The simplest way to install Windows Admin Center is on a local management PC (desktop mode), although you can also install it on a server (service mode).
If you install Windows Admin Center on a server, tasks that require CredSSP, such as cluster creation and installing updates and extensions, require using an account that’s a member of the Gateway Administrators group on the Windows Admin Center server. For more information, see the first two sections of Configure User Access Control and Permissions.
Before you begin, you have to know that Azure Stack HCI is still in Preview and not for Production usage ready. But I’m installing it in my MVPLAB for testing purpose only and learn all the New Features.
What’s New in Azure Stack HCI
Clusters running Azure Stack HCI, version 20H2 have the following new features as compared to Windows Server 2019-based solutions:
New capabilities in Windows Admin Center: With the ability to create and update hyper-converged clusters via an intuitive UI, Azure Stack HCI is easier than ever to use.
Stretched clusters for automatic failover: Multi-site clustering with Storage Replica replication and automatic VM failover provides native disaster recovery and business continuity to clusters that use Storage Spaces Direct.
Affinity and anti-affinity rules: These can be used similarly to how Azure uses Availability Zones to keep VMs and storage together or apart in clusters with multiple fault domains, such as stretched clusters.
Azure portal integration: The Azure portal experience for Azure Stack HCI is designed to view all of your Azure Stack HCI clusters across the globe, with new features in development.
GPU acceleration for high-performance workloads: AI/ML applications can benefit from boosting performance with GPUs.
BitLocker encryption: You can now use BitLocker to encrypt the contents of data volumes on Azure Stack HCI, helping government and other customers stay compliant with standards such as FIPS 140-2 and HIPAA.
Improved Storage Spaces Direct volume repair speed: Repair volumes quickly and seamlessly.
In the Following Step-by-Step guide we install Azure Stack HCI Cluster with Windows Admin Center.
Click on Add and then Create New Server Cluster.
Choose for Azure Stack HCI.
Here you can also choose for both Azure Stack HCI nodes are in the same Site or you have more Azure Stack HCI Nodes in Two Sites for disaster Recovery and Business Continuity.
In my MVPLAB I have all Azure Stack HCI nodes in One Site. More information about Microsoft Azure Stack HCI Stretching Clusters can be found here.
Here you can configure different Switches for your workloads. Windows Admin Center will work with Software Defined Networking (SDN) I Skipped this in my MVPLAB.
Before creating the Azure Stack HCI Cluster, we have to Validate the Cluster first.
When the Cluster Validation is done, you can download the Cluster Validation report.
Here we give the Cluster a Name and a static IP.
Click Create Cluster.
Microsoft Azure Stack HCI Cluster is created 😉
Click Next for Storage.
I Got some small disks Click Next.
Storage is validated and suitable for Storage Spaces Direct.
Storage Spaces Direct is enabled on your Azure Stack HCI Cluster.
Click Next for SDN
Here you can configure the Network Controller for the Azure Stack HCI Cluster
Done your Azure Stack HCI Cluster is made 🙂
Here we have the Dashboard in Windows Admin Center of my Azure Stack HCI Cluster
Management of your Azure Stack HCI Cluster
Managing your Azure Stack HCI Cluster with Windows Admin Center is important, because I have connected WAC with my Azure Subscription I can use Azure Monitor.
From here the Cluster is also connected with my Analytics workspace of Azure Monitor.
Azure Stack HCI Cluster Nodes connected with Azure Monitor.
With Windows Admin Center you can manage the Azure Stack HCI updates with Cluster Aware Updating (CAU) without any downtime for your workloads.
Start Cluster Aware Updating
Click on Install
One Azure Stack HCI Node is waiting and the other is Installing.
Now the other Azure Stack HCI Node is Installing the Update.
Updates Succeeded on both Azure Stack HCI Nodes.
Microsoft Azure Stack HCI Cluster is Running
Create your Virtual Machine on Azure Stack HCI Cluster.
Windows Admin Center supports you all the way for making your Microsoft Azure Stack HCI Cluster in easy steps deployment wizard. Of course you can make also your own PowerShell deployment scripts when you have to make more Azure Stack HCI Clusters for different platforms like Deploying virtual machines or AKS Kubernetes Clusters for Container Applications or a SQL environment. Here you find more information about PowerShell commands
After deploying Azure Stack HCI Clusters with your own PowerShell Script, you can add the Cluster into Windows Admin Center for IT Management.
The Installation time of the Cluster is really fast. I hope this will give you more inside information about the Preview of Microsoft Azure Stack HCI Cluster and Windows Admin Center better Together!
Next Step is AKS Kubernetes on Azure Stack HCI 😉
Microsoft Virtual Training Day | NL this Wednesday March 11th. This day will be full of technical sessions based on our Microsoft Learning Paths.
Explore the tracks
We offer 7 tracks including 5 sessions per track, based on the Learning Paths of Azure Cloud Native, Azure Data, Azure Infra & Ops, Business Applications, Power Platform, Modern Workplace and Surface. On the day itself you can join sessions of different tracks. Please register your sessions here :
Azure Kubernetes Service (AKS) makes it simple to deploy a managed Kubernetes cluster in Azure. AKS reduces the complexity and operational overhead of managing Kubernetes by offloading much of that responsibility to Azure. As a hosted Kubernetes service, Azure handles critical tasks like health monitoring and maintenance for you. The Kubernetes masters are managed by Azure. You only manage and maintain the agent nodes.
Azure AKS Kubernetes Services in Resource Group.
When you go to settings of your Azure AKS Kubernetes Cluster and then to Upgrade, there you can see your version of Kubernetes and the New versions of Azure AKS Services. Before you upgrade :
Important : Never skip an Upgrade version of Azure AKS Kubernetes.
As a DevOps person you like to work with Microsoft Visual Studio Code
Deploying and managing your Azure AKS Kubernetes Cluster services from there with the right extensions.
Here you see also that the KubeProxyVersion is v1.15.7
The extension for developers building applications to run in Kubernetes clusters and for DevOps staff troubleshooting Kubernetes applications.
View your clusters in an explorer tree view, and drill into workloads, services, pods and nodes.
Browse Helm repos and install charts into your Kubernetes cluster.
Intellisense for Kubernetes resources and Helm charts and templates.
Edit Kubernetes resource manifests and apply them to your cluster.
Build and run containers in your cluster from Dockerfiles in your project.
View diffs of a resource’s current state against the resource manifest in your Git repo
Easily check out the Git commit corresponding to a deployed application.
Run commands or start a shell within your application’s pods.
Get or follow logs and events from your clusters.
Forward local ports to your application’s pods.
Create Helm charts using scaffolding and snippets.
Bootstrap applications using Draft, and rapidly deploy and debug them to speed up the development loop.
Upgrade Azure AKS Kubernetes Services is Done 😉
When you manage and monitor your Azure AKS Kubernetes Cluster Services, have also a look at Microsoft Azure Advisor for new features and security issues :
Azure Advisor recommendations for Kubernetes services.
The cool thing is that Microsoft also give you the solution to solve a high risk :
Microsoft Azure AKS Kubernetes is a managed services and made upgrading for customers really easy to do. You can monitor the upgrades and see the Health status of the Azure AKS Kubernetes services. You get free advise to improve the Services and this all keeps you in control and your business running.
Whether you are new to distributed systems or have been deploying cloud-native systems for years, containers and Kubernetes can help you achieve new levels of velocity, agility, reliability, and efficiency. This book describes the Kubernetes cluster orchestrator and how its tools and APIs can be used to improve the development, delivery, and maintenance of distributed applications. Though no previous experience with Kubernetes is assumed, to make maximal use of the book you should be comfortable building and deploying server-based applications. Familiarity with concepts like load balancers and network storage will be useful, though not required. Likewise, experience with Linux, Linux containers, and Docker, though not essential, will help you make the most of this book.
Start Creating Azure Kubernetes Cluster for your Containers.
Managed Azure Kubernetes Service (AKS) makes deploying and managing containerized applications easy. It offers serverless Kubernetes, an integrated continuous integration and continuous delivery (CI/CD) experience, and enterprise-grade security and governance. As a hosted Kubernetes service, Azure handles critical tasks like health monitoring and maintenance for you. The Kubernetes masters are managed by Azure. You only manage and maintain the agent nodes. As a managed Kubernetes service, AKS is free – you only pay for the agent nodes within your clusters, not for the masters. In the following steps you can see the different ways for creating Azure Kubernetes Cluster via the Azure Portal, or via Azure Cloud Shell, or via Azure Resource Template. When the Microsoft Azure Kubernetes Cluster is running, then I will explain the different ways for deploying container workloads on AKS. When your workload is running on Azure Kubernetes Services, you also have to monitor your Container workloads with Azure Monitor Container Insights to keep in Controle. Let’s start with installing Azure Kubernetes Services (AKS)
Installing Azure Kubernetes Cluster via the Portal.
To begin you need of course a Microsoft Azure Subscription and you can start for free here
Basics information of the Azure Kubernetes Cluster
To Create the Azure Kubernetes Cluster, you have to follow these steps and type the right information in the Portal:
Review + Create
At the basics screen you select the right Azure Subscription and the Resource Group. You can create a New Resource Group or one you already made.
At Cluster details, you give your Cluster a name and select the Kubernetes version.
Here you select the Kubernetes Node size for your Container workload and the number of nodes.
You can start a Cluster already with One node, but choose to start with the right size for your workloads.
When you click on Change size, you can choose your nodes to do the job. 😉
Select the right Size node
Then we go to step 2 and that is Scale.
2. Scale options in Azure Kubernetes Cluster
Here you have two options :
VM Scale sets (Preview)
To quickly deploy workloads in an Azure Kubernetes Service (AKS) cluster, you can use virtual nodes. With virtual nodes, you have fast provisioning of pods, and only pay per second for their execution time. In a scaling scenario, you don’t need to wait for the Kubernetes cluster autoscaler to deploy VM compute nodes to run the additional pods. Virtual nodes are only supported with Linux pods and nodes. More information here about Virtual Nodes
To create an AKS cluster that can use multiple node pools, first enable two feature flags on your subscription. Multi-node pool clusters use a virtual machine scale set (VMSS) to manage the deployment and configuration of the Kubernetes nodes. With this Preview feature you can run Linux Containers and Windows Containers on the same Cluster. More information here about VM Scale sets (Preview)
The service principal is needed to dynamically create and manage other Azure resources such as an Azure load balancer or container registry (ACR). To interact with Azure APIs, an AKS cluster requires an Azure Active Directory (AD) service principal. More information about the Service Principal can be found here
Azure Kubernetes Service (AKS) can be configured to use Azure Active Directory (Azure AD) for user authentication. In this configuration, you can sign in to an AKS cluster by using your Azure AD authentication token.
Cluster administrators can configure Kubernetes role-based access control (RBAC) based on a user’s identity or directory group membership. More information about RBAC for AKS
Configuring the virtual Networks for your Azure Kubernetes Cluster is important for the right IP range but later on also for the Network Security Groups (NSG).
Here you see an example of the Kubernetes NSG which is connected to the Internet by Default after installation, you can deep dive into security but be careful which settings you do here because Microsoft resources must have access to service the Azure Kubernetes Cluster.
NSG created after installation is finished
NSG Rule set Inbound and outbound
In a container-based microservices approach to application development, application components must work together to process their tasks. Kubernetes provides various resources that enable this application communication. You can connect to and expose applications internally or externally. To build highly available applications, you can load balance your applications. More complex applications may require configuration of ingress traffic for SSL/TLS termination or routing of multiple components. For security reasons, you may also need to restrict the flow of network traffic into or between pods and nodes.
Best practices for network connectivity and security in Azure Kubernetes Service (AKS):
Keep Azure Monitoring Enabled and Connect to your Log Analytics workspace or create a new workspace for Container monitoring of your Azure Kubernetes Cluster.
Azure Monitor for containers is a feature designed to monitor the performance of container workloads deployed to either Azure Container Instances or managed Kubernetes clusters hosted on Azure Kubernetes Service (AKS). Monitoring your containers is critical, especially when you’re running a production cluster, at scale, with multiple applications.
Azure Monitor for containers gives you performance visibility by collecting memory and processor metrics from controllers, nodes, and containers that are available in Kubernetes through the Metrics API. Container logs are also collected. After you enable monitoring from Kubernetes clusters, metrics and logs are automatically collected for you through a containerized version of the Log Analytics agent for Linux. Metrics are written to the metrics store and log data is written to the logs store associated with your Log Analytics workspace.
After this you click on the last step Review and Create The Azure portal will do a validation of your Azure Kubernetes Cluster settings, and when it’s validated you hit Create. But when you want more Automation, you can download the JSON ARM template first and use that.
Installing Azure Kubernetes Cluster via Cloud Shell
Azure Cloud Shell AKS CLI
Azure hosts Azure Cloud Shell, an interactive shell environment that you can use through your browser. Cloud Shell lets you use either bash or PowerShell to work with Azure services. You can use the Cloud Shell pre-installed commands to run the code in this article without having to install anything on your local environment.
Here you see an Example of AKS CLI with Auto Scaler with max count of nodes 😉
Installing Azure Kubernetes Cluster via Template
Create Azure Kubernetes Cluster via Template in the Portal
Here you see Microsoft Visual Studio Code connected with my Azure subscription where my Azure Kubernetes Cluster is running. With the standard Helm Repository packages for deployment to your AKS Cluster. Here you see a WordPress yaml file which I deployed to the Kubernetes Cluster on Azure.
Just Select your Package and Install on Azure Kubernetes.
From here you can into the Container and read the logs.
I’m using Visual Studio Code a lot for Azure Kubernetes but also for Docker Containers and images.
Making Azure ARM JSON templates and this great for Infrastructure as Code.
Azure Monitoring with Container Insights
In One Dashboard you can see the Status of all your Clusters
Azure Monitor Container Insights Live View
Because we installed Azure Monitor for Containers on the Microsoft Azure Kubernetes Cluster, we can live see what is happening inside the Kubernetes Cluster with the containers. This is a great feature when you have a issue with a Container for troubleshooting fast and see what is happening.
Microsoft Azure Kubernetes Cluster is fast and easy to manage. You can upgrade your Cluster without downtime of your Container workload. With Azure Monitor for Containers you can see what’s happening inside the container and you can set alerts when something went wrong. This keeps you in Controle of the solution. With Deployment center alias Azure DevOps Projects you can deploy your workload via Azure DevOps Pipeline and work on versioning, testplans, Azure DevOps repo and work together with a Team on the following releases. Working with Azure Kubernetes Multi node pools with Linux and Windows on the same Cluster is possible. Try it yourself and start with a Proof of Concept for your Business.