Application Development with Azure
Karim Vaes Specialist – Azure Application Development
@kvaes Agenda
• Digital Transformation, powered by Application Innovation • Developer Toolchain • App Service • Integration Services Digital Transformation
Powered by Application Innovation Digital transformation
91% Digital of business leaders see Digital Transformation as a way of sparking Transformation innovation and finding efficiencies1
A journey with one destination but different paths 85% say they must offer digital services or become irrelevant2
1 ISACA: Information Systems Audit and Control Association, 2018 2 Couchbase: Couchbase Survey, August 2018 1 Data: Capture digital signal from across business Consumer Reports review indicate braking issue with Model 3 Vehicle telemetry shows brake performance across fleet
2 Insight: Connect and synthesize data Car telemetry for suspect cars analyzed to understand issue Tesla identifies fix to improve stopping distance Engage Transform customers products
3 Action: Improve business outcomes Car braking software updated over-the-air to fix issue Tesla closes the loop with consumer reports and review is updated
7,0%
6,0%
5,0%
4,0%
3,0%
2,0%
1,0%
0,0%
-1,0%
-2,0% software
Digital DNA Toolchain Overview
World’s most comprehensive developer toolchain Azure
Azure Stack Azure Data Box Azure Sphere Azure Kinect HoloLens
Web Databases Mobile Analytics Tools Mixed Reality AI + Machine Learning Visual Studio Containers Internet of Things Azure Devops Events + Integration Media GitHub PowerApps Power BI
Compute Networking Storage Security Identity Platform Services Security & Hybrid Management Cloud Media & CDN Application Platform Data Azure AD Security Center Content SQL Health Monitoring Media Media SQL Data DocumentDB Services Analytics Delivery Web Mobile Database Warehouse Network Apps Apps Portal AD Privileged Identity SQL Server Redis Storage Azure Management Azure Active Integration API Cloud Stretch Database Cache Tables Search Directory Apps Services Domain Services Azure AD API BizTalk Services B2C Management Service Notification Fabric Hubs Intelligence Logic Multi-Factor Backup Apps Cognitive Services Bot Framework Cortana Authentication Service Bus Functions
Automation Operational Analytics & IoT Analytics Developer Services Compute Services Scheduler Machine HDInsight Stream Analytics Mobile Learning Visual Studio Import/Export Container VM Engagement Service Scale Sets Key Vault Data Data Lake Catalog Analytics Service Data Lake Store VS Team Services Batch Xamarin Azure Site Store/ RemoteApp Recovery Marketplace IoT Hub Event Data Power BI Application HockeyApp Hubs Factory Embedded VM Image Gallery Dev/Test Lab Insights StorSimple & VM Depot Infrastructure Services
Compute Storage Networking
Virtual Load Express Traffic VPN App Virtual Machines Containers Blob Queues Files Disks DNS Network Balancer Route Manager Gateway Gateway
Datacenter Infrastructure Source : https://azurecharts.com/overview Characteristics of modern applications
Containers Managed Artificial Serverless Databases Intelligence
Azure operational database services
Democratizing development
GitHub Azure services APIs Microsoft Flow
Visual Studio Microsoft Azure PowerApps
Professional developers Citizen developers Azure PowerApps
#1 Developers’ Choice Leader in Low-Code of PaaS Products1 Development Platforms2 DevOps
50%
Top performing DevOps companies spend more time innovating and less time “keeping the lights on”.
The result: better products, delivered 19.5% faster, to happier customers by more engaged teams 10%
5% 5% Azure Boards
Azure Repos
Azure Pipelines
Azure Artifacts
Azure Test Plans Azure Boards
Azure Repos
Azure Pipelines
Azure Artifacts
Azure Test Plans Azure Boards
Azure Repos
Azure Pipelines Connecting ideas to releases
Scrum ready to help your teams run sprints, Azure Artifacts stand-ups, and plan work Integrated with GitHub commits and pull requests
Azure Test Plans Insights into project status and health Azure Boards
Azure Repos
Azure Pipelines Private Git and TFVC repos for your teams
Code review via branch pull requests Azure Artifacts Branch policies and build validation
Easy migration path to / from GitHub Azure Test Plans Azure Boards
Azure Repos
Azure Pipelines Cloud-hosted pipelines for Linux, macOS and Windows
Azure Artifacts Any language, any platform, any cloud Native support for containers and Kubernetes
Azure Test Plans Best-in-class for open source Azure Boards
Azure Repos
Azure Pipelines Deploy to on-premises, ANY cloud or a hybrid of cloud and on-prem
Azure Artifacts Staged environment releases Pre and post deployment approvals with gates to automate approval based on conditions Azure Test Plans Azure Boards
Azure Repos
Azure Pipelines Share code efficiently
Keep your Maven, npm, NuGet and Python Azure Artifacts packages and more in the same place Aggregate from public registries and internal teams Azure Test Plans Publish and track from any pipeline Azure Boards
Azure Repos
Azure Pipelines Run tests and log defects from your browser
Track and assess quality throughout your lifecycle Azure Artifacts Capture rich data for reproducibility
Create tests directly from exploratory sessions Azure Test Plans Azure Boards GitHub brings open source workflows to your organization, breaking down silos and enabling Azure Repos InnerSource through:
Azure Pipelines • Expertise sharing • Cross-team collaboration Azure Artifacts • Improved code reuse • Increased velocity Azure Test Plans • Secure Workflows DevOps at Microsoft Azure DevOps is the toolchain of choice for Microsoft engineering with over 100,000 internal users
➔ https://aka.ms/DevOpsAtMicrosoft
442k 4.6m 28k Pull Requests per Builds per month Work items month created per day
2.4m 3.5k 12k 82,000 Private Git commits per Open Source repos Employees contributing Deployments per day month to open source
Data: Internal Microsoft engineering system activity, March 2019 Azure DevOps supports small teams and the largest enterprises
“ Instead of telling people to wait for 6 “ Speed is gained in moving to the PaaS months for a new feature, we can give it to offering of Azure DevOps. PaaS provides them in a few weeks…Our 2800 worldwide regularly released features and a future- developers can use the same backlog, user proof capability, eliminating the need for stories and tests whether they’re on Accenture to maintain infrastructure and Windows or Linux… building for iOS or go through upgrade cycles. ” Android. ”
“ Branches sync 500 percent faster. Builds “Microsoft made it really easy to break are 400 percent faster, with the typically outside the silos… and tie the DevOps six-hour process reduced to 90 minutes. process into the fulfilment of business We (now have) a highly streamlined process. Without the tools that we have process that operates with a few button today, we would not be successful. ” clicks—and one-button deployment. ” Reactive operations
DEVELOP DELIVER OPERATE Moving to proactive operations with Azure
DEVELOP DELIVER OPERATE Deliver faster and more reliably with GitHub and Microsoft Azure Integrate with your existing tools and workflow Infrastructure and Configuration as Code
©Microsoft Corporation Azure Continuous Security
Gain full visibility and control of your cloud security state
Leverage ML to Proactively identify and mitigate risks to reduce exposure to attacks
Quickly detect and respond to threats with advanced analytics
©Microsoft Corporation Azure Smarter Insights, Faster
©Microsoft Corporation Azure
Let us go through it…
©Microsoft Corporation Azure App Service Speed
Personalization
Cross-device Microsoft Azure
Open & scalable Data-driven Cross-platform cloud platform intelligence experiences
Continuous innovation Choose the right balance of control and responsibility based on your needs
Responsibility On-prem IaaS PaaS SaaS Build from the ground up Some assembly required Move-in ready
Applications
Data
Runtime
Middleware
Operating system
Virtualization
Servers
Storage
Networking
Customer Microsoft 80% 50% 466% IT time saved faster service deployment return on investment
Statistics based on five-year, risk-adjusted figures for a composite organization constructed from aggregated interviews with eight Microsoft Azure IaaS customers. Source: “The Total Economic Impact Of Microsoft Azure PaaS,” a commissioned study conducted by Forrester Consulting, June 2016 IaaS CaaS PaaS FaaS Infrastructure Platform Container Platform Application Platform Serverless Platform
Challenges
Patching, Management, Deployment Management (Container & Pod) Limitations of Execution environment Cold start, long running process
What you get
Curated VM Hosting Curated Orchestration Curated Execution Environment Scale to ‘zero’
Technology decisions
IT/Infra focused Value Prop Dev/App Admin focused Value Prop
More Control of execution environment Less Control of execution environment
Less Agile development & deployment More Agile development & deployment High-productivity Fully-managed Enterprise-grade for devs & ops
.NET, Node, Java, Docker, PHP, Ruby, Python Auto scale & load balancing Global data center footprint
Deploy containers on Windows & Linux High availability w/auto patching Hybrid support
Staging & deployment Reduced operations costs Azure Active Directory integration
Testing in production Backup & recovery Secure & compliance
App gallery marketplace Code
Container Use the code, container, or OS of your choice on Azure App Service, our fully-managed platform
OS Developer Fully managed Flexibility & productivity platform choices
Tight integration Scaling and load From CLI, portal, or w/ Docker Hub, balancing ARM template Azure Container Registry
Built-in CI/CD w/ High availability w/ Single Docker image, Easily deploy & run container-based web apps at scale Deployment Slots auto-patching multi container w/ Docker compose, or Kubernetes Pod Definition
Intelligent Backup & recovery IntelliJ, Jenkin, Maven, diagnostics & Visual Studio family troubleshooting, remote debugging Integration Services
Integration scenarios Integration challenges Integration Platform as a Service Azure Integration Services APIs Workflows
Messages Events API Management Logic Apps
Service Bus Event Grid Azure API Management
Publish APIs safely and connect to backend systems hosted anywhere
• Work with any host, API, and scale • Attract more developers • Secure and optimize your APIs • Gain insights into your APIs Azure Logic Apps
Automate workflows and orchestrate business processes easily
• Out-of-the-box connectors reduce integration challenges • Connect and integrate data from the cloud to on-premises • B2B and enterprise messaging in the cloud • Powerful web-based workflow designer Azure Service Bus
Scalable and reliable cloud messaging as a service
• Simplify enterprise cloud messaging • Build reliable, scalable cloud solutions • Implement complex messaging routing Azure Event Grid
Simplify event-based app development with a publish-subscribe model
• Simple HTTP-based event delivery • Build better, more reliable applications through reactive programming • Focus on product innovation Azure Integration Services Our Vision
A complete, industry leading integration platform That is simple to use yet powerful That is tried and trusted Integrated and cohesive Where you need it
Integration for the many, not the few
API Logic Apps Service Bus Event Grid Management
Bring your technology investments together
On-premises or cloud-based apps Azure services
Packaged or SaaS apps Thank You!
© Copyright Microsoft Corporation. All rights reserved. Thank you!
0032 497 219577
@kvaes Kubernetes Kubernetes momentum
“By 2020, more than 50% of enterprises Larger companies will run mission-critical, containerized are leading the cloud-native applications in production.” adoption. 77% For the organizations running Kubernetes today, 77%1 of those with more than 1,000 developers are running it in production.
1Heptio: state of Kubernetes 2018 What’s behind the growth? Kubernetes: the leading orchestrator shaping the future app development and management
It’s widely used It’s vendor-neutral It’s community-supported
Kubernetes is in production for A variety of cloud providers There’s a huge community of active global companies across industries1 offer robust Kubernetes support contributors supporting Kubernetes3
24,000 1.1 million contributors contributions since 2016 since 2016
1Kubernetes.io. “Kubernetes User Case Studies.” 2CNCF. “Kubernetes Is First…” 3CNCF. Keynote address. Azure Kubernetes Service (AKS) Ship faster, operate easily, and scale confidently with managed Kubernetes on Azure
Manage Kubernetes Accelerate Build on an Run anything, with ease containerized enterprise-grade, anywhere development secure foundation Top scenarios for Kubernetes on Azure
Lift and shift Machine Microservices IoT Secure DevOps to containers learning
Cost saving Agility Performance Portability Automation without refactoring Faster application Low latency Build once, Deliver code faster and your app development processing run anywhere securely at scale Azure Kubernetes momentum
Trusted by thousands of customers 30x
Azure Kubernetes Service usage grew 30x since it was made generally available in June 2018
Dated November 2018 How Kubernetes works
Kubernetes control Worker node Internet kubelet kube-proxy
1. Kubernetes users communicate with API server and apply Docker desired state Master node Pod Pod
API server 2. Master nodes actively enforce Containers Containers desired state on worker nodes
3. Worker nodes support -controller- manager -scheduler communication between Worker node containers Internet kubelet kube-proxy
replication, namespace, 4. Worker nodes support serviceaccounts, etc. etcd communication from the Internet Docker
Pod Pod
Containers Containers Kubernetes on its own is not enough Save time from infrastructure management and roll out updates faster without compromising security
Unlock the agility for containerized applications using: IDE container support Security Governance Identity • Infrastructure automation that simplifies provisioning, patching, and upgrading Source code <\> repository • Tools for containerized app development Registry and CI/CD workflows supporting Kubernetes Helm • Services that support security, governance, and identity and access management CI/CD Infrastructure automation
Monitoring Virtual machines Networking
Microservice debugging Storage Data Kubernetes on Azure Simplify the deployment, management, and operations of Kubernetes
Portable Extensible Self-healing
Manage and Accelerate Build on an Run any operate Kubernetes containerized app enterprise-grade, workload with ease development secure platform anywhere Microsoft among leaders in inaugural Forrester New Wave report Forrester finds Microsoft “leads the pack with the strongest developer experience and global reach”
THE FORRESTER NEW WAVETM Public Cloud Enterprise Container Platforms Reference customers share Q3 2019 Strong Challengers Contenders Performers Leaders
• “Azure has the best integration with our development Amazon Stronger Web Service tools and processes.” Current Offering Google
Alibaba Cloud • “Azure manages the k8s control plane for us—we don’t even Microsoft • IBM
have to think about it.” • HUAWEI
• “Easy cluster setup, integration with database and other Azure services, the best developer experience, and rock-solid support keep them highly satisfied with Azure containers.” • Tencent Cloud
Weaker Current Offering
Weaker Strategy Stronger Strategy Market Presence
The Forrester New Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research, Inc. The Forrester New Wave™ is a graphical representation of Forrester’s call on a market. Forrester does not endorse any vendor, product, or service depicted in the Forrester New Wave™. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. Manage Kubernetes with ease Focus on your containers and code, not the plumbing of them
Managed Azure managed control plane DIY with Responsibilities Kubernetes Kubernetes on Azure Self-managed master node(s) App/ workload Kubernetes etcd Containerization User definition API endpoint API server Store
Application iteration, debugging Controller Cloud CI/CD Scheduler Manager Controller
Provisioning, upgrades, patches
Reliability availability Schedule pods over private tunnel Customer VMs Scaling Docker Docker Docker Docker Docker
Pods Pods Pods Pods Pods Monitoring and logging
Customer Microsoft Azure Red Hat OpenShift Fully managed Red Hat OpenShift service
Azure Red Hat OpenShift Simplify cluster operations with Azure Red Hat OpenShift
Responsibilities Azure Active Azure Key App Directory Vault User definition User management OpenShift API/ administration console App 1 App 2
Project and quota management
Azure DNS Application lifecycle
Cluster creation Public IP Public IP Public IP Microsoft Red Hat Cluster management Azure Load Azure Load Balancer (Master) Balancer (Router) Virtual network Monitoring and logging OpenShift SDN Azure VMs (Master) Azure VMs (Infrastructure) Azure VMs (Application) Network configuration Scale sets Scale sets Scale sets
Node 1 Node 2 Node 3 Node 1 Node 2 Node 3 Node 1 Node 2 Node 3 Node 4 Node N Software and security updates
api-server • controller-manager • etcd registry • router application pods Platform support
Azure Premium Azure Blob Azure Premium SSD Managed Disks SSD Managed Azure Premium SSD Managed Disks Storage Disks Customer Microsoft and Red Hat
Azure Red Hat OpenShift Manage Kubernetes with ease Highly available, reliable service with serverless scaling
Azure Monitor
Azure Container AKS production cluster Instances (ACI)
Microservices Pods
Virtual node
Availability Reliability Auto scaling Azure makes Kubernetes easier Manage and operate Kubernetes with ease
Task The Old Way With Azure
Create a cluster Provision network and VMs az aks create Install dozens of system components including etcd Create and install certificates Register agent nodes with control plane
Upgrade a cluster Upgrade your master nodes az aks upgrade Cordon/drain and upgrade worker nodes individually
Scale a cluster Provision new VMs az aks scale Install system components Register nodes with API server Accelerate containerized development
Kubernetes and DevOps better together Develop Deliver Operate
Develop • Native containers and Kubernetes support in IDE Azure AKS Inner loop • Remote debugging and iteration for multi- Container production GitHub repos Registry cluster containers Scale Azure AKS dev Azure • Effective code merge DevSpaces cluster Monitor • Automatic containerization Test
Debug Container Deliver image
• CI/CD pipeline with automated tasks in a few Boards clicks • Pre-configured canary deployment strategy • In depth build and delivery process review and integration testing CI/CD Pipelines • Private registry with Helm support Helm chart Terraform
Operate • Out-of-box control plane telemetry, log aggregation, and container health • Declarative resource management • Auto scaling Azure makes Kubernetes easier Accelerate containerized application development
Task The Old Way With Azure
Inner loop development Set up a local dev environment using Minikube Use Dev Spaces to run and debug services locally while connected to Determine the transitive closure of your dependencies existing services and dependencies without having to mock them Identify behavior of dependencies for key test cases Stub out dependent services with expected behavior Make local changes, check-in, and hope things work Validate with application logs
Set up a CI/CD pipeline and deploy Create Git repo Store source code on GitHub, then create a project on Azure Pipelines to Kubernetes Create a build pipeline with Kubernetes/AKS as a target Create a container registry Create a Kubernetes cluster Configure build pipeline to push to container registry Configure build pipeline to deploy to Kubernetes Define and set up deployment strategy
Make container images available Create a container registry in every region Create an Azure Container Registry with geo-replication for deployment worldwide Configure build pipeline with multiple endpoints Push your image to a single endpoint Loop through all regions and push following build
Track health with consolidated Choose a logging solution Checkbox enable monitoring with centralized tracking of logging and cluster and application logs Deploy log stack in your cluster or provision a service analytics Configure and deploy a logging agent onto all nodes Build on an enterprise-grade, secure platform
Control Get runtime vulnerability Put guardrails in your Secure network Gain automated threat access through scanning and auditing development process with communications with VNET protection and best practice AAD and RBAC through Azure Security Center Azure Policy and network policy recommendations for Kubernetes clusters Identity Use familiar tools like AAD for fine-grained identity and access control to Kubernetes resources from cluster to containers
Storage
AKS with RBAC
Active VNet Active Directory SQL Directory Node Node Database
Pod Pod
AAD Pod Identity Cosmos DB
Key Vault Image Security Your private registry, with built-in Helm chart support, only deploys validated images and can be automatically geo-replicated to the data center close to where your users are
Developer Azure Container Registry
Azure CI/CD Kubernetes Image scanning Pipelines Service
Fail Pass
Admin Vulnerability scanning
Actionable recommendations Networking Secure your Kubernetes workloads with virtual network and policy-driven communication paths between resources
Kubernetes cluster: Azure VNET
Internal Egress Load Balancer lockdown
External DNS
Control plane Ingress Controller App Private Gateway cluster Worker node Worker node
kubelet Pods Pods kubelet Containers Containers …
Namespace Governance Dynamically enforce guardrails defined in Azure Policy across multiple clusters—nodes, pods, and even container images can be tracked and validated at the time of deployment or as part of CI/CD workflows
Cloud Azure Architect Policy
Compliance reports Assigns a policy Cluster-1 Cluster-2 Cluster-3 across clusters
Compliance reports for the entire environment, with pod-level granularity
AKS Developer Real-time enforcement of policy and feedback Cluster-1 Cluster-2 Cluster-3 Threat protection Automated threat detection and best practices recommendation for Kubernetes clusters using advanced analytics from Azure Security Center
Azure Continuous discovery of Security managed AKS instances Center
Actionable recommendations for security best practices
Detect threats across AKS nodes and clusters using advanced analytics Azure Kubernetes Service
Cluster Cluster Cluster Run anything, anywhere
Container Region
Windows Linux 35+ regions worldwide
Environment Your choice of… Your
Public IoT Azure Azure Private data clouds Edge Government Stack centers Azure Kubernetes Service (AKS) support for Windows Server Containers Now you can get the best of managed Kubernetes for all your workloads whether they’re in Windows, Linux, or both
• Lift and shift Windows applications to run on AKS
• Seamlessly manage Windows and Linux applications through a single unified API
• Mix Windows and Linux applications in the same Kubernetes cluster—with consistent monitoring experience and deployment pipelines Microsoft Azure
Azure Arc enabled Kubernetes clusters
Identity RBAC
Central inventory and monitoring of the sprawling assets running anywhere from Policy Monitoring on-premises to edge
Consistently apply policies, role-based- access-controls (RBAC) for at-scale governance Azure Arc Deploy Kubernetes resources to all clusters using a GitOps-based workflow Azure Stack Anywhere Kubernetes
…or… Kubernetes is built and maintained by the community
Kubernetes collects wisdom, code, and efforts from hundreds of corporate contributors and 150,000 24,000 #1 thousands of individual contributors commits contributors GitHub project
Microsoft is part of this vibrant community and leads in the associated committees to help shape the future of Kubernetes and its ecosystem
CNCF CNCF CNCF Kubernetes Linux Foundation platinum member technical oversight governing board steering committee board member committee
AKS is certified Kubernetes conformant, ensuring portability and interoperability of your container workloads Microsoft contributions to the community
Porter CNAB Packaging & distribution Helm Duffle
Virtual Kubelet Open Policy Agent Scalability & control KEDA Service Mesh Interface
Kubernetes Draft VS Code Kubernetes Extensions developer tooling Brigade Microsoft contributions to the community
Top 3X 68% 50K+
code contributor to growth of employee of Kubernetes monthly active Windows support in contributors within users prefer VSCode Kubernetes Kubernetes three years Helm1 Extension user2
1CNCF. 2Microsoft.. Work how you want with opensource tools and APIs
Development DevOps Monitoring Networking Storage Security
Take advantage of services and tools in the Kubernetes ecosystem Virtual kubelet
CNAB
Visual Azure Azure Azure Studio Code Pipelines VNET Policy Leverage 100+ Azure Monitor Azure Storage turn-key Azure GitHub ARM Service AAD ASC services Mesh Interface Container Registry Key Vault Azure Cosmos DB Azure Red Hat OpenShift
From Microsoft & Red Hat >95% of Fortune 500 use Microsoft Azure
Azure Red Hat OpenShift 100% of the Fortune Global 500 companies in these industries rely on Red Hat
Airlines Telecommunications Healthcare Commercial Banking
Azure Red Hat OpenShift Microsoft + Red Hat partnership
Red Hat Enterprise Red Hat OpenShift SQL Server on Red Red Hat Enterprise Linux in Azure Container Platform in Hat Enterprise Linux Linux for SAP Solutions Azure in Azure
Azure Red Hat OpenShift Creating value depends on your ability to deliver applications faster
Cloud-native AI and Internet Culture of applications machine learning Analytics of Things innovation
Containers, Kubernetes, and hybrid cloud are key ingredients
Azure Red Hat OpenShift Kubernetes done right is hard
75% of enterprise users say the complexity of implementation and operations are the top blockers to adoption
Source: The New Stack, The State of the Kubernetes Ecosystem, August 2017
Azure Red Hat OpenShift Kubernetes done right is hard
Install Deploy Harden Operate 75% of enterprise users say the complexity of implementation and operations are the top blockers to adoption
Source: The New Stack, The State of the Kubernetes Ecosystem, August 2017
Azure Red Hat OpenShift Containers come with their own challenges
Day 2 management A cloud-like experience, everywhere
Application deliver Empowering developers to innovate
Azure Red Hat OpenShift Why customers choose OpenShift
Trusted enterprise One platform Empower Kubernetes hybrid choice developers
Open source innovation
Azure Red Hat OpenShift There are two ways to deploy OpenShift on Azure
— cloud.openshift.com
Azure Red Hat OpenShift Running your own Red Hat OpenShift cluster
Responsibilities Azure Active Azure Key App Directory Vault User definition User management OpenShift API/ administration console App 1 App 2
Project and quota management
Azure DNS Application lifecycle
Cluster creation Public IP Public IP Public IP
Cluster management Azure Load Azure Load Balancer (Master) Balancer (Router) Virtual network Monitoring and logging OpenShift SDN Azure VMs (Master) Azure VMs (Infrastructure) Azure VMs (Application) Network configuration Scale sets Scale sets Scale sets
Node 1 Node 2 Node 3 Node 1 Node 2 Node 3 Node 1 Node 2 Node 3 Node 4 Node N Software and security updates
api-server • controller-manager • etcd registry • router application pods Platform support
Azure Premium Azure Blob Azure Premium SSD Managed Disks SSD Managed Azure Premium SSD Managed Disks Storage Disks Customer Microsoft and Red Hat
Azure Red Hat OpenShift Simplify cluster operations with Azure Red Hat OpenShift
Responsibilities Azure Active Azure Key App Directory Vault User definition User management OpenShift API/ administration console App 1 App 2
Project and quota management
Azure DNS Application lifecycle
Cluster creation Public IP Public IP Public IP Microsoft Red Hat Cluster management Azure Load Azure Load Balancer (Master) Balancer (Router) Virtual network Monitoring and logging OpenShift SDN Azure VMs (Master) Azure VMs (Infrastructure) Azure VMs (Application) Network configuration Scale sets Scale sets Scale sets
Node 1 Node 2 Node 3 Node 1 Node 2 Node 3 Node 1 Node 2 Node 3 Node 4 Node N Software and security updates
api-server • controller-manager • etcd registry • router application pods Platform support
Azure Premium Azure Blob Azure Premium SSD Managed Disks SSD Managed Azure Premium SSD Managed Disks Storage Disks Customer Microsoft and Red Hat
Azure Red Hat OpenShift Azure Red Hat OpenShift Fully managed Red Hat OpenShift service
Azure Red Hat OpenShift Azure Red Hat OpenShift features
Azure Red Hat OpenShift Flexible, self-service deployment
Create fully managed OpenShift clusters in minutes using
Azure Red Hat OpenShift Azure Active Directory integration—integrated sign-on
Azure Red Hat OpenShift Virtual Network integration
Azure Red Hat OpenShift VNet A
On-premises Red Hat OpenShift cluster infrastructure
Enterprise system Deploy clusters into Virtual Network, then use Azure Express VNET peering to connect to your networks Route (roadmap)
VNet peering
Other peered VNets
Azure Red Hat OpenShift Unified support and operations Site Reliability Engineers
Jointly engineered, operated, and supported Microsoft Help Red Hat by Microsoft and Red Hat + Support Customer Portal Flexibility in support channels • In-portal integrated support experience is available 24x7
SSO access to • ISO 27001 compliant B2B communication channel Red Hat support
• Co-located support with Red Hat on-site team Microsoft Red Hat Azure Support Support
• Integrated case systems Cross-product support
• Microsoft and Red Hat security response team collaboration
Case exchange platform
Cross-team hand off
Azure Red Hat OpenShift Hardened enterprise security for Kubernetes
OpenShift is Kubernetes for the enterprise
• Authentication: Use Azure Active Directory to access the Kubernetes OpenShift cluster release 1-3 months release hardening • TLS support: Strong encryption with TLS 1.2 by default
• Bring your own certificates and key rotation: Ability to bring your own certificates and rotate keys when necessary Security fixes • Hundreds of defect and performance fixes 200+ validated integrations • Certified Kubernetes • Virtual Network integration: Deploy your cluster into a new Virtual Network, then use VNET peering to connect to your existing Virtual Network and on-premises networks
Azure Red Hat OpenShift Comprehensive container security
Control Container content CI/CD pipeline Application security Container registry Deployment policies
Defend Audit & logging Container platform Storage Infrastructure Network isolation Container host multi-tenancy API management
Extend Security ecosystem
Azure Red Hat OpenShift Familiar Red Hat OpenShift developer experience
Use the tools and commands you already know
Azure Red Hat OpenShift Made for developer productivity
Build Test Deploy
Self-service Consistent Automated CI/CD Configuration App logs & Provisioning environments build & deploy pipelines management metrics
Code Review Monitor
Spring & Java EE Microservices Functions
Languages Databases Application services
Azure Red Hat OpenShift Cluster node scaling
Easily add or remove compute nodes to match resource demand using Application nodes
Node 1 Node 2 Node 3 Node 4 Node 5 Node 6
Azure Red Hat OpenShift Geographical availability
17
Generally available regions Product availability by region Future availability Get Azure Red Hat OpenShift through your existing Azure subscription
Starts at Pay as you go on-demand for application nodes* $0.953/hour
Use Reserved Virtual Machine instances to save costs
Choice of standard, high-memory, or high-CPU application nodes
Integrated support and operations
Pay through your existing Azure commitment
99.9% uptime Service Level Agreement (SLA)
*Price includes the Azure Linux VM costs
Azure Red Hat OpenShift Azure Red Hat OpenShift pricing examples
Azure Red Hat OpenShift fee only charged on Application Nodes
Linux Compute Rate ARO + Compute Rate Starts at $0.192/hr Starts at $0.953/hr
3 Master 3 Infrastructure 4 Application Nodes Nodes Nodes (Fixed) (Fixed) (Minimum) (Scalable+)
All instances in a cluster must be the same SKU Minimum SKU: D4s v3: 4 vCPU(s), 16GB RAM Application Nodes and Clusters are paid through on-demand pricing (additional reserved instances can be purchased to reduce cost).
© Microsoft Corporation Azure Configure authentication
Create cluster using Azure Resource Manager azuredeploy.json
ARM template
https://aka.ms/openshift/arm azuredeploy.json
ARM template Network Authentication Monitoring
https://aka.ms/openshift/arm azuredeploy.json
ARM template Node configuration
https://aka.ms/openshift/arm azuredeploy.parameters.json
Parameters Azure Active Directory Log Analytics workspace Create Resource Group az group create --name azure-redhat-openshift --location westcentralus Deploy Deploy template az group deployment create --resource-group azure-redhat-openshift --template-file azuredeploy.json --parameters azuredeploy.parameters.json
Deploy applications and setup CI/CD
Azure Monitor
Azure Red Hat OpenShift Roadmap
Public preview Q1 CY20
Public preview Q1 CY20
Public preview Q1 CY20
Public preview Q1 CY20
Public preview Q1 CY20
Public preview Q1 CY20
Azure Red Hat OpenShift Isolation Patterns
Physical Isolation Logical Isolation
• Smaller clusters help control your “blast radius” for failed upgrades • Isolate dev from prod clusters or catastrophic cluster failure. • Isolate regulated (e.g. HIPPA, PCI) workloads • Easier networking and service discovery, service-to-service • If you require secure, potentially hostile multi-tenancy communication • Low to Medium Pod Density = higher cost • Charge-back can be more challenging • Potential cluster-sprawl
© Microsoft Corporation Azure Learn more and stay connected
Learn more Hands-on workshop aka.ms/openshift/managed aroworkshop.io
Documentation Feedback aka.ms/openshift/docs aka.ms/openshift/feedback
Azure Red Hat OpenShift Kubernetes Deepdive Source control CI/CD pipeline
Dev Spaces git commit git push 1. The “Integration” dev space is running a full baseline version of the entire application helm upgrade helm upgrade Container --install --install 2. John and Sanjay are collaborating on registry values.test.yaml values.prod.yaml
FeatureX; it is setup as a dev space AKS cluster and running all the modified services Lisa required to implement a feature 'up' or F5 debug Lisa values.dev.yaml namespace 3. Code is committed to the master source control Integration Production namespace namespace 4. A CI/CD pipeline can be triggered to John John namespace deploy into “Integration,” which FeatureX updates the team's baseline namespace 5. The same Helm assets used during development are used in later Sanjay environments by the CD system Sanjay namespace 6. Lei connects using the local computer Lei to seamlessly run and debug service(s) Local locally computer Network traffic
Dev Spaces enabled Dev Spaces is enabled per Kubernetes namespaces and can be defined as anything. Any namespace in Environment variables, files which Dev Spaces is NOT enabled runs *unaffected*. Pull Request flow in Dev Spaces GitHub Actions Source workflow builds code control and deploys
1. John is working out of branch “feature-x” Open pull Pull request merged, locally request, deploy master updated feature-branch 2. John commits his code and pushes his branch to his remote GitHub repo Azure Dev Spaces + AKS cluster
3. John creates a pull request before PR namespace merging the changes into the feature-x created, changes application’s main branch deployed master 4. GitHub Actions workflow is triggered feature-x namespace upon PR creation; a delta namespace for namespace the pull request is created and the code is deployed to the namespace John Developer 5. A team member reviews the changes in the context of the entire application
6. The pull request is approved and a GitHub workflow is triggered to update the master namespace with the merged Lisa code changes Reviewer Horizontal Pod Autoscaler The horizontal pod autoscaler (HPA) uses the Metrics Server in a Kubernetes cluster to monitor the resource demand of pods. If a service needs more resources, the number of pods is automatically increased to meet the demand.
1. HPA obtains resource metrics and Node1 compares them to user-specified Horizontal threshold Pod Autoscaler Deployment ReplicaSet Pod Kubelet 2. HPA evaluates whether user specified replicas++
threshold is met or not replicas-- Pod cAdvisor
3. HPA increases/decreases the replicas
based on the specified threshold NodeX Grabs 4. The Deployment controller adjusts metrics Metrics Node2 Server the deployment based on Pod
increase/decrease in replicas Kubelet Collects metrics from all containers on the node
cAdvisor Collects metrics from all nodes Cluster Autoscaler The cluster autoscaler watches for pods that can't be scheduled on nodes because of resource constraints. The cluster then automatically increases the number of nodes.
Cluster 1. HPA obtains resource metrics and Azure Autoscaler Pod Pod compares them to user-specified threshold
2. HPA evaluates whether user specified Additional Pods are in threshold is met or not nodes needed pending state
3. HPA increases/decreases the replicas Pending pods based on the specified threshold are scheduled Node is granted AKS cluster 4. The Deployment controller adjusts the deployment based on increase/decrease in replicas Node Node
Pod Pod Pod Pod Azure Pipelines for AKS
Deep traceability 1. As part of the CI, developers check in their code to a central repository, like GitHub; Azure Pipelines automatically builds application binaries, runs unit Source Container Repository image Pod test, and pushes container image into a registry
2. Developers then deploy the application to a testing environment and run integration test as part of the CD workflow
3. Developers can review which pod is running which Source Release AKS code Build Pipelines Pipelines cluster container image, what source code is built into an image, and what tests are run against each image Continuous Continuous Deploy Integration Delivery strategies at any point of time > 4. For production deployment, Azure Pipelines automatically executes pre-defined deployment strategy and progressively rolls out application to Azure an AKS cluster Monitor
5. Enable app telemetry, container health monitoring, and real-time log analytics; insights used to address Iterate Monitor issues and feed into next sprint plans GitHub Actions for Kubernetes on Azure
Action 1. Authenticate and login securely to an Azure docker-login subscription
2. Set the target AKS cluster Action 3. Create Kubernetes secret objects to manage aks-set-context sensitive information
4. Connect to the Kubernetes cluster and deploy manifests, etc. Action k8s-create-secret
Action k8s-deploy Azure Container Registry geo-replication Push image to a single registry and ACR takes care of geographical Container replication, including local notifications. Developer image
1. US-based developer commits codes to build container image
2. Image is pushed to the nearest Azure Container Registry (ACR) region based on DNS contoso.azurecr.io contoso.azurecr.io East US West Europe 3. Geographical webhook triggers deployment to AKS CD ACR ACR CD AKS East US
4. ACR geo-replicates to configured regions Geo-Replication
5. Geographical webhook triggers deployment to contoso.azurecr.io/app:v1 contoso.azurecr.io/app:v1 West Europe
6. Both AKS clusters pull from contoso.azurecr.io Serverless Kubernetes using AKS virtual nodes
• Elastically provision compute capacity in seconds Node Node Pods Pods • No infrastructure to manage
• Built on open sourced Virtual Kubelet technology, donated to the Cloud Native Azure Container Computing Foundation (CNCF) Instances (ACI) Kubernetes control plane Pods
Virtual node Kubernetes-based event-driven auto-scaling (KEDA)
Open-source component jointly built by Microsoft and Kubernetes cluster RedHat
• Event-driven container creation & scaling Scaler AKS cluster Allows containers to “scale to zero” until an event comes in, which will then create the container and External process the event, resulting in more efficient trigger source utilization and reduced costs Controller
• Native triggers support Containers can consume events directly from the Metrics adapter event source, instead of routing events through HTTP
• Can be used in any Kubernetes service This includes in the cloud (e.g., AKS, EKS, GKE, etc.) KEDA or on-premises with OpenShift—any Kubernetes workload that requires scaling by events instead of traditional CPU or memory scaling can leverage this component. Service Mesh Interface (SMI)
SMI defines a set of APIs that can be implemented by individual mesh providers. Service meshes and tools Apps Tooling Ecosystem can either integrate directly with SMI or an adapter can consume SMI and drive native mesh APIs.
• Standard interface for service mesh on Kubernetes
• Basic feature set to address most common Service Mesh Interface scenarios Routing Telemetry Policy • Extensible to support new features as they become widely available
…and more
Kubernetes Internal External User User Security overview
Azure Container App Gateway AKS with RBAC Developer Registry 1. Image and container level security Internal External • AAD authenticated Container registry Load Balancer Load Balancer access • ACR image scanning and content trust for image validation Azure VNet 2. Node and cluster level security Kubernetes • Automatic security patching nightly Ingress Ingress External Active Admin • Nodes deployed in private virtual network Directory Controller Controller DNS subnet w/o public addresses Node Node • Network policy to secure communication paths between namespaces (and nodes) Pod Pod • Pod Security Policies using Gatekeeper • K8s RBAC and AAD for authentication • Threat protection on nodes AAD Pod Identity 3. Pod level security • Pod level control using AAD Pod Identity Azure • Pod Security Context Key Vault
4. Workload level security Azure Storage SQL Database Cosmos DB • Azure Role-based Access Control (RBAC) & security policy groups • Secure access to resources & services (e.g. Azure Key Vault) via Pod Identity • Storage Encryption • App Gateway with WAF to protect against threats and intrusions Encrypted Storage Pod identity
Developer
1. Kubernetes operator defines an <\> identity map for K8s service accounts
2. Node Managed Identity (NMI) watches for mapping reaction and syncs to Managed Service Identify Kubernetes (MSI) Kubernetes Azure controller Identity Azure SQL 3. Developer creates a pod with Binding Pod Server a service account, and pod uses standard Azure SDK to fetch a token bound to MSI
Active Token 4. Pod uses access token to consume Directory other Azure services; services validate Pod Identity Azure MSI token
NMI + EMSI Secure network communications with VNET and CNI
On-premises 1. Uses Azure subnet for both your infrastructure
containers and cluster VMs Azure VNet A Enterprise system Backend 2. Allows for connectivity to existing AKS subnet services subnet Azure Azure services in the same VNet Express AKS cluster SQL Server Route 3. Use Express Route to connect to on- premises infrastructure Azure SQL PaaS DB 4. Use VNet peering to connect to other VNets Service Endpoint 5. Connect AKS cluster securely and VNet peering privately to other Azure resources using VNet endpoints Other peered VNets
AKS VNet integration works seamlessly with your existing network infrastructure Identity and access management through AAD and RBAC
1. A developer authenticates to the AAD token issuance endpoint and requests an access token Azure Active Directory 2. The AAD token issuance endpoint issues the access token
3. The access token is used to Developer
authenticate to the secured resource Token AKS
4. Data from the secured resource is returned to the web application
Token
Azure delivers a streamlined identity and access management solution with Azure Active Directory (AAD) and Azure Kubernetes Services (AKS) Azure Policy for clusters
1. Cloud architect assigns a deployment policy across cluster(s) Cloud Azure Architect Policy 2. Developer uses standard Kubernetes API to deploy to the cluster
3. Real-time deployment enforcement Compliance reports (acceptance/denial) provided to developer based on policy Cluster-1 Cluster-2 Cluster-3
4. Cloud architect obtains compliance report for the entire environment and can drill down to individual pod level
AKS Developer Cluster-1 Cluster-2 Cluster-3 Azure Pipelines build audit & enforcement using Azure Policy
1. Cloud architect assigns a policy across Cloud Azure clusters; policy can be set to block non- Architect Policy compliance (deny) or generate non- compliance warnings (audit)
2. Developer makes code change that kicks off a build on Azure Pipelines
3. Azure Pipelines evaluates the request for CI/CD Pipelines policy compliance Deny policy Yes > No 4. If policy is set to deny, Azure Pipelines Fail Developer rejects the build attempt if any non- Compliance check AKS compliance is identified
Cluster-1 Cluster-2 Cluster-3 5. If policy is set to audit, a non-compliance event is logged and the build is allowed to proceed Pass AKS Support in Azure Security Center
1. For managed subscriptions, each new AKS Azure Continuous discovery of managed AKS instances cluster and node are discovered in ASC Security Center Raw security events 2. ASC monitors AKS cluster for security Actionable recommendations misconfigurations and provides for security best practices actionable recommendations for Audit log compliance with security best practices Detect threats across AKS nodes and clusters using 3. ASC continuously analyzes AKS for advanced analytics potential threats based on: Azure Kubernetes Service
a. Raw security events such as network AKS security configuration Verified by Security Center data and process creation Node1 Node2 Node3 API Server b. Kubernetes log audit Workers
Master Container runtime Container runtime Container runtime …and reports any threats and malicious Security center Security center Security center activity detected (e.g., “API requests to your cluster from a suspicious IP was detected”) Azure Monitor for containers Azure Monitor for containers
Prometheus
1. Get detailed insights about your Cloud native experience workloads with Azure Monitor for Azure Monitor with Observe live container Prometheus integration logs and Kubernetes 2. Filter for details about nodes, event log on container controllers, and containers deployment status Visualization Visualize overall health and Azure performance from cluster to Azure Kubernetes 3. See graphical insights about clusters containers with drilldowns Pipelines Service and filters Observability 4. Pull events and logs for detailed Insights Provide insights with activity analysis cluster health rollup view
Monitor & Monitor and analyze analyze Kubernetes and container Virtual deployment performance, node events, health, and logs
Response Native alerting with integration to issue management and ITSM tools Azure Monitor for containers Configuration management scenario
Azure Cluster Resource Cluster 1. Deploy Azure Arc for Kubernetes operator Manager Connect RP Kubernetes on-prem agent
Azure Arc 2. Azure Arc agent registers cluster with agent ARM Cluster Config RP 3. Cluster operator applies cluster configuration via ARM Config agent 4. Configuration agent picks up Azure Policy configuration and syncs state from git repo
5. Configuration agent informs Azure policy of status Cluster operator/ Application dev GitHub 6. Cluster operator or application developer pushes changes via GitHub What is a container?
VM VM Containers Containers
App1 App2 App1 App1 Binaries & Binaries & libraries libraries Binaries & Binaries & libraries libraries Guest OS Guest OS
Virtual machines Containers
Virtualize the hardware Virtualize the operating system VMs as units of scaling Applications as units of scaling Traditional virtualized environment
From dev to production agility across development and operations teams Virtual machine Virtual machine
Low utilization of resources
Container Container Container Container Containerization of applications and their dependencies for portability App App
Hypervisor
Host OS
Hardware Advantages of a containerized environment
Containers are lighter weight and faster to scale dynamically Virtual machine Virtual machine
Migrate containers and their Container Container dependencies to underutilized VMs for improved density and isolation
Container Container Decommission unused resources for efficiency gains and cost savings App
DockerHypervisor Engine
Host OS
Hardware Simplest container development experience Powered by automation and integration with familiar tools
1. Automatically containerize and scaffold Container any applications directly from IDE Container Registry 2. Auto-build to a secure container registry App
3. Rapidly iterate, test, and debug microservices
4. A few clicks to a full CI/CD pipeline and pre-configured deployment strategy Production environment
5. Built-in monitoring and logging to get Monitoring full visibility of container health and app and logging telemetry API-driven development with Kubernetes: overview Putting API at the center of the development process to clearly separate app accessibility and app logic
API defines how internal world communicates with outside world
• External interface to the world Cloud app Website • Formalizes parameters for internal and external user access Kubernetes platform • Allows definition and enforcement of policies, like security and usage API Security, governance, identity • Provides abstraction of the underlying details • Enables decoupling of interface development from logic development Kubernetes • Acts as proxy for app logic
Infrastructure automation
Kubernetes provides app orchestration Mobile app B2B partner environment and scalability needs Infrastructure • Simplifies migration and modernization • Enables developers to focus on app logic • Provides orchestration and scalability across apps and services Accessibility Logic API-driven development with Kubernetes: architecture Putting API at the center of the development process to clearly separate app accessibility and app logic
App 1. API is defined by API developers and developers published via the API Management portal API
2. Application developers define the API Management microservices and associated logic developers Portal Kubernetes platform and deploy to Kubernetes Security, governance, identity
3. API users (internal and/or external) use API Developer the API developer portal to learn about users Portal Kubernetes the API and use them in their applications
Infrastructure automation 4. Applications access APIs via the API Gateway Gateway Infrastructure
5. API Gateway, after ensuring the API request meets security and other policies e.g. throttling, forwards the request to Accessibility Logic service running in Kubernetes API-driven development with Kubernetes: benefits Putting API at the center of the development process to clearly separate app accessibility and app logic
Benefits of using API with Azure • Create API gateway and developer portal in minutes Kubernetes • Publish APIs easily for internal or external use API
• Manage, secure, optimize all your APIs in one place Management Portal Security, • Connect to back-end services anywhere governance, identity
Enabling technologies Developer • Broad support for technologies to fit your migration, Portal On-prem, modernization, transformation, and API needs cloud, or • Extensive infrastructure and services to simplify hybrid security, compliance, and standardization
• Refined management plane to ease the task of Gateway development and management • Support for multi-cloud and hybrid* Infrastructure automation
Accessibility Logic
*Map illustration represents existing and future availability for Azure. Map is not all-inclusive. Kubernetes Top scenarios Top scenarios for Kubernetes on Azure
Lift and shift Secure to containers Microservices DevOps
Cost saving Agility Automation without refactoring Faster application Deliver code faster and your app development securely at scale
Machine IoT Data learning streaming
Portability Performance Analytics Build once, Low latency Real-time data run anywhere processing collection and streaming Lift and shift to Microservices Secure Machine IoT Data containers DevOps learning streaming
App modernization without code changes
• Speed application deployments by using container technology Kubernetes cluster Existing Container • Defend against infrastructure application Registry CI/CD Modernized Modernized Modernized application application application failures with container orchestration
• Increase agility with continuous
integration and continuous Managed delivery Database Lift and shift to Microservices Secure Machine IoT Data containers DevOps learning streaming
App modernization without code changes
Capabilities
1. Use Azure Container Registry to store Virtual network container images and Helm charts for your modernized applications, replicated Active globally for low latency image serving Directory 2. Integrate AKS with Azure Pipelines or
other Kubernetes ecosystem tooling to Azure enable continuous integration/continuous Existing Container CI/CD Azure delivery (CI/CD) application Registry Pipelines Database AKS for MySQL 3. Enhance security with Azure Active Directory and RBAC to control access to AKS resources Lift and shift to Microservices Secure Machine IoT Data containers DevOps learning streaming
Microservices: for faster app development
Monolithic Microservices Large, all-inclusive app Small, independent services • Independent deployments APP APP APP
• Improved scale and resource utilization per service
• Smaller, focused teams Lift and shift to Microservices Secure Machine IoT Data containers DevOps learning streaming
Microservices for faster app development
Capabilities Azure AKS production cluster Inner loop Source Container Azure code control Registry Pods Monitor 1. Use Azure Dev Spaces to iteratively Dev AKS dev Spaces cluster develop, test, and debug microservices Test targeted for AKS clusters. 2. Azure Pipelines has native integration with Debug Helm and helps simplifying continuous Auto- build integration/continuous delivery (CI/CD) 3. Virtual node—a Virtual Kubelet Container instances implementation—allows fast scaling of services for unpredictable traffic. Pods 4. Azure Monitor provides a single pane of CI/CD Pipelines glass for monitoring over app telemetry, cluster-to-container level health analytics.
https://github.com/Microsoft/SmartHotel360- AKS-DevSpaces-Demo Lift and shift to Microservices Secure Machine IoT Data containers DevOps learning streaming
Secure DevOps
Source Build Release Kubernetes • Deliver code faster with code Pipelines Pipelines cluster
Kubernetes and CI/CD Continuous Continuous Deployment < / > Integration Delivery strategies • Accelerate the feedback loop with constant monitoring Monitor & logging • Balance speed and security with continuous security and deep Iterate Monitor traceability Lift and shift to Microservices Secure Machine IoT Data containers DevOps learning streaming
Inner loop Azure Azure AKS dev Monitor sample code { DevSpaces cluster Secure DevOps Testiterating.with.team // in one // isolated environment App Container Real-time Debug}> telemetry health log analytics Capabilities
1. Developers rapidly iterate, test, and debug different parts of an application together in the same Kubernetes cluster Azure AKS 2. Code is merged into a GitHub repository, after which Source Container production automated builds and tests are run by Azure Pipelines code control Registry cluster Azure Policy 3. Container image is pushed to Azure Container Registry
4. Kubernetes clusters are provisioned using tools like Terraform; Helm charts, installed by Terraform, define the desired state of Release 3 app resources and configurations Container image 5. Operators enforce policies to govern deployments to the v1 AKS cluster v2 6. Release pipeline automatically executes pre-defined deployment strategy with each code change
7. Policy enforcement and auditing is added to CI/CD pipeline CI/CDAzure AcceptDeny using Azure Policy Pipelines Helm chart Terraform
8. App telemetry, container health monitoring, and real-time
log analytics are obtained using Azure Monitor Release N321 9. Insights used to address issues and fed into next sprint plans Lift and shift to Microservices Secure Machine IoT Data containers DevOps learning streaming
Data scientist in a box
Algorithm
• Quick deployment and high availability GPU-enabled VMs
• Low latency data processing Training AKS trained AI model in data model production
Serve the • Consistent environment across model Data test, control and production Scientist
Compute
Developer
<\>
https://github.com/Azure/kubeflow-labs Lift and shift to Microservices Secure Machine IoT Data containers DevOps learning streaming
App developer Data scientist in a box
Query the model for AI Capabilities AKS features in app
1. Package ML model into a container and ML model in containers publish to Azure Container Registry 2. Azure Blob Storage hosts training data sets and trained model Azure Data Container 3. Use Kubeflow to deploy training job to scientist Registry AKS, distributed training job to AKS Serve the model in production includes Parameter servers and Worker Kubeflow Parameter Worker GPU-enabled nodes server node nodes VMS 4. Serve production model using Kubeflow, promoting a consistent environment Azure Blob across test, control and production Storage 5. AKS supports GPU enabled VM 6. Developer can build features querying the model running in AKS cluster https://github.com/Azure/kubeflow-labs Lift and shift to Microservices Secure Machine IoT Data containers DevOps learning streaming
IoT Edge Scalable Internet of Things solutions devices
• Portable code, runs anywhere
• Elastic scalability and manageability AKS IoT Edge • Quick deployment and high Connector IoT Hub availability
SQL Azure Database Database Cosmos DB for MySQL Lift and shift to Microservices Secure Machine IoT Data containers DevOps learning streaming
Scalable Internet of Things solutions
Decrypt Decompress Compress Send to Storage Encrypt Capabilities Send to Cloud
1. Azure IoT Edge encrypts data and send to Azure Azure IoT Edge Azure, which then decrypts the data and send to storage Kubernetes cluster 2. Virtual node, an implementation of Virtual Kubelet, serves as the translator Node Node Virtual node between cloud and Edge Docker Docker Docker Docker Docker IoT Edge container container container container containerscontainer Provider 3. IoT Edge Provider in virtual node redirects containers to IoT Edge and extend AKS cluster to target millions of edge devices
4. Consistent update, manage, and monitoring as one unit in AKS using single pod definition Lift and shift to Microservices Secure Machine IoT Data containers DevOps learning streaming
Data streaming Azure Cosmos DB AKS API IoT sensor Management Storage • Real-time data gathered and Apache streamed to AKS Kafka HDInsight
Analysis • Collected data analyzed and insights generated almost instantly
Database for Cache for • Data stored and available for PostgreSQL Redis deeper analysis by data scientists Lift and shift to Microservices Secure Machine IoT Data containers DevOps learning streaming
Data streaming API AKS Azure IoT sensor Management Cosmos DB
Ingest service Cold path
Capabilities Asynchronous Apache Kafka HDInsight Analysis 1. Sensor data is generated and streamed to Azure API CI/CD GitHub Pipelines ACR service
Management Service Mesh Hot path Processing 2. AKS cluster runs microservices that are deployed as Service Mesh Interface service containers behind a service mesh; containers are built using a DevOps process and stored in Azure Container Registry
3. Ingest service stores data in an Azure Cosmos DB Splunk 4. Asynchronously, the analysis service receives the data and streams it to Apache Kafka and Azure HDInsight Database for Cache for PostgreSQL Redis 5. Data scientists can analyze the big data for use in machine learning models using Splunk
6. Data is processed by the processing service, which stores the result in Azure Database for PostgreSQL and caches the data in an Azure Cache for Redis
7. A web app running in Azure App Service is used to visualize App Service the results