Author Archive: Marcus

Deploy a Kubernetes Service on Azure with IP address that is in a different resource group to the cluster

When a service is deployed to Kubernetes we often need to specify a static IP address. This means that if the service gets recreated it retains the same IP. By default when you deploy a service in Kubernetes on Azure that static IP address must reside in the same resource group as the cluster nodes. This causes a couple of potential problems: If you delete an Azure Kubernetes Service cluster then the cluster resource group (starts MC_) gets deleted and can lose the IP address in the resource group. If need to reassign the IP address to a different cluster…
Read more

Configuring Kubernetes ingress with a wildcard DNS certificate, single TLS secret and applications in multiple namespaces

Scenario An organisation wanted to deploy each application into a separate Kubernetes namespace. Each application will be available at a subdomain of example.com, via a wildcard DNS entry of *.example.com pointing to the ingress controller’s service IP address. A single wildcard TLS certificate ( *.example.com ) will be used to protect all applications using the ingress controller. It was desired that only a single TLS secret should exist on the cluster to facilitate certificate renewal. Challenges Kubernetes secrets are only accessible from the namespace in which they are created. We discussed having a single namespace with all ingress resources and…
Read more

Enforcing Network Policies using kube-router on AKS

Corporate security policy often requires the flow of traffic to be restricted between between Kubernetes pods. This is similar to how switch access control lists restrict traffic between physical servers. This functionality Kubernetes the traffic flow is configured using network policies. There are a number of projects that support network policy enforcement. The majority require a specific network plugin to be deployed. As the Azure Kubernetes Service is a managed service we do not have the flexibility to choose the network plug in that is deployed. The default is kubenet, or if using advanced networking AKS uses the Azure CNI…
Read more

Deploying a Kubernetes service on Azure with a specific IP addresses

Deploying a Kubernetes service on Azure with a specific IP addresses Each time a Kubernetes service is created within an ACS or AKS cluster a static Azure IP address is assigned. If an IP address exists in the resource group that is not assigned to a service this will be used, otherwise a new address is requested. This means if a service is deleted and recreated it is not guaranteed to get the same IP address. Should you wish to configure the service to always receive the same IP address the load balancer can be provisioned to use a specific…
Read more

Migrating AWS CloudFormation templates to Azure Resource Manager templates

Infrastructure of Code is key to achieving consistent deployment of infrastructure in the cloud. Amazon Web Services enable infrastructure as code using CloudFormation templates ( https://aws.amazon.com/cloudformation/ ). In AWS’s own words: “AWS CloudFormation gives developers and systems administrators an easy way to create and manage a collection of related AWS resources, provisioning and updating them in an orderly and predictable fashion.” On Microsoft Azure we use Azure Resource Manager templates, commonly referred to as ARM templates. I can easily amend the above phrase to describe ARM templates: “Microsoft Azure Resource Manager templates give developers and systems administrators an easy way…
Read more

Creating a Docker artifact for Windows Server in Azure DevTest Labs

Over the past 12 months I have been working with customers on hackfests. We often work with organizations that have highly secured workstations and networks. This proves to be a problem as during the hackfest we need to be using the latest releases of software, often preview releases, and also need full access Microsoft Azure. In a recent scenario we needed to work with Visual Studio 2017 and Windows Server containers. The hackfest participants laptops were running Windows 7, an older version of Visual Studio and had limited outbound internet access. To ensure participants could work with the latest technologies…
Read more

Retrieving and using Azure Container Registry credentials in an Azure Resource Manager Template

I recently created a set of Azure Resource Manager (ARM) templates ( https://github.com/marrobi/RancherOnAzure/ ) to simplify the deployment of Rancher ( http://rancher.com/rancher/ ) to Azure. Rancher is an Open Source container management platform –  https://github.com/rancher/rancher. Rancher offers the facility to connect a container registry ( https://docs.rancher.com/rancher/v1.6/en/environments/registries/ ) so that images can be pulled for deployment. As part of my deployment I wanted to provide users with an Azure Container Registry (ACR) instance already connected to Rancher. My Rancher templates consist of a top level template with a number of nested child templates. ACR would be a child template. My challenge…
Read more

Using Infrastructure as Code to provision a Docker container on Azure

Over the past 12 months I have spent many weeks working with customers migrating Linux based workloads to Azure. When we turn up on a customer site we often need to get OSS projects up and running on Azure as quickly as possible. The projects are usually a component of a larger solution that we need to build around as the week progresses. Requirements Need to get the project up and running to enable developers to start coding, Need to deploy multiple instances of the component so that they can be used in parallel, Need to be able to easily…
Read more

Using Docker Machine to provision a VM running Docker on Azure

Using Docker Machine to provision a VM running Docker on Azure Docker Machine facilitates the creation and management of virtual hosts running Docker engine https://docs.docker.com/machine/overview/ . This could be a host running within a VM on your local machine, via technologies such as Hyper-V or in a public cloud such as Microsoft Azure. Docker Machine uses drivers to enable deployment to different platforms During this post we will provision a VM running Docker on Microsoft Azure and deploying containers to the VM. We will use the Azure driver for Docker Machine which is documented here https://docs.docker.com/machine/drivers/azure/ . Docker Machine facilitates…
Read more

TechDays Online – DevOps – 13th September 2016

On Tuesday 13th September 2016  I am hosting the DevOps day of TechDays Online. Live stream available here: https://channel9.msdn.com/Events/TechDaysOnline/UK-TechDays-Online-September-2016 The agenda for the day is as follows: 9.30am: Steve Thair – DevOps is the answer! What was the question again? DevOps is without doubt one of the hottest topics in IT right now, and everyone from vendors, senior management and IT professionals are rushing headlong to “Doing DevOps”. Somewhere along the way the message that DevOps is only a means to an end, and not an end in itself, is getting lost. In this presentation Steve from DevOpsGuys will talk about the…
Read more