1. Home
  2. Training Library
  3. Microsoft Azure
  4. Courses
  5. Introduction to Azure Container Service (ACS)

Deploy Kubernetes and Security

The course is part of this learning path

play-arrow
Start course
Overview
DifficultyIntermediate
Duration45m
Students1126
Ratings
4.6/5
star star star star star-half

Description

Course Description:

The Azure Container Service (ACS) is a cloud-based container deployment and management service that supports popular open source tools and technologies for container and container orchestration. ACS allows you to run containers at scale in production and manages the underlying infrastructure for you by configuring the appropriate VMs and clusters for you. ACS is orchestrator-agnostic and allows you to use the container orchestration solution that best suits your needs. Learn how to use ACS to scale and orchestrate applications using DC/OS, Docker Swarm, or Kubernetes.

Intended Audience:

  • Developers
  • Operation Engineers
  • DevOps
  • Anyone interested in managing containers at scale

Pre-requisites:

  • Viewers should have a basic understanding of containers.
  • Some familiarity with the Azure platform will also be helpful but is not required.

Learning Objectives:

  • Demonstrate how to use ACS to create virtual machine hosts and clusters for container orchestration
  • Understand how to choose an open source orchestration solution for ACS
  • Understand how to run containers in production on Azure using ACS
  • Demonstrate ability to scale and orchestrate containers with DC/OS, Docker Swarm, and Kubernetes

This Course Includes:

  • 60 minutes of high-definition video
  • Live demonstration on key course concepts

What You'll Learn:

  • Overview of Azure Container Service: An overview of containers and the advantages of using them.
  • Orchestrators: A summary of what orchestrators are and a description of the most popular orchestrators in use
  • Open Source Cloud-First Container Management at Scale: This lesson discusses the purpose of ACS, and how the service is activated.
  • Deployment Scenarios: A brief explanation of different orchestrator scenarios.
  • Deploy Kubernetes and Security: A live demo on how to deploy K8S.
  • Deploy Kubernetes from the Portal: A live demo on how to create a security key and a K8S cluster.
  • Deploy Kubernetes from the CLI: A live demo on the Command Line Interface.
  • Orchestrator Overview – Kubernetes: A lesson on managing containers. First up..Kubernetes.
  • Orchestrator Overview – DC/OS: In this lesson we discuss deploying containers to the Data Center operating System.
  • Orchestrator Overview – Swarm: In this last lesson we'll look at how ACS deploys Swarm.
  • Summary and Conclusion: A wrap-up and summary of what we’ve learned in this course.

Transcript

Now that we understand the various deployment options, let's go ahead and start with our first deployment. For this first example, we're gonna use Kubernetes which is affectionately abbreviated as K8S. Whenever you see that, think Kubernetes. In the following examples, we're gonna use a very simple docker container to illustrate how the orchestrators work.

We'll deploy this container to each orchestrator and then scale it out to several instances. The code for the container is available here at GitHub. Github.com jeremy likness, CA for Cloud Academy. ACS for Azure Container Service. Let's take a look at the code itself. It's a very straightforward application. It has an array of colors, animals, and planets. And when the endpoint is called, it uses a library called Micro which is for building micro services, and it exposes an endpoint that simply returns a text screen that says welcome to the Node app, my name is. And shows that generated name.

Now the name is generated before any responses are given, so that a single version of this Node app will always return the same name. And then hopefully each different container will return a different name so that you can see the effect of load balancing. If we come back to the directory for this, you can see that I have a Docker ignore file that ignores the Node modules. And in the Docker file itself, it simply uses a special onbuild Node image. So that base image will automatically copy the Node files over and then install the package dependencies, and then expose the Micro service on port 3000. So it's a very straightforward and simple way to stand up a container.

Furthermore, I've published this to Docker Hub. You can see this public repository jlikness ca-acs. So because this image, and if we look at tags, you can see the size of the image, and the last updated. But because this is available on the Docker Hub, each orchestrator when instructed to pull this image by name will be able to pull that down and deploy that image. And then we'll use that to verify that our orchestrator has been configured correctly, that it's exposing the endpoints so that they can be accessed over the public internet. And that it is load balancing and round robining correctly. One important aspect of orchestrators is keeping the orchestration secure.

You don't want someone having access to the controllers, or being able to bring up and down containers if they're not authorized to do so. There's several ways that this is accomplished. First, SSH or a secure shell ensures a secure connection to the host, and all the host options have SSH access. In order to create that access however, you need to generate a special key to secure the connection.

Now when you use the Azure command line, that key will be generated for you automatically. If you need to manually generate a key, we'll show you how in the next segment. For Kubernetes, there's an additional client ID and secret for the service principal. This is some internal plumbing that enables Kubernetes to talk to the Azure APIs inside of the ACS deployment. I mentioned that I would discuss resource groups and a resource group is really just a logical group of Azure assets. The nice thing about resource groups is they can be managed as a whole.

In other words, you can generate automation scripts for a resource group, you can delete a resource group at once. And you can also track cost by resource group. So it makes it a very useful functional unit of Azure assets. It also provides a logical security partition in Azure.

About the Author

Students1127
Courses1

Jeremy Likness is an experienced entrepreneur who has worked with companies to catalyze growth and leverage leading edge development technology to streamline business processes and support innovation for two decades. Jeremy is a prolific author with four published books and hundreds of articles focused on helping developers be their best. Jeremy speaks at conferences around the country and covers topics ranging from technologies like Docker, Node.js and .NET Core to processes and methodologies like Agile and DevOps. Jeremy lives near Atlanta with his wife of 19 years and teen-aged daughter. His hobbies including hiking, climbing mountains, shooting 9-ball, and regularly attending CrossFit classes while maintaining a vegan diet.