Getting a production-ready Kubernetes Cluster environment up and running can be a daunting task.
Below are three common challenges that our customers end up running into when architecting Kubernetes in Azure and how their applications will run in the environment. There are several other challenges that are not any less important such as access, high-availability, monitoring, and security; however, the three below are a good starting point to tackle first as they deal with application functionality in the cluster.
AKS vs AKS-Engine
When deciding to use Kubernetes in Azure, the first thing you need to decide is whether to use AKS or AKS-Engine. The questions we recommend asking first are:
- Are we going to be running Windows Apps in our Cluster?
- Do we have custom networking requirements?
- Do we have custom storage requirements?
- Do we have custom security requirements?
- Are we going to be using anything other than AAD Authentication?
From that point, it's best to look at the current capabilities of both AKS and AKS-Engine to determine which is more viable for your scenario. For AKS, read the official docs first. For AKS-Engine, review the Topics Guides section and the Features page first.
One major difference to be aware of between AKS and the AKS-Engine is the level of complexity. You can setup an AKS Cluster in less than 30 minutes whereas an AKS-Engine Cluster could take you a couple of days the first time. That being said, the AKS-Engine allows you to fully customize your K8s Cluster to run in Azure the way you want. Below are a few examples of what you can do that may not be available yet in AKS.
- Custom VM OS Images for Master and Nodes
- Use any available VM Sizes and Types in available regions
- Deploy a Kubernetes Cluster in any Region in Azure
- Subnet Isolation for Master and Node Traffic
- Deploy Kubernetes Versions that may not be supported yet
- Customize High Availability for both Master and Nodes in the cluster as you see fit
- Deploy Alpha, Beta, and Experimental features listed on the AKS-Engine Features page.
Note: It is important to note that AKS uses the AKS-Engine. Many of the features that are tested out first in AKS-Engine end up becoming a standard feature in AKS; however, the length of time before a feature could go from Private Preview to Public Preview to GA could be a several months or longer.
Application Isolation in Kubernetes
One of the first questions our customers ask about Kubernetes is, “How can we isolate applications from each other so that we can deploy, manage, and secure them without affecting each other?” In one word, Namespaces.
Namespaces are essentially a virtual clusters inside your Kubernetes Cluster. They allow you to logically isolate your applications and the resources they consume in the Cluster. Additionally, namespaces don't negatively impact the performance of the cluster; however, they can make Kubernetes API calls faster as querying a namespace automatically shrinks the number of objects being queried.
Note: Do not deploy your applications to the default namespace; if you have several applications and their related resources in the same namespace, attempting to manage them all in one place is going to be extremely inefficient.
By having your applications grouped into separate namespaces allows you to
- Deploy updates and changes to your applications without affecting other dependent applications in the cluster
- You can tear down an entire application and its related resources by simply deleting the namespace
- You can limit user access to Namespaces using RBAC
Storage Isolation for Applications in Kubernetes
Rarely have we encountered a client that wanted to deploy brand new Storage for their Applications running in their Kubernetes Cluster. In most cases, they either want to attach their Applications (Pods) to existing Storage resources either in Azure or in their on-premise environment.
Fortunately, Kubernetes provides extensive support for mounting your Applications to just about every storage type available inside (and outside) of Azure.
- Kubernetes FlexVolume Driver on Azure for Blob Storage and CIFS/SMB Protocols
- Persistent Volumes with Azure Files in AKS
- Storage options for applications in AKS
Note: The Kubernetes FlexVolume Driver provides the functionality to allow you to mount to something like NetApp Storage.
We hope the information above provided you with some useful suggestions to consider while adopting Kubernetes in Azure. When we help our customers with their Kubernetes implementations there are other important challenges we address. Don’t hesitate to contact us if you want to save time, require quality assurance, or have assistance launching your Kubernetes project. If you would like to learn more please contact Erik Monsen.
Ryan is a Principal Consultant at Innofactor. He is passionate about open-source and cloud-based technologies and how companies can leverage them to increase productivity, availability and velocity to market for their business products and solutions. For the past 5 years he's been focused on helping customers migrate and adopt cloud-based solutions and has been focused on helping clients modernize their applications through containerization and container orchestration for over 2 years.