# Deploy Web App on Azure Container Services (AKS)


In this notebook, we will set up an Azure Container Service which will be managed by Kubernetes. We will then take the Docker image we created earlier that contains our app and deploy it to the AKS cluster. Then, we will check everything is working by sending an image to it and getting it scored. 

The process is split into the following steps:
- Define our resource names
- Login to Azure
- Create resource group and create AKS
- Connect to AKS
- Deploy our app
- Tear it all down

We assume that this notebook is running on Linux and Azure CLI is installed before proceeding.

## Setup

Below are the various name definitions for the resources needed to setup AKS as well as the name of the Docker image we will be using.

In [1]:
# Please modify the below as you see fit
resource_group = "<RESOURCE_GROUP>" 
aks_name = "<AKS_CLUSTER_NAME>"
location = "eastus"

image_name = '<YOUR_DOCKER_IMAGE>' # 'fboylu/kerastf-gpu' Feel free to use this image if you want to 
                                   # skip creating your own container
selected_subscription = "'<YOUR_SUBSCRIPTION>'" # If you have multiple subscriptions select 
                                                # the subscription you want to use here

In [6]:
resource_group = "fbaksnasmrg" # Feel free to modify these
aks_name = "fbAKSnasmCluster"
location = "eastus"

image_name = "fboylu/kerasnasm-gpu" 
selected_subscription = "'Team Danielle Internal'"

## Azure account login

The command below will initiate a login to your Azure account. It will pop up with an url to go to where you will enter a one off code and log into your Azure account using your browser.

In [3]:
!az login -o table

[33mTo sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code FQ9PHU9ND to authenticate.[0m
CloudName    IsDefault    Name                           State    TenantId
-----------  -----------  -----------------------------  -------  ------------------------------------
AzureCloud   False        Boston DS Dev                  Enabled  72f988bf-86f1-41af-91ab-2d7cd011db47
AzureCloud   False        Internal Consumption           Enabled  72f988bf-86f1-41af-91ab-2d7cd011db47
AzureCloud   True         Team Danielle Internal         Enabled  72f988bf-86f1-41af-91ab-2d7cd011db47
AzureCloud   False        Boston Engineering             Enabled  72f988bf-86f1-41af-91ab-2d7cd011db47
AzureCloud   False        ADLTrainingMS                  Enabled  72f988bf-86f1-41af-91ab-2d7cd011db47
AzureCloud   False        Ads Eng Big Data Subscription  Enabled  72f988bf-86f1-41af-91ab-2d7cd011db47
AzureCloud   False        Data Wrangling Preview         Enabled  72

In [7]:
!az account set --subscription $selected_subscription

In [5]:
!az account show

{
  "environmentName": "AzureCloud",
  "id": "edf507a2-6235-46c5-b560-fd463ba2e771",
  "isDefault": true,
  "name": "Team Danielle Internal",
  "state": "Enabled",
  "tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
  "user": {
    "name": "fboylu@microsoft.com",
    "type": "user"
  }
}


You will also need to register the container service resources on your subscription if you haven't already done so.

In [9]:
!az provider register -n Microsoft.ContainerService

In [5]:
!az provider show -n Microsoft.ContainerService

{
  "additionalProperties": {
    "authorization": {
      "applicationId": "7319c514-987d-4e9b-ac3d-d38c4f427f4c",
      "managedByRoleDefinitionId": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
      "roleDefinitionId": "1b4a0c7f-2217-416f-acfa-cf73452fdc1c"
    }
  },
  "id": "/subscriptions/edf507a2-6235-46c5-b560-fd463ba2e771/providers/Microsoft.ContainerService",
  "namespace": "Microsoft.ContainerService",
  "registrationState": "Registered",
  "resourceTypes": [
    {
      "additionalProperties": {
        "capabilities": "None"
      },
      "aliases": null,
      "apiVersions": [
        "2017-07-01",
        "2017-01-31",
        "2016-09-30",
        "2016-03-30"
      ],
      "locations": [
        "Japan East",
        "Central US",
        "East US 2",
        "Japan West",
        "East Asia",
        "South Central US",
        "Australia East",
        "Australia Southeast",
        "Brazil South",
        "Southeast Asia",
        "Wes

## Create resources and dependencies

### Create resource group and AKS cluster

Azure encourages the use of groups to organize all the Azure components you deploy. That way it is easier to find them but also we can delete a number of resources simply by deleting the group.

In [6]:
!az group create --name $resource_group --location $location

{
  "id": "/subscriptions/edf507a2-6235-46c5-b560-fd463ba2e771/resourceGroups/fbaksnasmrg",
  "location": "eastus",
  "managedBy": null,
  "name": "fbaksnasmrg",
  "properties": {
    "provisioningState": "Succeeded"
  },
  "tags": null
}


Below, we create the AKS cluster in the resource group we created earlier.

In [7]:
%%time
!az aks create --resource-group $resource_group --name $aks_name --node-count 1 --generate-ssh-keys -s Standard_NC6

[33mSSH key files '/home/fboylu/.ssh/id_rsa' and '/home/fboylu/.ssh/id_rsa.pub' have been generated under ~/.ssh to allow SSH access to the VM. If using machines without permanent storage like Azure Cloud Shell without an attached file share, back up your keys to a safe location[0m
[K{| Finished ..ion done[############################################]  100.0000%
  "id": "/subscriptions/edf507a2-6235-46c5-b560-fd463ba2e771/resourcegroups/fbaksnasmrg/providers/Microsoft.ContainerService/managedClusters/fbAKSnasmCluster",
  "location": "eastus",
  "name": "fbAKSnasmCluster",
  "properties": {
    "accessProfiles": null,
    "agentPoolProfiles": [
      {
        "count": 1,
        "dnsPrefix": null,
        "fqdn": null,
        "name": "nodepool1",
        "osDiskSizeGb": null,
        "osType": "Linux",
        "ports": null,
        "storageProfile": "ManagedDisks",
        "vmSize": "Standard_NC6",
        "vnetSubnetId": null
      }
    ],
    "dnsPrefix": "fbAKSnasmC-fbaksnasmr

In [7]:
!az aks list -o table

Name              Location    ResourceGroup    KubernetesVersion    ProvisioningState    Fqdn
----------------  ----------  ---------------  -------------------  -------------------  -----------------------------------------------------------
dangdevopsclstr   eastus      dangdevops       1.9.6                Succeeded            devops-3b040ce9.hcp.eastus.azmk8s.io
ddaks             eastus      ddaksdeploy      1.8.11               Failed               ddaks-ddaksdeploy-edf507-eefe283f.hcp.eastus.azmk8s.io
fbAKSClustercpu   eastus      fbakscpurg       1.8.10               Succeeded            fbaksclust-fbakscpurg-edf507-17685694.hcp.eastus.azmk8s.io
fbAKSnasmCluster  eastus      fbaksnasmrg      1.7.7                Succeeded            fbaksnasmc-fbaksnasmrg-edf507-71d3348d.hcp.eastus.azmk8s.io
msaksgpu          eastus      msaksrg          1.7.7                Succeeded            msaksgpu-msaksrg-edf507-08d4dbae.hcp.eastus.azmk8s.io


### Install kubectl CLI

To connect to the Kubernetes cluster, we will use kubectl, the Kubernetes command-line client. To install, run the following:

In [8]:
!sudo -i az aks install-cli

[33mDownloading client to /usr/local/bin/kubectl from https://storage.googleapis.com/kubernetes-release/release/v1.10.3/bin/linux/amd64/kubectl[0m
[33mPlease ensure that /usr/local/bin is in your search PATH, so the `kubectl` command can be found.[0m


## Connect to AKS cluster

To configure kubectl to connect to the Kubernetes cluster, run the following command:

In [9]:
!az aks get-credentials --resource-group $resource_group --name $aks_name

Merged "fbAKSnasmCluster" as current context in /home/fboylu/.kube/config


Let's verify connection by listing the nodes.

In [11]:
!kubectl get nodes

NAME                       STATUS    ROLES     AGE       VERSION
aks-nodepool1-28892049-0   Ready     agent     19h       v1.7.7


Let's check the pods on our cluster.

In [12]:
!kubectl get pods --all-namespaces

NAMESPACE     NAME                                    READY     STATUS    RESTARTS   AGE
kube-system   azureproxy-3924340074-lkbvx             1/1       Running   2          19h
kube-system   heapster-186967039-g1kkt                2/2       Running   0          19h
kube-system   kube-dns-v20-2253765213-0wggg           3/3       Running   0          19h
kube-system   kube-dns-v20-2253765213-rxtcx           3/3       Running   0          19h
kube-system   kube-proxy-m5kbj                        1/1       Running   0          19h
kube-system   kube-svc-redirect-rmgrk                 1/1       Running   0          19h
kube-system   kubernetes-dashboard-2898242510-j9ld5   1/1       Running   1          19h
kube-system   tunnelfront-2927545824-mxc2k            1/1       Running   0          19h


## Deploy application

Below we define our Kubernetes manifest file for our service and load balancer. Note that we have to specify the volume mounts to the drivers that are located on the node.

In [14]:
app_template = {
  "apiVersion": "apps/v1beta1",
  "kind": "Deployment",
  "metadata": {
      "name": "azure-dl"
  },
  "spec":{
      "replicas":1,
      "template":{
          "metadata":{
              "labels":{
                  "app":"azure-dl"
              }
          },
          "spec":{
              "containers":[
                  {
                      "name": "azure-dl",
                      "image": "fboylu/kerasnasm-gpu",
                      "env":[
                          {
                              "name": "LD_LIBRARY_PATH",
                              "value": "$LD_LIBRARY_PATH:/usr/local/nvidia/lib64:/opt/conda/envs/py3.5/lib"
                          }
                      ],
                      "ports":[
                          {
                              "containerPort":80,
                              "name":"model"
                          }
                      ],
                      "volumeMounts":[
                          {
                              "mountPath":"/usr/local/nvidia",
                              "name": "nvidia",
                          }
                      ],
                      "resources":{
                           "requests":{
                               "alpha.kubernetes.io/nvidia-gpu": 1
                           },
                           "limits":{
                               "alpha.kubernetes.io/nvidia-gpu": 1
                           }
                       }  
                  }
              ],
              "volumes":[
                  {
                      "name": "nvidia",
                      "hostPath":{
                          "path":"/usr/local/nvidia"
                      },
                  },
              ]
          }
      }
  }
}

service_temp = {
  "apiVersion": "v1",
  "kind": "Service",
  "metadata": {
      "name": "azure-dl"
  },
  "spec":{
      "type": "LoadBalancer",
      "ports":[
          {
              "port":80
          }
      ],
      "selector":{
            "app":"azure-dl"
      }
   }
}

In [15]:
import json
def write_json_to_file(json_dict, filename, mode='w'):
    with open(filename, mode) as outfile:
        json.dump(json_dict, outfile, indent=4, sort_keys=True)
        outfile.write('\n\n')

In [16]:
write_json_to_file(app_template, 'az-dl.json')

In [17]:
write_json_to_file(service_temp, 'az-dl.json', mode='a')

Let's check the manifest created.

In [18]:
!cat az-dl.json

{
    "apiVersion": "apps/v1beta1",
    "kind": "Deployment",
    "metadata": {
        "name": "azure-dl"
    },
    "spec": {
        "replicas": 1,
        "template": {
            "metadata": {
                "labels": {
                    "app": "azure-dl"
                }
            },
            "spec": {
                "containers": [
                    {
                        "env": [
                            {
                                "name": "LD_LIBRARY_PATH",
                                "value": "$LD_LIBRARY_PATH:/usr/local/nvidia/lib64:/opt/conda/envs/py3.5/lib"
                            }
                        ],
                        "image": "fboylu/kerasnasm-gpu",
                        "name": "azure-dl",
                        "ports": [
                            {
                                "containerPort": 80,
                                "name": "model"
                            }
          

Next, we will use kubectl create command to deploy our application.

In [19]:
!kubectl create -f az-dl.json

deployment.apps "azure-dl" created
service "azure-dl" created


Let's check if the pod is deployed.

In [32]:
!kubectl get pods --all-namespaces

NAMESPACE     NAME                                    READY     STATUS    RESTARTS   AGE
default       azure-dl-2179268582-s9h4r               1/1       Running   0          14m
kube-system   azureproxy-3924340074-lkbvx             1/1       Running   2          19h
kube-system   heapster-186967039-g1kkt                2/2       Running   0          19h
kube-system   kube-dns-v20-2253765213-0wggg           3/3       Running   0          19h
kube-system   kube-dns-v20-2253765213-rxtcx           3/3       Running   0          19h
kube-system   kube-proxy-m5kbj                        1/1       Running   0          19h
kube-system   kube-svc-redirect-rmgrk                 1/1       Running   0          19h
kube-system   kubernetes-dashboard-2898242510-j9ld5   1/1       Running   1          19h
kube-system   tunnelfront-2927545824-mxc2k            1/1       Running   0          19h


If anything goes wrong you can use the commands below to observe the events on the node as well as review the logs.

In [31]:
!kubectl get events

LAST SEEN   FIRST SEEN   COUNT     NAME                                         KIND         SUBOBJECT                   TYPE      REASON                  SOURCE                              MESSAGE
14m         14m          1         azure-dl-2179268582-s9h4r.1535465c14e7d88a   Pod                                      Normal    Scheduled               default-scheduler                   Successfully assigned azure-dl-2179268582-s9h4r to aks-nodepool1-28892049-0
14m         14m          1         azure-dl-2179268582-s9h4r.1535465c2437bba5   Pod                                      Normal    SuccessfulMountVolume   kubelet, aks-nodepool1-28892049-0   MountVolume.SetUp succeeded for volume "nvidia" 
14m         14m          1         azure-dl-2179268582-s9h4r.1535465c27ea1f1f   Pod                                      Normal    SuccessfulMountVolume   kubelet, aks-nodepool1-28892049-0   MountVolume.SetUp succeeded for volume "default-token-bcc2n" 
7m          14m          4         az

Check the logs for the application pod.

In [33]:
pod_json = !kubectl get pods -o json
pod_dict = json.loads(''.join(pod_json))

In [34]:
!kubectl logs {pod_dict['items'][0]['metadata']['name']}

2018-06-05 13:34:38,672 CRIT Supervisor running as root (no user in config file)
2018-06-05 13:34:38,674 INFO supervisord started with pid 9
2018-06-05 13:34:39,677 INFO spawned: 'program_exit' with pid 17
2018-06-05 13:34:39,678 INFO spawned: 'nginx' with pid 18
2018-06-05 13:34:39,679 INFO spawned: 'gunicorn' with pid 19
2018-06-05 13:34:40,709 INFO success: program_exit entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2018-06-05 13:34:41.069627: I tensorflow/core/platform/cpu_feature_guard.cc:140] Your CPU supports instructions that this TensorFlow binary was not compiled to use: AVX2 FMA
2018-06-05 13:34:45,077 INFO success: nginx entered RUNNING state, process has stayed up for > than 5 seconds (startsecs)
2018-06-05 13:34:47.487483: I tensorflow/core/common_runtime/gpu/gpu_device.cc:1212] Found device 0 with properties: 
name: Tesla K80 major: 3 minor: 7 memoryClockRate(GHz): 0.8235
pciBusID: 6066:00:00.0
totalMemory: 11.17GiB freeMemory: 1

In [35]:
!kubectl get deployment

NAME       DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
azure-dl   1         1         1            1           17m


It can take a few minutes for the service to populate the EXTERNAL-IP field below. This will be the IP you use to call the service. You can also specify an IP to use, please see the AKS documentation for further details.

In [44]:
!kubectl get service azure-dl

NAME       TYPE           CLUSTER-IP    EXTERNAL-IP    PORT(S)        AGE
azure-dl   LoadBalancer   10.0.41.218   40.121.56.27   80:30528/TCP   4h


Next, we will [test our web application deployed on AKS](05_TestWebApp.ipynb). Once, we are done with all the notebooks of the tutorial, below instructions can be used to delete the cluster and free resources.

# Scaling

In [45]:
!az aks scale --resource-group=$resource_group --name=$aks_name --node-count 3

[K{- Finished ..
  "agentPoolProfiles": [
    {
      "count": 3,
      "dnsPrefix": null,
      "fqdn": null,
      "name": "nodepool1",
      "osDiskSizeGb": null,
      "osType": "Linux",
      "ports": null,
      "storageProfile": "ManagedDisks",
      "vmSize": "Standard_NC6",
      "vnetSubnetId": null
    }
  ],
  "dnsPrefix": "fbAKSnasmC-fbaksnasmrg-edf507",
  "fqdn": "fbaksnasmc-fbaksnasmrg-edf507-71d3348d.hcp.eastus.azmk8s.io",
  "id": "/subscriptions/edf507a2-6235-46c5-b560-fd463ba2e771/resourcegroups/fbaksnasmrg/providers/Microsoft.ContainerService/managedClusters/fbAKSnasmCluster",
  "kubernetesVersion": "1.7.7",
  "linuxProfile": {
    "adminUsername": "azureuser",
    "ssh": {
      "publicKeys": [
        {
          "keyData": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTZYQFHNstYCR25qtvMrC6baTMS6TobaIRbgd0xOoafDy+2uBk0DMJuhGWoOcrsCnvadp5k/0K8qBRysyhlQGWb6+r8fBunThy+zpTKqdh3W8Q1y5UtKnGwwU1cqGXDOPUIXJYNPJqUKV829+MOrZjUynhHgSzDbY2ncGyoT+Farsvm01aGEdDapa+XRl4JAwtN1bb9q+Ii5y

In [46]:
!kubectl describe nodes

Name:               aks-nodepool1-28892049-0
Roles:              agent
Labels:             agentpool=nodepool1
                    beta.kubernetes.io/arch=amd64
                    beta.kubernetes.io/instance-type=Standard_NC6
                    beta.kubernetes.io/os=linux
                    failure-domain.beta.kubernetes.io/region=eastus
                    failure-domain.beta.kubernetes.io/zone=0
                    kubernetes.azure.com/cluster=MC_fbaksnasmrg_fbAKSnasmCluster_eastus
                    kubernetes.io/hostname=aks-nodepool1-28892049-0
                    kubernetes.io/role=agent
                    storageprofile=managed
                    storagetier=Standard_LRS
Annotations:        node.alpha.kubernetes.io/ttl=0
                    volumes.kubernetes.io/controller-managed-attach-detach=true
CreationTimestamp:  Mon, 04 Jun 2018 18:04:49 +0000
Taints:             <none>
Unschedulable:      false
Conditions:
  Type                 Status  LastHeartbeatTime           



Name:               aks-nodepool1-28892049-2
Roles:              agent
Labels:             agentpool=nodepool1
                    beta.kubernetes.io/arch=amd64
                    beta.kubernetes.io/instance-type=Standard_NC6
                    beta.kubernetes.io/os=linux
                    failure-domain.beta.kubernetes.io/region=eastus
                    failure-domain.beta.kubernetes.io/zone=0
                    kubernetes.azure.com/cluster=MC_fbaksnasmrg_fbAKSnasmCluster_eastus
                    kubernetes.io/hostname=aks-nodepool1-28892049-2
                    kubernetes.io/role=agent
                    storageprofile=managed
                    storagetier=Standard_LRS
Annotations:        node.alpha.kubernetes.io/ttl=0
                    volumes.kubernetes.io/controller-managed-attach-detach=true
CreationTimestamp:  Tue, 05 Jun 2018 17:40:59 +0000
Taints:             <none>
Unschedulable:      false
Conditions:
  Type                 Status  LastH

In [48]:
!kubectl scale --current-replicas=2 --replicas=3 deployment/azure-dl

deployment.extensions "azure-dl" scaled


In [53]:
!kubectl get pods --all-namespaces

NAMESPACE     NAME                                    READY     STATUS    RESTARTS   AGE
default       azure-dl-2179268582-k73kx               1/1       Running   0          2h
default       azure-dl-2179268582-q3xv9               1/1       Running   0          12m
default       azure-dl-2179268582-s9h4r               1/1       Running   0          4h
kube-system   azureproxy-3924340074-lkbvx             1/1       Running   2          23h
kube-system   heapster-186967039-g1kkt                2/2       Running   0          23h
kube-system   kube-dns-v20-2253765213-0wggg           3/3       Running   0          23h
kube-system   kube-dns-v20-2253765213-rxtcx           3/3       Running   0          23h
kube-system   kube-proxy-4016r                        1/1       Running   0          2h
kube-system   kube-proxy-m5kbj                        1/1       Running   0          23h
kube-system   kube-proxy-z12t0                        1/1       Running   0          16m
kube-system  

# Tear it all down

Once you are done with your cluster you can use the following two commands to destroy it all.

In [54]:
!kubectl delete -f az-dl.json

deployment.apps "azure-dl" deleted
service "azure-dl" deleted


In [55]:
!az aks delete -n $aks_name -g $resource_group -y

[K[0minished ..

In [56]:
!az group delete --name $resource_group -y

[K[0minished ..