AZURE HEROES
  • Home-Updates
  • Blog
    • Azure Blog
    • Azure Heroes Events >
      • Azure Heroes Sessions #1
      • Azure Heroes Sessions #2
      • Azure Heroes Sessions #3
      • Azure Heroes Sessions #4
      • Azure Heroes Sessions #5
      • Azure Heroes Sessions #6
      • Azure Heroes Sessions #7
  • Who We Are!
  • eBooks
  • Azure All In One!
    • Azure Disk & Storage
    • Azure Network
    • Azure VPN
    • Azure VMs
  • Free Azure Support!
  • Contact Us
  • Events
    • Beginners Event
    • Developers Event
    • Special Event
    • Azure Workshop #4
    • Azure Workshop #5
    • Azure Workshop #6
    • Azure Workshop #7
    • Azure Workshop #8
    • Upcoming Events
  • Registration Form
  • Privacy Policy
  • Home-Updates
  • Blog
    • Azure Blog
    • Azure Heroes Events >
      • Azure Heroes Sessions #1
      • Azure Heroes Sessions #2
      • Azure Heroes Sessions #3
      • Azure Heroes Sessions #4
      • Azure Heroes Sessions #5
      • Azure Heroes Sessions #6
      • Azure Heroes Sessions #7
  • Who We Are!
  • eBooks
  • Azure All In One!
    • Azure Disk & Storage
    • Azure Network
    • Azure VPN
    • Azure VMs
  • Free Azure Support!
  • Contact Us
  • Events
    • Beginners Event
    • Developers Event
    • Special Event
    • Azure Workshop #4
    • Azure Workshop #5
    • Azure Workshop #6
    • Azure Workshop #7
    • Azure Workshop #8
    • Upcoming Events
  • Registration Form
  • Privacy Policy

AKS From Zero To Hero - Part 3

3/25/2022

1 Comment

 
Welcome to the Third post in a series of "AKS From Zero To Hero".
In the first post, we talked about AKS in general. In this post, we will continue the discussion around AKS.

In this post, I will try to exaplind what is and Why AKS.
Picture
What is AKS?
Azure Kubernetes Service (AKS) simplifies deploying a managed Kubernetes cluster in Azure by offloading the operational overhead to Azure. As a hosted Kubernetes service, Azure handles critical tasks, like health monitoring and maintenance. Since Kubernetes masters are managed by Azure, you only manage and maintain the agent nodes. Thus, AKS is free; you only pay for the agent nodes within your clusters, not for the masters.
Picture
What is the benefits of using AKS?
  • Scalability: add additional compute nodes if/when needed
  • No need to worry about master node since they are managed by azure
  • Reduce the initial setup and operation complexity of K8S for production workload
  • Removes Complexities and Reduces Expenditure: AKS helps in removing the complexities with regard to implementing, installing, maintaining and securing Kubernetes in Azure
  • Run any Workload in the Cloud
  • Faster End-to-end Development and Integration
  • Security and Compliance: AKS protects your business by enabling administrators to tailor access to Azure Active Directory (AD) and identity and group identities. When people are provided only the access that they need, the threat is greatly reduced. AKS is also, totally compliant
Managed Kubernetes empowers you to achieve more
Picture
Picture
AKS Nodes: Node pools are used to group nodes in your AKS cluster. You specify the VM size and OS type for each node in the node pool based on your app requirements
  • System node pools serve the primary purpose of hosting critical system pods.
  • User node pools serve the primary purpose of hosting your application pods.
By default, an AKS cluster will have a Linux node pool in system mode but you always add more.
New nodes created in the node pool will always be the same size as you specified when you created the node pool. You can change the node count later in the cluster's configuration panel.
AKS Networking - The Basic
A Kubernetes cluster blocks all external communications by default and has two network availability abstractions: services and ingresses.
A service acts as a load balancer and redirects traffic to the specific ports by using port-forwarding rules.

ClusterIP
: Exposes the app internally only
Picture
LoadBalancer: Exposes the app externally by using Azure’s load balancing solution
Picture
NodePort: Exposes the app externally
Picture
ExternalName: Maps the app by using a DNS resolution through a CNAME record.
Ingress: An ingress exposes routes (It is a collection of rules) for HTTP and HTTPS traffic from outside a cluster to services inside the cluster. You define ingress routes by using ingress rules
AKS allows you to overcome the complexity of setting up an ingress by enabling what's called HTTP application routing (not recommended for production workload)
Picture
We have two main type of ingress in Azure:
  • Nginx ingress controller: ingress-nginx is an Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
  • Application Gateway Ingress Controller (AGIC): which makes it possible for Azure Kubernetes Service (AKS) customers to leverage Azure's native Application Gateway L7 load-balancer to expose cloud software to the Internet. AGIC monitors the Kubernetes cluster it is hosted on and continuously updates an App
AGIC helps eliminate the need to have another load balancer/public IP in front of the AKS cluster and avoids multiple hops in your datapath before requests reach the AKS cluster. Application Gateway talks to pods using their private IP directly and does not require NodePort or KubeProxy services. This also brings better performance to your deployments.
Ingress Controller is supported exclusively by Standard_v2 and WAF_v2 SKUs, which also brings you autoscaling benefits. Application Gateway can react in response to an increase or decrease in traffic load and scale accordingly, without consuming any resources from your AKS cluster.
Using Application Gateway in addition to AGIC also helps protect your AKS cluster by providing TLS policy and Web Application Firewall (WAF) functionality.


Picture
As we explained before Kubernetes API is the entry point to the cluster, so how to protect it on azure, you can easily do that on azure by using one of the following options:
  • Reverse Proxy Server: Nginx, HAProxy, and Traefik are popular reverse proxy servers that support features such as load balancing, SSL termination, and layer 7 routing. They can run on dedicated virtual machines or as ingress controllers on a Kubernetes cluster.
  • Service Mesh Ingress Controller: If you are using a service mesh such as Open Service Mesh, Linkerd, and Istio, consider the features that are provided by the ingress controller for that service mesh. For example, the Istio ingress controller supports layer 7 routing, HTTP redirects, retries, and other features.
  • Azure Application Gateway: Azure Application Gateway is a regional, fully-managed load balancing service that can perform layer-7 routing and SSL termination. It also provides a Web Access Firewall and an ingress controller for Kubernetes. For more information
  • Azure Front Door: Azure Front Door is a global layer 7 load balancer that uses the Microsoft global edge network to create fast, secure, and widely scalable web applications. It supports features such as SSL termination, response caching, WAF at the edge, URL-based routing, rewrite and redirections, it support multiple routing methods such as priority routing and latency-based routing.
  • Azure API Management: API Management is a turnkey solution for publishing APIs to both external and internal customers. It provides features that are useful for managing a public-facing API, including rate limiting, IP restrictions, and authentication and authorization using Azure Active Directory or other identity providers
so, when to use AKS, as per Microsoft the below are Top scenarios for Kubernetes on Azure


Picture
What's next?
This was part two of the article. In the next part, we will continue this discussion with AKS.
Continue Reading: AKS From Zero To Hero - Part 4
1 Comment
Cupid
3/30/2022 01:49:15 am

Very well explained, waiting part 4

thank you.

Reply



Leave a Reply.

    Author

    Mohammad Al Rousan is a Microsoft MVP (Azure), Microsoft Certified Solution Expert (MCSE) in Cloud Platform & Azure DevOps & Infrastructure, An active community blogger and speaker. Al Rousan has over 8 years of professional experience in IT Infrastructure and very passionate about Microsoft technologies and products.

    Picture
    Picture
    Top 10 Microsoft Azure Blogs

    Archives

    November 2022
    October 2022
    July 2022
    June 2022
    May 2022
    April 2022
    March 2022
    February 2022
    January 2022
    December 2021
    November 2021
    May 2021
    February 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    June 2020
    April 2020
    January 2020
    July 2019
    June 2019
    May 2019
    February 2019
    January 2019

    Categories

    All
    AKS
    Azure
    Beginner
    CDN
    DevOps
    End Of Support
    Fundamentals
    Guide
    Hybrid
    License
    Migration
    Network
    Security
    SQL
    Storage
    Virtual Machines
    WAF

    RSS Feed

    Follow
    Free counters!
Powered by Create your own unique website with customizable templates.