WEBVTT

0:00:02.920000 --> 0:00:08.240000
 In this video, we're going to take a
 look at actually creating an Azure

0:00:08.240000 --> 0:00:09.760000
 Kubernetes service.

0:00:09.760000 --> 0:00:12.600000
 The topic list for this
 is really pretty short.

0:00:12.600000 --> 0:00:15.520000
 It is simply a demo.

0:00:15.520000 --> 0:00:17.720000
 So you're not going to have to worry
 about me whiteboarding or showing

0:00:17.720000 --> 0:00:20.400000
 you slides. We're going to get right
 in, we're going to dive right in,

0:00:20.400000 --> 0:00:23.620000
 and we're going to do this because
 we've at this point, hopefully are

0:00:23.620000 --> 0:00:25.280000
 familiar with what Kubernetes is.

0:00:25.280000 --> 0:00:27.400000
 So now let's see it in action.

0:00:27.400000 --> 0:00:29.260000
 I'm going to jump right
 in right now.

0:00:29.260000 --> 0:00:31.760000
 I'm going to tell you the first thing
 that I'm going to do is show you

0:00:31.760000 --> 0:00:34.180000
 where I've created a
 service principle.

0:00:34.180000 --> 0:00:37.880000
 The service principle is important because
 that's what allows the Kubernetes

0:00:37.880000 --> 0:00:44.520000
 service to interact with the infrastructure
 really, and to manage the

0:00:44.520000 --> 0:00:46.740000
 infrastructure. So you have to create
 a service principle, then you're

0:00:46.740000 --> 0:00:50.080000
 going to use that service principle
 with your Kubernetes service.

0:00:50.080000 --> 0:00:57.760000
 So without further ado,
 let's jump into this.

0:00:57.760000 --> 0:01:02.820000
 I have already created a service principle
 and it kind of looks like I

0:01:02.820000 --> 0:01:08.180000
 created them twice because, well, I
 did, but that's really neither here

0:01:08.180000 --> 0:01:12.100000
 nor there. Now what I have found is,
 and this is something at the time

0:01:12.100000 --> 0:01:15.820000
 of this recording that is always a
 little bit challenging, for command

0:01:15.820000 --> 0:01:18.600000
 line operations, you really want to
 kind of become familiar with both

0:01:18.600000 --> 0:01:22.180000
 PowerShell and with the CLI because
 there's some stuff that definitely

0:01:22.180000 --> 0:01:25.220000
 works better in PowerShell and then
 there's some things that work better

0:01:25.220000 --> 0:01:29.500000
 in the CLI. Right now, I've yet to find
 a good equivalent in PowerShell

0:01:29.500000 --> 0:01:35.660000
 for this little CLI command,
 A-Z-A-D-S-P, create for RBAC.

0:01:35.660000 --> 0:01:38.780000
 What that's going to do is create a
 service principle and assign that

0:01:38.780000 --> 0:01:42.300000
 service principle a role in
 a scope that you defined.

0:01:42.300000 --> 0:01:47.300000
 So what I'm doing is I'm creating a
 service principle named kubedemosp

0:01:47.300000 --> 0:01:52.280000
 and I'm scoping that to a
 particular resource group.

0:01:52.280000 --> 0:01:58.480000
 And then it's going through and assigning
 that role and then this is the

0:01:58.480000 --> 0:02:02.800000
 information that comes out that
 is really super important.

0:02:02.800000 --> 0:02:05.560000
 And that's going to be the app ID in
 particular and the password, which

0:02:05.560000 --> 0:02:11.360000
 I have copied. Alright, now let's
 see how I can go about using that.

0:02:11.360000 --> 0:02:20.720000
 I'm going to go ahead and provision
 a Kubernetes service.

0:02:20.720000 --> 0:02:27.320000
 So we just go Kubernetes
 service, create.

0:02:27.320000 --> 0:02:34.900000
 I'm going to put this in my A-Z-303
-CUBE resource group and I'm going

0:02:34.900000 --> 0:02:36.880000
 to give this a cluster name.

0:02:36.880000 --> 0:02:41.400000
 And we'll just call
 this A-Z-CUBE demo.

0:02:41.400000 --> 0:02:46.580000
 Put it in E-S-U-S because that is
 literally where I put everything.

0:02:46.580000 --> 0:02:49.100000
 Alright, Kubernetes versions, there's
 different versions of Kubernetes.

0:02:49.100000 --> 0:02:53.140000
 We're just going to stick with the default
 and it also has a default DNS

0:02:53.140000 --> 0:02:58.280000
 name prefix. That does have to be
 in the end, universally unique.

0:02:58.280000 --> 0:03:00.580000
 Then I define my nodes.

0:03:00.580000 --> 0:03:01.760000
 I've got the node size.

0:03:01.760000 --> 0:03:04.460000
 I'm running this on
 a standard DS2 V2.

0:03:04.460000 --> 0:03:08.020000
 I should prefer a DS2 V3.

0:03:08.020000 --> 0:03:12.500000
 It's a little more performant
 and it's a bit cheaper.

0:03:12.500000 --> 0:03:15.340000
 And then the node count, I'm going
 to go ahead and leave that at 3.

0:03:15.340000 --> 0:03:18.580000
 Now if you're doing this for standard
 dev, you probably want to put that

0:03:18.580000 --> 0:03:24.340000
 down to 1. But then the 3 is giving
 me some built-in availability.

0:03:24.340000 --> 0:03:26.620000
 Next I'm going to go to scale.

0:03:26.620000 --> 0:03:33.000000
 I can enable virtual nodes and I
 can also enable VM scale sets.

0:03:33.000000 --> 0:03:37.660000
 I have not set the VMS preview flag
 for the subscription because this

0:03:37.660000 --> 0:03:42.400000
 is in preview. You have to actually go in
 and run a command to set a subscription

0:03:42.400000 --> 0:03:43.900000
 level setting to allow that.

0:03:43.900000 --> 0:03:45.880000
 So I'm not going to do
 anything with that.

0:03:45.880000 --> 0:03:47.800000
 Alright, next authentication.

0:03:47.800000 --> 0:03:49.200000
 This is really important.

0:03:49.200000 --> 0:03:55.100000
 First of all, I can enable role-based
 access control into the Kubernetes.

0:03:55.100000 --> 0:03:58.240000
 But then I also have this
 service principle.

0:03:58.240000 --> 0:04:02.040000
 Now I have found that the creation of
 the service principle through the

0:04:02.040000 --> 0:04:04.360000
 portal doesn't seem
 to always work.

0:04:04.360000 --> 0:04:08.760000
 So what I'm going to do is go to configure
 service principle and I'm going

0:04:08.760000 --> 0:04:09.840000
 to use an existing one.

0:04:09.840000 --> 0:04:14.220000
 That's where I need the service principle
 client ID and the service principle

0:04:14.220000 --> 0:04:18.520000
 client secret. Which, happily,
 I have right here.

0:04:18.520000 --> 0:04:27.780000
 Here's my app ID.

0:04:27.780000 --> 0:04:37.940000
 And here is my secret
 for that app ID.

0:04:37.940000 --> 0:04:41.340000
 That's really, if you're going through
 the portal, the only thing particularly

0:04:41.340000 --> 0:04:44.880000
 challenging. Now there's other
 settings that I have.

0:04:44.880000 --> 0:04:47.420000
 And by the way, the list of settings,
 if you're doing this from the command

0:04:47.420000 --> 0:04:50.780000
 line, really map very closely
 to what you're seeing here.

0:04:50.780000 --> 0:04:53.760000
 This just, again, if I can do it in
 the portal, it's a little bit demo,

0:04:53.760000 --> 0:04:55.400000
 a little easier to see.

0:04:55.400000 --> 0:04:58.300000
 Alright, here I've got
 basic or advanced.

0:04:58.300000 --> 0:05:02.140000
 Basic is going to create a
 new VNet properly set up.

0:05:02.140000 --> 0:05:05.540000
 If you want to interact with, integrate
 with an existing VNet or you want

0:05:05.540000 --> 0:05:10.760000
 just more control over your VNet,
 you can set that to advanced.

0:05:10.760000 --> 0:05:15.040000
 Also HTTP application routing, what
 that's going to do is that will, and

0:05:15.040000 --> 0:05:17.760000
 I'll tell you right here,
 it's an easy solution.

0:05:17.760000 --> 0:05:21.940000
 It's going to create publicly accessible
 DNS names for any application

0:05:21.940000 --> 0:05:25.760000
 endpoints. So it's going to create
 a DNS zone and manage that zone for

0:05:25.760000 --> 0:05:27.700000
 you. I don't want to do that.

0:05:27.700000 --> 0:05:32.160000
 Monitoring, this also,
 I think, is quite cool.

0:05:32.160000 --> 0:05:34.660000
 Enable container monitoring,
 yes, I want to do that.

0:05:34.660000 --> 0:05:36.860000
 And what log analytics
 workspace do I want?

0:05:36.860000 --> 0:05:38.220000
 I want I and E Kubernetes.

0:05:38.220000 --> 0:05:42.660000
 That is just a workspace that I have
 set up for monitoring Kubernetes.

0:05:42.660000 --> 0:05:47.140000
 So this is all, that to me is pretty
 powerful because that's all I have

0:05:47.140000 --> 0:05:52.600000
 to do to get container level monitoring
 and have it centralized.

0:05:52.600000 --> 0:05:55.520000
 The next is tags which I'm not going
 to do, so I'm just simply going to

0:05:55.520000 --> 0:05:57.640000
 review and create.

0:05:57.640000 --> 0:06:03.040000
 And once it comes back and tells me
 that everything is swimming, I will

0:06:03.040000 --> 0:06:07.540000
 create. There we go.

0:06:07.540000 --> 0:06:11.220000
 Pass that validation, and so now I
 click the create and wait a little

0:06:11.220000 --> 0:06:13.520000
 bit for this to spin up.

0:06:13.520000 --> 0:06:19.780000
 All right, our Kubernetes
 has deployed.

0:06:19.780000 --> 0:06:23.160000
 Let's go ahead and take
 a quick look at it.

0:06:23.160000 --> 0:06:26.300000
 And there's really not that much
 that's going to be here.

0:06:26.300000 --> 0:06:29.020000
 Notice that I can go to
 Azure Monitor Insights.

0:06:29.020000 --> 0:06:33.740000
 I don't have any containers running,
 so that's not going to do me too

0:06:33.740000 --> 0:06:41.100000
 much good. I can scale, actually change
 the number of nodes, very easy

0:06:41.100000 --> 0:06:44.920000
 to do. I can see my
 networking settings.

0:06:44.920000 --> 0:06:47.400000
 I don't have a HTTP application.

0:06:47.400000 --> 0:06:50.840000
 DevSpace is something that's
 really actually very cool.

0:06:50.840000 --> 0:06:55.980000
 What it allows you to do is set up a
 Kubernetes infrastructure that can

0:06:55.980000 --> 0:06:58.160000
 be easily tied in
 by your developer.

0:06:58.160000 --> 0:07:03.660000
 So I can be developing on my own local
 machine, and I can, particularly

0:07:03.660000 --> 0:07:09.960000
 if I'm using Visual Studio, I can set
 up to deploy my code or even run

0:07:09.960000 --> 0:07:13.020000
 my code in a DevSpace.

0:07:13.020000 --> 0:07:16.200000
 So if I've got a containerized solution,
 I really want to see how this

0:07:16.200000 --> 0:07:17.080000
 is going to run.

0:07:17.080000 --> 0:07:19.860000
 That's just a really easy
 way for me to do that.

0:07:19.860000 --> 0:07:22.400000
 Outside the scope of what we're going
 to demonstrate, but it's kind of

0:07:22.400000 --> 0:07:24.720000
 a neat thing to see.

0:07:24.720000 --> 0:07:27.300000
 Then you can see there's
 some things in preview.

0:07:27.300000 --> 0:07:29.140000
 We're not even going to
 cover them right now.

0:07:29.140000 --> 0:07:33.940000
 But there's really not that much that
 I'm going to do from here, because

0:07:33.940000 --> 0:07:35.620000
 I haven't really deployed
 anything yet.

0:07:35.620000 --> 0:07:39.260000
 But I do have a working
 Kubernetes.

0:07:39.260000 --> 0:07:41.660000
 Now there is one other thing
 that I want to do.

0:07:41.660000 --> 0:07:46.400000
 That is I'm going to give this service,
 this Kubernetes service access

0:07:46.400000 --> 0:07:52.460000
 to my Azure Container Registry.

0:07:52.460000 --> 0:07:58.060000
 And so to do that, what I'm going to
 do is I'm going to go over to my

0:07:58.060000 --> 0:08:02.340000
 registry, which is I need demos.

0:08:02.340000 --> 0:08:09.160000
 And this is the actual registry, and
 I'm going to go in to access control.

0:08:09.160000 --> 0:08:13.480000
 Now this can be done from the command
 line as well, but I'm going to go

0:08:13.480000 --> 0:08:15.800000
 to role assignments.

0:08:15.800000 --> 0:08:20.780000
 And I've got this ACR push, what I really
 want though, I'm going to add

0:08:20.780000 --> 0:08:22.520000
 a role assignment.

0:08:22.520000 --> 0:08:27.820000
 And the role that I want
 to add is ACR pull.

0:08:27.820000 --> 0:08:32.260000
 Because what I'm going to do is I'm going
 to set up my Kubernetes cluster

0:08:32.260000 --> 0:08:37.320000
 to be able to pull directly from
 this container registry.

0:08:37.320000 --> 0:08:43.460000
 And this is where that service
 account becomes important.

0:08:43.460000 --> 0:08:45.260000
 Hopefully it's going
 to pull up here.

0:08:45.260000 --> 0:08:49.500000
 There we go. There's
 my cube demo SP.

0:08:49.500000 --> 0:08:57.200000
 And that's it. And so now if I deploy
 into Kubernetes, if I want to create

0:08:57.200000 --> 0:09:02.540000
 a container in Kubernetes that's based
 off an image that's in this registry,

0:09:02.540000 --> 0:09:03.700000
 I can now do that.

0:09:03.700000 --> 0:09:09.580000
 And so now I'm seeing the benefits of
 that Azure AD integration for role

0:09:09.580000 --> 0:09:10.960000
-based access control.

0:09:10.960000 --> 0:09:11.460000
 So there you go.

0:09:11.460000 --> 0:09:12.360000
 Pretty easy to do.

0:09:12.360000 --> 0:09:14.920000
 A number of settings, again, if you're
 doing this from the command line,

0:09:14.920000 --> 0:09:16.860000
 you'll see pretty much the
 same set of settings.

0:09:16.860000 --> 0:09:21.340000
 A little more you have to do in terms
 of actually specifying the workspace

0:09:21.340000 --> 0:09:25.240000
 ID that you want to use for
 your Azure monitor, etc.

0:09:25.240000 --> 0:09:27.800000
 But the same basic process,
 pretty simple to set up.

0:09:27.800000 --> 0:09:31.800000
 And now I've got this clustering solution
 that I can scale, that I can

0:09:31.800000 --> 0:09:37.120000
 deploy multiple instances of containers
 to as pods and lots of functionality

0:09:37.120000 --> 0:09:39.340000
 that really is just pretty
 much handed to me.