未加星标

Getting Started with Azure Kubernetes Service (AKS)

字体大小 | |
[系统(windows) 所属分类 系统(windows) | 发布者 店小二05 | 时间 2019 | 作者 红领巾 ] 0人收藏点击收藏

Azure Kubernetes Service (AKS) is a fully managed Kubernetes (K8s) offering from Microsoft on the Azure platform. AKS reduces the management overhead of running your own K8s instance while still being able to take full advantage of Container Orchestration. Microsoft takes care of the K8s health monitoring and maintenance. With AKS you only manage the agent nodes while Microsoft manages the master nodes. Also with AKS you get integration to many of the Azure services such as load balancers, RBAC, Azure storage etc.

In this blog post I am going to walk through the setup of an AKS cluster step by step. This is to serve as a intro to AKS to show how easy it is to get started with Kubernetes in Azure. In a follow up blog post I will dive into AKS more showing how to deploy an instance mysql and WordPress containers on AKS. Before we get into the setup of AKS there are a few things to note:

With the AKS managed service you only pay for the agent nodes within your AKS cluster. There is no cost for the master nodes and the managed service itself is free. At the time of this blog post AKS only supports linux containers. There is a work around for this until windows nodes and containers come to AKS. AKS is only available in the following Azure regions:
-Australia East
-Canada Central
-Canada East
-Central US
-East US
-East US2
-Japan East
-North Europe
-Southeast Asia
-UK South
-West Europe
-West US
-West US 2 The Kubernetes API server is exposed as a public fully qualified domain name (FQDN). Access should be restricted on this. It can be restricted using K8s RBAC and AAD. Deploy AKS

Housekeeping is done, now let’s get into the deployment of AKS. The first thing you need to do within the Azure portal is go to Create a resource and search on Kubernetes. Select the Kubernetes Service.


Getting Started with Azure Kubernetes Service (AKS)

Click on create.


Getting Started with Azure Kubernetes Service (AKS)

You will now see the setup. The setup consists of the following sections shown in the following screenshot:


Getting Started with Azure Kubernetes Service (AKS)

Let’s walk through each section.

Basics

Here you need to give your AKS instance a name, select the region, K8s version, DNS prefix, and number of nodes and count.


Getting Started with Azure Kubernetes Service (AKS)
Getting Started with Azure Kubernetes Service (AKS)
Authentication

Kubernetes has its own RBAC within its authentication and authorization system. Azure Active Directory (AAD) can be integrated with this for authentication. Once the AAD and K8s integration is setup AAD users can be used for Kubernetes role-based access control (RBAC) to cluster resources. Select yes to enable RBAC and integration with AAD.


Getting Started with Azure Kubernetes Service (AKS)

It is recommended to setup your own service principle in AAD. For this blog post I let the deployment create one. The service principle is used by K8s for managing Azure cloud resources attached to the cluster. The service principle interacts with Azure APIs. For example when you setup a load balancer service in K8s AKS creates and Azure load balancer. The service principle is what is used for authentication to create the load balancer.


Getting Started with Azure Kubernetes Service (AKS)
Networking

In this section you chose what you want for networking with AKS. If you select basic AKS will create all needed VNets, Subnets, NSG’s etc. AKS clusters cannot use the following ranges 169.254.0.0/16, 172.30.0.0/16, and 172.31.0.0/16. If you select advanced you can chose an existing VNet or create a new one specifying the subnet, IP range and DNS settings etc. You would select Advanced if you need more control over the virtual networking.


Getting Started with Azure Kubernetes Service (AKS)

HTTP application routing is used to make application endpoints publicly accessible in the AKS cluster. Enabling this essentially configures an Ingress controller in the AKS cluster. When getting started with AKS I recommend leaving this disabled and doing more research on K8s Ingress Controllers here https://kubernetes.io/docs/concepts/services-networking/ingress as there are other options making applications publicly accessible. In the meantime while getting started with AKS you can use the load balancer service type for external access to your applications running on AKS.

Monitoring

With AKS you have the option to utilize Container monitoring from Azure Monitor. This will give you performance and health monitoring. The monitoring data comes directly from an AKS cluster or from all the AKS clusters via Azure Monitor more specifically Log Analytics. In the future I plan to post a deeper blog about monitoring AKS.

If you chose to enable this you will need to setup a new Log Analytics workspace or use an existing one.


Getting Started with Azure Kubernetes Service (AKS)
Tags

You can set tags for the AKS cluster.


Getting Started with Azure Kubernetes Service (AKS)
Create

After all the sections are completed the new AKS will need to validate. After it is validated click on Create.


Getting Started with Azure Kubernetes Service (AKS)
Exploring AKS

After the AKS cluster is created you will see it in Azure under Kubernetes services.


Getting Started with Azure Kubernetes Service (AKS)

Also you may notice two new resource groups in your Azure subscription. The first resource group will be the one you created during the AKS creation. This is the resource group that will contain the Azure K8s cluster service. If you selected an advanced network configuration during deployment to create a new VNet you will see that as well.


Getting Started with Azure Kubernetes Service (AKS)

You will also see a second resource group with a name format similar to MC_ResourceGroupNAME_AKSClusterNAME_REGION. As shown in the following screenshot I have a resource group named MC_AKS12118RG_AKS12118_centralus. This resource group contains the individual AKS cluster resources such as the nodes.

This resource group also contains supporting Azure services like DNS, public IP’s, storage, load balancers, network security groups and more. Note do not make changes to the resources in this resource group directly. You should only make changes through the AKS service and K8s itself. For example when you deploy a new load balancer service in K8s the corresponding Azure load balancer will automatically be created.


Getting Started with Azure Kubernetes Service (AKS)
Access Kubernetes Dashboard

Next you can access the K8s cluster via a shell or access the dashboard. Before you can access the dashboard the service principle account that was created during the AKS deployment will need a ClusterRoleBinding that assigns the K8s role dashboard-admin it. Run the following syntax from the Azure cloud shell to do this:

kubectl create clusterrolebinding kubernetes-dashboard -n kube-system --clusterrole=cluster-admin --serviceaccount=kube-system:kubernetes-dashboard If the service principle account does

本文系统(windows)相关术语:三级网络技术 计算机三级网络技术 网络技术基础 计算机网络技术

分页:12
转载请注明
本文标题:Getting Started with Azure Kubernetes Service (AKS)
本站链接:https://www.codesec.net/view/628330.html


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 系统(windows) | 评论(0) | 阅读(21)