Azure Kubernetes Service

Chetna Manku
7 min readMar 5, 2021

--

Over the last few years, people have increasingly been adopting containers. But to use containers at a large scale, you need to use an orchestrator to ease the administration of your applications.

Kubernetes is by far the most popular container orchestration tool, yet the complexities of managing the tool have led to the rise of fully-managed Kubernetes services over the past few years.

Kubernetes Adoption hits a new high

A survey results indicate widespread adoption of Kubernetes (91%), especially in production environments (75%). Supported by a robust community of contributors, Kubernetes has taken significant market share away from other container management tools

With technologies like serverless architecture, we’re trending towards caring less and less about infrastructure so that we can focus on what’s really going to provide value. Microsoft understands this, which is why Azure provides many platform as a service (PaaS) solutions, one of the service is Azure Kubernetes Service.

🔰 What is Azure Kubernetes Service 🔰

Azure Kubernetes Service (AKS) is an open-source fully managed container orchestration service that became available in June 2018 and is available on the Microsoft Azure public cloud that can be used to deploy, scale and manage Docker containers and container-based applications in a cluster environment.

Azure Kubernetes Service (AKS) is a fully-managed service that allows you to run Kubernetes in Azure without having to manage your own Kubernetes clusters. the best thing about AKS is that you don’t require deep knowledge and expertise in container orchestration to manage AKS.

Azure manages all the complex parts of running Kubernetes, and you can focus on your containers. Basic features include:

  • Pay only for the nodes (VMs)
  • Easier cluster upgrades
  • Integrated with various Azure and OSS tools and services
  • Kubernetes RBAC and Azure Active Directory Integration
  • Enforce rules defined in Azure Policy across multiple clusters
  • Kubernetes can scale your Nodes using cluster autoscale
  • Expand your scale even greater by scheduling your containers on Azure Container Instances

🔰 Azure Kubernetes Service Benefits 🔰

Azure Kubernetes Service is currently competing with both Amazon Elastic Kubernetes Service (EKS) and Google Kubernetes Engine (GKE). It offers numerous features such as creating, managing, scaling, and monitoring Azure Kubernetes Clusters, which is attractive for users of Microsoft Azure. The following are some benefits offered by AKS:

  • Efficient resource utilization: The fully managed AKS offers easy deployment and management of containerized applications with efficient resource utilization that elastically provisions additional resources without the headache of managing the Kubernetes infrastructure.
  • Faster application development: Developers spent most of the time on bug-fixing. AKS reduces the debugging time while handling patching, auto-upgrades, and self-healing and simplifies the container orchestration. It definitely saves a lot of time and developers will focus on developing their apps while remaining more productive.
  • Security and compliance: Cybersecurity is one of the most important aspects of modern applications and businesses. AKS integrates with Azure Active Directory (AD) and offers on-demand access to the users to greatly reduce threats and risks.
  • -Quicker development and integration: Azure Kubernetes Service (AKS) supports auto-upgrades, monitoring, and scaling and helps in minimizing the infrastructure maintenance that leads to comparatively faster development and integration.

🔰 Azure Kubernetes Service Use Cases 🔰

We’ll take a look at different use cases where AKS can be used.

  • Migration of existing applications: You can easily migrate existing apps to containers and run them with Azure Kubernetes Service. You can also control access via Azure AD integration and SLA-based Azure Services like Azure Database using Open Service Broker for Azure (OSBA).
  • Simplifying the configuration and management of microservices-based Apps: You can also simplify the development and management of microservices-based apps as well as streamline load balancing, horizontal scaling, self-healing, and secret management with AKS.
  • Bringing DevOps and Kubernetes together: AKS is also a reliable resource to bring Kubernetes and DevOps together for securing DevOps implementation with Kubernetes. Bringing both together, it improves the security and speed of the development process with Continuous Integration and Continuous Delivery (CI/CD) with dynamic policy controls.
  • Ease of scaling: AKS can also be applied in many other use cases such as ease of scaling by using Azure Container Instances (ACI) and AKS. By doing this, you can use AKS virtual node to provision pods inside Azure Container Instance (ACI) that start within a few seconds and enables AKS to run with required resources.
  • Data streaming: AKS can also be used to ingest and process real-time data streams with data points via sensors and perform quick analysis.

🔰🔰 Technical Story By Eni SpA using Azure Kubernetes Service 🔰🔰

Eni SpA, an Italian energy company, adopted Kubernetes to speed innovation and deployment of its internal business applications. After the initial setup on-premises proved successful, the company expanded to the cloud and added Microsoft Azure Kubernetes Service (AKS).

Eni is a global oil and gas superpower, operating in 67 countries worldwide and employing more than 30,000 people. In 2018, Eni’s information and communications technology (ICT) function started using Kubernetes technology as part of a new digital transformation program.

The challenge of fast infrastructure provisioning and light-speed project onboarding

  • The initial focus of Eni’s project in 2018 was to create an infrastructure where project onboarding happened fast and developers could begin work immediately.
  • Eni’s information and communications technology (ICT) group set up a Kubernetes infrastructure on-premises, adopting a distribution of Kubernetes by a major vendor.
  • This setup ran successfully on-premises for six months, and the rate of internal adoption was swift. Ten business applications were migrated. Before long, the new platform was supporting several system integrators and more than 100 developers, who deployed about 300 containers.
  • From the start of the Kubernetes project, the ICT group knew that it wanted to take advantage of the cloud. By working with a cloud provider, Eni could test and evaluate multiple, up-to-date technologies that would otherwise imply heavy upfront investments and more time than the team had.
  • The question was which cloud provider to use. Eni wanted to find a cloud service that met its goal to avoid Kubernetes vendor lock-in. As longtime customers of Microsoft, Eni assigned a small team to explore Azure Kubernetes Service, a managed Kubernetes service that is free — customers only pay for the agent nodes within their clusters, not for the masters.
  • The team liked the way clusters could be created and destroyed in minutes. As a managed solution, AKS was easier to maintain than the infrastructure as a service (IaaS) Kubernetes solution used on-premises.

“AKS allows us to deploy and run containers very fast, without dealing with the burden of allocating VMs, storage, and configuring networking. Moreover, changing decisions about deployment parameters is quick and easy.”

-Giuseppe Zicari, Cloud Architect, Eni SpA

Hybrid cloud: A challenge for the Eni enterprise

  • A key point of the project was to integrate the green datacenter, Eni’s infrastructure on-premises, with the Azure West Europe region in the most seamless and transparent way.
  • For connectivity between Kubernetes clusters, the digital transformation team used kubenet, a simple networking plug-in that provided portability while avoiding vendor lock-in. All the traffic is exposed through an ingress on the AKS cluster through an Azure load balancer.
  • Cybersecurity was a top consideration. Within the networks on Azure and on-premises, the team deployed a dual-purpose load balancer and a network firewall.
  • All the traffic going into and out of the AKS cluster traverses this security pair to verify its legitimacy. A network rule ensures that AKS is closed inside the virtual network, that the worker nodes are never exposed to the public internet, and that the traffic originating from the containers goes through the network firewall.

Benefits of Using AKS

Compared to the previous setup of Eni, AKS offered some helpful benefits

  • Reduced operations. AKS is continuously upgraded by Microsoft behind the scenes, saving Eni the time required to manage the storage, networking, and virtual machine details that made the on-premises installation cumbersome.
  • Elasticity. Scaling in and out with worker nodes does not require an upfront investment. This key benefit enabled Eni to experiment with containers on Azure in the first place. Now the team is focused on optimizing density of usage.
  • Ephemeral infrastructure. AKS frees Eni from the chore of managing virtual machines. The team even chose not to have the SSH root user, both for security and compliance reasons — an unavoidable extra step when running applications on-premises.
  • Agility. The team created and destroyed dozens of clusters during the initial study phase, performing tests that were simply not feasible on-premises.
  • Storage flexibility. The orchestration of real software-defined storage in the form of Azure disks is a great advantage when deploying these kind of clusters, and the team is continuing to improve its implementation.

🔰 Conclusion 🔰

The ECS implementation and AKS proved their value to Eni and demonstrated that cloud speed and velocity can be achieved with security and robustness. Eni is also enjoying the benefits of a managed Kubernetes offering that takes little effort to run and maintain.

Azure Kubernetes Service is a powerful service for running containers in the cloud. Best of all, you only pay for the VMs and other resources consumed, not for AKS itself, so it’s easy to try out.

AKS has numerous benefits such as security with role-based access, easy integration with other development tools, and running any workload in the Kubernetes cluster environment.

--

--