# Azure Kubernetes Service (AKS)

> *Azure Kubernetes Service (AKS)* is a managed container orchestration service offered by Microsoft Azure. It simplifies the deployment, management, and scaling of containerized applications using Kubernetes. AKS abstracts the underlying infrastructure, allowing developers and operators to focus on application logic and scalability without worrying about the complexities of managing Kubernetes clusters.

## Key Features of AKS

Here are some key features of Azure Kubernetes Service:

- **Managed Kubernetes**: AKS handles the management of the Kubernetes control plane, including upgrades, patches, and scaling, allowing users to focus on their applications

- **High Availability**: AKS provides high availability for clusters by distributing control plane components across multiple nodes and availability zones, ensuring reliability

- **Integration with Azure Services**: AKS seamlessly integrates with various Azure services, facilitating the development of comprehensive cloud-native solutions. These integrations include Azure Monitor, Azure Active Directory, Azure Container Registry, and more.

- **Scalability**: AKS enables horizontal scaling of applications with ease. You can dynamically add or remove nodes from node pools as traffic patterns change, ensuring optimal resource utilization.

- **Security**: AKS incorporates security features like *Azure Policy* and *Role-Based Access Control (RBAC)* to help secure your cluster and applications.

## AKS Components

Before we dive into setting up an AKS cluster, let's take a moment to understand the core components that make up an AKS cluster. An AKS cluster consists of several key elements that work together to provide a reliable and scalable Kubernetes environment:

### 1. Control Plane

The control plane is the brain of your AKS cluster. It's responsible for managing and orchestrating containerized applications. Key components of the control plane include the Kubernetes API Server, `etcd`, the controller manager and the scheduler. This interact in the same way as in any Kubernetes cluster.

### 2. Node Pools

> Node pools are a collection of virtual machines (VMs) that run your container workloads. 

Within an AKS cluster, you can have multiple node pools with varying characteristics. Each node is an individual VM that hosts your containers. Nodes run the Kubernetes agent (`kubelet`) and container runtime (e.g., Docker).

### 3. Networking

Networking is a critical aspect of AKS clusters. It enables communication between pods and external services. Key networking components include:

- **Virtual Network (VNet)**: AKS is deployed within an Azure Virtual Network, allowing for network isolation and security. You can use existing VNets or create a new one during cluster setup.

- **Subnets**: VNets are divided into subnets, and you can specify which subnets AKS nodes should use. Subnets can be used for different purposes, such as pods and services.

- **Kube Proxy**: Kube Proxy is a network proxy that maintains network rules on nodes. It ensures that network traffic is properly routed to the correct pods.

### 4. Add-Ons and Services

AKS offers various add-ons and services to enhance cluster functionality and security. Some of the essential ones include:

- **Azure Monitor**: Provides monitoring and insights into the performance and health of your AKS cluster, including metrics and logs

- **Azure Container Registry (ACR)**: ACR allows you to store and manage container images securely. You can easily deploy images from ACR to your AKS cluster.

- **Azure Active Directory Integration**: Integrating with Azure AD enhances cluster security by enabling RBAC and identity management

- **Horizontal Pod Autoscaler (HPA)**: An autoscaling feature that automatically adjusts the number of pod replicas based on resource usage

## Setting Up an AKS Cluster

### Prerequisites for Creating an AKS Cluster

Before you can create an Azure Kubernetes Service (AKS) cluster, there are some prerequisites you need to ensure:

- **Azure Subscription**: You must have an active Microsoft Azure subscription. If you don't have one, you can sign up for a free trial or a pay-as-you-go subscription. 

> Keep in mind that AKS is a paid service, and if you follow along with this lesson, you may incur some costs. However, Azure offers a free tier with $200 in credits, which can help offset these costs. Best practice would be creating a free tier account, following along then deleting the resources at the end of the lesson.

- **Azure CLI**: Ensure that you have the Azure CLI installed on your local machine. This command-line tool will allow you to interact with Azure resources.

- **`kubectl`**: Install Kubernetes command-line tool `kubectl` to manage your AKS cluster once it's created

### Creating an AKS Cluster (Azure Portal)

Creating an AKS cluster can be done through the Azure Portal, which provides a graphical user interface for managing Azure resources. Here's a simplified step-by-step guide:

1. **Sign in to the Azure Portal**: Log in to your Azure account using your credentials

2. **Create a Resource**: Click on the **Create a resource** button in the left-hand menu and search for **Azure Kubernetes Service**. The click **Create** to start the provisioning process.

3. **Configure AKS Basic Settings**:

    - Select the Azure subscription and resource group. In this example we created a new resource group called `aks-rg`.
    - Provide a unique name for your AKS cluster
    - Set the Region where your cluster will be located. Choose a region that is geographically close to you, for this example we chose **UK South**.
    - Choose two zones under **Availability zones**. This will ensure control plane resiliency.
    - Leave the rest of the configurations under the **Basic** page as default

<p align=center><img src=images/CreateCluster_Portal1.png width=750 height=550></p>

4. **Configure AKS Node Pools Settings**:

    - *Node pools* are groups of nodes within your AKS cluster, each with similar configurations. You can create and manage multiple node pools with different characteristics to optimize performance and cost.

    - To manage the node pool in your cluster configuration double click on the **agentpool** name. This should redirect you to the following page:

<p align=center><img src=images/NodePoolPage.png width=750 height=550></p>

4. **Configure AKS Node Pools Settings**:

    - We will begin with a smaller node count and lower-cost VM size in your initial node pool. This reduces expenditure. You can choose your VM size under the **Node size** pane by clicking the **Choose a size** button. 

    - Select **B2s** size to begin with and then click **Select**. You should now see this change reflected in the **Node size** pane.

    - Next, we will set up our node count. This setting determines the number of nodes (VMs) in the pool. More nodes can handle higher workloads but may increase costs. To reduce costs, we will configure autoscaling, which means your AKS cluster can dynamically allocate resources to meet demand, reducing the need for a large static node pool. Set the **Minimum node count** to 1, and the **Maximum node count** to 3.

    - Leave the rest as the default and finally click **Update** at the bottom of the node pool page

5. **Review and Create**: Review your configuration settings by clicking **Review + create**. Once the configuration has been reviewed click **Create** to start the cluster provisioning process

6. **Wait for Deployment**: The Azure Portal will display deployment progress. Once complete, your AKS cluster will be ready to use.

### Creating an AKS Cluster (Azure CLI)

You can also create an AKS cluster using the Azure Command-Line Interface (CLI), which provides more control and automation capabilities. 

> However, for this lesson the preferred method will be using the Azure Portal. So, no need to create a second cluster using the CLI. Just make sure to familiarize yourself with the process of creating one through the CLI.

Here are the steps:

1. **Open Azure CLI**: Open your command-line terminal

2. **Log In**: Use the `az login` command to log in to your Azure account if you're not already logged in

3. **Create the AKS Cluster**:

```bash
az aks create --resource-group <resource-group-name> --name <cluster-name> --node-count <node-count> --node-vm-size <vm-size> --enable-addons monitoring --generate-ssh-keys
```

- Replace `<resource-group-name>` with your desired resource group name
- Replace `<cluster-name>` with your preferred AKS cluster name
- Adjust `--node-count` and -`-node-vm-size` according to your requirements
- `--enable-addons` can be used to enable specific add-ons like monitoring

Once the cluster is created, you would be able to retrieve the access credentials and configure `kubectl` to use the cluster. We will look in more detail at connecting to our Azure portal-provisioned cluster in a later section of this notebook.

## AKS Cluster Management Overview

Now that you've learned how to set up an AKS cluster, let's explore the AKS cluster management interface in the Azure Portal. This interface provides a central location for monitoring and managing your AKS clusters.

Once your cluster has been provisioned you can click **Go to resource** and this will redirect you to the cluster homepage.

### Overview Tab

The **Overview** tab provides a high-level summary of your AKS cluster. Here, you'll find essential information such as the cluster name, resource group, region, Kubernetes version, and node count. You can also see the status of the cluster, including whether it's running or undergoing maintenance.

<p align=center><img src=images/OverviewPage.png width=1000 height=250></p>

### Configuration Tab

The **Configuration** tab under **Kubernetes resources** is where you can modify various aspects of your AKS cluster's configuration. You can update settings such as node size, node count, and Kubernetes version. Additionally, you can enable features like Azure Policy, monitoring, and virtual nodes.

### Node Pools Tab

The **Node Pools** tab under **Settings** allows you to manage the node pools within your AKS cluster. You can view details about each node pool, including the number of nodes, VM size, and availability zones. From here, you can also add or remove node pools and adjust node pool configurations.

### Networking Tab

The **Networking** tab under **Settings** provides insights into your cluster's networking setup. You can view information about the Azure Virtual Network (VNet) and subnets associated with your cluster. It also allows you to configure features like Kubernetes RBAC and pod networking.

There are many other tabs you can explore in the AKS cluster homepage. You should take some time to familiarise yourself with them, as understanding how to navigate and utilize the AKS cluster management interface is essential for efficiently managing and maintaining your Kubernetes workloads. 

## Connecting to an AKS Cluster

Once your AKS cluster is up and running, you'll need to establish a connection to it in order to manage and deploy containerized applications. Here we will describe the steps to connect to an AKS cluster provisioned using the Azure Portal.

Before connecting to your AKS cluster, make sure you have the Azure CLI and `kubectl` installed on the machine you want to connect with.

### Get Credentials for AKS Cluster

First, navigate to your AKS cluster homepage. In the **Overview** tab select the **Connect** icon at the top of the page. This will open the following pop-up:

<p align=center><img src=images/ConnectPortal.png width=600 height=500></p>

We will follow the instructions for connecting to the cluster using Azure CLI:

- First run `az login` in your local terminal to login to your Azure account

- Next run the CLI command to set the cluster subscription

- Finally run the necessary CLI command to download the AKS cluster credentials

To verify that `kubectl` is correctly configured to connect to your AKS cluster, run the following command: `kubectl get nodes`. You should see a list of nodes in your AKS cluster, indicating that the connection has been successfully established.

<p align=center><img src=images/ClusterConnected.png width=500 height=350></p>

> f you need to disconnect from a specific AKS cluster and switch to another one, you can use the `kubectl config use-context` command. For example: `kubectl config use-context my-other-cluster`. This sets the active context to the specified cluster, allowing you to work with multiple AKS clusters from the same machine.

## Deploying Application on AKS

Now that you're connected to your AKS cluster, it's time to deploy containerized applications. This section will walk you through the deployment process step by step.

### Packaging an Application into a Docker Container

Before deploying your application to an AKS cluster, you need to package it into a Docker container. Docker containers encapsulate your application along with its dependencies, making it portable and consistent across different environments. Here are the general steps to package an application into a Docker container:

#### 1. Create a Dockerfile

First, create a Dockerfile to build a Docker image of the `nginx` web server. Create a directory for your project and create a Dockerfile inside it with the following content:

```yaml
# Use an official NGINX runtime as the base image
FROM nginx:latest

# Expose port 80 for HTTP traffic
EXPOSE 80

# Copy your custom configuration (if any) to the NGINX configuration directory
# COPY nginx.conf /etc/nginx/nginx.conf

# Start NGINX when the container starts
CMD ["nginx", "-g", "daemon off;"]
```

#### 2. Build and Push the Docker Image

Build the Docker image and push it to a container registry. We'll use Docker Hub as an example. Replace <your-username> with your Docker Hub name:

``` bash
# Build the Docker image
docker build -t <your-dockerhub-username>/nginx-app:v1 .

# Log in to Docker Hub (if not already logged in)
docker login

# Push the image to Docker Hub
docker push <your-dockerhub-username>/nginx-app:v1
```

### Creating a Kubernetes Deployment

Kubernetes provides various resource types for managing applications. One of the most commonly used resources is a Deployment. Deployments are used to define the desired state for your application, including the number of replicas (Pods) and the Docker image to use.

Here's how to create a Kubernetes Deployment:

#### 1. Create a Deployment `YAML` file

Create a Kubernetes Deployment `YAML` file, e.g., `nginx-deployment.yaml`, with the following content:

```yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
        - name: nginx-container
          image: <your-dockerhub-username>/nginx-app:v1
          ports:
          - containerPort: 80
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 1
      maxSurge: 1
```

In this `YAML` configuration, we have a Deployment named `nginx-deployment` that defines the desired state for an application. It specified that we want to maintain three identical replicas of this application. The `selector` section helps the Deployment identify and manage Pods with the label `app:nginx`.

Within the `template` section, we describe how the Pods should look. We assign the label `app:nginx` to Pods created by this template. Inside the template, there's a container definition named `nginx-container`. It uses the Docker image version `v1` and exposes port 80 for the application.

Additionally, we set the deployment strategy to `RollingUpdate`. This strategy ensures a smooth transition during updates. Specifically, it allows at most one old Pod to be unavailable at a time (`maxUnavailable: 1`) and limits the number of new Pods added simultaneously to one (`maxSurge: 1`).

#### 2. Expose the Application (Internal Access)

To expose the `nginx` application for internal access within your Kubernetes cluster, we will create a ClusterIP service. Create a file named `nginx-service.yaml` with the following content:

```yaml
apiVersion: v1
kind: Service
metadata:
  name: nginx-service
spec:
  selector:
    app: nginx
  ports:
    - protocol: TCP
      port: 80 # Port for internal communication within the cluster
      targetPort: 80 # Port exposed by your container
  type: ClusterIP

```

In this example, we are creating a ClusterIP service named `nginx-service`. This service is configured to direct traffic to Pods labeled with `app: nginx`. When services within the cluster want to communicate with this application, they can use the service's cluster IP address and port 80, as defined in `targetPort`.

This setup is suitable for internal applications, ensuring that the application remains isolated and accessible only within the Kubernetes cluster. For testing and development purposes, you can also combine ClusterIP with port forwarding. This allows you to access the application from your local machine, forwarding traffic to the service's cluster IP address. However, this access remains limited to users within your cluster or those with the necessary access right, making it suitable for testing and development scenarios.

If you require external or internet access to your application, especially in a production or company-wide context, other service types like LoadBalancer or Ingress should be considered, as they provide mechanisms for broader accessibility and routing.

If you need to distribute the application company-wide, you should consider using Ingress. Ingress controllers allow you to manage more advance routing, domain-based access, and can be a powerful way to manage both internal and external traffic. However, setting up an Ingress involves provisioning a company domain, which can be a complex and costly process. Due to these considerations, setting up Ingress is beyond the scope of this lesson.

On the other hand, if your application was customer-facing rather than for internal use, using a LoadBalancer type service would be a preferred choice. This setup is especially suitable when you want to serve your application to a broader audience, such as a public website or a customer portal.

#### 3. Switch to the AKS Context

Before applying the Deployment and Service `YAML` files to AKS, you should verify that your current Kubernetes context is set to the AKS cluster you intend to use. You can check the available contexts with:

```bash
kubectl config get-contexts
```

Identify your AKS cluster context and switch to it if necessary using:

```bash
kubectl config use-context <your-aks-context-name>
```

Ensure that you are now operating in the AKS context before proceeding with the deployment.

#### 4. Apply the Deployment

Use the correct `kubectl` commands to apply the Deployment and Service `YAML` files to your AKS cluster. This command will create the Pods and Service based on the specifications provided in the YAML files.

After applying the Deployment you can check the status of the Pods and ensure that the desired number of replicas are running using `kubectl get pods`. This command will display the list of Pods in your AKS cluster along with their status.

#### 5. Access the Application Locally

If you want to test the application locally, you can use port forwarding to access it. For example, if you want to access the application running you can run the following command: 

```bash
kubectl port-forward deployment/nginx-deployment 8080:80
```

In case you are unsure of the name of your deployment you can simply run `kubectl get deployments` to find it.

This command forwards traffic to the Pods managed by the Deployment named `nginx-deployment` on port 80 to your local machine's port 8080. You can then access the application locally at `http://localhost:8080`.  

> You can also check the deployment has been successful on the Azure Portal. In the AKS cluster overview, navigate to the **Workloads** section. Here, you should not see any deployments related to the NGINX application. You can also verify that the NGINX Service ClusterIP has been deployed in the **Services and ingress** pane.

You've now deployed a simple NGINX web application to your AKS cluster. This example demonstrates the basic steps involved in deploying an application to AKS. You can further customize and scale your application as needed for more complex scenarios.

### Cleanup

After completing your deployment and any testing or exploration, it's essential to clean up the resources to avoid additional costs and resource usage. Here's how you can clean up the resources used in this example.

Use `kubectl` to delete the Kubernetes Deployment and Service created during the example:

In [1]:
!kubectl delete deployment nginx-deployment
!kubectl delete service nginx-service

deployment.apps "nginx-deployment" deleted
service "nginx-service" deleted


This will remove the NGINX Deployment and the Service. 

If you no longer need the Docker image, you can remove it from your local Docker repository: `docker rmi <your-dockerhub-username>/nginx-app:v1`. 

You might also have running Docker containers related to this example, you can stop and remove them:

In [None]:
!docker stop <container-id>
!docker rm <container-id>

## Managing and Scaling Applications on AKS

Once your applications are up and running on AKS, you'll often need to manage and scale them according to varying workloads and application demands. In this section, we'll explore several key aspects of application management on AKS.

### Scaling Application Instances

Scaling your application instances up or down is a fundamental part of managing workloads on AKS. Here's how you can achieve that:

- **Scaling Replicas**: You can manually scale the number of replicas (Pods) for a Deployment using the `kubectl scale` command. For example, to scale a Deployment named `my-deployment` to 5 replicas: `kubectl scale deployment my-deployment --replicas=5`

- **Autoscaling with Horizontal Pod Autoscaler (HPA)**: *HPA* is a Kubernetes feature that automatically adjusts the number of Pod replicas based on CPU or memory usage. You can create an HPA resource to define scaling rules and let Kubernetes manage the scaling for you.

### Horizontal Pod Autoscaling (HPA)

> HPA is a powerful feature that allows your AKS cluster to automatically adjust the number of replicas in a Deployment to meet performance requirements. 

You can use the `kubectl autoscale` command to create an HPA resource. Replace `<deployment-name>` with the name of your Deployment, `<metric-name>` with the metric you want to scale based on (e.g., cpu or memory), and set the desired metric value, minimum, and maximum replicas: 

```bash
kubectl autoscale deployment <deployment-name> --cpu-percent=50 --min=2 --max=10
```

To view the created HPA resource, you can run the following command: `kubectl get hpa`. You can also describe the HPA to see detailed information: `kubectl describe hpa <hpa-name>`.

To test HPA, you can simulate increased resource usage by deploying a load-testing tool or generating traffic to your application. HPA should automatically adjust the number of replicas based on the configured scaling rules.

### Performing Rolling Updates and Rollbacks

Ensuring smooth application updates is essential. Kubernetes provides a robust mechanism for rolling updates and rollbacks:

- **Rolling Updates**: You can update your application by creating a new version of your Docker image and then updating the Deployment's image reference. Kubernetes will gradually replace old Pods with new ones, ensuring zero-downtime updates.

```bash
kubectl set image deployment/my-deployment my-container=new-image:v2
```

- **Rollbacks**: In case an update causes issues, you can roll back to a previous known-good version. Kubernetes allows you to easily rollback to a previous Deployment revision.

```bash
kubectl rollout undo deployment/my-deployment
```
This command rolls back to the previous revision, ensuring that your application returns to a stable state.

Managing and scaling applications on AKS involves scaling instances, utilizing Horizontal Pod Autoscaling for dynamic scaling, and ensuring seamless updates and rollbacks. These practices enable you to maintain the availability and performance of your applications as they evolve.

## Key Takeaways

- AKS is a managed Kubernetes service provided by Microsoft Azure, offering a platform for deploying, managing, and scaling containerized applications
- You can create an AKS cluster using the Azure Portal or Azure CLI, specifying configurations like node pools and virtual networks
- You can use  the Azure CLI to obtain cluster credentials and configure `kubectl` for cluster access
- To deploy an application on AKS, you have to package your application into a Docker container and create a Kubernetes Deployment to manage it. After that, you can simply deploy the application to AKS using `kubectl apply`.
- You can either manually scale application using `kubectl scale`, or use HPA for automated horizontal scaling. You can configure HPA in AKS to dynamically scale your application based on CPU or memory metrics.