It’s spring time again! Every year, we got to manage our Azure environments and apply some good practices!

With a clever approach and some good spring cleaning tips, the community driven articles from Azure Spring Clean, will promote well managed Azure tenants!

Follow these Azure Spring Cleaning tips for a Sparkling Azure environment! It will guide you with best practices, lessons learned, and help with some of the more difficult topics of Azure Management!

Azure Spring Clean

Special thanks to Joe Carlyle and Thomas Thornton for organizing this event again this year!

This year, my contribution will be a blogpost about Azure Arc-enabled Kubernetes, together with Wim Matthyssen who will explain Azure Arc enabled Servers. Read on to get a complete overview of what Azure Arc can offer you!

If you are new to Azure Arc, please read my introduction articles from Azure Arc Introduction!

Introducing Kubernetes

I’ll begin with explaining what Kubernetes is.

Kubernetes is a container orchestrator. It has the responsibility of starting up container based applications on servers in a data center or in another cloud environment.

To do this, Kubernetes uses API Objects representing resources in a data center, enabling developers and system administrators to describe systems in code and use that code to apply the configuration.

Container-based applications are deployed as Pods into a Kubernetes Cluster. A Cluster is a collection of compute resources, either physical or virtual servers, called Nodes.

This is just a very short start of explaining what Kubernetes is, if you want to learn more, go to: Learn Kubernetes Basics

Let’s start with the benefits of Kubernetes and understanding the value it provides in modern application deployment.

Azure Arc extends Kubernetes cluster management and configuration across customer data centers, edge locations or multiple cloud environments. You can use Azure Arc to register Kubernetes clusters hosted outside of Microsoft Azure, and use Azure tools to manage these clusters also with clusters hosted in Azure Kubernetes Service (AKS).

Azure Arc-Enabled Kubernetes can boost your hybrid cloud experience

Everyday more and more applications are moving to the cloud and its popularity is not stopping anytime soon. But the cloud is not always the best or only viable solution for hosting your applications. Let’s have a look at some ‘reasons’ why the hybrid cloud sometimes can be a better option.

One of the most well-known reasons for opting into the hybrid cloud is network latency. For example, manufacturers may use edge computing for applications that control and coordinate heavy machinery. Having high network latency or a spike in latency in such environment can cost a lot of money or even worse lives. However, they can prevent these events from happening with the use of cloud computing. By saving and processing analytics data on the cloud, manufacturers can predict when maintenance will be needed.

Another well-known case for hybrid computing is security and compliancy. Some governments require you to save and process sensitive data only in certain countries or regions. This is where edge computing is a good fit, and the company may use the cloud for processing and saving all other data.

A mostly overlooked case for hybrid computing is the cost of bandwidth. In most clouds, like Azure, importing data is free of charge. Exporting data out of the cloud will cost for most businesses just a fraction of the total cloud expense as it only costs a few cents per GB.

Moreover, it also adds extra features to your Kubernetes clusters which make governance, security and management operations easier. This includes:

  • Kubernetes cluster as a resource in Azure You can manage your Kubernetes cluster like any other Azure resource. You can use ARM templates, Azure CLI, apply Azure Policies and create alert definitions based on events and metrics.

  • Direct integration with Azure Monitor Azure Monitor does not only collect cluster performance metrics – like CPU, Memory and disk of your Nodes and Containers -, but also visualize them with build-in dashboards.

  • Centralized authentication and authorization with Azure AD RBAC roles This can be combined with PIM conditional access and Just In Time access. As a result, you can grant access your cluster administrators and developers with certain predefined permissions to any of your clusters, and even apply it on certain namespaces. They can securely connect to your cluster API from any location without exposing your API servers to the public internet and having to manage the network rules.

  • Deploy your workloads at scale with the native Flux based GitOps integration This deploys Kubernetes resources and Helm charts to all your clusters. Additionally, it also manages configuration drift. A more detailed explanation on this follows later.

  • Use your own Kubernetes clusters to host Azure services There is a growing list of extensions to enhance your experience:

    • Data Services (Postgresql & MySQL, more on this in our previous blog post ‘We can link Jan his data enablement article’),
    • Azure App Services,
    • Event Grid,
    • Azure API Management gateway and
    • Machine Learning (to create models on data on-premises without uploading data to Azure)

Thanks to Architecture Arc agent onboarding, you can unify the governance, security and management of all your clusters hosted anywhere. Additionally, you can enable and easily self-host a growing list of Azure services on your own Kubernetes clusters. This way, you can effectively lower the management burden and TCO ‘of your self-hosted components like databases, APIM’s, Queue’s, security threat detection and monitoring solutions.’

How to deploy Azure Arc for Kubernetes and extra features?

This is what you need:

  • Existing Kubernetes cluster that is currently configured as your current context with kubectl.
  • ‘Read’ and ‘Write’ permissions for the user or service principal creating the Azure Arc-enabled Kubernetes resource type of Microsoft.Kubernetes/connectedClusters.
  • Helm CLI available
  • Allowed port 443 from your Kubernetes nodes to the internet

The deployment itself is just a single AZ CLI command. This in the backend enrolls the Azure Arc agent as a deployment of multiple pods on your cluster and callbacks to Azure for completing the registration. Once your cluster is registered with Azure Arc, we can start to enable additional features like Azure Monitor, GitOps Configurations and Data Services from the portal, and ARM templates.

Install the connectedk8s Azure CLI extension of version >= 1.2.0

az extension add --name connectedk8s

Log in to Azure CLI using the identity (user or service principal) that you want to use for connecting your cluster to Azure Arc.

Register providers for Azure Arc-enabled Kubernetes

az provider register --namespace Microsoft.Kubernetes
az provider register --namespace Microsoft.KubernetesConfiguration
az provider register --namespace Microsoft.ExtendedLocation

Monitor the registration process. Registration may take up to 10 minutes.

az provider show -n Microsoft.Kubernetes -o table
az provider show -n Microsoft.KubernetesConfiguration -o table
az provider show -n Microsoft.ExtendedLocation -o table

Create a resource group:

az group create --name rg-azure-arc-test-01 --location westeurope --output table

Connect an existing Kubernetes cluster

az connectedk8s connect --name AzureArcTest01 --resource-group rg-azure-arc-test-01

Verify cluster connection

az connectedk8s list --resource-group rg-azure-arc-test-01 --output table

You can view the Azure Arc agents for Kubernetes, Azure Arc-enabled Kubernetes deploys a few agents into the azure-arc namespace.

kubectl get deployments,pods -n azure-arc

Deploy your workloads at scale with the native FLUX based GitOps integration

One configuration repo can be pushed to all clusters at any location for individual Kubernetes resources and Helm charts. It can even work for extensions which are Helm charts deployments, fully managed by the extension creator. The extension creator provides the full lifecycle of this app contained in the Helm chart/extension. These extensions can also be managed at scale by using the Azure CLI or ARM templates:

  • Azure Monitor Provides visibility into the performance of workloads deployed on the Kubernetes cluster. Collects memory and CPU utilization metrics from controllers, nodes, and containers.
  • Azure Defender Gathers information related to security like audit log data from the Kubernetes cluster. Provides recommendations and threat alerts based on gathered data.
  • Azure Arc-enabled Open Service Mesh Deploys Open Service Mesh on the cluster and enables capabilities like mTLS security, fine grained access control, traffic shifting, monitoring with Azure Monitor or with open source add-ons of Prometheus and Grafana, tracing with Jaeger, integration with external certification management solution.
  • Azure Arc-enabled Data Services Makes it possible for you to run Azure data services on-prem, at the edge, and in public clouds using Kubernetes and the infrastructure of your choice.
  • Azure App Service on Azure Arc Allows you to provision an App Service Kubernetes environment on top of Azure Arc-enabled Kubernetes clusters.
  • Event Grid on Kubernetes Create and manage event grid resources such as topics and event subscriptions on top of Azure Arc-enabled Kubernetes clusters.
  • Azure API Management on Azure Arc Deploy and manage API Management gateway on Azure Arc-enabled Kubernetes clusters.
  • Azure Arc-enabled Machine Learning Deploy and run Azure Machine Learning on Azure Arc-enabled Kubernetes clusters.

I hope you have learned something new from reading this blog, and if you have any questions, do not hesitate to contact us. We will be glad to help you out!

Keep your Azure environment clean!

Be sure to follow along with the upcomming articles from Azure Spring Clean!