# AKS Cookbook

## 🧪 AKS Automatic lab

![visual](visual.png)

Azure Kubernetes Service (AKS) Automatic offers an experience that makes the most common tasks on Kubernetes fast and frictionless, while preserving the flexibility, extensibility, and consistency of Kubernetes. Azure takes care of your cluster setup, including node management, scaling, security, and preconfigured settings that follow AKS well-architected recommendations. Automatic clusters dynamically allocate compute resources based on your specific workload requirements and are tuned for running production applications.  
This lab is based on the official [AKS documentation](https://learn.microsoft.com/en-us/azure/aks/learn/quick-kubernetes-automatic-deploy?pivots=bicep).  

▶️ Click on the `Run All` button to execute all the subsequent steps in sequence, or run each step individually by executing the cells one at a time.

### TOC

- [0️⃣ Initialize notebook variables](#0)
- [1️⃣ Verify the Azure CLI and connected Azure subscription](#1)
- [2️⃣ Create a new Azure Resource Group or reuse an existing one](#2)
- [3️⃣ Create an AKS Automatic cluster with BICEP 🦾](#3)
- [4️⃣ Connect to the AKS cluster](#4)
- [5️⃣ Retrieve the list of AKS cluster nodes](#5)
- [6️⃣ Deploy the sample application](#6)
- [7️⃣ List the Kubernetes resources created](#7)
- [8️⃣ Test the application](#8)
- [9️⃣ Observe the logs](#9)
- [🗑️ Clean up resources](#clean)


<a id='0'></a>
### 0️⃣ Initialize notebook variables
You can use this notebook with existing resources or to create the necessary resources.  
Adjust the location parameters according your preferences and on the [product availability by Azure region](https://azure.microsoft.com/en-us/explore/global-infrastructure/products-by-region/?cdn=disable).

In [None]:
import os, time, json, requests, utils

create_resources = True # specify True if you want to create new resources, False to use existing ones

if create_resources:
    # create new resources with the following properties
    deployment_name = os.path.basename(os.path.dirname(globals()['__vsc_ipynb_file__']))
    resource_group_name = f"lab-{deployment_name}" # change the name to match your naming convention
    resource_group_location = "eastus2"
    aks_resource_name = "aks-cluster"
    aks_nodepool_count = 1
    aks_nodepool_vm_size = 'Standard_DC4ds_v3'
    role_definition_id = 'b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b' # Azure Kubernetes Service RBAC Cluster Admin: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/containers#azure-kubernetes-service-rbac-cluster-admin
else:
    # or use the following existing resources
    resource_group_name = ""
    aks_resource_name = ""

utils.print_ok('Notebook initiaized')

<a id='1'></a>
### 1️⃣ Verify the Azure CLI and connected Azure subscription
The following commands ensure that you have the latest version of the Azure CLI and relevant extensions installed while also verifying that the Azure CLI is connected to your Azure subscription.

In [None]:
output = utils.run("az account show", "Retrieved az account", "Failed to get the current az account")
if output.success and output.json_data:
    current_user = output.json_data['user']['name']
    subscription_id = output.json_data['id']
    subscription_name = output.json_data['name']
    utils.print_info(f"Current Azure subscription: {subscription_name}")
    tenant_id = output.json_data['tenantId']

output = utils.run("az ad signed-in-user show", "Retrieved signed-in-user", "Failed to get signed-in-user")
if output.success and output.json_data:
    signed_in_user_id = output.json_data['id']
    utils.print_info(f"Signed-in User Id: {signed_in_user_id}")

output = utils.run("az extension add --name k8s-extension", "az k8s-extension installed", "Failed to install az k8s-extension")
output = utils.run("az extension update --name k8s-extension", "az k8s-extension updated", "Failed to update az k8s-extension")
output = utils.run("az extension add --name aks-preview", "az aks-preview extension installed", "Failed to install az aks-preview extension")
output = utils.run("az extension update --name aks-preview", "az aks-preview extension updated", "Failed to update az aks-preview extension")

output = utils.run("az provider register --namespace Microsoft.KubernetesConfiguration --wait", "Microsoft.KubernetesConfiguration registered in your subscription", "Failed to register Microsoft.KubernetesConfiguration")
output = utils.run("az feature register --namespace Microsoft.ContainerService --name EnableAPIServerVnetIntegrationPreview", "EnableAPIServerVnetIntegrationPreview registered in your subscription", "Failed to register EnableAPIServerVnetIntegrationPreview")
output = utils.run("az feature register --namespace Microsoft.ContainerService --name NRGLockdownPreview", "NRGLockdownPreview registered in your subscription", "Failed to register NRGLockdownPreview")
output = utils.run("az feature register --namespace Microsoft.ContainerService --name SafeguardsPreview", "SafeguardsPreview registered in your subscription", "Failed to register SafeguardsPreview")
output = utils.run("az feature register --namespace Microsoft.ContainerService --name NodeAutoProvisioningPreview", "NodeAutoProvisioningPreview registered in your subscription", "Failed to register NodeAutoProvisioningPreview")
output = utils.run("az feature register --namespace Microsoft.ContainerService --name DisableSSHPreview", "DisableSSHPreview registered in your subscription", "Failed to register DisableSSHPreview")
output = utils.run("az feature register --namespace Microsoft.ContainerService --name AutomaticSKUPreview", "AutomaticSKUPreview registered in your subscription", "Failed to register AutomaticSKUPreview")

# Once the feature 'AutomaticSKUPreview' is registered, invoking 'az provider register -n Microsoft.ContainerService' is required to get the change propagated.
output = utils.run("az provider register --namespace Microsoft.ContainerService --wait", "Microsoft.ContainerService registered in your subscription", "Failed to register Microsoft.ContainerService")



<a id='2'></a>
### 2️⃣ Create an AKS Automatic cluster with BICEP 🦾
All resources deployed in this lab will be created within the designated resource group.   
The following step creates an AKS cluster using a BICEP deployment. 

In [None]:
if create_resources:
    utils.create_resource_group(create_resources, resource_group_name, resource_group_location)
    bicep_parameters = {
        "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
        "contentVersion": "1.0.0.0",
        "parameters": {
            "clusterName": { "value": aks_resource_name },
            "nodePoolCount": { "value": aks_nodepool_count },
            "nodePoolVMSize": { "value": aks_nodepool_vm_size },
            "roleDefinitionId": { "value": role_definition_id },
            "userPrincipalId": { "value": signed_in_user_id }
        }
    }    
    with open('params.json', 'w') as bicep_parameters_file:
        bicep_parameters_file.write(json.dumps(bicep_parameters))

    output = utils.run(f"az deployment group create --name {deployment_name} --resource-group {resource_group_name} --template-file main.bicep --parameters params.json", 
                 f"Deployment '{deployment_name}' succeeded", f"Deployment '{deployment_name}' failed")


<a id='3'></a>
### 3️⃣ Retrieve deployment outputs

In [None]:
if create_resources:
    # retrieve deployment outputs
    output = utils.run(f"az deployment group show --name {deployment_name} -g {resource_group_name}", f"Retrieved deployment: {deployment_name}", f"Failed to retrieve deployment: {deployment_name}")
    if output.success and output.json_data:
        aks_control_plane_fqdn = utils.get_deployment_output(output, 'controlPlaneFQDN', 'Control Plane FQDN')


<a id='4'></a>
### 4️⃣ Connect to the AKS cluster
Configure kubectl to connect to your Kubernetes cluster using the [az aks get-credentials](https://learn.microsoft.com/en-us/cli/azure/aks?view=azure-cli-latest#az-aks-get-credentials) command. This command downloads credentials and configures the Kubernetes CLI to use them.

In [None]:
output = utils.run(f"az aks get-credentials --resource-group {resource_group_name} --name {aks_resource_name} --overwrite-existing",
             f"Credentials for AKS cluster '{aks_resource_name}' configured",
             f"Failed to configure credentials for AKS cluster '{aks_resource_name}'")

output = utils.run("kubelogin convert-kubeconfig -l azurecli", "kubelogin succeeded", "Failed to run kubelogin")



<a id='5'></a>
### 5️⃣ Retrieve the list of AKS cluster nodes
Verify the connection to your cluster using the [kubectl get](https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#get) command. This command returns a list of the cluster nodes.

In [None]:
! kubectl get nodes

<a id='6'></a>
### 6️⃣ Deploy the sample application
To deploy the application, you use a manifest file to create all the objects required to run the [AKS Store application](https://github.com/Azure-Samples/aks-store-demo). A [Kubernetes manifest file](https://learn.microsoft.com/en-us/azure/aks/core-aks-concepts#deployments-and-yaml-manifests) defines a cluster's desired state, such as which container images to run.  
  
The manifest includes the following Kubernetes deployments and services:
- Store front: Web application for customers to view products and place orders.
- Product service: Shows product information.
- Order service: Places orders.
- Rabbit MQ: Message queue for an order queue.

Review the [sample manifest file](aks-store-quickstart.yaml) that will be used in the following command. 

In [None]:
! kubectl apply -f aks-store-quickstart.yaml


<a id='7'></a>
### 7️⃣ List the Kubernetes resources created
The following commands list the deployed pods and services in the AKS cluster.

In [None]:
output = utils.run("kubectl get pods -n default", "Pods in the default namespace", "Failed to get pods in the default namespace")
print(output.text) 

output = utils.run("kubectl get service -n default", "Services in the default namespace", "Failed to get services in the default namespace")
print(output.text) 

<a id='8'></a>
### 8️⃣ Test the application
The following script verifies the readiness of the `store-front` pod and retrieves the external IP address for the `store-front` service, enabling you to test the application UI.

In [None]:
wait_time = 60 # in seconds
sleep_time = 5 # in seconds
request_timeout = 60 # in seconds
message = "Application is not ready yet. Check the logs."
while wait_time - sleep_time > 0:
    output = utils.run("kubectl get pods -l app=store-front -o jsonpath={..status.phase}")
    if output.success and output.text == "Running":
        output = utils.run("kubectl get service store-front --output jsonpath={..status.loadBalancer.ingress[0]}")
        if output.success and output.json_data:
            ingress_ip = output.json_data['ip']
            utils.print_info(f"Service External IP: {ingress_ip}")
            try:
                response = requests.get(f"http://{ingress_ip}", timeout=request_timeout)
                if (response.status_code == 200):
                    utils.print_ok(f"Application ready @ http://{ingress_ip}")
                    message = None
                    break
            except:
                message = "The application is currently unresponsive..."
    wait_time -= sleep_time
    time.sleep(sleep_time)
if message:
    utils.print_warning(message)

<a id='9'></a>
### 9️⃣ Observe the logs
When operating an Azure Kubernetes Service (AKS) cluster, you may need to review logs to troubleshoot a problem. Azure portal has a built-in capability that allows you to view logs for AKS main components and cluster containers.  
The following commands display logs for each pod that is part of the sample application.

In [None]:
output = utils.run("kubectl logs -l app=rabbitmq --tail=3", "Logs for the rabbitmq pod", "Error in logs for the rabbitmq pod")
print(output.text) 

output = utils.run("kubectl logs -l app=order-service --tail=3", "Logs for the order-service pod", "Error in logs for the order-service pod")
print(output.text) 

output = utils.run("kubectl logs -l app=product-service --tail=3", "Logs for the product-service pod", "Error in logs for the product-service pod")
print(output.text) 

output = utils.run("kubectl logs -l app=store-front --tail=3", "Logs for the store-front pod", "Error in logs for the store-front pod")
print(output.text) 


<a id='clean'></a>
### 🗑️ Clean up resources
When you're finished with the lab, you should remove all your deployed resources from Azure to avoid extra charges and keep your Azure subscription uncluttered. Use the [clean-up-resources notebook](clean-up-resources.ipynb) for that.