Azure Kubernetes Service

Introduction

Source Code

Source Code

References

Pluralsight course: Azure Kubernetes Service (AKS) - The Big Picture

Channel 9 Video: Helm & Draft (Excellent)

aks1

Each worker note is a vm and you are charged per vm. Management Infrastructure (Master nodes) are not charged.

You should use Azure Monitor to ensure your worker nodes are sized correctly

Helm

https://github.com/dotnet-architecture/eShopOnContainers/wiki/Deploy-to-Azure-Kubernetes-Service-(AKS)#install-helm

Code

Available at : Source Code

$rg = "rg-acs"
$location = "eastus"

#acs

$repoName = "mywonderfulrepo1"
$loginServerName = $repoName + ".azurecr.io"
$imageName = "letskube"
$localImageName = $imageName + ":local" 
$taggedImageName = $loginServerName + "/" + $imageName + ":v1"
$taggedImageNameVer2 = $loginServerName + "/" + $imageName + ":v2"

#aks
$clusterName = "myAKSCluster"

#service principal
$appid = "a3a36304-90d7-4ffe-9385-263df5552d29"
$password = "28a65f40-20d9-40ba-b6d8-69b0126aea3e"


 cd C:\_hbGit\AzureSamples\AKS\letskube

############ Docker: create image ############


docker build -t $localImageName .

#check local image
docker image list | select -First 2

docker run -d  -p 5000:80 $localImageName


############login############
#az login
az login --use-device-code
az account set --subscription "Visual Studio Professional"



############resource group############
az group create -n $rg -l $location


############ Create Azure Container Registry (ACR)############

az acr create -n $repoName -g $rg -l $location --sku standard

#check
az acr list -o table


#tag image
docker tag letskube:local  $taggedImageName
docker image list




############ Push ############ 
# In Repo, under Access Keys, enable Admin User and note the username & password
#login to acr
#for some reason az acr login does not work, hence using workarount
#https://docs.microsoft.com/en-gb/azure/container-registry/container-registry-authentication#admin-account

#docker login $loginServerName -u "myWonderfulRepo" -p "akC65KxasD+XpQZUd/lXszBC+SNk/Wi9"

##Important Note: I had lots of authentication problem with the ACS repo created with cli
##I recreated the ACS repo from the portal and then authentication from cli 
#and also with Service principal credentials worked
#like thus: az acr login -n myWonderfulRepo1 -u "a3a36304-90d7-4ffe-9385-263df5552d29" -p "28a65f40-20d9-40ba-b6d8-69b0126aea3e"

az acr login --name $repoName

docker push  $taggedImageName

#view repo images
az acr repository list -n $repoName -o table

############ Create Service Principal ############ 
#commented out as using hard coded service principal. If required to be created , uncomment

#skip-assignmen will limit any additional permissions from being assigned
#default behaviour is contributor role, which is too broad
#option 1
#$automationSecurityPrincipal = az ad sp create-for-rbac --skip-assignment

#Option2: another detailed way of creating ad principal
# $automationSecurityPrincipalName = "somename"
#$automationSecurityPrincipal = az ad sp create-for-rbac --name $automationSecurityPrincipalName --role Reader --scopes $rg --years 50 | ConvertFrom-Json
#$automationSecurityPrincipalUserName = $automationSecurityPrincipal.name
#$automationSecurityPrincipalTenant = $automationSecurityPrincipal.tenant


#note the appid & password that get displayed and update variables $appid and $password

#get the acr resource id by running following:
$acrId = az acr show --name $repoName --resource-group $rg --query "id" --output tsv
$acrId

#assign reader role to aks cluster to read images stored in acr
az role assignment create --assignee $appid --role Reader --scope $acrId




#create aks cluster

az aks create `
--name $clusterName `
--resource-group $rg `
--node-count 1 `
--enable-addons monitoring `
--generate-ssh-keys `
--service-principal $appid `
--client-secret $password

##########connect to aks#################
# first clear C:\Users\hbhasin\.kube\config
#retreives kubeconfig from cluster and merges into current kubeconfig on local machine
az aks get-credentials --resource-group $rg --name $clusterName



########### Deploy without helm #######################

#Ensure that the deployment yml image is correctly tagged with server name
# to get login server
#az acr list --resource-group $rg --query "[].{acrLoginServer:loginServer}" --output table

kubectl apply -f .\letskubedeploy.yml

# watch till you get external ip. ctrl-c to quit
kubectl get service --watch

#az provider register --namespace "Microsoft.OperationsManagement"

kubectl get service

############ Deploy updated  Image #################

#make some change in app and then build:
docker build . -t $taggedImageNameVer2

az acr login --name $repoName

docker push  $taggedImageNameVer2

#now you can change the image name in the deployment.yml file and redeploy or use cli like thus:
#lutskube is the app name we specified in deployment.yml earlier

kubectl set image deployment letskube-deployment letskube=mywonderfulrepo1.azurecr.io/letskube:v2

############ Commands #######################

#connect
az aks get-credentials --resource-group $rg --name $clusterName

#to switch between multiple configs (look up name in  C:\Users\<username>\.kube\config)
kubectl config use-context $clusterName

#list
az aks list -o table

#get nodes
kubectl get nodes

#pods
kubectl get pods
kubectl get pods --all-namespaces

########## Versions ##############

#check which upgrades are available
az aks get-upgrades --resource-group $rg --name $clusterName

#upgrade
az aks upgrade --resource-group $rg --name $clusterName --kubernetes-version 1.12.8

#### browse to dashboard service ###

#https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/aks/kubernetes-dashboard.md
#If your AKS cluster uses RBAC, a ClusterRoleBinding must be created before you can correctly access the dashboard
kubectl create clusterrolebinding kubernetes-dashboard --clusterrole=cluster-admin --serviceaccount=kube-system:kubernetes-dashboard

az aks browse -n $clusterName -g $rg

########## scale  s##############

#scale nodes: will add mode virtual machines
az aks scale --resource-group $rg --name=$clusterName --node-count 3

#scale pods
kubectl get deployment
kubectl scale --replicas=1 deployment/letskube-deployment

kubectl get pods



# Deploy with Helm ####
#https://docs.microsoft.com/en-us/azure/aks/kubernetes-helm
#https://helm.sh/docs/using_helm/#installing-helm

# Install helm locally

#install
choco install kubernetes-helm

#Before you can deploy Helm in an RBAC-enabled AKS cluster, you need a service account and role binding for the Tiller service

cd C:\_hbGit\AzureSamples\AKS\
kubectl apply -f .\helm-rbac.yaml

#Configure Helm (run in bash)
helm init --service-account tiller --node-selectors "beta.kubernetes.io/os"="linux"

#check
kubectl get pods --all-namespaces

#Find Helm charts
helm search

#list
helm list
#Install draft
#https://github.com/Azure/draft/blob/master/docs/quickstart.md
#draft: https://docs.microsoft.com/en-us/azure/aks/kubernetes-draft

#run in elivated powershell
choco install draft

# configure draft
#draft builds a helm chart and deploys it to aks
draft init

#register ACR so that images are pushed to acr
#https://github.com/Azure/draft/blob/master/docs/install-cloud.md

draft config set registry $loginServerName

#login to acr

az acr login --name $repoName
# create
#cd to folder with DockerFile
#this will create draft.toml  
#also a charts dir: a empty charts dir, chart.yml,values.yml (values to plug into templates/deployment.yml) 
#Note image reo name in templates/deployment.yml:  image: ":")

#in values file make these changes
#service:
#  type: LoadBalancer
 #repository: node
 # tag: onbuild
cd C:\_hbGit\AzureSamples\AKS\letskube

#create
draft create

#deploy
draft up

#check

kubectl get pods

#get external ip. Your service will run on http:/externalip:8080
kubectl get service

#connect on localhost
draft connect


#modify app  and redeploy: make some change say to appsettings.json and simply do draft up again
draft up

#how to delete deployments
#list deployments and note deployment Name
helm list

#delete
helm delete $imageName --purge

#to delete aks cluster
az aks delete  -n $clusterName -g $rg --no-wait

##############Helpers#############
#delete all containers
docker stop $(docker ps -aq)
docker rm $(docker ps -aq)

docker ps -a

#delete all images
docker rmi $(docker images -q) --force