Understand Azure Kubernetes Service Architecture and Components

00:00

hey guys so after a long time that you

00:03

guys back with some more excitement

00:06

series so this time we're gonna talk

00:09

about a case from scratch so I took a

00:13

time a while a break before making many

00:17

videos I've talked to you know they make

00:20

something useful because basically we

00:23

require to you know always make

00:26

solutions around the challenges which we

00:29

face day to day life and executing

00:32

executing your particular tasks so a

00:35

case is a the booming consul booming

00:39

concept which has come up so a case is

00:41

nothing but I should Cuban at his

00:43

service so what is that you community

00:45

service does so and how it is different

00:48

from different you know the Cuban IT

00:51

service from the Google itself okay so

00:53

and this particular series we're gonna

00:56

talk a lot about a kiss and we'll have a

01:02

lot of hands-on on integration like if

01:05

your organization is selecting or

01:07

picking up a solution for picking up a

01:12

solution to build a case or a security

01:15

service why you would require as your

01:18

community service because I would

01:21

trigger a required because you know I

01:22

have applications which are running on a

01:25

virtual machine or which are running on

01:26

on-premise and I want to make it more

01:29

scalable and more cloud agnostic okay

01:32

sorry to make cloud agnostic you need to

01:35

cut out the bare metal dependency which

01:38

your application would be having but you

01:41

know it can be your application can only

01:43

run on Windows your application can only

01:45

run on a Linux machine open to further

01:47

are any other machines or which has been

01:50

tightly coupled or the even you know it

01:53

can be run on VM a VMware like that so

01:57

so the Kuban it is came like worried

02:00

like a few years back and it had made

02:03

lot of impact because the ease of

02:05

deploying applications within cycle

02:08

within seconds and spinning of

02:10

applications and people

02:11

you can you can say in a scaling of

02:13

applications are also so easy so so my

02:19

this particular area cities will have

02:22

many of the things like you know so it

02:25

will be the cities would be constituting

02:27

of at least eight videos as of now and

02:30

each of these videos will try to get

02:33

into some objectives which would clear

02:36

many of the Cuban it is terminologies

02:39

which are bit hard to understand of the

02:41

Cuban it is or the application how does

02:43

actually you can deploy an application

02:45

to the Cuban itis cluster what is

02:47

replica where the namespaces what are

02:49

parts what are class in the world

02:51

exactly there is cluster and there are

02:54

lot more things about it and how exactly

02:57

you know like or why did the Microsoft

03:00

had gone to you know get this particular

03:02

product donation platform so there are a

03:05

lot of things which comes hand in hand

03:09

with Cuban artists and which other

03:11

particular services like the Dhaka swamp

03:13

which was initially I can say it's a pre

03:16

you know pretty concept of Cuban artists

03:19

but it couldn't click and that's a

03:22

product from Microsoft but why did Cuban

03:25

it is has clicked so good so you will

03:27

understand the you know occur with the

03:30

entire sales going on going on like will

03:34

be having lot of videos not these eight

03:37

videos so let's pick up like what

03:40

particular you know videos or what

03:43

particular concepts we gonna cover so

03:45

the first video would are in the series

03:47

word which is today they'll be covering

03:50

up understanding as your Cuba needed

03:52

service and how exactly differs from the

03:55

version that Google publishes the Cuban

03:58

itis and we'll see also the limitations

04:03

of using a case not Cuban it is from the

04:08

Google and and advantages obviously and

04:11

then we will go through words you know

04:14

the second video would cover spinning on

04:16

a case cluster basically an on our back

04:20

enabled a case cluster we will be gonna

04:23

create manually

04:24

but I understand all the parameters

04:26

which we will be king in into the portal

04:30

so so we will go and be create resource

04:33

and we sell it something is Cuban it is

04:36

service and you know whatever these key

04:39

parameters which you can see will be

04:41

trying to explain and after that like

04:44

basically keep a note this would be non

04:48

are back cluster which means the non

04:50

role based access control particular

04:53

cluster which will not work or the

04:55

cluster users cannot login or cannot

04:58

take advantage of our back feature which

05:00

is provided by Azure Active Directory

05:02

but yes we will discuss upon few

05:05

terminologies clusters nodes namespaces

05:07

sports containers applications sorry you

05:10

deploying to continuous and we will

05:11

define how how about you know English

05:13

control and English is booked and the

05:16

third video would be having you know

05:18

more of troubleshooting issues with the

05:20

cluster so if your part is not running

05:22

if your pod collapses and like things

05:26

like if you deploy something and your

05:28

pod goes into the crash loopback and

05:30

there are a lot of parameters which are

05:32

pasted you know daily day to day basis

05:36

by many of the engineers so and we will

05:39

try to debug with the default monitoring

05:42

which are given by I shot like if you

05:45

take an example that is your monitor the

05:47

log and analytics or the OEMs in a built

05:49

on it or you know that we have few

05:53

features of application in sites which

05:54

have been enabled on top of it but it

05:57

won't be enough visible directly to you

06:00

so those things we're gonna discuss on

06:01

video 3 and video for would be more of

06:04

spinning on a case cluster on Azure

06:08

portal but why are the CLI which means

06:11

we're gonna use are either cloud shell

06:13

to deploy us a cluster but this would be

06:17

an our back and a blue cluster so the

06:20

are by cannibal questions would require

06:22

lot of changes you know you need 80 apps

06:24

server app ad app and client ad hab and

06:28

you would need certain API permissions

06:31

and in order to allow API permissions

06:34

you would require admin

06:36

okay and so this particular cannibal

06:41

cluster would provide boost you with a

06:43

lot of different features which you're

06:46

gonna have and for your kind information

06:49

so CLM provides a lot of different

06:51

beaches which you can enable which you

06:54

can't actually do with the portal and

06:56

the manual way right now as of today on

07:00

20th March 2008 and going forward we

07:06

will be looking onto the video 5 so it

07:09

would see about more interacting with

07:12

our back and I will enable aqueous

07:14

cluster there are a few of the

07:16

differences which you will find with the

07:18

normal without or non-arabic you know

07:22

you can say like as an on our back

07:24

cannibal clusters and our back and

07:26

edible clusters how they differ you will

07:28

be coming to know we'll be using large

07:31

cute little cute little commands for

07:34

provisioning deep provisioning part

07:35

spinning up of containers draining nodes

07:37

and will understand replica sex how

07:41

exactly they're gonna work probably we

07:43

will go more into availability zones and

07:45

lot of different concepts and the video

07:48

six will have the monitoring solutions

07:50

you know since the native default

07:53

solutions modeling solutions which are

07:55

provided by sure are not enough if you

07:58

are going for your a case clusters which

08:02

is multi-tenant support which means you

08:05

will be using a single cluster but

08:07

you'll be sharing with various different

08:09

customers various different applications

08:11

so when you do that you need to take

08:14

care of a data isolation you do not mix

08:16

up our customers data with another

08:18

customer strata or you do not reveal the

08:20

secrets all the certificates which have

08:22

been installed for one particular

08:24

customer with that other particular

08:26

customer because at the end of the day

08:27

when you say it's a single cluster so

08:30

the beam the metal which is underneath

08:32

you know the drives can be accessed by

08:34

the other particular users in the class

08:37

right so how we gonna tackle or how we

08:41

gonna build a system a multi-tenant a

08:44

case cluster so and monitoring solutions

08:49

we gonna talk about

08:50

and you know like when we built

08:53

multi-tenant systems obviously you know

08:56

the demotic solutions also need to be

08:58

very impact you know impact Oh or should

09:02

get the analysis of the application

09:06

specific customer specific data or it

09:08

should only monitor the customer

09:09

specific data not others

09:10

so for that only be have integration

09:13

have integrated Prometheus which ease us

09:17

like Prometheus is a different

09:19

installation but in order to make our

09:21

life easy I just made it as a container

09:24

image and I use that image and then I

09:28

spin up on the same cluster where we

09:30

have this aqueous cluster be running and

09:32

we will use at Ravenna which is a

09:35

beautiful which produces beautiful

09:36

charts and he'll be very interested and

09:41

then like it would give very application

09:43

or you know customer specific data which

09:47

with which you can also use to you know

09:49

troubleshoot the issues with your

09:51

cluster or the pods usage or the

09:53

namespace usage or the containers usage

09:56

and going forward like we will go on the

09:59

video seven which will have integration

10:01

of graph on the dashboards with Azure

10:04

Active Directory I'll show this how it

10:07

gonna look exactly in the next next

10:10

portion and the video eight would be

10:13

having you know the cost is main for

10:15

every particular tenant admins or

10:17

stakeholders because they need to

10:19

calculate and when you go with a multi

10:22

tenant a case clusters you need to

10:24

calculate his per specific individuals

10:27

or per customer calculation so much they

10:29

are using how much the load they are

10:32

putting on the cluster basing upon then

10:34

you would be calculating the cost and

10:36

producing a bill for them so for that

10:38

we'll be integrating with queue cost has

10:40

a basic preliminary thing and then we

10:43

will you know while we make all of these

10:46

particular pcs and hands-on will be pro

10:50

and we'll be putting up more of the

10:52

videos going forward so let's go and try

10:57

to understand what exactly is

11:02

I should Cuban it service so so you must

11:06

be knowing about Cuban artists so Cuban

11:08

artists provides what you can do with

11:10

Cuban a disease like you have an

11:13

application then you can take your

11:15

application and you continue nice its

11:18

containerize it or make an image make a

11:20

docker image out of it and then you

11:22

deploy on to any of the services like

11:26

like you can push on to the Dorcas form

11:28

or you can have something known as your

11:31

Cuban Air Service or Cuban at ease or

11:33

directly ok so what happens so when he

11:36

use our Cuban it is a key s it is

11:39

community service so so this is a plane

11:44

this is a particular portion which a

11:46

case I can say which would have your

11:49

pots and you have which will have a

11:52

component like Cuban at this API okay

11:55

and then you have certain components

11:57

which dumps your particular logs into or

12:00

interact with the ERM for the hie see

12:03

and what happens you know when you spin

12:06

up an aqueous cluster it provisions a

12:08

few things like the cluster can be

12:12

provisioned with the help of nodes like

12:15

the cluster can have notes or the

12:18

cluster can have the virtual machine

12:20

scales it's so the virtual machine skill

12:23

sets will internally will have nodes

12:24

okay and note when I say it's it's and

12:29

the background is just virtual machines

12:30

so the virtual machines who are the

12:33

nodes so you can see the ek is cluster

12:35

will have a cluster will have nodes

12:37

nodes are like virtual machines it can

12:40

be under be emesis so via mrs.

12:42

advantages are different so which we are

12:44

going to speak about it and the nodes

12:47

will have something called as thoughts

12:50

and the parts are categorized or you

12:54

know grouped under namespaces so when we

12:57

talk many many things about cuba cuban

13:00

it is we have a logical grouping or in

13:04

cuban at a service like namespaces so

13:06

and namespaces are sort of you know

13:09

resource groups and isha and you can

13:11

take advantage of the namespaces and our

13:14

to segregate you resources segregate

13:17

your pots segregate what if the

13:20

resources you're going to spin on that

13:21

particular pots and the respective pots

13:25

you can segregate the ingresses so

13:28

basically the increases are nothing

13:30

because if you have a acres cluster or a

13:33

single cluster the single cluster may be

13:35

having lot of namespaces and lot of

13:37

namespaces may have parts and each part

13:39

will be having containers running so in

13:43

the container you have your application

13:45

okay so how does that traffic you know

13:48

the user are sitting outside the world

13:51

but know exactly re-routed exactly into

13:55

the application which is running inside

13:57

the container which is running inside

13:59

the pot and which is running inside a

14:02

purse pacific cluster so this is where

14:04

you know you have for the concept of

14:06

ingress controller English which

14:09

actually maps of with your dns DNS

14:12

mapping like if you use a certificate or

14:14

you need to do end dienes mapping where

14:17

in the dns you know for the dns

14:20

providers like gue dairy or any of the

14:22

or you can use ISO DNS itself to map

14:25

your particular service which is running

14:27

inside your container which is inside a

14:30

pot expose outside to the world okay so

14:33

so I want to make it more secure and you

14:36

don't you will not be an oak we don't

14:38

suggest to create your own public IP to

14:40

expose outside to the world rather use

14:42

an app gateway for your enterprise and

14:45

tag your particular ap in your

14:48

particular ipace and the half gateway

14:51

and and and then tag that particular IP

14:55

intent externally to the DNS provider so

14:59

whenever you use the type something

15:00

called as X Y Z dot my Cuban it service

15:04

it would resolute back to the hop

15:06

gateway and that gateway knows where

15:08

exactly your application is sitting okay

15:11

and then it would follow that particular

15:12

traffic to here and then if you use SSL

15:15

or has TTP s lot of traffic then you can

15:20

cut off the extra traffic and just read

15:22

out your has to TP calls to your

15:24

particular very particular to your

15:26

container so that you

15:28

like there's a concept something called

15:30

is a termination which you can use and

15:33

and you can also mention like the

15:36

traffic if it is coming they are the

15:38

English controller you can mention how

15:40

much data of you know UK you you were

15:43

try to allow or you know you would allow

15:46

to come inside your application because

15:49

if you are sharing your cluster in that

15:51

in that cases you can split the request

15:55

you know see the applications to split

15:57

the request into chance and Allah only a

15:59

specific size of data to come and and

16:03

you can mention HTTP requests for word

16:05

is everything and those things will come

16:07

up you will come to know slowly and this

16:10

is how you know like the requests so if

16:13

I want to in if if as an admin I guess

16:17

admin if I want to communicate to what

16:20

tube shuttle commands so the cue cuddle

16:23

commands always interact with Cuba near

16:25

sapa ok you do not interact with ports

16:27

or containers directly but it would it

16:30

would always delegate your command the

16:32

cuticle come out like you know you will

16:34

say in cucuta come on like spinner pods

16:38

so the EBS over inside the eks would

16:41

listen to you first and you can interact

16:44

with the clout clumps and you can

16:46

interact the bash or anything but for

16:49

that you are your admin the cluster

16:51

admin should give you a cube config file

16:53

and i'll train track to with the

16:56

specific cluster so what is the cube

16:58

config file ham so the cube config file

17:01

have very specific information about you

17:04

know which particular cluster you have

17:07

access to and which particular resource

17:10

ities which particular resource group or

17:12

subscription it is and you can you know

17:14

that gives you context or in a set of

17:17

context to you know start a session with

17:20

your cabinet is a PS over so that's

17:23

that's one way bare admins order you

17:25

know or the developers would interact

17:27

with cluster but yes if once you have

17:32

applications installed on thorn but on

17:34

your rake is cluster so the traffic need

17:37

to come it comes with a different way it

17:39

comes from the Erb gateway or any of the

17:42

Kuipers you expose with an external load

17:44

balancer so you when you do that and

17:47

that in the traffic's and you know the

17:49

applications are exposed to add this way

17:51

so your external users will not come the

17:55

request will not come any at any point

17:57

with the API so rather the admin the

18:00

developers will have four can the

18:02

traffix would come them a piece of but

18:05

the external traffic comes always from

18:07

the outside world

18:08

deadly to the pause and to the

18:10

continuous not to where the episode and

18:13

if you go the same thing like the

18:18

terminators have something called as

18:19

masters and the nodes concept so in as

18:23

you accumulate a service if we speak

18:25

about the differences how what how it

18:27

differs from the cumulative service from

18:29

the Google so the Cuban it is master

18:32

which we have in Asia Cuba in the

18:35

service is maintained by I shop there

18:38

are a few of the things which they want

18:40

to make in control and it's not on the

18:42

Cuban notice master how frequently or

18:45

have load it's taking up it or not

18:47

matters because I sure gives as a

18:49

service to you and it's it's not

18:51

billable the only available things with

18:55

the ICCA's cluster is your nodes so what

18:58

sort of or what size of nodes and you

19:00

know that you are running would be the

19:02

only you know for particular particular

19:05

parameter which would reduce you a lot

19:08

of billing ok so if you if you spin up a

19:11

node with you know basic size or that

19:13

acquired size only that would be great

19:16

you can save a lot of cars and for that

19:18

for those you know for how to cut cause

19:21

this particular particular course and

19:24

other other consents we have something

19:27

called as you know the cube cost and

19:29

other monitoring solutions or cost

19:32

monitoring solutions which we have which

19:34

would be discussing in in video 7 and 8

19:36

which would really help you in cutting

19:39

out chlorophyll costs and so the

19:42

cumulative master bits which we talked

19:44

which we're talking about so the

19:45

developer admins of the operators would

19:48

interact with the API server and API

19:50

server will have something called as

19:52

controller controller manager scheduler

19:55

and it would have in at City storage so

19:57

where the context we know about the

20:00

developer information who is interacting

20:03

with the cluster would be stored in here

20:05

for for future purposes like you know

20:08

like setting up the session

20:09

frequent sessions and other stuff and

20:13

this particular particular portion is

20:16

called as a control plane and because

20:19

you do lot of control control of your

20:21

nodes and pawns by this particular

20:23

control plane and the users aren't

20:25

directly as I said they integrate and

20:28

they come with the app gateway or the

20:30

extra load balances so this is how the

20:32

users are coming to your queue proxy and

20:34

then and the queue proxy or the ingress

20:37

proxy or the ingress is what you define

20:39

they would come and come through that so

20:41

increases would also tackle with you

20:44

your proxy the the request which come

20:47

would come to the queue proxy and then

20:49

would be redirected to the pots with the

20:51

use of ingresses so in our series we

20:55

would be using engines which is widely

20:57

used to configure our ingress

20:59

controllers and ingresses and reroute

21:01

the traffic if we go ahead and try to

21:06

understand a bit more about the control

21:08

plane and so this is the control and as

21:11

I said like I sure manage that

21:14

particular control plane it Marisol

21:16

let's see let's see

21:17

yet City City Stories the API server and

21:21

the scheduler if something if we are

21:22

defining like the nodes when they should

21:25

start and stop

21:26

so the that that would be you know - by

21:29

shot and the controller manager is

21:31

managed by a short you just need to

21:33

interact with cubicle thematts so the

21:35

customer what the manage is the nodes

21:37

the size of the nodes the number of

21:39

nodes in the number of replicas of nodes

21:41

they want to scale up scale down you can

21:44

set auto scale on top of it if you're

21:47

using something called as via missus

21:49

okay and your custom or custom