Topics Discussed:
- Containers
- Features and Benefits
- Cluster Architecture
- Cluster Creation
- Key Kubernetes Concepts
- Storage
- Security
A container is a standard unit of software that packages up code and all its dependencies so that the application runs quickly and reliably from one computing environment to another. Managing multiple containers and scaling them up or down can be challenging, but Kubernetes offers a solution to these issues. Kubernetes is an open-source container orchestration tool that automates the deployment, scaling, and management of containerized applications.
However, managing Kubernetes on your own can present challenges, such as complex installation processes and the maintenance of the control plane. Cloud providers like Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP) offer managed Kubernetes services—Azure Kubernetes Service (AKS), Elastic Kubernetes Service (EKS), and Google Kubernetes Engine (GKE), respectively—that address these challenges.
What is AKS?
AKS is a managed Kubernetes service provided by Azure. In AKS, the master nodes are managed by Azure, while the customer manages the worker nodes. The cost of the control plane varies, with a free tier available and additional costs for standard and premium tiers.
Pricing: Control plane is free for standard clusters, with variable costs for worker nodes.
AKS Features and Benefits
- Managed Infrastructure: Reduced setup and maintenance burdens.
- Automated Updates: Ensures your cluster stays current with security patches and features.
- Integrated Monitoring and Logging: Provides insights into your cluster’s health and performance.
- Scalability and Performance: Easily scale worker nodes to meet workload demands.
- High Availability: Built-in redundancy for minimizing downtime.
AKS Cluster Architecture
Control Plane Components:
- Kubernetes API Server: Front-end for the cluster, handling user interactions and API calls.
- etcd: Distributed key-value store holding the cluster’s configuration and state.
- Kubernetes Scheduler: Assigns pods to worker nodes based on resource availability and constraints.
- Kubernetes Controller Manager: Governs the cluster’s state, ensuring resources match desired configurations.
Worker Node Components:
- Kubelet: Agent on each node, managing container execution.
- Kube-proxy: Enforces network rules and facilitates pod communication.
- Container Runtime: Executes containers (e.g., containerd, Docker).
AKS Cluster Creation (Azure Portal)
Basic Settings: Subscription, resource group, region, preset configuration (optional), availability zones.
Authentication: Choose between local accounts with Kubernetes RBAC, Azure AD with Kubernetes RBAC, or Azure AD with Azure RBAC.
Node Pools: Configure system and user node pools, specifying VM sizes, scaling options, etc.
Networking:
- Network Plugin: Kubenet (basic) or Azure CNI (advanced).
- Network Policy: Enforce traffic rules (e.g., Calico or Azure).
Integrations: Azure Container Registry, Azure Monitor, etc.
Key Kubernetes Concepts
- Pod: Smallest deployable unit, often containing one container.
- Deployment: Manages a set of replicated pods.
- Namespace: Virtual cluster for organizing resources.
- ReplicaSet: Maintains a desired number of pod replicas.
- Service: Provides a stable network endpoint for accessing pods (ClusterIP, LoadBalancer, NodePort, Ingress).
AKS Storage
- Storage Class: Defines storage types and provisioning behavior.
- Persistent Volume (PV): Administrator-provisioned storage.
- Persistent Volume Claim (PVC): Request for storage by a pod.
AKS Security
- Updates: Keep your cluster on the latest version.
- API Server Access: Restrict access and use authorized IP ranges.
- RBAC: Use Azure AD and Kubernetes RBAC for fine-grained access control.
- Network Security Groups (NSGs): Filter network traffic.
- Network Policies: Control pod-to-pod communication.
- Kubernetes Secrets: Secure storage for sensitive data.