Introduction to Azure Kubernetes Service for beginners

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] what is up youtube and welcome to another video in this video i'm going to talk about the basics of running kubernetes in the cloud today's cloud is going to be microsoft azure if microsoft azure is not your cloud feel free to follow along and learn about microsoft azure in this series we'll be covering multiple cloud providers so stay tuned for other cloud providers as well that means no cloud automations no terraforms no complexities we're gonna go back to basics and once you get the basics right you can use any automation or provisioning tool you like because you will understand the fundamentals of running kubernetes in the cloud so fundamentals is key so let's get started [Music] so you'll want to go over to google type azure free account and then look for the microsoft link that says create your azure free account today now with this account what we can do we can just sign up with like a throwaway account email address where we will get 12 months and 200 free credit that should be sufficient to do everything you need to do for this video and then you can delete everything once you're done so i click on start free now to prevent fraud almost every cloud provider is going to ask you to prove your identity and they're going to ask you for credit card information the reason they do this is to prevent fraud and they should not charge your card at all and make sure you follow this guide but what we're going to do is we're going to make sure we delete everything once we're done so we will be using minimal credits to provision everything and we'll destroy the resources once we're done so there should be absolutely no charges once you have your account we're ready to roll and we can click on go to the portal and we can go and explore all the resources and things we can actually do so in this video what we're going to do is we're going to create a free microsoft azure account every account in microsoft is managed by an azure active directory active directory is used by organizations to manage user accounts it is also used to manage service accounts in microsoft azure this is called a service principle there are also managed identities that microsoft can manage if you don't want to create a service principle we're going to stick to the basics what we're going to do when we create a free account we also get access to a free subscription a subscription is a way to group resources together under the same billing account so it's basically used for billing inside the subscription we're going to create a resource group resource groups are used in azure to as a logical grouping mechanism to group resources together so everything you deploy you can deploy it as part of a resource group so what we're going to do in this video is we're going to deploy a azure kubernetes cluster inside of this resource group and what we're going to do is we're going to create a service account to manage this resource group this allows kubernetes to create load balancers and disks and do things in the cloud most cloud providers require a service account to to allow kubernetes to manage cloud resources on your behalf so if you're new to this channel everything i do on this channel is in github so you want to go over to my docker development youtube series to look for the kubernetes folder and for this cloud series we'll be making a azure folder and inside there i have a getting started template this is everything we're going to be doing in this video it's all on github check the link down below so you can follow along right so we're taking a look at getting started with aks and the azure cli now every cloud provider that you work with usually interfaces with a cli so you need some kind of command line interface or sdk to talk to the cloud provider so the easiest way to do this is to use docker so if you go over to docker hub you can search for the azure cli and you can find a lot of information about what it is how to use it and a full tag listing of versions that you can use so in this video i've put the command out here we're going to be using 2.6.0 so how we use it is we say docker run we remove the container when we're done we mount in a volume that's going to have our source code so we can interact with the source code inside of the container and we set a working directory we also tell the container we want to use bash and then we specify the name of the container image and the version and that will give us access to a terminal where we are now in docker and we can use the cli so the first thing we can do is type az that will bring up the azure cli and all the commands that we can run so if we take a look at the commands we can see everything in azure we can interface with so we can interface with accounts private container registries we have like app services we have deployments disks virtual machines pretty much everything in the cloud so what you can also do is say az aks dash dash help the nice thing about clies is that they they are generally self-documented meaning that every command has a document and a tooltip saying what it that command is used for so in this case we can see az aks we can have sub commands such as node pools we can have commands such as how to create a cluster how to delete a cluster how to get the credentials how to get the different versions of kubernetes and available and a bunch of other things so feel free to use the help command if you're if you're stuck and you need more information so since we are in the container we can now switch over to the kubernetes azure folder so i'm going to say cd kubernetes azure and if we do alice we can see we can see the c getting started guide so we're in the container and ready to go so the first thing we'll want to do is say az login this will allow us to log into azure using our free account so you're going to want to head over to this url so take this url and paste it in your browser window and just follow the prompts it'll ask you for the code so you're going to need to take the code and paste the code into the browser window and follow the remaining prompts to log into your account once you've logged in you'll see a window similar to this saying that you've now logged in so you can close the browser and now you can see we've logged into our account and it's a free trial account so then the next thing we'll want to do is have a look at what accounts we have available or subscriptions for that you say az account list dash o table to get a tabular output and we can see we have a subscription this is our subscription id and it's a free trial azure account now if you have access to multiple subscriptions you might want to run the set command to make sure you set the default subscription to the one we're going to be working with to do that you say az account set and you pass in the subscription id so all the subsequent commands that we run will run against the subscription now to make things simple i'm going to create a couple of environment variables that we can reuse so the first thing i'm going to create is an environment and variable called resource group so this will allow us now we're going to create a resource group that's going to hold all our resources first thing we'll want to do is say az group create so we're going to create a resource group called ak is getting started and we're going to create it in a specific location so azure has multiple data centers so you want to look up the location name that's closest to you or your customer for where you want to deploy this kubernetes cluster i'm going to deploy mine in australia east now as i mentioned earlier all accounts in microsoft is managed by an active directory tenant so you'll have a default active directory tenant that manages your entire subscription so in order to deploy kubernetes there needs to be some service account that can manage cloud resources so what we're going to do is we're going to create that service account called a service principle and then we're going to provide a permission scope as contributor rights across a resource group that we want kubernetes to manage so in order to do that we're going to run a command called az adsp create for our back that's the command so it's basically azure active directory service principle create and we're going to skip role assignments because we're just going to do one basic command we pass a name for the service principle and we want the output as json so what i'm going to do is i'm going to pipe this command into an environment variable so when we run this the output is going to be json and it's going to be run inside of this environment variable so the output will be inside of this guy here so to show you i can just say echo just print that out so we can see we have a bunch of stuff we have this the service principle has a password it has a a name a url and a bunch of things so you want to keep this password secure because this password is is just like a user account pretty much but it's basically a service account that has contributed rights over this resource group that we're going to do now you'll also want to keep this username and password for later use and you want to record it somewhere and keep it safe so we can furthermore now use that json output to grab the id of the service principle and the key those are the two important information um so you can see i'm going to create another environment here variable called service principle and this is going to hold the app id so i just use a utility called jq and i read the json that's inside this service principle json environment variable i showed earlier so we run that and then i'm also going to do the same thing for the secret so i'm going to read the password as well but now we have the service principle name and we have the service principle secret now that we have a service principle id and a key we want to use the service principle and to manage our kubernetes cluster so what we're going to do next is assign a role for that service principle to give it contributor rights to that resource group so it basically can manage the resource group itself this will allow kubernetes to do things like issue load balances create disks create vaults and whatever kubernetes wants to do inside of the boundaries of that resource group so what we're going to do now is say az role assignment create and the assignee is going to be our service principle and the scope is going to be the on on the subscription inside the subscription to the resource group and that specific resource group that we've just created so the service principle will not have access to anything outside of that resource group so it's very important to restrict the boundaries so you know exactly what the service principle is used for it's key so you know when it's expired and you know when you rotate that key that you know it's only kubernetes that can be affected by this so and we're going to give it contributor rights because it has to be able to create update and delete stuff inside of kubernetes now i forgot to create a subscription environment variable so what i'm just going to do is i'm going to say az account list again as a table and i just want to create another environment variable that holds my subscription id it just makes things so much easier to use environment variables so we're going to say az role assignment create service principle apply the scope and we want to contribute a role and this is going to go off and do all that magic so if i say a z aks create and i pass the help flag you can see that i'm presented with all the options so the required options and this is the cool thing if you just want to get started you just have to specify like a name and a resource group there are only two required flags here to get going this is something that a lot of other cloud providers don't do makes it simple just to get started if you don't care about all the nitty gritty but if you want to get into the detail um we'll go through some of them at a very high level so you've got the like azure active directory values you can specify this is if you have an azure ad already in your account and you want to bring your own authentication so your users and your company can use their active directory account to log into kubernetes and use cubectl so that's a very handy feature we also have the admin username this is for ssh and things like that you have the service principle secret that you apply you can also attach a container registry from azure as well and then what we can do some other features here like enable add-ons so kubernetes also and azure allows you to bring some monitoring tools or log analytics or whatever like extra add-ons microsoft can provide they have that they also have a cluster auto scaler um you can enable managed identity so manage identity is kind of like a service principle but it is managed by azure so azure manages the service principal account that that manages your kubernetes cluster then we can also get ssh keys generated automatically or we can bring our own we can specify the kubernetes version then microsoft also has a ton of details around the load balancing and how you want the microsoft or kubernetes to manage the load balancer for you microsoft has a bunch of different flavors of load balancers available so if you really need a specific load balancing you need to control some of the settings this allows you to do so then we also have location so we can deploy our kubernetes cluster to different locations data centers basically you can specify custom network plugins so we're just going to use cubenet in this example but network plugins are basically ways of bridging the machines or the nodes so they can run on like different networks so the default is cubenet but if you want your pods to run on the azure network you can use azure as a network plugin then we also have what else do we have here we have a lot of settings about nodes so this controls sort of what how many nodes you want what sizes they need to be what their disk sizes is what operating system they should be whether it's windows or linux and you can you can also define node pool so you can have groups of different nodes so you can have like gpu machines or you can have machines that are memory optimized or you can have like large disk for storage machines so it's entirely up to you you have that flexibility the other thing you can also do is you can also drop your kubernetes cluster into a private v-net so this is really handy if you already have quite a large infrastructure in azure setup already you can just drop your kubernetes cluster in the same v-net so it can talk to things on that network and then you also have like windows admin usernames and passwords so you can have a windows node as well as linux node running in this kubernetes cluster and then the other thing i like about the cli is it also has a ton of examples with different use cases you can try out so for example if you're interested in spinning up windows and linux node pools you can try this use case if you need user-defined routing for outbound traffic you can do that if you want to try out managed identity you can do that and there's like standard load balance as well as just the normal load balancer and then it goes up to the very basic thing about i just want a cluster i don't care about all the things underneath now before we spin up our cluster we're going to want to generate an ssh key so i'm using ssh key gen you i'm passing a very super strong secret and i'm just going to generate an ssh key you can also just bring your own and then because it's generated in ssh folder i'm just going to copy it to the root here so if we say ls we can see our ssh key private key and public key has been generated you can also tell the cli to generate one for you i just want to show you this way in case you want to bring your own the other thing that's important to know is that you you want to know exactly what size machines you want to deploy in your cluster so microsoft has different sizes for linux virtual machines and azure so they have like general purpose which is balanced cpu to memory ratio then you have compute optimize which is more like high cpu to memory and then you have memory optimize which is more about memory focused machines you have storage focus machines you have gpu focus and high performance so when you click into one of these you can then go in and say okay let's take a look at memory optimized we can take a look at like e series for example which is really high memory and what you want to do is you want to grab the sku number for that machine that you want to deploy that's very important before you even start creating a cluster now in my github repo in my getting started file i have recorded all the commands so you can follow along and i've created a very sensible aks create command here that is has all the basic things you're going to need to create a cluster so i say a z aka is create i pass in the name of my cluster i give it a resource group so this will put that cluster in that resource group that the service principal can manage then we say we want the cluster to go into australia east we want a specific version of kubernetes we want to use a standard load balancer if you leave it out it will just give you a basic load balancer i want to specify the node pool name this allows you to add multiple node pools later on and you can give each one of them a name and then what we do is we say node count one i just want one node and i'm gonna pick an e-series machine for this example so it's memory optimized you might be running memory caches or you might be running data storage or something so you have to pick the right sku for the job and then what i'm gonna do is i say i want an os this size of 250. this is also very important because what i found is that the sensible defaults in azure for virtual machines are not big enough if you're going to want to run a kubernetes cluster remember kubernetes depending on how you run your pods we'll need to store docker images on the disk and by default some of these disks are like 20 30 40 gigabytes which is not really good enough so you want to provision something at least over 100 gigabytes otherwise you're going to be running out of disk very quickly so i'm going to say i want 250 gigs of disk and then here i specify my ssh key i also say i want to run cubenet which is the basic network plugin and here's the service principle name and secret so the service principle that's going to be managing our kubernetes cluster is specified here so that is all you have to do you can just take this command as it is and we can go ahead and paste it in the terminal um you'll see it'll start saying this running status that means now azure has gone off and created our cluster and it generally takes about five minutes or so for the cluster to be ready to go so in the meantime if we go over to portal.azure.com there's a few things we can do we can either go and search for our kubernetes server so we can type kubernetes and we can see look at all kubernetes services in our account or we can also look at all the resource groups so if we type resource group we can see this is the managed resource group that the service principal is managing so our kubernetes infrastructure is inside of this resource group you can see here it's starting to provision the load balancer the public ip and you'll see all the virtual machines coming here on the other one this is our resource group that we've defined we can see our aks has been created if we click into that we can see it's still in creating status and you can have a feel free to play around here you have node pools you have upgrade you have scaling so you can scale the machines up and down there's azure dev spaces there's deployment scenes and there's a bunch of policies and metrics insights and diagnostic settings and things you can have a look at here but i'll leave that up to you to play with so once our kubernetes cluster is finished it's been created we can then say az aks list and we can see what kubernetes clusters exist in our resource group and entire subscription this is the one it's been created we can see provisioning status succeeded so now we have a kubernetes cluster we can go ahead and access it so there are multiple ways of logging into your kubernetes cluster on azure there's two ways that i'm going to be covering the first way is to just get a user credential and the second way is to get an admin credential and the other thing is if you have linked your company's azure active directory to the kubernetes cluster and you'll be able to define our back roles within kubernetes and whenever someone types a cube ctrl command they'll be they'll be um presented with a login screen where they need to actually sign into your active directory first so what you do is you say az aks get credential and the name of the cluster and the name of the resource group this will give you a user config now by default this user will have no permissions set up so we're going to need an admin to define our back roles in kubernetes because by default our back is always enabled so in in this demo i'm going to say admin so the first person would generally require an admin credential so they can go in and manage the rbac roles and they can set up access for other users to use the kubernetes cluster so you can see it has gone and created a aks getting started admin context in our cube ctl config file and it's put it into a cube config so if you want to go ahead and grab that because remember we're inside of the cli container here if you want to go ahead and grab that out you want to do a cp and just copy it out there and put it in the folder so you can then go ahead and store that somewhere securely so you have your config to access your cluster now because i'm in a container i'm going to need to go and grab cubectl so that's very simple i'm just going to curl get the latest version of cubectl and then i'm going to chmod give it execution permissions and move it to user bin so now i can say cube ctrl get nodes and we can see we have our aks node ready to go so we now have an admin account we can go up go ahead and set up our back permissions if we like but in this video i'm just going to show you how to do a basic deployment just so that we can show show you how to interact with the cluster if you're interested take a look at the links down below if you want to know more about how to configure cubectl how to run kubernetes on docker for windows and mac locally how to do deployments config map secrets and ingresses i have a kubernetes getting started guide in this video we're not going to be doing ci cd but i'm going to have a separate video focused purely on using ci cd tools to deploy applications to aks in my docker development youtube series github repo i have a kubernetes folder and i do deployments config maps secrets pods and pretty much all the yaml stuff here as part of my kubernetes development guide so what we're going to do now is i'm just going to change my directory into the kubernetes folder then we're going to say cubectl create namespace and we're just going to create a namespace called exampleapp but this is going to hold all of our kubernetes resources together then i'm going to say cube ctl apply and i want to apply inside the example app namespace i want to apply a file and i'm going to say deployment deployment.yaml this is going to go ahead and apply um a deployment to kubernetes with an application running a hello world application it's also going to require a few things so we're also going to require a config map so i'm going to apply a config map and it's also going to require a secret so i'm going to show you how to do that so we just say secret and to expose the application we're going to want to use a service so i'm going to say service and service.yaml but before we take a look at that um let's take a look at the service itself so you can see i have a service here type cluster ip we're going to change this to load balancer because we're running in the cloud now i want to show you guys what it looks like when kubernetes issues a load balancer service and exposes our app publicly so then i say cubect i'll apply and i apply the service.yaml so if you're interested you can have a look and play with these files so under the deployment folder is a deployment yaml we basically just say we want two replicas of an application i'm running just a python hello world application and you can play around with things like liveliness probes how much resources we want the application to to use we mount a secret as well as a config map this just shows you how to do secrets and configs in kubernetes then i also have example of a configmap folder so you can see what a config map looks like in kubernetes and also a secret so you can see what a secret would look like in kubernetes as well and this is part of my kubernetes development guide so if we given this some time now we can say cube ctl get pods and we see this these pods have been created we can also see if we say git deploy we can see our deployment is there with two out of two pods running the other thing i also want to show you is we say get service and we can see now we have an example service created as a load balancer so kubernetes went to azure created a load balancer with an external facing ip so i can go ahead and take this ip and i can go to the browser and i can pull it up see so now we have hello world running um inside of a kubernetes cluster on azure exposed through a load balancer so remember once you have done all of this stuff on your free account that you want to go ahead and clean up so i have a cleanup command here the first thing we want to do is go ahead and delete the entire resource group so this is really cool about azure and the fact that you can group things as a in a resource group it makes it really too clean easy to clean up afterwards so we just say a z group delete i say yes that's going to go ahead and delete the group as well as everything that microsoft has provisioned inside of that resource group and and the management resource group as well and then the last command we want to do is az adsb delete and we want to delete the service principal accounts as well because we don't want to have the service principal accounts lying around because they do have access to our subscription so that's it for the first part of the series kubernetes in the cloud with microsoft azure stay tuned for more cloud providers and let me know down in the comments what sort of videos you'd like me to make in the future and until next time peace you

Info

Channel: That DevOps Guy

Views: 28,528

Rating: undefined out of 5

Keywords: programming, docker, devops, devcommunity, community, development, kubernetes, dockerswarm, swarm, containers, linux, azure, cloud, aks, service, cloudcomputing

Id: eyvLwK5C2dw

Channel Id: undefined

Length: 26min 42sec (1602 seconds)

Published: Tue Jun 16 2020