-
Sé el primero en recomendar esto
Próxima SlideShare
Global Azure Virtual: Container & Kubernetes on Azure
- 1. Containers & Kubernetes on Azure Global Azure Virtual Rosenheim, April 2020
- 2. Nico Meisenzahl • Senior Cloud & DevOps Consultant at white duck • Microsoft MVP, Docker Community Leader & GitLab Hero • loves Kubernetes, DevOps and Cloud © white duck GmbH 2020 Phone: +49 8031 230159 0 Email: nico.meisenzahl@whiteduck.de Twitter: @nmeisenzahl LinkedIn: https://www.linkedin.com/in/nicomeisenzahl Blog: https://meisenzahl.org
- 3. Agenda • why Kubernetes? • how Kubernetes works • container services on Azure • demo © white duck GmbH 2020
- 4. WHY KUBERNETES? © white duck GmbH 2020
- 5. Where containers can help • isolation • dependencies • scalability • immutability © white duck GmbH 2020
- 6. But … • containers itself are not production-ready • we need to manage, scale and monitor them • examples • scaling container workload across multiple nodes • service discovery and load balancing • self-healing of applications • secret, configuration and storage management © white duck GmbH 2020
- 7. What is Kubernetes? Kubernetes is an open source system for automating deployment, scaling, and management of containerized applications using a declarative approach. © white duck GmbH 2020
- 8. Declarative and self healing • Me: „I would like to run 3 instances of my app.“ • K8s: „Ok, I will run 3 instances and ensure they are always up.“ • K8s: „Oh, one instance died. Let me start another one instead.“ © white duck GmbH 2020
- 9. Kubernetes facts • greek for helmsman/captain • introduced by Google in June 2014 • hosted by Cloud Native Computing Foundation (CNCF) – Microsoft, IBM, RedHat and Docker joined the project six weeks after the first release • third container management tool build by Google – Borg – Omega • Kubernetes is the container orchestration tool © white duck GmbH 2020
- 10. HOW KUBERNETES WORKS © white duck GmbH 2020
- 11. A pod © white duck GmbH 2020
- 12. A deployment © white duck GmbH 2020
- 13. ClusterIP service © white duck GmbH 2020
- 14. NodePort service © white duck GmbH 2020
- 15. LoadBalancer service © white duck GmbH 2020
- 16. Ingress © white duck GmbH 2020
- 17. Big picture © white duck GmbH 2020
- 18. Resource manifests • are defined in YAML or JSON using a declarative approach • needs to be passed to the API server • are verified and processed by the API server © white duck GmbH 2020
- 19. Working with Kubernetes • kubectl • CLI for Windows, MacOS & Linux • get/create/delete resources • get API resources/details • attach to containers • “port-forward” functionality • extendable (Plugins) • Dashboard • Helm, Kustomize, … © white duck GmbH 2020
- 20. CONTAINER SERVICES ON AZURE © white duck GmbH 2020
- 21. Azure Container Registry (ACR) • fully managed and scalable container registry • integrated security • Azure AD • role-based access • supports container builds à no need to build them locally • supports OCI which allows to also store Helm charts • pricing based on service tier and usage (storage, build-time) • integrates with Azure DevOps © white duck GmbH 2020
- 22. Container Image scanning © white duck GmbH 2020
- 23. Geo-replication © white duck GmbH 2020
- 24. Azure Container Instances (ACI) • abstracts everything except your container • Linux, Windows & GPU workload • can be used for • event-driven applications • data processing jobs • can be integrated with AKS via virtual nodes • fast scaling • isolated compute • pay as you go pricing (CPU, memory) © white duck GmbH 2020
- 25. Azure Kubernetes Service (AKS) • fully managed Kubernetes Cluster • scalable and secure by default • runs Linux, Windows and GPU workload • end-to-end developer experience • Azure Dev Spaces, VS Code integration • pricing is based on compute (VM size of worker nodes) • free-of-charge master nodes © white duck GmbH 2020
- 26. AKS integrates with • Azure Monitor for monitoring • Azure Policies for governance • Azure Files & Azure Disks for persistent storage • Azure AD for authentication and authorization • Azure Virtual Network for advanced networking • Azure Application Gateway for application ingress security • Azure Key Vault for secret management • Azure DevOps for CI/CD • Azure Portal for easy administration • … © white duck GmbH 2020
- 27. RBAC via Azure AD © white duck GmbH 2020
- 28. Cluster Autoscaler & virtual node © white duck GmbH 2020
- 29. Private Cluster support © white duck GmbH 2020 • expose API Server via Private Link into an internal subnet • expose Services into an internal subnet using internal Load Balancer • access PaaS Services via Private Link Endpoints • Container Registry • Storage Services
- 30. Azure Monitor (Container Insights) © white duck GmbH 2020
- 31. Governance with Azure Policies © white duck GmbH 2020
- 32. Azure Key Vault integration © white duck GmbH 2020
- 33. AAD Pod Identity © white duck GmbH 2020 Node Managed Identity Managed Service Identity
- 34. DEMO © white duck GmbH 2020
- 35. Demo • Azure Kubernetes Service • Azure Container Registry • build & deploy an application © white duck GmbH 2020
- 36. Questions? Slides: https://www.slideshare.net/nmeisenzahl Demo: https://github.com/whiteducksoftware/sample-mvc Nico Meisenzahl (Senior Cloud & DevOps Consultant) Phone: +49 8031 230159 0 Email: nico.meisenzahl@whiteduck.de Twitter: @nmeisenzahl LinkedIn: https://www.linkedin.com/in/nicomeisenzahl Blog: https://meisenzahl.org © white duck GmbH 2020
Sé el primero en comentar