Azure Kubernetes Service (AKS) & Its Industrial Uses Case

What is Azure ?

Azure is a Cloud computing platform and an online portal that allows you to access and manage cloud services and resources provided by Microsoft. These services and resources include storing your data and transforming it, depending on your requirements. To get access to these resources and services, all you need to have is an active internet connection and the ability to connect to the Azure portal.

Azure provides more than 200 services, are divided into 18 categories. These categories include computing, networking, storage, IoT, migration, mobile, analytics, containers, artificial intelligence, and other machine learning, integration, management tools, developer tools, security, databases, DevOps, media identity, and web services. 

What Azure provides?

Services provided by the Azure are -

• Application development: You can create any web application in Azure.
• Testing: After developing an application successfully on the platform, you can test it.
• Application hosting: Once the testing is done, Azure can help you host the application.
• Create virtual machines: You can create virtual machines in any configuration you want with the help of Azure. 
• Integrate and sync features: Azure lets you integrate and sync virtual devices and directories. 
• Collect and store metrics: Azure lets you collect and store metrics, which can help you find what works. 
• Virtual hard drives: These are extensions of the virtual machines; they provide a huge amount of data storage.

What is Kubernetes?

Kubernetes is open-source orchestration software for deploying, managing and scaling containers . It is a portable, extensible & open-source platform for managing containerized workloads and services, that facilitates both declarative configuration and automation. It has a large, rapidly growing ecosystem. Kubernetes services, support, and tools are widely available.

Containers are a good way to bundle and run applications. In a production environment, you need to manage the containers that run the applications and ensure that there is no downtime. For example, if a container goes down, another container needs to start. Wouldn't it be easier if this behavior was handled by a system?

That's how Kubernetes comes to the rescue! Kubernetes provides you with a framework to run distributed systems resiliently. It takes care of scaling and failover for your application, provides deployment patterns, and more. For example, Kubernetes can easily manage a canary deployment for your system.

Kubernetes provides you with:

• Service discovery and load balancing Kubernetes can expose a container using the DNS name or using their own IP address. If traffic to a container is high, Kubernetes is able to load balance and distribute the network traffic so that the deployment is stable.
• Storage orchestration Kubernetes allows you to automatically mount a storage system of your choice, such as local storages, public cloud providers, and more.
• Automated rollouts and rollbacks You can describe the desired state for your deployed containers using Kubernetes, and it can change the actual state to the desired state at a controlled rate.
• Automatic bin packing You provide Kubernetes with a cluster of nodes that it can use to run containerized tasks. You tell Kubernetes how much CPU and memory (RAM) each container needs. Kubernetes can fit containers onto your nodes to make the best use of your resources.
• Self-healing Kubernetes restarts containers that fail, replaces containers, kills containers that don't respond to your user-defined health check, and doesn't advertise them to clients until they are ready to serve.
• Secret and configuration management Kubernetes lets you store and manage sensitive information, such as passwords, OAuth tokens, and SSH keys. You can deploy and update secrets and application configuration without rebuilding your container images, and without exposing secrets in your stack configuration.

Kubernetes cluster architecture

A Kubernetes cluster is divided into two components:

• The Control plane provides the core Kubernetes services and orchestration of application workloads.
• Nodes which run your application workloads.

Azure Kubernetes Service (AKS)

Azure Kubernetes Service (AKS) simplifies deploying a managed Kubernetes cluster in Azure by offloading much of the complexity and operational overhead to Azure. As a hosted Kubernetes service, Azure handles critical tasks for you, like health monitoring and maintenance.

Since the Kubernetes masters are managed by Azure, you only manage and maintain the agent nodes. Thus, as a managed Kubernetes service, AKS is free , you only pay for the agent nodes within your clusters, not for the masters.

You can create an AKS cluster using the Azure portal, the Azure CLI, Azure PowerShell, or using template-driven deployment options, such as Resource Manager templates and Terraform. When you deploy an AKS cluster, the Kubernetes master and all nodes are deployed and configured for you. Additional features such as advanced networking, Azure Active Directory integration, and monitoring can also be configured during the deployment process. Windows Server containers are supported in AKS.

Feature & Services Provided by the AKS

Access, security, and monitoring

For improved security and management, AKS lets you integrate with Azure Active Directory (Azure AD) and -

• Use Kubernetes role-based access control (Kubernetes RBAC).
• Monitor the health of your cluster and resources.

Identity and security management

• To limit access to cluster resources, AKS supports Kubernetes RBAC . Kubernetes RBAC lets you control access and permissions to Kubernetes resources and namespaces.
• You can also configure an AKS cluster to integrate with Azure AD. With Azure AD integration, you can configure Kubernetes access based on existing identity and group membership.

Integrated logging and monitoring

• Azure Monitor for Container Health collects memory and processor performance metrics from containers, nodes, and controllers within your AKS cluster and deployed applications. You can review both the container logs and the kubernetes master logs.
• This monitoring data is stored in an Azure Log Analytics workspace and is available through the Azure portal, Azure CLI, or a REST endpoint.

Clusters and nodes

• AKS nodes run on Azure virtual machines (VMs). With AKS nodes, you can connect storage to nodes and pods, upgrade cluster components, and use GPUs. AKS supports Kubernetes clusters that run multiple node pools to support mixed operating systems and Windows Server containers.

Cluster node and pod scaling

• As demand for resources change, the number of cluster nodes or pods that run your services can automatically scale up or down. You can use both the horizontal pod autoscaler or the cluster autoscaler. This approach to scaling lets the AKS cluster automatically adjust to demands and only run the resources needed.

Cluster node upgrades

• AKS offers multiple Kubernetes versions. As new versions become available in AKS, your cluster can be upgraded using the Azure portal or Azure CLI. During the upgrade process, nodes are carefully cordoned and drained to minimize disruption to running applications.

GPU-enabled nodes

• AKS supports the creation of GPU-enabled node pools. Azure currently provides single or multiple GPU-enabled VMs. GPU-enabled VMs are designed for compute-intensive, graphics-intensive, and visualization workloads.

Confidential computing nodes (public preview)

• AKS supports the creation of Intel SGX-based, confidential computing node pools (DCSv2 VMs). Confidential computing nodes allow containers to run in a hardware-based, trusted execution environment (enclaves).
• Isolation between containers, combined with code integrity through attestation, can help with your defense-in-depth container security strategy. Confidential computing nodes support both confidential containers (existing Docker apps) and enclave-aware containers.

Storage volume support

• To support application workloads, you can mount storage volumes for persistent data. You can use both static and dynamic volumes.
• Depending on the number of connected pods expected to share the storage volumes, you can use storage backed by either Azure Disks for single pod access, or Azure Files for multiple concurrent pod access.

Virtual networks and ingress

• An AKS cluster can be deployed into an existing virtual network. In this configuration, every pod in the cluster is assigned an IP address in the virtual network, and can directly communicate with other pods in the cluster and other nodes in the virtual network.
• Pods can also connect to other services in a peered virtual network and to on-premises networks over ExpressRoute or site-to-site (S2S) VPN connections.

Ingress with HTTP application routing

• The HTTP application routing add-on makes it easy to access applications deployed to your AKS cluster. When enabled, the HTTP application routing solution configures an ingress controller in your AKS cluster.
• As applications are deployed, publicly accessible DNS names are autoconfigured. The HTTP application routing sets up a DNS zone and integrates it with the AKS cluster. You can then deploy Kubernetes ingress resources as normal.

AKS Development tooling integration

• Kubernetes has a rich ecosystem of development and management tools that work seamlessly with AKS. These tools include Helm and the Kubernetes extension for Visual Studio Code. These tools work seamlessly with AKS.
• Additionally, Azure provides several tools that help streamline Kubernetes, such as DevOps Starter.
• DevOps Starter provides a simple solution for bringing existing code and Git repositories into Azure. DevOps Starter automatically:

?Creates Azure resources (such as AKS);

?Configures a release pipeline in Azure DevOps Services that includes a build pipeline for CI;

?Sets up a release pipeline for CD; and,

?Generates an Azure Application Insights resource for monitoring.

Case Study of Wind river:

• Wind River Cloud Platform combines a full cloud-native, Kubernetes, and container-based architecture with the ability to manage a physically and geographically separated infrastructure for vRAN and core data center sites.

• Reducing service providers’ operational burden and costs, the platform delivers single-pane-of-glass, zero-touch automated management of thousands of nodes.
• Cloud Platform is a commercially supported version of StarlingX and lends itself to demanding 5G use cases applicable across mission-critical industries.

Wind River has been a long-standing contributor to open source projects. We are excited to have Wind River as a member of CNCF and we look forward to their contributions and collaboration to drive container technology to the edge,” said Dan Kohn, executive director of Cloud Native Computing Foundation. “With Wind River Cloud Platform, Wind River is helping to further advance technologies such as Kubernetes at the edge.”

Wind River has for decades provided a backbone for global telecommunications infrastructure, with offerings used by all top telecommunications equipment manufacturers (TEMs).

The company is a leader in the early 5G landscape, powering the majority of 5G RAN deployments. Now with Cloud Platform, Wind River can deliver, directly to service providers, one of the industry’s most advanced cloud-native distributed infrastructure solutions for 5G vRAN network deployment.

Cloud Platform is a commercial implementation of the StarlingX open source project. StarlingX is a container-based cloud infrastructure software stack for edge implementations that demand ultra-low latency.