Industry use cases of Azure Kubernetes Service
Ajeenkya S.
Jr. Soft Engg @Cognizant, EDI-Maps Developer, 2X OCI, 1xAWS Certified, 1X Aviatrix Certified, AT&T Summer Learning Academy Extern, LW summer Research Intern, ARTH Learner, 1X Gitlab Certified Associate, ARTH 2.0 LW_TV
Kubernetes is a portable, extensible, open-source platform for managing containerized workloads and services, that facilitates both declarative configuration and automation. It has a large, rapidly growing ecosystem. Kubernetes services, support, and tools are widely available. Since containers are a better way to bundle and run the application, in a production environment, you need to manage the containers that run the applications and ensure that there is no downtime. Kubernetes provides you with a framework to run distributed systems resiliently. It takes care of scaling and failover for your application, provides deployment patterns, and more. For example, Kubernetes can easily manage a canary deployment for your system. Kubernetes also provides you:
- Service discovery and load balancing Kubernetes can expose a container using the DNS name or using their own IP address. If traffic to a container is high, Kubernetes is able to load balance and distribute the network traffic so that the deployment is stable.
- Storage orchestration Kubernetes allows you to automatically mount a storage system of your choice, such as local storages, public cloud providers, and more.
- Automated rollouts and rollbacks You can describe the desired state for your deployed containers using Kubernetes, and it can change the actual state to the desired state at a controlled rate. For example, you can automate Kubernetes to create new containers for your deployment, remove existing containers and adopt all their resources to the new container.
- Automatic bin packing You provide Kubernetes with a cluster of nodes that it can use to run containerized tasks. You tell Kubernetes how much CPU and memory (RAM) each container needs. Kubernetes can fit containers onto your nodes to make the best use of your resources.
- Self-healing Kubernetes restarts containers that fail, replaces containers, kills containers that don't respond to your user-defined health check, and doesn't advertise them to clients until they are ready to serve.
- Secret and configuration management Kubernetes lets you store and manage sensitive information, such as passwords, OAuth tokens, and SSH keys. You can deploy and update secrets and application configuration without rebuilding your container images, and without exposing secrets in your stack configuration.
What is AKS ?
Azure Kubernetes Service (AKS) simplifies deploying a managed Kubernetes cluster in Azure by offloading much of the complexity and operational overhead to Azure. As a hosted Kubernetes service, Azure handles critical tasks for you, like health monitoring and maintenance. Since, the Kubernetes masters are managed by Azure, you only manage and maintain the agent nodes. Thus, as a managed Kubernetes service, AKS is free, you only pay for the agent nodes within your clusters, not for the masters.
we can create an AKS cluster using the Azure portal, the Azure CLI, Azure PowerShell, or using template-driven deployment options, such as Resource Manager templates and Terraform. When you deploy an AKS cluster, the Kubernetes master and all nodes are deployed and configured for you. Additional features such as advanced networking, Azure Active Directory integration, and monitoring can also be configured during the deployment process. Windows Server containers are supported in AKS.
Features and Functions of AKS :-
- Access, security, and monitoring: For improved security and management, AKS lets you integrate with Azure Active Directory (Azure AD) and,
- Use Kubernetes role-based access control (Kubernetes RBAC)
- Monitor the health of your cluster and resources
- Identity and security management: To limit access to cluster resources, AKS supports Kubernetes RBAC. Kubernetes RBAC lets you control access and permissions to Kubernetes resources and namespaces. You can also configure an AKS cluster to integrate with Azure AD. With Azure AD integration, you can configure Kubernetes access based on existing identity and group membership. Your existing Azure AD users and groups can be provided with an integrated sign-on experience and access to AKS resources.
- Integrated logging and monitoring: Azure Monitor for Container Health collects memory and processor performance metrics from containers, nodes, and controllers within your AKS cluster and deployed applications.
- Clusters and nodes: AKS nodes run on Azure virtual machines (VMs). With AKS nodes, you can connect storage to nodes and pods, upgrade cluster components, and use GPUs. AKS supports Kubernetes clusters that run multiple node pools to support mixed operating systems and Windows Server containers.
- Cluster node and pod scaling: As demand for resources change, the number of cluster nodes or pods that run your services can automatically scale up or down. You can use both the horizontal pod autoscaler or the cluster autoscaler. This approach to scaling lets the AKS cluster automatically adjust to demands and only run the resources needed.
- Custer node upgrades: AKS offers multiple Kubernetes versions. As new versions become available in AKS, your cluster can be upgraded using the Azure portal or Azure CLI. During the upgrade process, nodes are carefully cordoned and drained to minimize disruption to running applications.
- GPU enabled nodes: AKS supports the creation of GPU-enabled node pools. Azure currently provides single or multiple GPU-enabled VMs. GPU-enabled VMs are designed for compute-intensive, graphics-intensive, and visualization workloads.
- Confidential computing nodes (public preview): AKS supports the creation of Intel SGX-based, confidential computing node pools (DCSv2 VMs). Confidential computing nodes allow containers to run in a hardware-based, trusted execution environment (enclaves). Isolation between containers, combined with code integrity through attestation, can help with your defense-in-depth container security strategy. Confidential computing nodes support both confidential containers (existing Docker apps) and enclave-aware containers.
- Storage volume support: To support application workloads, you can mount storage volumes for persistent data. You can use both static and dynamic volumes. Depending on the number of connected pods expected to share the storage volumes, you can use storage backed by either Azure Disks for single pod access, or Azure Files for multiple concurrent pod access.
- Virtual networks and ingress: An AKS cluster can be deployed into an existing virtual network. In this configuration, every pod in the cluster is assigned an IP address in the virtual network, and can directly communicate with other pods in the cluster and other nodes in the virtual network. Pods can also connect to other services in a peered virtual network and to on-premises networks over ExpressRoute or site-to-site (S2S) VPN connections.
- Ingress with HTTP application routing: The HTTP application routing add-on makes it easy to access applications deployed to your AKS cluster. When enabled, the HTTP application routing solution configures an ingress controller in your AKS cluster. As applications are deployed, publicly accessible DNS names are autoconfigured. The HTTP application routing sets up a DNS zone and integrates it with the AKS cluster. You can then deploy Kubernetes ingress resources as normal.
- Development tooling integration: Kubernetes has a rich ecosystem of development and management tools that work seamlessly with AKS. These tools include Helm and the Kubernetes extension for Visual Studio Code. These tools work seamlessly with AKS. Azure provides several tools that help streamline Kubernetes, such as DevOps Starter. DevOps Starter provides a simple solution for bringing existing code and Git repositories into Azure. DevOps Starter automatically:
- Creates Azure resources (such as AKS)
- Configures a release pipeline in Azure DevOps Services that includes a build pipeline for CI
- Sets up a release pipeline for CD
- Generates an Azure Application Insights resource for monitoring
- Docker image support and private container registry: AKS supports the Docker image format. For private storage of your Docker images, you can integrate AKS with Azure Container Registry (ACR).
- Kubernetes certification: AKS has been CNCF-certified as Kubernetes conformant.
Industries Use cases of AKS:
We'll now study how Industries are using Azure Kubernetes Services:
> Maersk:
It’s the biggest container-shipping company in the world. Shipping is a physical activity, but the company decided to make its operations digital.
As part of its digital transformation efforts, shipping giant Maersk needed to streamline IT operations and optimize the value of its IT resources. Maersk adopted Microsoft Azure, migrated key workloads to the cloud, and modernized its open-source software, which included the adoption of Kubernetes on Azure. Maersk software engineers now spend less time on container software management and more time on innovation and value-added projects. The resulting business value is savings on resource costs, faster solution delivery time, and the ability to attract expert IT talent.
- Empowering people to put the cloud to work:
Traditionally, Maersk has used its own datacenters and added IT resources to them when it needed to handle large IT projects. To foster ongoing digital transformation, the company is shifting to a hybrid approach, identifying beneficial projects to run in the cloud. Maersk wants a strategic switch and having a cloud provider manage many core tasks, such as maintaining and provisioning hardware and software, so our IT engineers can focus on innovation.
Maersk is using an open-source software which plays a key role in the company’s digital transformation strategy. They appreciate the concepts of community sharing and community contribution in open source. It speeds the evolution of technology. The company want to make it a practice to choose the technology that avoids overengineering, whether it’s cloud, proprietary, or a particular programming language.
As, Microsoft fully supports open-source software in the sense that the Microsoft Azure platform works well with whatever development and architecture tools Maersk needs. Because the tools were fundamentally open-source software technologies, they(Maersk) don’t have to wait on any provider to develop solutions that the software community needs. Specifically, Maersk handles key workloads using Ansible, Cloudera, Jenkins, Java, Node.js, Eclipse, multiple Linux distributions ranging from Red Hat Enterprise Linux to Ubuntu, and high-performance computing, among others.
- Implementing a container strategy:
As part of its overall cloud migration strategy, Maersk chose Azure Kubernetes Service (AKS) to handle the automation and management of its containerized applications. (A containerized application is portable runtime software that is packaged with the dependencies and configuration files it needs in order to run, all in one place.) AKS fully supports the dynamic application environment in Maersk without requiring orchestration expertise.
The company uses AKS to help set up, upgrade, and scale resources as needed, without taking its critical applications offline. The company wants to focus on using containers as a way to package and run our code in the cloud, not focus on the software required to construct and run the containers and using Kubernetes on Azure satisfies the objectives for efficient software development. It aligns well with our digital plans and our choice of open-source solutions for specific programming languages.
Additionally, Maersk chose Azure over other cloud platforms because Azure offers a wider variety of available services and global scalability that supports the number and type of tasks the company wants to undertake.
- Freeing talent to create:
It is important for Maersk to deploy IT engineers more effectively that's why they want engineers to be an active part of our new way of working, which means spending their time and effort where it makes the most business impact. As per Maersk, Azure gives engineers freedom. Software developers have had enough of servers. They want to create. And we want them to. Combining advanced technology with this mindset also helps Maersk better attract talented engineers who value innovation and the opportunity to positively affect the business.
For example, with increased time and talent, Maersk engineers were able to address customer requests by adding additional shipment monitoring capabilities to the company’s portfolio of solutions. Namely, they are in the process of building an Internet of Things (IoT) solution that will use AKS along with Azure IoT Hub to more closely monitor shipments and physical shipping containers (not to be confused with software containers governed by AKS), including conditions within the containers. The projects at Maersk demonstrates the company’s new agility, such as greatly reducing the time and bureaucracy required to get IT resources in place to start it.
> Siemens Healthineers:
Siemens Healthineers is leading the digitalization of healthcare with its Digital Ecosystem, which helps health providers and solution developers bring more value to the delivery of care, ultimately improving the quality of insights derived from healthcare data.
Siemens Healthineers uses Microsoft Azure to make solutions more accessible, and it uses Azure Kubernetes Service (AKS) and other tools for a fast, efficient, and competitive development pipeline. Any time you interact with technology in a healthcare setting, there’s a good chance you will encounter a solution from Siemens Healthineers. The Erlangen, Germany–based company provides a broad portfolio of leading-edge, high-quality medical technology that touches the lives of approximately five million patients every day. Siemens Healthineers uses the data gathered from its 600,000 systems running worldwide to generate insights that help healthcare providers realize new opportunities to increase value and improve clinical, operational, and financial outcomes.
Digitalization is critical to technological progress in many industries, and healthcare is no exception. The healthcare industry needs ways to pull its data together, structure and analyze it, and draw conclusions that lead to improved ways of diagnosing patients and managing therapy. Siemens Healthineers is facilitating this transition with the Siemens Healthineers Digital Ecosystem.
- Moving to the cloud for better applications while protecting patient health data:
Providing solutions to a worldwide customer base can be complicated and of less value in regard to data-aggregation and analytics capabilities if systems need to be installed on-premises, so Siemens Healthineers relies on the cloud. But when it comes to healthcare information, deploying software in the cloud can be a tricky business because of specific security obligations. So, Siemens Healthineers thoroughly researched the options to ensure that its customers would be comfortable with its cloud platform. Ultimately, Siemens Healthineers selected Microsoft Azure.
- Using Azure services to streamline development processes:
With a solid, dependable cloud platform in place, Siemens Healthineers is focusing on speeding development and implementing a continuous delivery approach. The company not only provides its own software products, but it has also decided to encourage other developers to use its infrastructure to deliver solutions and services and bring even more value to customers. This requires rethinking the development processes. With a microservice-based architecture, internal and external developers can independently release microservices at any point in time, which makes development faster and enables a continuous delivery approach completely based on Azure. The company has now set an astonishing speed for product development.
Siemens Healthineers has taken a containerized approach to application development, which means it uses virtualization at the application operating system level as opposed to launching virtual machines. The company deploys its distributed applications in Docker containers, orchestrates those containers using Kubernetes, and monitors and manages the environment with Azure Kubernetes Service (AKS). Siemens Healthineers chose AKS because developers can quickly and easily work with their applications with minimal operations and maintenance overhead—provisioning, upgrading, and scaling resources without taking applications offline. With AKS, Siemens Healthineers can comfortably scale out its Kubernetes environment and scale back again if it doesn’t need the compute power, creating very high-density deployments on a microservices level.
Managing a stable runtime environment with AKS helps Siemens Healthineers realize shorter release cycles and achieve its desired continuous delivery approach. Highly regulated environments like healthcare typically require many steps to go from development to public release, but implementing a continuous delivery pipeline has simplified the process and helped Siemens Healthineers achieve the speed it wants. And when rolling out new software, the company appreciates that it doesn’t have to worry about breaking its production environment, due to AKS upgrade and failure domains—new releases get deployed smoothly to customers with zero downtime.
Siemens Healthineers relies on a serverless application model to expedite development, and as a result, developers have a very short path from coding to actual operation of their code. The Siemens Healthineers development team also adopted Azure Functions to make application management more efficient and consider Azure Functions a very good mechanism to speed up those workloads and manage the functionality during our daily operations.
Hope you liked the article :)
Wow, delving into Azure Kubernetes Service and making it clear for others is super cool! Your attention to detail in explaining complex concepts is impressive. Maybe you could explore how machine learning can be integrated with Kubernetes for future projects. How do you see this experience shaping your career path in tech? Stay curious and keep up the great work! What area of tech are you most excited to tackle next?