# Using containers and orchestration

## Azure Kubernetes Service (AKS)

- Managed service to deploy Kubernetes cluster.
  - Much of complexity and operational overhead of managing Kubernetes is handled by Azure (e.g.. health monitoring and maintenance)
- Free, pay for the agent nodes within clusters, not for the masters.
- **Deployment & configuration**
  - Through Portal, CLI or ARM
  - Configures all nodes e.g. advanced networking, AAD integration and monitoring
- **Identities**
  - AKS clusters support RBAC.
  - Can be integrated with AAD.
- **Logging**
  - Collects container logs (from `stdout` and `stderr` streams) and memory/processor metrics from containers, nodes and controllers.
  - Stored in Log Analytics workspace
  - If RBAC is enabled in Kubernetes, you'll need to grant access to log reader application.
- Cluster nodes
  - **Scaling**: Scale out/in via Azure portal or the Azure CLI.
  - **Upgrades**: Offers multiple Kubernetes versions and upgrading with coordination of nodes to minimize disruption to running applications.
- **HTTP application routing**
  - Configures ingress controller in AKS cluster.
  - As applications are deployed, they're publicly accessible with auto-configured DNS names.
- **GPU enabled nodes**: Supports GPU enabled node pools, provides single/multiple GPU enabled VMs.
- **Development tooling integration**:
  - Tools like *heml*, *Draft*, *Visual Studio Code Kubernetes* works seamlessly.
  - You can run & debug containers directly in AKS.
- **Virtual network integration**: Can be deployed to existing VNet.
  - Every pod is assigned an IP address in the VNet, and can communicate with other pods in the cluster and other nodes in the VNet.
  - Can connect other services in a peered VNet, and on-prem networks over ExpressRoute or site-to-site VPN connections.
- **Private container registry**: Integration with [Azure Container Registry (ACR)](#azure-container-registry-acr) for Docker images.

### Virtual Kubelet

- Connecting Kubernetes to other APIs
- Creates a [Virtual Kubernetes node](#virtual-kubelet) backed by e.g. Azure, AWS, Alibaba etc.
- Virtual node acts as a normal managed node in the cluster.
- Kubernetes API on top, programmable back.

### Deploy an AKS cluster Using CLI

1. Create a resource group: `az group create --name myAKSCluster --location eastus`
2. Create AKS cluster with health monitoring addon: `az aks create --resource-group myAKSCluster --name myAKSCluster --node-count 1 --enable-addons monitoring --generate-ssh-keys`
3. Connect to the cluster
   1. Download credentials & configure Kubernetes CLI: `az aks get-credentials --resource-group myAKSCluster --name myAKSCluster`
   2. Get all nodes: `kubectl get nodes`
      - If you are using Azure Cloud Shell, `kubectl` is already installed.
      - If you want to install it locally, use the `az aks install-cli` command.

## Azure Container Registry (ACR)

- Managed service based on open-source Docker Registry.
- Gives you build automation with build triggers: With such as VSTS or Jenkins. Can be integrated with GIT.
- Use-cases
  - *Scalable orchestration systems*: Can be orchestrated via DC/OS, Docker Swam, Kubernetes.
  - *Azure services*: Azure Kubernetes Service, App Service, Batch, Service Fabric. etc... can build and run applications
- **Azure Container Registry Build (ACR Build)** can build docker images to automate container OS, framework patching pipeline.

### Registry

- SKUs: Basic, Standard Premium.
- All support, webhook integration, authentication with AAD, delete functionality.
- You use Azure storages for container images.
- You can use geo-replication in Premium registrations.
- Control access with AAD-backed service principal or provided admin account.

### Repository

- A register contains one ore more repositories.
- A repository is group of container images.
- ACR supports multilevel repository namespaces.
- So you can group your repositories.

### Image

- Read-only snapshot of a Docker container.
- An Azure container registry can include both Windows and Linux images.
- Control image names for all of container deployments.

### Container

- Application and its dependencies wrapped in a filesystem including code, runtime, system tools and libraries.
- Containers running on a single machine share the operating system kernel.
- Containers are fully portable to all major Linux distros, macOS and Windows.

### Deploy an image to ACR using Azure CLI

1. Create a resource group: `az group create --name myResourceGroup --location eastus`
2. Create a container registry: `az acr create --resource-group myResourceGroup --name myContainerRegistry007 --sku Basic`
   - Must have unique name.
   - SKUs
     - **Basic**: Have size and usage constraints.
     - **Standard**: Increased storage limits and image throughput.
     - **Premium**: Higher limit on constraints, such as storage & concurrent operations, including enhanced storage capabilities.
       - Higher image throughput capacity.
       - Features like geo-replication for managing a single registry across multiple regions, maintaining a network-close registry to each deployment.
3. Log in to ACR: `az acr login --name <acrName>`
4. Push image to ACR

   ```bash
      docker pull microsoft/aci-helloworld
      az acr list --resource-group myResourceGroup --query "[].{acrLoginServer:loginServer}" --output table
      docker tag microsoft/aci-helloworld <acrLoginServer>/aci-helloworld:v1
      docker push <acrLoginServer>/aci-helloworld:v1
   ```

5. List container images: `az acr repository list --name <acrName> --output table`
   - Or list tags: `az acr repository show-tags --name <acrName> --repository aci-helloworld --output table`
6. Deploy image to ACI
   - **Using Azure CLI**
     - Enable admin user in the registry: `az acr update --name <acrName> --admin-enabled true`
       - 💡 In production you should use service principal.
     - Retrieve admin password: `az acr credential show --name <acrName> --query "passwords[0].value"`
     - Create container image with 1 CPU and 1 GB of memory: `az container create --resource-group myResourceGroup --name acr-quickstart --image <acrLoginServer>/aci-helloworld:v1 --cpu 1 --memory 1 --registry-username <acrName> --registry-password <acrPassword> --dns-name-label aci-demo --ports 80`
     - Monitor status of the container: `az container show --resource-group myResourceGroup --name acr-quickstart --query instanceView.state`
     - Retrieve container public IP address: `az container show --resource-group myResourceGroup --name acr-quickstart --query ipAddress.fqdn`
   - **or using docker CLI**
     - Log in to registry: `az acr login --name myregistry`
     - Tag your image: `docker tag nginx myregistry.azurecr.io/samples/nginx`
     - Push your image: `docker push myregistry.azurecr.io/samples/nginx`
7. Docker-push

## Azure Container Instances

- Good for simple applications, task automation and build jobs.
- Depreciated, replacement: Azure Kubernetes Service (AKS)
- Features: Full container orchestration including, service discovery across multiple containers, automatic scaling, coordinated application upgrades.
- You deploy an image from a public / private registry