We are looking into migrating all our company services to Kubernetes. Since it seems to be pretty straight forward to setup I was looking into Azure Kubernetes Service.
Out of curiosity and with certain privacy issues in mind, I was wondering if it is possible to add self-hosted nodes to the Azure Kubernetes cluster and if so, how to do it.
No. All nodes in the cluster must run in Azure and are managed by the AKS service, though they reside in your subscription.
Related
I've been working with EKS and GKE and in both places they have a formal, streamlined manner of ensuring a pod comes up with the necessary credentials for a "role" in the cloud's rbac system (IAM Role for AWS, Service Account in GCP) via K8's native service accounts. This makes integration with other of the host cloud's services quite easy. I'm now trying to do the same in AKS but I don't see any such integration for their respective rbac. Am I missing something badly? How do you do it?
If one is running Docker Enterprise with Kubernetes in an on-premises private cloud, is it possible to add clusters in a public cloud like Azure?
On GCP, Anthos is a candidate.
You may have a look on their architecture and see if it fits your needs.
Anthos is advertised in most of the GCP architecture courses and offers integration between GKE and both on-prem(the on-prem cluster must meet some prerequisites or you can use the version provided by Google) and AWS Kubernetes clusters.
Istio is a service mesh and if I understood correctly your requirements, the multiple clusters and multiple networks models could be used.
why don't use rancher for that , you can manage on-premise and GKE AKS EKS or cluster installed in ec2.
it's a great tool for that
This is where Azure Arc can help you to achieve this requirement. However it is in preview stage as of now, i hope soon it will be generally available.
From the DOCS,
You can attach and configure Kubernetes clusters inside or outside of
Azure by using Azure Arc-enabled Kubernetes Preview. When a Kubernetes
cluster is attached to Azure Arc, it will appear in the Azure portal.
It will have an Azure Resource Manager ID and a managed identity.
Clusters are attached to standard Azure subscriptions, are located in
a resource group, and can receive tags just like any other Azure
resource.
cluster API under kubernetes SIG is an open source project which provides declarative APIs and tooling to simplify provisioning, upgrading, and operating multiple Kubernetes clusters.
Cluster API can be extended to support any infrastructure provider (AWS, Azure, vSphere, etc.) or bootstrap provider (kubeadm is default) you need. There is a growing list of supported providers available.
You can use cluster API and build your own custom management plane based on cluster API if vendor provided software is not an option for you.
If you are looking for a vendor provided management plane which can be hosted on prem and can manager life cycle of a on prem kubernetes cluster as well as a cluster on any public cloud provider such as AWS, GCP, Azure then Tanzu Mission Control from VMware is an option. Internally it uses cluster API.
Personally I would not use Anthos or Arc because they seem to be a way to get locked into a specific vendor
I know with Azure Kubernetes service we can use managed identities to access azure resources like keyvaults. But i'm trying to learn if same procedure can be applied to a kubernetes cluster which is hosted on azure. My aim is to have kubernetes cluster in azure with 2 worker and 2 controller nodes but pods residing on those nodes should access azure keyvault with managed identity method similar to AKS. Is there anyway we can do it without coding in application?
I understand the scope of this question is big but it is really helpful if somebody provide any high level steps ?
thanks,
Santosh
That's totally possible. AAD Pod identities rely on AAD (Azure Active Directory) and its permissions.
At the end AKS will have an infrastructure behind the scenes. So if you plan to not use AKS but install a cluster by yourself, for example with AKS engine, you can use AAD Pod Identities / Managed Instances.
All you need is that those machines reside in "Azure" and rely on what is called Azure Instance Metadata Service (IMDS). Even you can enroll new machine instances coming outside from Azure with the project ARC. Anyway I cannot talk about it with Managed instances since I have not used it, anyway it should follow a similar pattern.
Here you have a good article that explains AAD Pod identities:
https://itnext.io/the-right-way-of-accessing-azure-services-from-inside-your-azure-kubernetes-cluster-14a335767680
I'm new to azure service fabric, and tried to setup one using a free trial account in azure. I created a service fabric cluster with a single node. Then I created an app in my local machine with one Stateless Web Service and a Stateful .NET Core Service. In my local machine, I can get everything working, but when I tried deploying it to azure, all stateless services are not working. I say this because, whenever I created an app with only a stateful service in there, it's still not working in azure.
The stateful service app as I monitored it from the Service Fabric Explorer it gives a warning as below image:
and after a warning, it will then turn into an error with the following message:
I tried finding solutions online but I found nothing. I read some articles saying that It could be a disk storage problem, but I don't know how to resolve this because in a Free Trial account, I think you have a limited storage.
Please help. Thanks.
What's the VM SKU of your cluster? Did you setup your cluster?
Go to your cluster via the azure portal, the name of the VMScale set would be the same name as with your cluster's node. Go to the VM Scaleset and check the SIZE in the overview. You might need to change / upscale your VM Scaleset
What is the best way to scale docker based application services in azure. In AWS I know we can use container service. Currently I am using Cloud Service on azure, which enables easy scaling. There is also Service Fabric which looks better than cloud service. But when I use docker how can I scale them to multiple VMs?
Take a look at Azure VM Scale Sets, this allows easy integration with Azure autoscale. See https://azure.microsoft.com/en-us/blog/azure-vm-scale-sets-public-preview/
A couple of additional things worth tracking..
1) The upcoming preview of Azure Container Service, see announcement: https://azure.microsoft.com/en-us/blog/azure-container-service-now-and-the-future/
2) The Mesos Cluster with Marathon and Swarm solution in Azure Quickstart Templates: https://github.com/Azure/azure-quickstart-templates/tree/master/mesos-swarm-marathon
Microsoft have just announced the Azure Container Service which provides Mesos or Swarm orchestration
Launch blog https://azure.microsoft.com/en-us/blog/azure-container-service-preview/
Service home page https://azure.microsoft.com/en-us/documentation/articles/acs-intro/
For scaling plain Docker containers in Azure you can use ACS (Azure Container Service) with Docker Swarm or Mesos DC/OS underneath.
Another option is to use Azure Service Fabric which its version for Linux uses Docker, too. In regards SF for Windows, it will have Docker pretty soon using Windows Docker containers.
Service Fabric goes further (it is not just orchestration of containers for scaling) as it provides application platform and prescriptive frameworks like Stateful services, Reliable Collections and Actor Framework.