Tuesday, April 25, 2023

Shell Script for creating AKS Cluster and Azure Container Registry | Setup ACR and AKS Cluster in Azure Cloud using Azure CLI and Script

#!/bin/sh

# This is the shell script for creating AKS cluster, ACR Repo and a namespace


#Create Resource Group

AKS_RESOURCE_GROUP=aks-rg

AKS_REGION=centralus

# Set Cluster Name

AKS_CLUSTER=aks-cluster

# set ACR name

ACR_NAME=myacrrepo531


echo $AKS_RESOURCE_GROUP, $AKS_REGION, $AKS_CLUSTER, $ACR_NAME


# Create Resource Group

az group create --location ${AKS_REGION} --name ${AKS_RESOURCE_GROUP}


# Create AKS cluster with two worker nodes

az aks create --resource-group ${AKS_RESOURCE_GROUP} --name ${AKS_CLUSTER} --node-count 2 --generate-ssh-keys


# Create Azure Container Registry

az acr create --resource-group ${AKS_RESOURCE_GROUP} \

                     --name ${ACR_NAME} \

                     --sku Standard \

                     --location ${AKS_REGION}

#Providing required permission for downloading Docker image from ACR into AKS Cluster

az aks update -n ${AKS_CLUSTER} -g ${AKS_RESOURCE_GROUP} --attach-acr ${ACR_NAME}

# Configure Kube Credentials

az aks get-credentials --name ${AKS_CLUSTER}  --resource-group ${AKS_RESOURCE_GROUP}


# Create a namespace in AKS cluster for Helm deployment

kubectl create namespace helm-deployment

Saturday, April 22, 2023

How to Deploy Springboot Microservices into AKS cluster using Helm and Azure Pipelines | Deploy Docker Containers into AKS cluster using Azure Release Pipelines | Deploy Microservices into AKS cluster using Helm and Azure Pipelines

We are going to learn how to deploy Springboot Microservices Docker container into Azure Kubernetes Cluster(AKS) using Helm and Azure pipelines. 

Sample springboot App Code:

I have created a sample Springboot App setup in GitHub. Click here to access code base in GitHub.

Watch steps in YouTube channel:

What is Helm?

Helm is a package manager for Kubernetes. Helm is the K8s equivalent of yum or apt. It accomplishes the same goals as Linux system package managers like APT or YUM: managing the installation of applications and dependencies behind the scenes and hiding the complexity from the user.

Helm Charts



Helm uses a packaging format called Charts. A Helm Chart is a collection of files that describe a set of Kubernetes resources. Helm Charts helps you define, install, and upgrade even the most complex Kubernetes application. Charts are easy to create, version, share, and publish.

Implementation steps:

  1. Create a resource group, AKS cluster and Azure container registry 
  2. Provide pull access for AKS to pull image from ACR 
  3. Create a namespace for helm deployment
  4. Create a helm chart for spring boot app
  5. Create a build pipeline to automate docker image
  6. Customize pipeline with helm package tasks
  7. Create a release pipeline
  8. Customize pipeline with helm upgrade tasks 
  9. Run the pipeline to deploy springboot app into AKS
  10. Verify deployments in the namespace in AKS
  11. Use kubectl port forward to access app locally
  12. Access the app in the browser
Pre-requisites:
Create Helm chart using helm
Go to your root of repo where you have source code for your springboot application. Create helm chart by executing below command:

helm create mychart
tree mychart
Execute the above command to see the files created.



Add Docker image details to download from ACR before deploying to AKS cluster
open mychart/values.yaml

change per below values:

image:
repository: myacrrepo531.azurecr.io/akannan1087/docker-spring-boot
tag: ""

open mychart/templates/deployment.yaml and change containerPort to 8080


Save the files, commit and push into source code repo you are using.

Make sure worker nodes are running
kubectl get nodes

Pipeline Implementation Steps:

Part 1 - Create Azure Build pipeline for building Docker image, uploading image into ACR and packaging helm chart.
Part 2 - Create Azure Release pipeline for deploying Springboot Docker containers into AKS using helm upgrade task.
 
Part 1 - How to create a Azure Build Pipeline

1. Login into your Azure DevOps dashboard
2. Click on Pipelines.

3. Click on New Pipeline

4. Click on use the classic editor
Enter your repo name and branch name where you have stored your source code along with Dockerfile:



Click on Continue. Now choose the template by typing Helm, Select Azure Kubernetes service and click Apply.




Now pipeline is created with six tasks already. We need to start customizing the pipeline:
Select Ubuntu as build agent from Agent specification drop down, avoid Windows server as build agent.



Let's also add Maven build task for building the JAR file.
Click on + icon and type Maven. this should be the first task.
And then enter maven goal as package



Let's modify Build an image task.


Select Push an image task


Leave Install Helm Task as it is, we need that task to install Helm on build agent

Remove helm init task by selecting remove selected task

Customize helm package task, select Chart Path by clicking ... dots

Choose the folder where you have helm chart files, select OK


Leave Publish artifact task as it is.


Now click Save + Queue and run to start Building the pipeline



Check build output..



Once the build is completed, you should be able to see the Docker image in Azure Portal under Resource Group, ACR repo name --> Repositories





Part 2  - How to Create Release pipeline for deploying Springboot Microservices containers into AKS Cluster

Go to Pipelines --> Click on Releases --> New Release pipeline


Click on Stage 1 and choose a template by typing helm
and choose Deploy an application to K8S cluster using helm chart


Change the stage name to Deploy to AKS



Now click on Add an artifact


Select the Build pipeline and click on the latest version

Now click on Deploy to AKS stage
Click on Deploy to AKS 
Enter right value for Azure subscription, Resource group and AKS Cluster by selecting from down down.


Now click on the Agent Job, and select Azure pipelines and choose Ubutu as Build agent, avoid windows agents.

Leave install Helm 2.9.1 task
make sure check for latest version of Helm. this will install latest version of Helm which is 3.x


Remove helm init task by selecting remove selected task

Let's start customizing helm upgrade task. Enter helm-deployment as namespace, chart type as File path and click on three dots.


choose the package mychart-0.1.0.tgz and click ok.




Enter first as release name
enter below values for for set values:
image.tag=$(Build.BuildId)



Now click on Save.

Optional step - Enable Continuous Deploy Trigger

This will deploy microservices into AKS cluster for every new build in build pipeline.



Click on Create a release

and then click Create 


Click on Release number to see the output



Click on Stage to see the logs
Click on Logs, you will see the following tasks are in green to confirm Deployment was successful.



Let's check if deployment created any pods in helm-deployment namespace.

How to access Springboot Application using port forward locally?

kubectl get deployments -n helm-deployment 

kubectl get pod-n helm-deployment 

Get the pod name and use port forward to access locally
kubectl port-forward first-springboot-pod_name 8080 -n helm-deployment


If you see any errors after deploying the pods, you can check the pod logs.
kubectl describe pod <pod_name>  -n helm-deployment 

Go to the browser enter http://localhost:8080
You should see below web page.

Clean up Resources

Let us see how to clean up the resources that were created. We can use az group delete command to remove the resource group, AKS cluster, and all related resources. 

az group delete --name aks-rg --yes --no-wait

Watch Steps in YouTube Channel:

Monday, April 17, 2023

How to Monitor AKS Cluster using Azure Monitor and Grafana | Setup monitoring on AKS Cluster using Azure Log Analytics Workspace and Grafana

We can monitor AKS cluster using many ways. We will monitor AKS cluster using Azure Log Analytics workspace which collects log data and metrics from AKS cluster and stores them inside workspace. We will use Grafana for visualizing the data from Log Analytics workspace.


Watch steps in YouTube channel:

    Different ways of Monitoring AKS Cluster

    What is Azure Log Analytics Workspace?

    Azure Log Analytics workspace is a logical storage unit in Azure where all log data generated by Azure Monitors are stored.  Log Analytics workspace collects log data from various Azure resources such as Azure Virtual machine or Azure Kubernetes Service. You can think of the workspace as a folder where all your monitoring data is stored and managed.

    What is Grafana?

    • Grafana is an open source visualization and analytics tool. 
    • It allows you to query, visualize, alert on, and explore your metrics no matter where they are stored.

    Pre-requisites:

    You can also monitor existing AKS cluster as well, but make sure monitoring is enabled. once enabled, you can associate default workspace to AKS cluster or create a new workspace, associate it to cluster.

    But we will try creating a new AKS cluster and monitor.

    Create AKS Cluster with Monitoring Enabled

    Make sure you are login to Azure portal first.

    az login

    enter your Microsoft credentials.

    Create a resource group first

    az group create --name myResourceGroup --location southcentralus

    Create Log Analytics workspace

    az monitor log-analytics workspace create --resource-group myResourceGroup \
                                               --workspace-name my-loganalytics-workspace \
                                               --query id \
                                               -o tsv



    Output of the above command will display log analytics Id which is needed for next command while creating AKS cluster. we will be associating Log Analytics Workspace ID with AKS Cluster during creation.

    Create AKS cluster with 2 worker nodes with Monitoring Enabled

    az aks create --resource-group myResourceGroup --name myAKSCluster --node-count 2 --enable-addons monitoring --workspace-resource-id /subscriptions/XXXXX/resourceGroups/myResourceGroup/providers/Microsoft.OperationalInsights/workspaces/aks-loganalytics-workspace

    Verify all the resources are created in Azure Portal

    Click on resource group name, you will see AKS cluster, log analytics workspace




    Display Details of Cluster

    az aks show --name myAKSCluster --resource-group myResourceGroup

    The above command will display AKS Cluster details.

    Connect to the cluster

    az aks get-credentials --resource-group myResourceGroup --name myAKSCluster --overwrite-existing

    To verify the connection to your cluster, use the kubectl get command to return a list of the cluster nodes.

    kubectl get nodes

     


     

    Permission needed (SPN) to pull metrics Data from Azure Log Analytics 

    We need to create Service principal(SPN) and assign Log Analytics Reader Role on the AKS Cluster ResourceGroup. Execute below command to first get resource group ID where AKS cluster is running.

    First Let's get Resource Group ID 

    az group show --name  myResourceGroup --query id --output tsv

    output of the above command will be resource group ID. 

    Create a Service Principal and Assign Role

    az ad sp create-for-rbac --role="Log Analytics Reader" --scopes="/subscriptions/xxxxxx-xxxx-xxxx-xxxxx/resourceGroups/myResourceGroup"

    Creating 'Log Analytics Reader' role assignment under scope '/subscriptions/XXX/resourceGroups/myResourceGroup'

    {
      "appId": "xxx",
      "displayName": "azure-cli-2023-04-12-22-06-28",
      "password": "xxx",
      "tenant": "xxx"
    }

    Note all the information above and save it.

    Grafana Installation steps on AKS cluster using Helm

    Install Grafana

    Once Helm is set up properly, add the repo as follows:

    helm repo add grafana https://grafana.github.io/helm-charts

    helm search repo grafana

    Create Monitoring namespace

    kubectl create namespace monitoring

    Install Grafana alone(NOT kube-prometheus-stack)

    helm install stable grafana/grafana -n monitoring

    Lets check if grafana pods are running

    kubectl get pods -n monitoring

    Expose Grafana

    # Port forward the Grafana service

    kubectl port-forward  -n monitoring stable-grafana-XXX 3000


    How to get Grafana admin password by querying pod

    kubectl get secret --namespace monitoring stable-grafana -o jsonpath="{.data.admin-password}" | base64 --decode ; echo


    Login to Grafana

    Now Open localhost:3000 in browser to access Grafana

    UserName: admin
    Password: <from the above command>

    Create Data Source in Grafana

    Go to Grafana, configuration and click Data Sources. Click on Add Data Source and search for Azure Monitor.





    Enter tenant id, app id and secret information. click on Load subscriptions. Click on Save and Test.


    Create Dashboard in Grafana

    In Grafana, we can create various kinds of dashboards as per our needs.

    How to Create Azure Monitor For Containers Dashboard?

    Click '+' button on left panel and select ‘Import’.

    Enter 10956 dashboard id under Grafana.com Dashboard.

    Click ‘Load’.



    Click ‘Import’.


    This will show monitoring dashboard for all cluster nodes


    How to Create POD Metrics for AKS Dashboard?

    Click '+' button on left panel and select ‘Import’.

    Enter 14891 dashboard id under Grafana.com Dashboard.

    Click ‘Load’.



    This will show monitoring dashboard for all pods, you can also select namespaces as well.



    Clean up Resources

    Let's see how to clean up the resources that were created. We can use the az group delete command to remove the resource group, AKS cluster, and all related resources. 

    az group delete --name myResourceGroup --yes --no-wait

    Click here for Script for Creating AKS cluster with Monitoring Enabled.

    What is GitHub Advanced Security for Azure DevOps | Configure GitHub Advanced Security for Azure DevOps

    GitHub Advanced Security for Azure DevOps brings the  secret scanning, dependency scanning  and  CodeQL code scanning  solutions already ava...