Azure Container Service

April 2017

Follow along at:

http://itsnull.com/

http://itsnull.com/presentations/acs/

Created by Kip Streithorst / @itsnull

Let's parse - Azure Container Service

• Container
• Container Service (Orchestrator)
• Azure
• Kubernetes (a Container Orchestrator)

Container

• Everything required to run custom software is package into isolated container
• Unlike VM, does NOT include OS, only libraries required by custom software
• Efficient, light-weight, self-contained, versionable

Docker Containers

• Docker (https://www.docker.com/what-docker)
• Free software to create custom containers and share containers.
• Easy to install on Windows 10 Anniversary Update or later
• Containers started as Linux only
• Microsoft and Docker released support for Windows containers (early 2017)

Demo application

• We will use Linux Docker containers
• Demo Time - ASP.Net Core App that runs on Windows, Linux and inside a container

Create and publish container

• Go to directory with app source code, then
• docker build -t kstreith/acs-gab-demo:1.0 .
• docker push kstreith/acs-gab-demo:1.0
• Docker Hub - https://hub.docker.com/r/kstreith/acs-gab-demo/

Run demo application

• Install Docker
• Create DocumentDB in your Azure account, find Endpoint Uri and Primary Key
• docker run -d -p 8084:80 -e "DocDbEndpointUri=[docDb endpoint]" -e "DocDbPrimaryKey=[docDb key]" kstreith/acs-gab-demo:1.0
• Open web browser to http://localhost:8084/.

Container Service/Container Orchestrator

• Want to deploy containers
• Redundancy across physical machines
• Self-healing properties
• Deployment checks, history and rollbacks
• Scale horizontally with load balancing
• Typically called Orchestrator

Container Orchestrator

• A few competitors in this space
• Kubernetes - https://kubernetes.io/
• DC/OS - https://dcos.io/
• Docker Swarm - https://docs.docker.com/engine/swarm/

Installing a Container Orchestrator

• Have multiple machines (physical or virtual)
• Install master software on a node
• Install agent software on a node, enlist with master
• Set-up security, storage, networking
• Adding/removing a machine is manual process

Azure Container Service

• Allocates the machines
• Installs the orchestration software, master and agents
• Handles security, storage and networking
• Has simple commands to add/remove machines

Azure Container Service (cont.)

• I will demo Kubernetes, didn't heavily research the other 2
• Supports all three orchestrators:
• Kubernetes
• DC/OS
• Docker Swarm (uses older Docker Swarm before replaced with new Docker Swarm, not recommended)

Kubernetes

• Supported on:
• Azure Container Service
• Google Container Engine
• IBM Bluemix Container Service
• Amazon Web Services EC2
• On-premise machines
• Kubernetes supports federation (alpha quality) - multiple Kubernetes clusters (one in AWS, one in Azure)

Installing Kubernetes on Azure

• Use the CLI or Azure Portal, CLI recommended
• Install Azure CLI 2.0 first
• https://docs.microsoft.com/en-us/cli/azure/install-azure-cli
• Cross-platform
• For Windows: use Bash on Windows, Docker on Windows or install Python and run natively

Installing Kubernetes on Azure

• Login

  az login

• Create Resource Group, makes it easy to delete later

  az group create -n demo-gab-kub-1 -l "eastus"

• Create default cluster - (1 master, 3 agents)

  az acs create --orchestrator-type=kubernetes
   --resource-group demo-gab-kub-1
   --name=demo-gab-kub-cname-1 --dns-prefix=demo-gab-kub-1
   --generate-ssh-keys

Installing Kubernetes on Azure (cont)

• Takes about 10 minutes
• Creates 20+ resources, 1 master VM, 3 agent VMs, storage, network, load balancers
• Costs less than $20 to run for 24 hours, e.g. < $1 per hour
• When learning: save money, delete the cluster

  az group delete -n demo-gab-kub-1

Installing Kubernetes on Azure (cont)

• Install kubectl locally

  az acs kubernetes install-cli --install-location=C:\kubectl\kubectl.exe

• Retrieve Kubernetes credentials

  az acs kubernetes get-credentials --resource-group=demo-gab-kub-1
    --name=demo-gab-kub-cname-1

• Test kubernetes

  kubectl version
  kubectl get nodes
  kubectl cluster-info
  

Kubernetes High Level

Kubernetes High Level (cont)

• Define a Pod, e.g. add labels, set a container image to be pulled from Docker Hub
• Define a Deployment, which consists of a Replica Set. A Replica Set will replicate Pods across the cluster

Kubernetes High Level (cont)

• All Docker resources are by default only reachable from inside the cluster
• Create a Service (e.g. external IP) that then exposes our Deployment, so that we can access via browser

Deployment - acs-deployment.yaml

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: acs-demo-deployment
spec:
  replicas: 3 #Replica Set (3 copies of Pod)
  template:
    metadata:
      name: acs-demo-pod
      labels:
        app: acs-demo
    spec: #Defines POD
      containers:
      - name: acs-demo-container
        image: kstreith/acs-gab-demo:1.0
        env: #Environment Variables for Container
        - name: DocDbEndpointUri
          value: "https://acs-trinug-gab.documents.azure.com:443/"
        - name: DocDbPrimaryKey
          value: "PutKeyHere"
        - name: DemoNodeName
          valueFrom:
            fieldRef:
              fieldPath: spec.nodeName
        - name: DemoPodName
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        ports:
        - containerPort: 80

Deploy App

• Create deployment

  kubectl create -f acs-deployment.yaml
  --record

• Check deployment

  kubectl get deployment                      
  kubectl get pods --output=wide
                  

Create Service

• Create Service, takes Azure a few minutes to allocate external IP

  kubectl expose deployments acs-demo-deployment --port=80
   --type=LoadBalancer

• Get external IP

  kubectl get svc

• Open Browser http://[external ip]/

Scale within Kubernetes

• Scale pods across nodes (change replica count)

  kubectl scale deployment acs-demo-deployment
   --replicas 10

• Check for new pods

kubectl get pods --output=wide

Scale Kubernetes Cluster

• Set new agent VM count for cluster, takes a few minutes to allocate VMs, install SWs and boot VMs

  az acs scale -g demo-gab-kub-1 -n demo-gab-kub-cname-1 --new-agent-count 4

• Check for new nodes

kubectl get nodes

Rolling Update from v1 to v2

• Depending on Deployment config, pulls some pods out of service, create new pods with new version, keeps rolling until new replica set is up to count with all new pods

  kubectl set image deployment/acs-demo-deployment
  acs-demo-container=kstreith/acs-gab-demo2

• Check rollout status

kubectl rollout status deployment/acs-demo-deployment
kubectl get rs
kubectl get pods           

• I made a typo on image name, rollout is now stuck

Fixing stuck rollout

• Querying pods shows problem pulling image

  kubectl get pods

• Check deployment history

kubectl rollout history deployment/acs-demo-deployment

• Rollback deployment change

kubectl rollout undo deployment/acs-demo-deployment

Try again

• Update using proper image tag now

  kubectl set image deployment/acs-demo-deployment
  acs-demo-container=kstreith/acs-gab-demo:2.0

• Check in the browser that version 2 is running

Self-healing

• Let's go in the Azure Portal and hard shutdown a VM
• Let's keep going with the presentation and then come back and check health of the cluster

Blue/Green Deployment

• Run 2 deployments side by side (e.g. blue and green)
• A Service (e.g. Production) uses a selector to route to pods on one of the sides (blue/green)
• Start with Production pointed at blue
• Update Green deployment with rolling update, no change to production. Verify deployment.
• Switch Service (e.g. Production) to now select pods on the green side, router only change.

CAAS

• Infrastructure As A Service (IAAS) - manage VMs
• Container As A Service (CAAS) - manage containers
• Platform As A Service (PAAS) - manage code

Recap

• Azure Container Service can create redundant masters as well
• Microsoft actively coordinating with Kubernetes on adding Windows container support
• Private container repository possible with Private Docker Hub, Azure Container Registry

Recap (cont)

• Multiple Kubernetes clusters and federation is possible (alpha quality)
• Auto scaling based on cpu/memory pressure is available, didn't demo
• I demo'd stateless applications, Kubernetes has support for stateful applications

Recap (cont)

• Put almost any web software into a container
• Auto-create cluster on Azure
• Now have self-healing, load balancing, rolling updates, horizontal scaling, deployment history
• Rapid updates in this space, keep eye on Kubernetes, DC/OS, Docker Swarm

Thanks, Any Questions?

• Kip Streithorst
• Twitter: @itsnull
• Blog: http://itsnull.com/
• Presentation: http://itsnull.com/presentations/acs/