Save to My DOJO
There are few if any technologies that you will find are more popular and trending among SysAdmins as Kubernetes. Kubernetes is a game-changer in the world of containers. It provides the pathway for organizations to use containers to provide scalability, high availability, and a stable platform for building out modern containerized applications.
Most companies are embracing Kubernetes as the defacto standard running containers. Microsoft is certainly investing in Kubernetes as a platform, and many of the services in Azure reflect this. Included among these is Microsoft Azure Arc-enabled Kubernetes. What are Kubernetes and Azure Arc? What does Microsoft Azure Arc-enabled Kubernetes mean for Sysadmins?
What is Kubernetes?
To begin, if you haven’t heard of Kubernetes, what is it? Kubernetes is the name of an open-source solution developed by Google that manages and provides container orchestration for containerized workloads and services. Kubernetes was designed with automation in mind, and there are now many solutions and tools that allow interacting and working with Kubernetes.
What problem does Kubernetes solve? To understand what Kubernetes does, we have to understand a bit more about containers. Containers share the operating system kernel, so they can be extremely lightweight when it comes to the footprint of the container. Compared to virtual machines, they are tiny. The exponentially smaller footprint leads to many benefits when thinking about development for modern applications, including:
-
- Continuous Integration/Continuous Deployment (CI/CD)
-
- DevOps methodologies are now not only possible but have become a reality due to the lightweight containerized infrastructure of modern development pipelines
-
- Containers provide consistency across development environments, regardless of the host.
-
- Allows developers to be more focused on the application itself and allows the dependencies to be packaged together
-
- Provides the means to migrate to a microservices architecture. Microservices are the way of the future instead of the traditional large monolithic applications of days gone by
Containers provide excellent benefits. Why, though, is Kubernetes needed in the containerized world? Even though containers are lightweight, agile, expendable, and provide many advantages compared to virtual machines, they have many of the same infrastructure management challenges for high availability. Unless you are running a container management solution like Kubernetes, you must replace a failed container manually if a container goes down.
In short, Kubernetes provides container management and orchestration, so the individual containers no longer function as individual entities but as a single cluster resource. Many of the concepts with a virtualized hypervisor cluster apply with Kubernetes in terms of availability and load balancing. To provide high-availability and many other benefits, the Kubernetes cluster contains several components. These include:
-
- API Server – This is the control plane that exposes the Kubernetes API
-
- Controller manager – The control plane that runs the controller processes
-
- Etcd – This is a key-value store used as the Kubernetes backing store for cluster data
-
- Kubelet – An agent running on each node in the Kubernetes cluster. The agent is responsible for ensuring the container is running in a pod
-
- Kube-proxy – A network proxy running on each node in the K8s cluster
-
- Scheduler – This watches for newly created Pod with no assigned node and then selects a node for the Pod to run on
-
- Container image – A ready to run software package featuring a self-contained bundle of everything needed to run an application
-
- Container runtimes – Software responsible for running the containers. Most notably, Docker is typically the container runtime used in most enterprise environments
Overview of a Kubernetes Cluster (image courtesy of Kubernetes.io)
Now that we have a better understanding of Kubernetes, let’s look at Azure Arc and see what benefits it provides organizations, including Kubernetes clusters.
What is Azure Arc?
There is no question that companies today are making use of cloud environments for running business-critical resources. Many organizations are even making use of multi-cloud environments. Companies are also keeping on-premises infrastructure footprints for various use cases and compliance reasons as well. Hybrid infrastructure and multi-cloud environments create new challenges in managing business-critical resources with the same level of control and governance and with the same toolset. Disjointed management tools create complexity and cause IT operations and DevOps teams to log into potentially dozens of different management interfaces to control and manage the infrastructure across their hybrid environments.
Azure Arc is a modern tool from Microsoft that helps to solve the challenge of simplifying management and governance across the entire landscape of IT operations, including multi-cloud, on-premises, and edge environments. It does this by creating a single-pane-of-glass management experience that can onboard and have visibility and control over resources, no matter where these reside – on-premises, public cloud, etc. What types of resources can be managed by Azure Arc?
-
- Servers – physical and virtual machines running Windows and Linux
-
- Databases (if in Azure) – Azure SQL database and PostgreSQL Hyperscale services
-
-
- Kubernetes clusters – supports multiple Kubernetes distributions
-
Using Azure Arc, organizations can extend the management and control of Azure Resource Manager across many other environments. This extension of Azure Resource Manager allows businesses to have the standard Microsoft Azure governance and management tools available to deliver a consistent experience across all infrastructure.
Overview of Azure Resource Manager extended by Azure Arc
Azure Arc provides the following advantages to organizations:
-
- Consistency – Manage, secure, and enforce governance across multiple types of infrastructure, regardless of where these are housed
-
- Apply updates – Use the Azure VM extension as a way to apply updates to your virtual machines and also monitor and secure these
-
- Kubernetes – Manage and apply consistent governance to your Kubernetes clusters. Apply Azure Policy to your Kubernetes clusters for zero-touch compliance and configuration.
-
- Azure data services are available for Kubernetes environments, regardless if these are in Azure, on-premises, or elsewhere
-
- Works with the GitOps workflows to deploy configurations from Git Repos
-
- Automation tools, including Azure CLI, Azure PowerShell, and Azure REST API
Kubernetes – Azure Arc
Why is Azure Arc a game-changer for Microsoft?
Azure Arc is undoubtedly a game-changer for Microsoft. It allows extending the reach of Microsoft Azure beyond the realms of public cloud and into multi-cloud, on-premises, and even edge environments. It extends the reach of Microsoft Azure far beyond the massive Microsoft Azure datacenters and into customer’s environments.
Customers benefit from the capabilities and possibilities presented utilizing Microsoft Azure Arc since the now extended Azure Resource Manager can unify the management and governance of your entire environment, no matter where resources reside. Microsoft is essentially bringing customers a unified management plan for all environments.
What is Azure Arc-enabled Kubernetes?
What is Azure Arc-enabled Kubernetes? As we have already described, Azure Arc brings compelling features and benefits to organizations. It includes extending the reach of the Azure Resource Manager to other public cloud environments, on-premises, and edge environments. With Azure Arc-enabled Kubernetes, businesses can configure K8s clusters either inside or outside Microsoft Azure.
When administrators connect their Kubernetes clusters into Azure Arc, administrators can see the K8s clusters in the Azure Resource Manager like a native Azure resource, including ARM ID. The Kubernetes resources are then placed in the Azure subscription and resource group and can be configured with tags and other metadata like other native Azure resources.
Prerequisites for Azure Arc-enabled Kubernetes
What are the prerequisites for onboarding your Kubernetes cluster into Microsoft Azure using Azure Arc? Note the following requirements as detailed by Microsoft:
Azure Arc-enabled Kubernetes requirements
-
- The Kubernetes cluster version must be running 1.13 or later. It includes OpenShift 4.2 or later and other Kubernetes derivatives
-
- You need to ensure your Kubernetes cluster has access to ports 443 and 9418, as well as these URLs
-
-
- https://eastus.dp.kubernetesconfiguration.azure.com
-
-
-
- https://westeurope.dp.kubernetesconfiguration.azure.com
-
-
-
- https://docker.io, https://github.com
-
-
-
- git://github.com, https://login.microsoftonline.com/
-
-
-
- https://azurearcfork8s.azurecr.io/
-
-
- Azure CLI installed and configured with account information for Microsoft Azure
-
- Azure CLI extensions – This includes the connectedk8s and k8sconfiguration CLI extensions
-
- Helm 3 – This component deploys Azure Arc agents to the cluster
-
- Kubeconfig file with cluster admin permissions
The architecture of Azure Arc-enabled Kubernetes looks like the following:
Azure Arc-enabled Kubernetes architecture overview
What can SysAdmins do with Azure Arc-enabled Kubernetes?
Once a SysAdmin onboards their Kubernetes cluster into Microsoft Azure Arc, what can they do at that point? With Kubernetes clusters managed by Azure Resource Manager as part of the Azure Arc onboarding, SysAdmins can automate creating the same configurations across all Azure Arc-enabled Kubernetes clusters, helping to standardize the configuration of Kubernetes, at-scale across the enterprise. It uses Azure Policy to enforce a standard baseline configuration to apply across the entire inventory of Azure Arc-enabled Kubernetes clusters.
This unified configuration and policy management across Azure Arc-enabled Kubernetes clusters allows organizations to use the GitOps approach of deploying Kubernetes configurations from a Git repository. By implementing polling from the Git repository, businesses can manage, configure, and change the desired state of all Kubernetes clusters using GitOps automation.
Flux is a popular tool in the space of GitOps as it allows more seamlessly implementing the flow of configuration data between the Git repository and the Kubernetes cluster. Flux allows choosing the deployment at the cluster or namespace level to provide choices for multi-tenant configurations.
GitOps workflow with Azure Arc-enabled Kubernetes clusters
Another significant benefit with Azure Arc-enabled Kubernetes clusters is implementing Azure Role-Based Access Control (RBAC) for Kubernetes. Using Azure RBAC, you can integrate your Kubernetes clusters with Azure Active Directory (Azure AD) and provide role assignments in Azure to control authorization to the Kubernetes cluster. It integrates with the native Kubernetes ClusterRoleBinding and RoleBinding object types.
This capability provides a highly effective way to unify the authorization to your Kubernetes clusters based on a central identity and access management solution based on Azure AD. Using this approach, SysAdmins reap all the benefits of Azure role assignments. These benefits include full auditing and activity logging showing changes and other authorization-related events.
Azure AD integrated Kubernetes cluster authorization made possible by Azure Arc-enabled Kubernetes
Concluding Thoughts
Microsoft Azure Arc is undoubtedly a game-changer as it brings significant benefits to organizations currently managing many different environments with different interfaces and management tools. It helps to unify and consolidate the visibility and management of resources across public clouds, on-premieses, and edge environments.
Azure Arc-enabled Kubernetes is a specific capability of Azure Arc that allows businesses to manage their Kubernetes clusters across various environments. It provides the ability to use GitOps workflows effectively and introduce Azure authorization policies across their Kubernetes estate. These benefits help maintain a desired state across the Kubernetes environment and empower companies with better auditing and policy enforcement, no matter where they house their Kubernetes clusters.
Not a DOJO Member yet?
Join thousands of other IT pros and receive a weekly roundup email with the latest content & updates!