Catégorie : Kubernetes (AKS)

AKS | Azure Container Storage in AKS

Hi!
Azure Container Storage is a specialized cloud-based service designed for managing volumes, deployment, and orchestration in containerized environments. It seamlessly integrates with Kubernetes, enabling automatic provisioning of persistent volumes for stateful applications running on Kubernetes clusters.

Utilizing existing Azure Storage offerings for data storage, Azure Container Storage provides a purpose-built solution for container volume management. It supports various backing storage options, allowing you to create a storage pool for your persistent volumes.

Here’s a summary of the supported storage types, recommended workloads, and provisioning models:

  1. Azure Elastic SAN Preview
    • Description: Provisioned on demand, fully managed resource.
    • Workloads: General purpose databases, streaming and messaging services, CD/CI environments, and other tier 1/tier 2 workloads.
    • Offerings: Azure Elastic SAN Preview.
    • Provisioning Model: Provisioned on demand per created volume and volume snapshot. Multiple clusters can access a single SAN concurrently, but persistent volumes can only be attached by one consumer at a time.
  2. Azure Disks
    • Description: Offers granular control of storage SKUs and configurations.
    • Workloads: Suitable for tier 1 and general purpose databases like MySQL, MongoDB, and PostgreSQL.
    • Offerings: Premium SSD, Premium SSD v2, Standard SSD, Ultra Disk.
    • Provisioning Model: Provisioned per target container storage pool size and maximum volume size.
  3. Ephemeral Disk
    • Description: Utilizes local storage resources on AKS nodes.
    • Workloads: Best for applications with no data durability requirement or with built-in data replication support (e.g., Cassandra).
    • Offerings: NVMe only (available on storage optimized VM SKUs).
    • Provisioning Model: Deployed as part of the VMs hosting an AKS cluster. AKS discovers available ephemeral storage on AKS nodes and acquires them for volume deployment.

In the Azure Container Storage Preview, several capabilities have been introduced based on customer feedback, including:

  • Improved stateful application availability with multi-zone storage pools and ZRS disks.
  • Server-side encryption with customer-managed keys (Azure Disks only).
  • Scale up by resizing volumes backed by Azure Disks and NVMe storage pools without downtime.
  • Clone persistent volumes within a storage pool.

Azure Container Storage offers several key benefits:

  • Rapid scale out of stateful pods: It provides fast attach and detach of persistent volumes, supporting highly resilient, high-scale stateful applications on AKS.
  • Improved performance for stateful workloads: Enables superior read performance and near-disk write performance, meeting various container workload requirements.
  • Kubernetes-native volume orchestration: Allows for seamless management of volumes using kubectl commands, eliminating the need to switch between different control plane operations.

In summary, Azure Container Storage streamlines volume management, deployment, and orchestration for containerized applications. It integrates seamlessly with Kubernetes, offering a range of storage options to cater to different workload requirements, ultimately enhancing the reliability and performance of stateful applications on AKS.

# Add the AKS-preview extension with upgrade option
az extension add --name aks-preview --upgrade

# Register necessary providers for AKS and Kubernetes Configuration
az provider register --namespace Microsoft.ContainerService --wait 
az provider register --namespace Microsoft.KubernetesConfiguration --wait

# Create a new resource group
az group create --name <resource-group-name> --location <location>

# Create a new AKS cluster with Azure Container Storage
az aks create -n <cluster-name> -g <resource-group-name> \
--node-vm-size Standard_D4s_v3 --node-count 3 \
--enable-azure-container-storage <storage-pool-type>

# Install Azure Container Storage on an existing AKS cluster
az aks update -n <cluster-name> -g <resource-group-name> \
--enable-azure-container-storage <storage-pool-type>

# Install Azure Container Storage on specific node pools
# First, list the available node pools
az aks nodepool list --resource-group <resource-group-name> --cluster-name <cluster-name>

# Then, update the cluster to enable Azure Container Storage on specific node pools
az aks update -n <cluster-name> -g <resource-group-name> \
--enable-azure-container-storage <storage-pool-type> \
--azure-container-storage-nodepools <comma separated values of nodepool names>

Documentation: https://learn.microsoft.com/en-us/azure/storage/container-storage/container-storage-introduction

Maxime.

Webinar | Cloud Native Security & Kubernetes

Hi!

I’m delighted to share that I was recently invited to host a webinar in French covering the essential topics of Cloud Native Security and Kubernetes. If you’re interested in gaining insights, best practices, and valuable feedback on deploying and safeguarding your Kubernetes environment, I highly recommend giving it a watch.

Audio podcast available on the Electro-Monkeys channel: https://podcasts.audiomeans.fr/electro-monkeys-0c9902cdaea8/cloud-native-security-and-kubernetes-be5f8d36

Maxime.

AKS | HTTP Proxy Support

Hi!

Azure Kubernetes Service (AKS) clusters, regardless of whether they’re deployed in a managed or custom virtual network, require specific outbound dependencies to operate effectively. Previously, in environments where internet access had to be routed through HTTP proxies, this presented a challenge. Nodes lacked the means to bootstrap the essential configuration, environment variables, and certificates needed to connect to internet services.

With this newly introduced feature, AKS clusters now support HTTP proxies. This provides a user-friendly interface for cluster operators to manage network traffic required by AKS in environments dependent on proxies, ensuring a secure and smooth operation.

Example of Json HTTP Proxy Config File:

{
  "httpProxy": "string",
  "httpsProxy": "string",
  "noProxy": [
    "string"
  ],
  "trustedCa": "string"
}

Create a new AKS cluster with HTTP proxy configured on the nodes:

az aks create -n $clusterName -g $resourceGroup --http-proxy-config aks-proxy-config.json

Update an existing HTTP proxy:

az aks update -n $clusterName -g $resourceGroup --http-proxy-config aks-proxy-config-2.json

Note: ods must be rotated for the apps to pick it up. For components under kubernetes, like containerd and the node itself, this won’t take effect until a node image upgrade is performed.

The following scenarios are not supported:

  1. Varied proxy configurations for each node pool
  2. User/password authentication
  3. Custom Certificate Authorities (CAs) for API server communication
  4. Windows-based clusters
  5. Node pools utilizing Virtual Machine Availability Sets (VMAS)
  6. Employing ‘*’ as a wildcard appended to a domain suffix for noProxy

Additionally, it’s important to note that by default, both httpProxy and httpsProxy, as well as trustedCa, are unset.

Resource: https://learn.microsoft.com/en-us/azure/aks/http-proxy#updating-proxy-configurations

Maxime.