![Azure Kubernetes Service (AKS)](/img/default-banner.jpg)
- 75
- 19 926
Azure Kubernetes Service (AKS)
United States
Registrace 30. 06. 2023
This is the official Azure Kubernetes Service (AKS) account led by the AKS Team. Subscribe here for AKS technical content and updates.
Exploring AKS Automatic Scaling
Unlock the full potential of Kubernetes with Azure Kubernetes Service (AKS) by implementing automatic scaling! In this video, we'll cover how AKS Automatic offers to scale your workloads with open-source projects KEDA (Kubernetes Event Driven Autoscaler) and AKS Node Auto Provisioning which is built on top of the Karpenter project. We’ll also show how you can use Virtual Pod Autoscaler (VPA) to ensure workloads are right-sized within your cluster.
Scaling your cluster and workloads is beneficial for both sustainability and your Azure bill, and this video will equip you with the knowledge to leverage AKS's scaling capabilities for peak performance and cost-efficiency.
Resources:
- learn.microsoft.com/azure/aks/keda-about
- learn.microsoft.com/azure/aks/node-autoprovision?tabs=azure-cli
- learn.microsoft.com/azure/aks/vertical-pod-autoscaler
- learn.microsoft.com/azure/aks/operator-best-practices-scheduler#plan-for-availability-using-pod-disruption-budgets
Scaling your cluster and workloads is beneficial for both sustainability and your Azure bill, and this video will equip you with the knowledge to leverage AKS's scaling capabilities for peak performance and cost-efficiency.
Resources:
- learn.microsoft.com/azure/aks/keda-about
- learn.microsoft.com/azure/aks/node-autoprovision?tabs=azure-cli
- learn.microsoft.com/azure/aks/vertical-pod-autoscaler
- learn.microsoft.com/azure/aks/operator-best-practices-scheduler#plan-for-availability-using-pod-disruption-budgets
zhlédnutí: 656
Video
Protecting Secrets in AKS with the Key Vault CSI Driver and Workload Identity
zhlédnutí 369Před měsícem
The Azure Key Vault provider for Secrets Store CSI Driver allows for the integration of an Azure Key Vault as a secret store with an Azure Kubernetes Service (AKS) cluster. Guide used in this video. azureglobalblackbelts.com/2024/03/05/workload-identity-kv-csi.html Docs. learn.microsoft.com/azure/aks/csi-secrets-store-driver
Exploring AKS Automatic Networking
zhlédnutí 325Před měsícem
Planning an AKS cluster deployment and wondering about networking options? In this video, we dive deep into the AKS Automatic SKU, which simplifies your networking decisions. Explore AKS cluster configurations, including network settings, egress, ingress, and enabling a service mesh. We'll cover Azure CNI Overlay powered by Cilium, API Server VNet integration, egress through Azure NAT Gateway, ...
Istio Add-on for AKS (Part 3) - Add-on scale and performance benchmarks
zhlédnutí 159Před měsícem
Istio Add-on for AKS (Part 3) - Add-on scale and performance benchmarks
Istio Add-on for AKS (Part 2) - Revisions, version support policy, upgrades
zhlédnutí 319Před měsícem
Istio Add-on for AKS (Part 2) - Revisions, version support policy, upgrades
Istio Add-on for AKS (Part 1) - Overview and Roadmap
zhlédnutí 428Před 2 měsíci
Istio Add-on for AKS (Part 1) - Overview and Roadmap
KubeCon EU 2024 - Azure Day: Secure Environments for Your Applications
zhlédnutí 200Před 3 měsíci
KubeCon EU 2024 - Azure Day: Secure Environments for Your Applications
KubeCon EU 2024 - Azure Day: Networking Best Practices
zhlédnutí 455Před 3 měsíci
KubeCon EU 2024 - Azure Day: Networking Best Practices
KubeCon EU 2024 - Azure Day: AI Driven Cost Optimization
zhlédnutí 180Před 3 měsíci
KubeCon EU 2024 - Azure Day: AI Driven Cost Optimization
KubeCon EU 2024 - Azure Day: AI-assisted Observability & Troubleshooting
zhlédnutí 289Před 3 měsíci
KubeCon EU 2024 - Azure Day: AI-assisted Observability & Troubleshooting
KubeCon EU 2024 - Azure Day: Keynote (Jorge Palma)
zhlédnutí 332Před 3 měsíci
KubeCon EU 2024 - Azure Day: Keynote (Jorge Palma)
Azure Application Gateway for Containers - General Availability
zhlédnutí 1,5KPřed 4 měsíci
Azure Application Gateway for Containers - General Availability
Azure Kubernetes Fleet Manager - Upgrading your fleet of clusters at scale
zhlédnutí 629Před 4 měsíci
Azure Kubernetes Fleet Manager - Upgrading your fleet of clusters at scale
AKS Workload Identity - Quick Tutorial
zhlédnutí 2,2KPřed 4 měsíci
AKS Workload Identity - Quick Tutorial
Azure Linux for AKS - A stable and performant node OS
zhlédnutí 283Před 5 měsíci
Azure Linux for AKS - A stable and performant node OS
Tools and Tips for Unparalleled Cost Transparency on AKS
zhlédnutí 347Před 6 měsíci
Tools and Tips for Unparalleled Cost Transparency on AKS
Isolating container hostnames by using namespaces
zhlédnutí 48Před 7 měsíci
Isolating container hostnames by using namespaces
Enhancing AKS Cluster Troubleshooting
zhlédnutí 259Před 7 měsíci
Enhancing AKS Cluster Troubleshooting
KubeCon NA 2023: Fleet Management and Extending AKS Beyond the Cloud (Shashank Barsin)
zhlédnutí 217Před 7 měsíci
KubeCon NA 2023: Fleet Management and Extending AKS Beyond the Cloud (Shashank Barsin)
KubeCon NA 2023: Running Stateful Workloads on AKS with Azure Storage (Lorraine Assad/Adam Groves)
zhlédnutí 172Před 7 měsíci
KubeCon NA 2023: Running Stateful Workloads on AKS with Azure Storage (Lorraine Assad/Adam Groves)
KubeCon NA 2023: AI / ML Innovation with AKS (Justin Davies/Amanda Wang)
zhlédnutí 161Před 7 měsíci
KubeCon NA 2023: AI / ML Innovation with AKS (Justin Davies/Amanda Wang)
KubeCon NA 2023: Building Resilient Applications at Global Scale (Pavneet Ahluwalia/Spencer Libbing)
zhlédnutí 174Před 7 měsíci
KubeCon NA 2023: Building Resilient Applications at Global Scale (Pavneet Ahluwalia/Spencer Libbing)
KubeCon NA 2023: Keynote - Achieve More with AKS (Jorge Palma)
zhlédnutí 433Před 7 měsíci
KubeCon NA 2023: Keynote - Achieve More with AKS (Jorge Palma)
Great. Thanks
Actually starts at 5:08
Thanks for that!
Already have feature requests in for it but....need options to take AGC private. Traffic through Front Door to AGC via Private Link Services. Please and thank you :)
Private front-ends are on our roadmap. We can't provide an ETA at this time
Would be keen to use the App Gateway for Containers but the lack of WAF integration is a dealbreaker for us at the moment. Do you have an idea of when this will be added?
This is in the works. I don't have any details on timing, but we will share on this channel as soon as we have a good idea
Nice short tutorial. Thanks!
Is there a public repo for the "aks-node-viewer" coming? I could only find the AWS "eks-node-viewer" and I read on a GitHub issue [kubernetes-sigs/karpenter/issues/970] "AKS has an internal repo implementing the pricing data and forking from EKS node Viewer".
For those who watch the beginning of the stream, I needed to install libssl-dev on wsl for the cargo-component to install.
Thank you
Can you make one on open service mesh on aks apart form istio
Please note that OSM has been archived by it's maintainers. openservicemesh.io/blog/osm-project-update We suggest following this guidance to move to the Istio add-on. learn.microsoft.com/en-us/azure/aks/open-service-mesh-istio-migration-guidance We would love to know if there are any obstacles or missing features that would prevent you from moving forward.
@@theakscommunity thanks a lot means osm is legacy now and istio is new solution do you know in AKS which one I should go
@@amitverma7545 We recommend the Istio Add-on for AKS. It's a managed offering, so we take care of the Istio control plane for you.
Great job Paul!
Can one finally use the Azure installed Gatekeeper for selfmade policies?
You have to go through Azure Policy to create your own policies that sync to Gatekeeper on the cluster. learn.microsoft.com/en-us/azure/aks/use-azure-policy#create-and-assign-a-custom-policy-definition
Amazing!! ❤
Step towards GKE autopilot
nice, thank you!
Perfect! Now let's see it in US gov cloud!
It's not supported in Gov Cloud today,, but it is in our plans. No ETA at this time, but we will be sure to share when we know more
I listened to the end
Great tutorial! Straight to the point! 🎉🎉🎉🎉
Is there any supporting evidence that AGC is performant over other solution?
Thanks for the question. AGC has been completely redesigned from the ground up to improve the performance of both the data plane and control plane. The video demonstrates the performance improvements for the control plane. A quick performance test against the frontend will yield improved results for the data plane as well. Please let us know how us that performing for you.
🤷 'PromoSM'
Nice to see an evolution. In our company we tried to use the Application Gateway Ingress controller however we need to create more than 100 ingresses what is not possible in the Application Gateway. I am eager to test it.
Sounds good. Please let us know how it goes.
is Fleet GA?
The cluster management behavior shown in this video is GA yes. The dataplane part to place workload on member clusters via the hub's apiserver will GA shortly.
Great discussion.. this is my foray into WASI. Have couple of questions though 1. So, WASI is the bytecode the WASM modules should use for making syscalls to use host's resources? And something like wastime implements these new bytecodes and issue syscalls accordingly. 2. How should I think about security/isolation model of wasm modules vs containers? As you've mentioned container runtimes like docker setup required namespaces to isolate containers from other processes on the host. As I understand that in wasm modules, an application has to request explicit networking capabilities to utilize host's networking stack. But, assuming we provide such capabilities to our wasm module, then can our app setup a tap on some other network interface on the host? Like how does WASI wasmtime provide isolation as we are used to containers.
Hey @GK-rl5du, thanks for comment & great questions. I'll do my best to answer and let Yosh correct me if I'm off base. 1. Your understanding matches mine. I've been thinking about WASI as an API. And that API defines the interactions between WebAssembly modules and the host system. Much like syscalls do for the container runetimes like ContainerD. An interesting next step would be to dive into the component model. 2. Capabilities are indeed how the wasm module gets access to the host resources and without those it cannot reach the host. From what I've read and heard it’s supposed to be "sandboxed" but idk what's meant by that. I don't yet understand how the isolation is achieved and if the capability creates an isolated instance of the network interface, for example, or if it's shared. Or if even with an isolated instance if it'd be possible to tap other network interfaces. I'll dig into this and ask ppl smarter on the subject than myself and report back. :)
So, I just spoke with Yosh and here's what I learned. The implementation largely depends on the runtime and how it provides the "API" for the capability. But, all things considered it's isolated by the memory on the host machine that the wasm process is running. And all the data sent and received is locked into that address space. In theory, that shouldn't allow any cross contamination for a lack of a better work. However, that's where hyperlight comes in as a runtime and provides vm level isolation at the process level to ensure isolation.
@@joshduffney7954 thanks for all your efforts Josh 🙂 it's beginning to make sense to me. So, without capabilities based security from runtime and additional help from tech like Hyperlight, a wasm module is similar to an OS process (in terms of isolation/security)? My reasoning is, a vanilla OS process is also memory isolated from other OS processes due to the virtue of Virtual Memory. I'll do my own homework too to understand this better. But this is an interesting tech for sure 😊
nice talk. really explained what WASM really is. good job. subbed. :)
Hey @joebuydem, thanks watching and subscribing. Glad to hear you found value in the conversation. More Wasm content is in the near future! :)
Figured out the issue I ran into around 1:03:33, the dev container uses docker in docker so the registry that was hosted in my local docker desktop wasn't visible. So I needed to run another registry inside the dev container. docker run -d -p 5001:5000 -e REGISTRY_STORAGE_DELETE_ENABLED=true --name registry registry And now I can push the image. docker push localhost:5001/alpine:v1
My apologies for the audio quality on my end... I didn't notice that the wrong mic was selected until afterwards.
2:06 Introduction 5:07 Optimizing Node Performance with Node Saturation Metrics 9:22 Kubernetes Events: Real-time Cluster Signals 10:28 Cluster Autoscaler Metrics: Resource Allocation Fine-Tuning 15:35 Looking ahead
Great presentation!
"Promosm"
To use istio, do we need to pay and Is there any plan in future. I think GCP doing that for their mesh
Please keep doing this meeting even if the view counts is less. Thank you very much ❤
Thank you. We will build up the live audience over time, but we're just getting started!