Hacking AKS in Paris
In mondora, we think that Software can be one of the Forces for Good. This is why we rely so much on open source — we believe that open source and inclusion will rule the developer’s world. This is the case of Kubernetes and everyone working on the cloud knows the Importance of it. It’s a fundamental milestone of a modern architecture based on microservices.
We’ve been using K8s since the fall of 2016 on Microsoft Azure. To be honest, the first approach we had was a deployment from scratch on Azure Virtual Machines and it was a rather painful experience. We were struggling with it because a lot of Kubernetes components were bleeding edge. Long story short: this first cluster remained a proof of concept.
At the end of 2016 Microsoft Azure released Azure Container Services (ACS) with Kubernetes. This service provides a working Kubernetes cluster. We were able to deploy our dev, Q&A and production clusters and start the delivery of services! The experience was amazing, but the maintenance of the cluster with these services (instances monitoring, K8s updates, …) was not owned by Microsoft Azure. All of these operations were in the care of our team. We didn’t find what we were looking for. As a software company, we only wanted to keep our focus on developing new features for our products (like agyo.io), and not maintain the infrastructure.
During the last Microsoft Connect(), the game really changed. A new service called Azure Kubernetes Services (AKS) was presented, which is a fully managed Kubernetes container orchestration service owned by Microsoft Azure. No maintenance, no operations required, and finally, at the third attempt we found the product that fits our requirements!
So we planned a migration roadmap from ACS to AKS.. and (life is good!) our clever friends at Microsoft decided to help us! Microsoft has definitely changed in the last years (also for a geek like me!).
We were invited to Paris, from 18th to 22nd of June, at Azure Kubernetes Service Migration Hackfest! A great opportunity to meet the AKS product group from Redmond and start the migration using best practices from Microsoft Azure!
From SecOps: first of all secure it! The first step was to introduce two important pieces in the architecture to secure our secret and high availability of the services. We wrote a Jenkins pipeline that uses Azure Key Vault (AKV): Jenkins collects the secret, for example, an authentication token from AKV and uses it to populate the correct environment variable inside our K8s deployment. This technique is more secure and allowed us to easily rotate all “the secrets” in our microservices. The second step was to use Open Service Broker for Azure, and easy way to configure and manage connection strings to our Azure database backend.
After writing the CI pipelines we used Azure Resource Manager template and Azure CLI to deploy the cluster. And now with the same script, we’re able to deploy same AKS in several Azure Regions, flawlessly for our business continuity requirements! Meanwhile, Helm is used to deploy the application. Before we used Kubernetes yaml template, a single template for every microservice and now with Helm we’re able to create a single chart that rules all services. This makes it easier to start-up new services for our devs and decreases the possibility of typos or mistakes or even misconfigurations.
The Last piece of the migration was monitoring the cluster performances in order to configure Kubernetes Horizontal Pod Autoscaler with standard and custom metrics. Our core application needs to scale when a large number of messages are waiting inside an Azure Service Bus topic subscription. We used Azure NodeJS SDK to read these metrics, and after we used K8s SDK to increase the number of PODs in order to increase the number of messages elaborated! Working like a charm! As of today, HPO does not support scale on custom metrics but we trust that this feature will be released soon!
The HackFest was a success! We reached all of our objectives. We really loved this kind of experience which was not a classic training class on Azure Kubernetes Services. We took a bunch of problems to Paris and the Microsoft team helped us to solve them. We found it great to learn problem solving with Microsoft top engineers and to have the opportunity to fill the gaps with had! And last but not least mingling! The collaboration was incredibly awesome: the guys from Redmond rock!
I want to thank our team and all of the guys present in Paris, Guillaume and all teams from Microsoft France and our Microsoft Italian team Chiara, Daniele, Roberto and Stefano who trusted us and gave us the opportunity to show that in Italy we are rolling out good software solutions (not only good wine… which is true…) :-)
See you at the next Hack!