Kubernetes introduction with Azure Cloud

Containers are standalone, executable software packages that encapsulate the application code along with all the required runtime, libraries, and dependencies. This encapsulation ensures that the application runs reliably and consistently across different computing environments.

Mobility & Isolation

Containers promote mobility since they encapsulate all dependencies required by the application. This means a containerized application can run seamlessly across a developer's local machine, test environments, and production servers irrespective of where they are hosted.

Isolation ensures that each container operates independently. This prevents any potential interference from other containers, enhancing security and performance.

Efficiency Benefits

• Lower Resource Requirements: Containers share the host system's OS kernel, rather than having their own operating systems, which significantly reduces their size and boot-up time compared to traditional virtual machines (VMs).
• Simplified Operations: Containers follow the principle of "build once, run anywhere," simplifying the deployment process across different environments.
• Speedy Deployment: Due to their small size, containers can be started, stopped, and created in a fraction of the time it takes to boot up an OS in a traditional VM.

Main 6 challenges with containers

1. Deployment Challenges: Deploying containers manually in a large-scale environment can be tedious and error-prone.

2. Scaling and Auto-scaling Issues: As applications grow, managing scaling (both up and down) becomes a significant challenge. It's difficult to manage these operations manually in a containerized environment.

3. Updating Containers: Updating containerized applications while ensuring zero or minimal downtime requires careful planning and execution.

4. Networking Complexities: Setting up networking between containers and ensuring they communicate securely can be complex. We have cover the basics of container networking in the Networking session of this course but it was the basic. Networking is a complexe field so you can do a lot more but we will not cover this subject into this course.

5. Affinity and Anti-affinity: Affinity rules ensure that certain containers are co-located on the same host machine, while anti-affinity rules ensure they are kept apart. Managing these rules in a large-scale environment can be challenging. We have seen in the previous section about monitoring container how to map your architecture. We have seen together the Weave Scope tool who give you a dependence graph of your containers park typically in the case if you are using many containers in a micro-service architecture.

6. Health Management of Containers: Monitoring the health of containers and managing hardware or software failures require additional tooling and automation like we have seen into the monitoring section of this courses, not a easy part !

That's why Kubernetes is here 😎

Introduction to Kubernetes

Kubernetes, often abbreviated as K8s, is an open-source container orchestration platform that automates the deployment, scaling, and management of containerized applications.

Kubernetes was initially developed by Google based on their experience running containers at scale. It was later donated to the Cloud Native Computing Foundation (CNCF) and has a vast community of contributors.

Core benefits of Kubernetes & Architecture

• Abstraction: Kubernetes allows you to describe the desired state of your application using a declarative YAML configuration file. You define what you want to happen, and Kubernetes takes care of how to achieve that state.
• Resource Allocation: Kubernetes intelligently allocates resources to containers based on their requirements, ensuring efficient utilization while maintaining high availability.
• Elastic Scale: Kubernetes can automatically scale your applications based on metrics like CPU usage or custom metrics, ensuring your applications can handle varying loads.
• Network Management: Kubernetes provides built-in load balancing, DNS, and network policy features, simplifying network setup and management.
• Updating Applications: With Kubernetes, you can perform rolling updates to your applications, ensuring minimal downtime.
• Self-Healing: Kubernetes constantly monitors the health of your containers and replaces failed containers automatically to ensure your applications are highly available.

Kubernetes Master Node (Control Plane)

The master node, also referred to as the control plane, is the brain of the Kubernetes cluster where all the decision-making processes occur. It consists of several components:

• API Server: It's the entry point for commands sent via the kubectl CLI tool or other RESTful API calls. It processes the requests and updates the desired state of the cluster.
• Controller Manager: It's responsible for regulating the state of the cluster to match the desired state expressed by the user. It has various controllers like the Node Controller, Replication Controller, Endpoints Controller, etc.
• Scheduler: It's responsible for scheduling pods onto worker nodes based on resource availability and other constraints.
• etcd: It's a consistent and highly-available key-value store used by Kubernetes to store all cluster data like a huge docker volume.

Kubernetes Worker Nodes

Worker nodes are the (virtual) machines where your workloads (containers) run. Each worker node has the following components:

• Kubelet: It's an agent running on each node, ensuring the containers are running as expected in a Pod.
• Kube Proxy: It maintains the network rules on nodes, allowing network communication to your Pods from network sessions inside or outside of your cluster.
• Container Runtime: It's the software responsible for running containers. Docker, containerd, and rkt are examples of container runtimes.
• CAdvisor: It ensure the real time monitoring like we have seen in the previous section about monitoring docker container, it is exactlly the same process.
• Pods : The smallest deployable units of computing that can be created and managed in Kubernetes. A Pod encapsulates one or more containers, storage resources, a unique network IP, and options that govern how the containers should run.

Kubernetes Networking

Kubernetes manages networking to ensure communication among various components within and outside the cluster, abiding by a set of fundamental principles. Let's talk about how networking is managed in Kubernetes to allow communication among workers and other entities 🤓

Basic Concepts

• Nodes and Pods: In Kubernetes, nodes host pods which in turn encapsulate containers. Each node and pod is assigned a unique IP address from separate IP pools, ensuring smooth inter-node and intra-node communication.
• Networking Conditions: Kubernetes necessitates certain networking conditions to be met, like ensuring all pods can communicate across nodes without relying on Network Address Translation (NAT).
• Pod-to-Pod Networking: Every Pod in a Kubernetes cluster is assigned a unique IP address. Pods can communicate with each other across nodes through an overlay network or underlay network depending on the network plugin being used (e.g., Flannel, Calico, Weave Net).
• Node-to-Node Networking:Nodes communicate with each other to share information, distribute work, and maintain the cluster's health and stability. The control plane components on the master node(s) communicate with the kubelet and kube-proxy components on worker nodes and vice versa. -Service Networking: Services are abstractions that define a logical set of Pods and policies to access them. They enable communication between Pods and external clients or other Pods. Kubernetes allocates a unique IP address (ClusterIP) to each service, and traffic sent to this IP is load-balanced across the pods selected by the service 🤓

Networking Implementation

• Network Plugins: While Kubernetes doesn't configure networking out of the box, various third-party plugins and cloud provider solutions can establish the required networking conditions.
• Flat Network: Once configured, a flat network is formed where all nodes and pods can seamlessly interact.
• Network Policies: Network policies are crucial for controlling the flow of traffic between pods/containers in different namespaces and even outside the cluster. They are defined using a network policy manifest and are crucial for maintaining network security and isolation.
• Pod Lifecycle: IP addresses are allocated to pods upon creation. However, pod failures or relocations result in new IP assignments, necessitating a mechanism for stable addressing.
• Container Network Interface (CNI): Kubernetes relies on CNI plugins to set up networking. The CNI plugins ensure that the networking rules and configurations are correctly set up to allow necessary communication while blocking unwanted traffic.
• DNS Services: Kubernetes includes a DNS service (e.g., CoreDNS) for service discovery. Pods can use the service name to discover and communicate with other services within the same namespace or across namespaces.
• Load Balancing: Load balancing is a key feature in Kubernetes networking. It distributes network traffic across a group of servers or pods to ensure no single server becomes a bottleneck.
• Network Namespace Isolation: Kubernetes leverages network namespaces for isolation which ensures that each Pod has a unique view of the network stack, IP addresses, and routing tables.

This structured networking model ensures a seamless communication flow within the Kubernetes cluster among nodes, pods, and external interfaces, making the orchestration of containerized applications efficient and scalable. It's not a simple task to do by ourself that's why Kubernetes rely on networking tools like Calico, Weavenet (the same Weave we have seen in the monitoring section of our course) Flannel, etc...

Services in Kubernetes

• Service Object: Services provide a stable network interface to a group of pods with similar functions. They maintain a consistent IP address and DNS name, despite the dynamic nature of the underlying pods.
• Service Types:
  • ClusterIP: Default type, exposing the service within the cluster.
  • NodePort: Exposes the service on a static port on each node, making the service accessible outside the cluster.
  • LoadBalancer: Utilized in cloud environments to expose services externally via a cloud provider's load balancer.

Storage in Kubernetes

The main concept of storage in Kubernetes is volumes. Volumes are created to preserve data across container restarts, with two main types: ephemeral and persistent.

• Ephemeral Volumes:
  • Lifecycle: Tied to the pod lifecycle, ephemeral volumes are ideal for temporary data like caches.
• Persistent Volumes:
  • Lifecycle: Independent of pod lifecycle, persistent volumes retain data even after a pod is terminated, making them suitable for databases and message queues.

Azure Set Up

Now that we have established the foundation of Kubernetes in an unmanaged environment, we now will be focusing into exploring Kubernetes within a managed fellow, particularly on Azure Cloud. Let's see how to create a Azure Kubernetes Service (AKS), deploying an application, and finally, elucidating how the application is accessible within Azure.

Although Kubernetes was a brainchild of Google, it's now under the aegis of the Cloud Native Computing Foundation, with Microsoft as a significant partner and contributor. A testament to Microsoft's commitment is the involvement of Kubernetes' co-founder, Brendan Burns, now a part of the Microsoft family.

AKS diverges from a self-hosted Kubernetes setup by offering a free, fully managed container-as-a-service platform. This alleviates the overhead of managing the control plane, as AKS autonomously orchestrates it using dedicated resources within your Azure subscription. This autonomy not only simplifies operations but also imbues the setup with Azure's hallmark benefits such as high availability. From an operational standpoint, while the control plane components remain opaque, their services are readily accessible via the AKS resource, interacted with through kubectl.

The control plane comes at no cost; you only incur charges for the worker nodes which operate on VM skillsets, automatically provisioned and configured by Azure. These nodes, running on customized OS (Ubuntu for Linux nodes and Windows Server 2019 for Windows nodes), form the backbone of your cluster within your network.

Besides managing the control plane, AKS further sweetens the deal with a plethora of added benefits. A notable feature is its seamless integration with Azure Active Directory, facilitating identity management through role-based access control. Operational management is a breeze with AKS, whether it's upgrading resources or scaling them on demand. Azure's auto-scaling mechanism is twofold—deploying new pods based on workload demand and augmenting new nodes when necessary.

Create a simple cluster

For the next part, we will be following the LinuxAcademy tutorial on ASK basics here. First you have to create an AKS instance, just go into your azure web portale an follow the instruction without changing the network parameters !

Then you can connect to your cluster by clicking on the connect icon and then following the documentation pop-up on the right side of your screen like you see below :

If you will be using the Azure Cloud Shell you will need to configure the storage.

1. Open up the Azure Cloud Shell.
2. In the welcome screen, select either Bash or PowerShell.
3. Select "Show advanced settings".
4. Set the Cloud Shell region to the same location as the existing resource group
5. Under "Storage account" make sure "Create new" is selected.
6. Manually provide a unique name for the Storage account.
7. Under "File share" make sure "Create new" is selected.
8. Manually provide a unique name for the File share.
9. Select "Create storage".

Deploy a simple architecture

For this part I recommend the official Azure tutorial here