- 108
- 30 199
Azure Kubernetes Service (AKS)
United States
Приєднався 30 чер 2023
This is the official Azure Kubernetes Service (AKS) account led by the AKS Team. Subscribe here for AKS technical content and updates.
AKS Team @ KubeCon + CloudNativeCon North America 2024
🎥 Join Us at KubeCon 2024 North America! 🎥
Hey KubeCon attendees! 🌟
We're excited to invite you to meet the AKS team at KubeCon 2024 North America! Our very own AKS PM, Jorge Palma, has a special message for you. Don't miss out on this opportunity to connect with us and dive deep into some of our technical sessions.
📅 Event: KubeCon 2024 North America
📍 Location: Salt Lake City Convention Center, Salt Lake City, UT
🗓️ Dates: 12-Nov to 15-Nov 2024
In this video, Jorge Palma will share all the details about our sessions, what you can expect, and why you should definitely stop by. Whether you're a seasoned Kubernetes pro or just getting started, there's something for everyone.
#KubeCon2024 #AKS #Kubernetes #CloudNative #CN #azure #microsoft #microsoftazure #TechEvents #events2024
Hey KubeCon attendees! 🌟
We're excited to invite you to meet the AKS team at KubeCon 2024 North America! Our very own AKS PM, Jorge Palma, has a special message for you. Don't miss out on this opportunity to connect with us and dive deep into some of our technical sessions.
📅 Event: KubeCon 2024 North America
📍 Location: Salt Lake City Convention Center, Salt Lake City, UT
🗓️ Dates: 12-Nov to 15-Nov 2024
In this video, Jorge Palma will share all the details about our sessions, what you can expect, and why you should definitely stop by. Whether you're a seasoned Kubernetes pro or just getting started, there's something for everyone.
#KubeCon2024 #AKS #Kubernetes #CloudNative #CN #azure #microsoft #microsoftazure #TechEvents #events2024
Переглядів: 17
Відео
Self-Hosted GitHub Runners on AKS using Azure Files
Переглядів 21219 годин тому
In this video, Jorge Arteiro, Cloud Native Advocate at Microsoft is showing how to deploy GitHub ARC - Actions runners controller on AKS - Azure Kubernetes Services cluster to run all your GitHub Actions self-hosted runners. We are going to use Azure File Share SMB premium to create a caching storage/volume to your Applications packages, like NUGET packages on this specific demo. Also how Azure...
Configuring the AKS Istio Add-on - MeshConfig, Telemetry, and Feature Support Policy
Переглядів 246Місяць тому
The Istio-based service mesh add-on for AKS offers several features and customization options. In this video, we will go over how to configure the mesh using the MeshConfig and Istio custom resources, and explore a demo of how to customize mesh telemetry. We will also discuss the support scope for different features and customizations, and highlight the difference between allowed, supported, an...
Accessing a Private AKS Cluster Remotely
Переглядів 456Місяць тому
In this video, Jorge Arteiro, Cloud Native Advocate at Microsoft is showing how to create a private AKS (Azure Kubernetes Service) cluster with no public internet access, but still been able to access the cluster using the Azure Portal or Azure CLI "AZ AKS COMMAND" to run commands. More info here: learn.microsoft.com/en-us/azure/aks/private-clusters?tabs=azure-portal learn.microsoft.com/en-us/a...
AKS Partner Session - Dynatrace on AKS
Переглядів 90Місяць тому
Unified Observability and Security powered by Hypermodal AI
AKS Partner Session - HashiCorp Vault Integration with AKS
Переглядів 103Місяць тому
AKS Partner Session - HashiCorp Vault Integration with AKS
AKS Partner Session - Scale AI Generative AI Platform in a Box
Переглядів 103Місяць тому
AKS Partner Session - Scale AI Generative AI Platform in a Box
Using AKS-managed Istio External Ingress Gateway with Gateway API
Переглядів 537Місяць тому
Using AKS-managed Istio External Ingress Gateway with Gateway API
Protecting Secrets in AKS with the Key Vault CSI Driver and Workload Identity
Переглядів 6784 місяці тому
Protecting Secrets in AKS with the Key Vault CSI Driver and Workload Identity
Istio Add-on for AKS (Part 3) - Add-on scale and performance benchmarks
Переглядів 2434 місяці тому
Istio Add-on for AKS (Part 3) - Add-on scale and performance benchmarks
Istio Add-on for AKS (Part 2) - Revisions, version support policy, upgrades
Переглядів 5604 місяці тому
Istio Add-on for AKS (Part 2) - Revisions, version support policy, upgrades
Istio Add-on for AKS (Part 1) - Overview and Roadmap
Переглядів 6545 місяців тому
Istio Add-on for AKS (Part 1) - Overview and Roadmap
KubeCon EU 2024 - Azure Day: Secure Environments for Your Applications
Переглядів 2276 місяців тому
KubeCon EU 2024 - Azure Day: Secure Environments for Your Applications
KubeCon EU 2024 - Azure Day: Networking Best Practices
Переглядів 5266 місяців тому
KubeCon EU 2024 - Azure Day: Networking Best Practices
KubeCon EU 2024 - Azure Day: AI Driven Cost Optimization
Переглядів 1966 місяців тому
KubeCon EU 2024 - Azure Day: AI Driven Cost Optimization
KubeCon EU 2024 - Azure Day: AI-assisted Observability & Troubleshooting
Переглядів 3396 місяців тому
KubeCon EU 2024 - Azure Day: AI-assisted Observability & Troubleshooting
KubeCon EU 2024 - Azure Day: Keynote (Jorge Palma)
Переглядів 4006 місяців тому
KubeCon EU 2024 - Azure Day: Keynote (Jorge Palma)
Azure Application Gateway for Containers - General Availability
Переглядів 2 тис.7 місяців тому
Azure Application Gateway for Containers - General Availability
Azure Kubernetes Fleet Manager - Upgrading your fleet of clusters at scale
Переглядів 8017 місяців тому
Azure Kubernetes Fleet Manager - Upgrading your fleet of clusters at scale
AKS Workload Identity - Quick Tutorial
Переглядів 3,4 тис.7 місяців тому
AKS Workload Identity - Quick Tutorial
Hi, nice demo I am having many microservices in a cluster, I can see isto-mesh & osm addons in azure portal which is better suitable to have a communication between services within the cluster
Thank you so much! i struggled to get this details. Using exiting istio ingress using this Kuberenet api specific to aks istio add on
Amazing product. Amazing presentation!
Amazing product. Amazing presentation!
Good stuff!
Can you share the github repository for the aks-node-viewer?
We're working on this. Hopefully we will have it by GA
Great demo - can't wait to try out the gateway api.
Awesome @TheDavidHoerster! Yes, this is experimental for now but do give it a try and reach out with any feedback!
Could you please make a vedio related to the Karpenter based on VM sizes.
Thanks for the feedback. Great idea on the Karpenter video. I’m reaching out to our PM on this to get something going!
Can it scale to zero?
Thanks for the good question. Automatic doesn’t quite scale to zero, but pretty close. There is still a system node pool needed for some base AKS system containers. These are fairly small, but not entirely zero. Automatic does use Node Autoprovision (Karpenter) and this will deploy nodes on-demand and re-balance as needed which will also help reduce resources. AKS also supports stop/start which could help depending on your use case. learn.microsoft.com/en-us/azure/aks/start-stop-cluster
@@theakscommunity Thank you for the answer 🙏. So, it is not exactly like GKE Autopilot (At google cloud), if I understand good, here you always pay for provisioned machines? (Where at google only consumed ressources, not at machine scale). Very interesting! I believe Azure Container Apps is more like GKE Autopilot than Automatic.
@@MrBrouilles It’s different in that we allow you to switch between AKS Automatic and Standard. But you won’t actually pay for the provisioned VM’s when this is GA. In the preview, the billing model looks like Standard, but we’re working on the per pod/usage based model for GA. Stay tuned.
@@MrBrouilles To be clear, I don’t think ACA is really like GKE Autopilot. It’s not a Kubernetes solution, so it’s more like a PaaS offering for microservices than any of the managed K8s services like AKS and GKE
@@theakscommunity thank you for your explanations 🙏
I have been using KEDA for past few years. Automatically resizing the resource limits using VPA is a handy feature of AKS Automatic. Looks promising. Thanks for sharing this.
Great. Thanks
Actually starts at 5:08
Thanks for that!
Already have feature requests in for it but....need options to take AGC private. Traffic through Front Door to AGC via Private Link Services. Please and thank you :)
Private front-ends are on our roadmap. We can't provide an ETA at this time
@@theakscommunitycan you link the roadmap so we can subscribe to changes?
Would be keen to use the App Gateway for Containers but the lack of WAF integration is a dealbreaker for us at the moment. Do you have an idea of when this will be added?
This is in the works. I don't have any details on timing, but we will share on this channel as soon as we have a good idea
Nice short tutorial. Thanks!
Is there a public repo for the "aks-node-viewer" coming? I could only find the AWS "eks-node-viewer" and I read on a GitHub issue [kubernetes-sigs/karpenter/issues/970] "AKS has an internal repo implementing the pricing data and forking from EKS node Viewer".
For those who watch the beginning of the stream, I needed to install libssl-dev on wsl for the cargo-component to install.
Thank you
Can you make one on open service mesh on aks apart form istio
Please note that OSM has been archived by it's maintainers. openservicemesh.io/blog/osm-project-update We suggest following this guidance to move to the Istio add-on. learn.microsoft.com/en-us/azure/aks/open-service-mesh-istio-migration-guidance We would love to know if there are any obstacles or missing features that would prevent you from moving forward.
@@theakscommunity thanks a lot means osm is legacy now and istio is new solution do you know in AKS which one I should go
@@amitverma7545 We recommend the Istio Add-on for AKS. It's a managed offering, so we take care of the Istio control plane for you.
Great job Paul!
Can one finally use the Azure installed Gatekeeper for selfmade policies?
You have to go through Azure Policy to create your own policies that sync to Gatekeeper on the cluster. learn.microsoft.com/en-us/azure/aks/use-azure-policy#create-and-assign-a-custom-policy-definition
Amazing!! ❤
Step towards GKE autopilot
nice, thank you!
Perfect! Now let's see it in US gov cloud!
It's not supported in Gov Cloud today,, but it is in our plans. No ETA at this time, but we will be sure to share when we know more
I listened to the end
Great tutorial! Straight to the point! 🎉🎉🎉🎉
Is there any supporting evidence that AGC is performant over other solution?
Thanks for the question. AGC has been completely redesigned from the ground up to improve the performance of both the data plane and control plane. The video demonstrates the performance improvements for the control plane. A quick performance test against the frontend will yield improved results for the data plane as well. Please let us know how us that performing for you.
🤷 'PromoSM'
Nice to see an evolution. In our company we tried to use the Application Gateway Ingress controller however we need to create more than 100 ingresses what is not possible in the Application Gateway. I am eager to test it.
Sounds good. Please let us know how it goes.
is Fleet GA?
The cluster management behavior shown in this video is GA yes. The dataplane part to place workload on member clusters via the hub's apiserver will GA shortly.
Great discussion.. this is my foray into WASI. Have couple of questions though 1. So, WASI is the bytecode the WASM modules should use for making syscalls to use host's resources? And something like wastime implements these new bytecodes and issue syscalls accordingly. 2. How should I think about security/isolation model of wasm modules vs containers? As you've mentioned container runtimes like docker setup required namespaces to isolate containers from other processes on the host. As I understand that in wasm modules, an application has to request explicit networking capabilities to utilize host's networking stack. But, assuming we provide such capabilities to our wasm module, then can our app setup a tap on some other network interface on the host? Like how does WASI wasmtime provide isolation as we are used to containers.
Hey @GK-rl5du, thanks for comment & great questions. I'll do my best to answer and let Yosh correct me if I'm off base. 1. Your understanding matches mine. I've been thinking about WASI as an API. And that API defines the interactions between WebAssembly modules and the host system. Much like syscalls do for the container runetimes like ContainerD. An interesting next step would be to dive into the component model. 2. Capabilities are indeed how the wasm module gets access to the host resources and without those it cannot reach the host. From what I've read and heard it’s supposed to be "sandboxed" but idk what's meant by that. I don't yet understand how the isolation is achieved and if the capability creates an isolated instance of the network interface, for example, or if it's shared. Or if even with an isolated instance if it'd be possible to tap other network interfaces. I'll dig into this and ask ppl smarter on the subject than myself and report back. :)
So, I just spoke with Yosh and here's what I learned. The implementation largely depends on the runtime and how it provides the "API" for the capability. But, all things considered it's isolated by the memory on the host machine that the wasm process is running. And all the data sent and received is locked into that address space. In theory, that shouldn't allow any cross contamination for a lack of a better work. However, that's where hyperlight comes in as a runtime and provides vm level isolation at the process level to ensure isolation.
@@joshduffney7954 thanks for all your efforts Josh 🙂 it's beginning to make sense to me. So, without capabilities based security from runtime and additional help from tech like Hyperlight, a wasm module is similar to an OS process (in terms of isolation/security)? My reasoning is, a vanilla OS process is also memory isolated from other OS processes due to the virtue of Virtual Memory. I'll do my own homework too to understand this better. But this is an interesting tech for sure 😊
nice talk. really explained what WASM really is. good job. subbed. :)
Hey @joebuydem, thanks watching and subscribing. Glad to hear you found value in the conversation. More Wasm content is in the near future! :)
Figured out the issue I ran into around 1:03:33, the dev container uses docker in docker so the registry that was hosted in my local docker desktop wasn't visible. So I needed to run another registry inside the dev container. docker run -d -p 5001:5000 -e REGISTRY_STORAGE_DELETE_ENABLED=true --name registry registry And now I can push the image. docker push localhost:5001/alpine:v1
My apologies for the audio quality on my end... I didn't notice that the wrong mic was selected until afterwards.
2:06 Introduction 5:07 Optimizing Node Performance with Node Saturation Metrics 9:22 Kubernetes Events: Real-time Cluster Signals 10:28 Cluster Autoscaler Metrics: Resource Allocation Fine-Tuning 15:35 Looking ahead
Great presentation!
"Promosm"
To use istio, do we need to pay and Is there any plan in future. I think GCP doing that for their mesh
Please keep doing this meeting even if the view counts is less. Thank you very much ❤
Thank you. We will build up the live audience over time, but we're just getting started!