.svg)
.svg)
Containerization has taken the application development world by storm. Kubernetes has become the standard way of deploying new containerized distributed applications used by the largest enterprises in a wide range of industries for mission-critical tasks, it has become one of the biggest open-source success stories.
Although Google Cloud has been providing Kubernetes as a service since November 2014 (Note it started with a beta project), Microsoft with AKS (Azure Kubernetes Service) and Amazon with EKS (Elastic Kubernetes Service) have jumped on to the scene in the second half of 2017.
AWS had KOPS
Azure had Azure Container Service.
However, they were wrapper tools available prior to these services which would help a user create a Kubernetes cluster, but the management and the maintenance (like monitoring and upgrades) needed efforts.
With container demand growing, there is always a need in the market for storing and protecting the container images. Microsoft provides a Geo Replica featured private repository as a service named Azure Container Registry.
Azure Container Registry is a registry offering from Microsoft for hosting container images privately. It integrates well with orchestrators like Azure Container Service, including Docker Swarm, DC/OS, and the new Azure Kubernetes service. Moreover, ACR provides capabilities such as Azure Active Directory-based authentication, webhook support, and delete operations.
The coolest feature provided is Geo-Replication. This will create multiple copies of your image and distribute it across the globe and the container when spawned will have access to the image which is nearest.
Although Microsoft has good documentation on how to set up ACR in your Azure Subscription, we did encounter some issues and hence decided to write a blog on the precautions and steps required to configure the Registry in the correct manner.
Note: We tried this using a free trial account. You can setup it up by referring the following link:
Steps to install Azure CLI 2.0.23 or 2.0.25 (ubuntu 16.04 workstation):
| echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ wheezy main" | \ | |
| sudo tee /etc/apt/sources.list.d/azure-cli.list | |
| sudo apt-key adv --keyserver packages.microsoft.com --recv-keys 52E16F86FEE04B979B07E28DB02C46DF417A0893 | |
| sudo apt-get install apt-transport-httpssudo apt-get update && sudo apt-get install azure-cli | |
| Install a specific version: | |
| sudo apt install azure-cli=2.0.23-1 | |
| sudo apt install azure-cli=2.0.25.1 |
Steps for Container Registry Setup:
| az login --username --password |
| az group create --name <RESOURCE-GROUP-NAME> --location eastus | |
| Example : az group create --name acr-rg --location eastus |
| az acr create --resource-group <RESOURCE-GROUP-NAME> --name <CONTAINER-REGISTRY-NAME> --sku Basic --admin-enabled true | |
| Example : az acr create --resource-group acr-rg --name testacr --sku Basic --admin-enabled true |
Note: SKU defines the storage available for the registry for type Basic the storage available is 10GB, 1 WebHook and the billing amount is 11 Rs/day.
For detailed information on the different SKU available visit the following link
| az acr login --name <CONTAINER-REGISTRY-NAME> | |
| Example :az acr login --name testacr |
| FROM node:carbon | |
| # Create app directory | |
| WORKDIR /usr/src/app | |
| COPY package*.json ./ | |
| # RUN npm install | |
| EXPOSE 8080 | |
| CMD [ "npm", "start" ] |
| docker build -t <image-tag>:<software> | |
| Example :docker build -t base:node8 |
| az acr list --resource-group acr-rg --query "[].{acrLoginServer:loginServer}" --output table | |
| Output :testacr.azurecr.io |
Example:
| docker tag image-id testacr.azurecr.io/base:node8 |
Push the image to the Azure Container Registry:Example:
| docker push testacr.azurecr.io/base:node8 |
Microsoft does provide a GUI option to create the ACR.
Example:
| az acr repository list --name testacr --output table |
Example:
| az acr repository show-tags --name testacr --repository <name> --output table |
Example :
| containers:- | |
| name: demo | |
| image: testacr.azurecr.io/base:node8 |
Microsoft released the public preview of Managed Kubernetes for Azure Container Service (AKS) on October 24, 2017. This service simplifies the deployment, management, and operations of Kubernetes. It features an Azure-hosted control plane, automated upgrades, self-healing, easy scaling.
Similarly to Google AKE and Amazon EKS, this new service will allow access to the nodes only and the master will be managed by Cloud Provider. For more information visit the following link.
Let's now get our hands dirty and deploy an AKS infrastructure to play with:
| az provider register -n Microsoft.ContainerService |
Make sure you create a resource group under the following regions.
| eastus, westeurope, centralus, canadacentral, canadaeast | |
| az group create --name <RESOURCE-GROUP> --location eastus | |
| Example : az group create --name aks-rg --location eastus | |
| az aks create --resource-group <RESOURCE-GROUP-NAME> --name <CLUSTER-NAME> --node-count 2 --generate-ssh-keys | |
| Example : az aks create --resource-group aks-rg --name akscluster --node-count 2 --generate-ssh-keys |
Example with different arguments :
Create a Kubernetes cluster with a specific version.
| az aks create -g MyResourceGroup -n MyManagedCluster --kubernetes-version 1.8.1 |
Create a Kubernetes cluster with a larger node pool.
| az aks create -g MyResourceGroup -n MyManagedCluster --node-count 7 |
Install the Kubectl CLI :
To connect to the kubernetes cluster from the client computer Kubectl command line client is required.
| sudo az aks install-cli |
Note: If you're using Azure CloudShell, kubectl is already installed. If you want to install it locally, run the above command:
| az aks get-credentials --resource-group=<RESOURCE-GROUP-NAME> --name=<CLUSTER-NAME> |
Example :
| az aks get-credentials --resource-group=aks-rg --name=akscluster |
| kubectl get nodes -o wide |
We had encountered a few issues while setting up the AKS cluster at the time of writing this blog. Listing them along with the workaround/fix:
| az aks create --resource-group aks-rg --name akscluster --node-count 2 --generate-ssh-keys |
Error: Operation failed with status: 'Bad Request'.
Details: Resource provider registrations Microsoft.Compute, Microsoft.Storage, Microsoft.Network are needed we need to enable them.
Fix: If you are using the trial account, click on subscriptions and check whether the following providers are registered or not :
Error: We had encountered the following mentioned open issues at the time of writing this blog.
Microsoft provides a solution template which will install the latest stable Jenkins version on a Linux (Ubuntu 14.04 LTS) VM along with tools and plugins configured to work with Azure. This includes:
Refer the below link to bring up the Instance:
What the pipeline accomplishes :
Stage 1:
The code gets pushed in the Github. The Jenkins job gets triggered automatically. The Dockerfile is checked out from Github.
Stage 2:
Docker builds an image from the Dockerfile and then the image is tagged with the build number.Additionally, the latest tag is also attached to the image for the containers to use.
Stage 3:
We have default deployment and service YAML files stored on the Jenkins server. Jenkins makes a copy of the default YAML files, make the necessary changes according to the build and put them in a separate folder.
Stage 4:
kubectl was initially configured at the time of setting up AKS on the Jenkins server. The YAML files are fed to the kubectl util which in turn creates pods and services.
Sample Jenkins pipeline code :
| node { | |
| // Mark the code checkout 'stage'.... | |
| stage('Checkout the dockefile from GitHub') { | |
| git branch: 'docker-file', credentialsId: 'git_credentials', url: 'https://gitlab.com/demo.git' | |
| } | |
| // Build and Deploy to ACR 'stage'... | |
| stage('Build the Image and Push to Azure Container Registry') { | |
| app = docker.build('testacr.azurecr.io/demo') | |
| withDockerRegistry([credentialsId: 'acr_credentials', url: 'https://testacr.azurecr.io']) { | |
| app.push("${env.BUILD_NUMBER}") | |
| app.push('latest') | |
| } | |
| } | |
| stage('Build the Kubernetes YAML Files for New App') { | |
| <The code here will differ depending on the YAMLs used for the application> | |
| } | |
| stage('Delpoying the App on Azure Kubernetes Service') { | |
| app = docker.image('testacr.azurecr.io/demo:latest') | |
| withDockerRegistry([credentialsId: 'acr_credentials', url: 'https://testacr.azurecr.io']) { | |
| app.pull() | |
| sh "kubectl create -f ." | |
| } | |
| } | |
| } |
Did you like the blog? If yes, we're sure you'll also like to work with the people who write them - our best-in-class engineering team.
We're looking for talented developers who are passionate about new emerging technologies. If that's you, get in touch with us.
Containerization has taken the application development world by storm. Kubernetes has become the standard way of deploying new containerized distributed applications used by the largest enterprises in a wide range of industries for mission-critical tasks, it has become one of the biggest open-source success stories.
Although Google Cloud has been providing Kubernetes as a service since November 2014 (Note it started with a beta project), Microsoft with AKS (Azure Kubernetes Service) and Amazon with EKS (Elastic Kubernetes Service) have jumped on to the scene in the second half of 2017.
AWS had KOPS
Azure had Azure Container Service.
However, they were wrapper tools available prior to these services which would help a user create a Kubernetes cluster, but the management and the maintenance (like monitoring and upgrades) needed efforts.
With container demand growing, there is always a need in the market for storing and protecting the container images. Microsoft provides a Geo Replica featured private repository as a service named Azure Container Registry.
Azure Container Registry is a registry offering from Microsoft for hosting container images privately. It integrates well with orchestrators like Azure Container Service, including Docker Swarm, DC/OS, and the new Azure Kubernetes service. Moreover, ACR provides capabilities such as Azure Active Directory-based authentication, webhook support, and delete operations.
The coolest feature provided is Geo-Replication. This will create multiple copies of your image and distribute it across the globe and the container when spawned will have access to the image which is nearest.
Although Microsoft has good documentation on how to set up ACR in your Azure Subscription, we did encounter some issues and hence decided to write a blog on the precautions and steps required to configure the Registry in the correct manner.
Note: We tried this using a free trial account. You can setup it up by referring the following link:
Steps to install Azure CLI 2.0.23 or 2.0.25 (ubuntu 16.04 workstation):
| echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ wheezy main" | \ | |
| sudo tee /etc/apt/sources.list.d/azure-cli.list | |
| sudo apt-key adv --keyserver packages.microsoft.com --recv-keys 52E16F86FEE04B979B07E28DB02C46DF417A0893 | |
| sudo apt-get install apt-transport-httpssudo apt-get update && sudo apt-get install azure-cli | |
| Install a specific version: | |
| sudo apt install azure-cli=2.0.23-1 | |
| sudo apt install azure-cli=2.0.25.1 |
Steps for Container Registry Setup:
| az login --username --password |
| az group create --name <RESOURCE-GROUP-NAME> --location eastus | |
| Example : az group create --name acr-rg --location eastus |
| az acr create --resource-group <RESOURCE-GROUP-NAME> --name <CONTAINER-REGISTRY-NAME> --sku Basic --admin-enabled true | |
| Example : az acr create --resource-group acr-rg --name testacr --sku Basic --admin-enabled true |
Note: SKU defines the storage available for the registry for type Basic the storage available is 10GB, 1 WebHook and the billing amount is 11 Rs/day.
For detailed information on the different SKU available visit the following link
| az acr login --name <CONTAINER-REGISTRY-NAME> | |
| Example :az acr login --name testacr |
| FROM node:carbon | |
| # Create app directory | |
| WORKDIR /usr/src/app | |
| COPY package*.json ./ | |
| # RUN npm install | |
| EXPOSE 8080 | |
| CMD [ "npm", "start" ] |
| docker build -t <image-tag>:<software> | |
| Example :docker build -t base:node8 |
| az acr list --resource-group acr-rg --query "[].{acrLoginServer:loginServer}" --output table | |
| Output :testacr.azurecr.io |
Example:
| docker tag image-id testacr.azurecr.io/base:node8 |
Push the image to the Azure Container Registry:Example:
| docker push testacr.azurecr.io/base:node8 |
Microsoft does provide a GUI option to create the ACR.
Example:
| az acr repository list --name testacr --output table |
Example:
| az acr repository show-tags --name testacr --repository <name> --output table |
Example :
| containers:- | |
| name: demo | |
| image: testacr.azurecr.io/base:node8 |
Microsoft released the public preview of Managed Kubernetes for Azure Container Service (AKS) on October 24, 2017. This service simplifies the deployment, management, and operations of Kubernetes. It features an Azure-hosted control plane, automated upgrades, self-healing, easy scaling.
Similarly to Google AKE and Amazon EKS, this new service will allow access to the nodes only and the master will be managed by Cloud Provider. For more information visit the following link.
Let's now get our hands dirty and deploy an AKS infrastructure to play with:
| az provider register -n Microsoft.ContainerService |
Make sure you create a resource group under the following regions.
| eastus, westeurope, centralus, canadacentral, canadaeast | |
| az group create --name <RESOURCE-GROUP> --location eastus | |
| Example : az group create --name aks-rg --location eastus | |
| az aks create --resource-group <RESOURCE-GROUP-NAME> --name <CLUSTER-NAME> --node-count 2 --generate-ssh-keys | |
| Example : az aks create --resource-group aks-rg --name akscluster --node-count 2 --generate-ssh-keys |
Example with different arguments :
Create a Kubernetes cluster with a specific version.
| az aks create -g MyResourceGroup -n MyManagedCluster --kubernetes-version 1.8.1 |
Create a Kubernetes cluster with a larger node pool.
| az aks create -g MyResourceGroup -n MyManagedCluster --node-count 7 |
Install the Kubectl CLI :
To connect to the kubernetes cluster from the client computer Kubectl command line client is required.
| sudo az aks install-cli |
Note: If you're using Azure CloudShell, kubectl is already installed. If you want to install it locally, run the above command:
| az aks get-credentials --resource-group=<RESOURCE-GROUP-NAME> --name=<CLUSTER-NAME> |
Example :
| az aks get-credentials --resource-group=aks-rg --name=akscluster |
| kubectl get nodes -o wide |
We had encountered a few issues while setting up the AKS cluster at the time of writing this blog. Listing them along with the workaround/fix:
| az aks create --resource-group aks-rg --name akscluster --node-count 2 --generate-ssh-keys |
Error: Operation failed with status: 'Bad Request'.
Details: Resource provider registrations Microsoft.Compute, Microsoft.Storage, Microsoft.Network are needed we need to enable them.
Fix: If you are using the trial account, click on subscriptions and check whether the following providers are registered or not :
Error: We had encountered the following mentioned open issues at the time of writing this blog.
Microsoft provides a solution template which will install the latest stable Jenkins version on a Linux (Ubuntu 14.04 LTS) VM along with tools and plugins configured to work with Azure. This includes:
Refer the below link to bring up the Instance:
What the pipeline accomplishes :
Stage 1:
The code gets pushed in the Github. The Jenkins job gets triggered automatically. The Dockerfile is checked out from Github.
Stage 2:
Docker builds an image from the Dockerfile and then the image is tagged with the build number.Additionally, the latest tag is also attached to the image for the containers to use.
Stage 3:
We have default deployment and service YAML files stored on the Jenkins server. Jenkins makes a copy of the default YAML files, make the necessary changes according to the build and put them in a separate folder.
Stage 4:
kubectl was initially configured at the time of setting up AKS on the Jenkins server. The YAML files are fed to the kubectl util which in turn creates pods and services.
Sample Jenkins pipeline code :
| node { | |
| // Mark the code checkout 'stage'.... | |
| stage('Checkout the dockefile from GitHub') { | |
| git branch: 'docker-file', credentialsId: 'git_credentials', url: 'https://gitlab.com/demo.git' | |
| } | |
| // Build and Deploy to ACR 'stage'... | |
| stage('Build the Image and Push to Azure Container Registry') { | |
| app = docker.build('testacr.azurecr.io/demo') | |
| withDockerRegistry([credentialsId: 'acr_credentials', url: 'https://testacr.azurecr.io']) { | |
| app.push("${env.BUILD_NUMBER}") | |
| app.push('latest') | |
| } | |
| } | |
| stage('Build the Kubernetes YAML Files for New App') { | |
| <The code here will differ depending on the YAMLs used for the application> | |
| } | |
| stage('Delpoying the App on Azure Kubernetes Service') { | |
| app = docker.image('testacr.azurecr.io/demo:latest') | |
| withDockerRegistry([credentialsId: 'acr_credentials', url: 'https://testacr.azurecr.io']) { | |
| app.pull() | |
| sh "kubectl create -f ." | |
| } | |
| } | |
| } |
.svg)
.svg)
