- 101
- 28 117
Azure Kubernetes Service (AKS)
United States
เข้าร่วมเมื่อ 30 มิ.ย. 2023
This is the official Azure Kubernetes Service (AKS) account led by the AKS Team. Subscribe here for AKS technical content and updates.
วีดีโอ
WebAssembly - Episode 24
มุมมอง 3810 ชั่วโมงที่ผ่านมา
WebAssembly - Episode 23
มุมมอง 676 วันที่ผ่านมา
WebAssembly - Episode 22
มุมมอง 547 วันที่ผ่านมา
Learn Live: Operational Excellence with AKS
มุมมอง 14912 วันที่ผ่านมา
Check out the entire series: aka.ms/S-1381 This series is part of the “Build Intelligent Apps” initiative. Learn more at aka.ms/intelligent-apps #MicrosoftReactor #LearnLive [eventID:23497]
Configuring the AKS Istio Add-on - MeshConfig, Telemetry, and Feature Support Policy
มุมมอง 17514 วันที่ผ่านมา
The Istio-based service mesh add-on for AKS offers several features and customization options. In this video, we will go over how to configure the mesh using the MeshConfig and Istio custom resources, and explore a demo of how to customize mesh telemetry. We will also discuss the support scope for different features and customizations, and highlight the difference between allowed, supported, an...
Learn Live: Containerizing and Deploying AI Workloads on AKS
มุมมอง 16519 วันที่ผ่านมา
So, you have a new AI workload that you're ready to put into production. Join us as we cover the key considerations for deploying AI workloads at scale, from local development to large-scale deployment on Azure Kubernetes Service (AKS). We'll get hands on and deploy an AI workload to an enterprise ready AKS cluster. We'll go from "works on my machine" to "works on all machines" in 90 minutes or...
Accessing a Private AKS Cluster Remotely
มุมมอง 35421 วันที่ผ่านมา
In this video, Jorge Arteiro, Cloud Native Advocate at Microsoft is showing how to create a private AKS (Azure Kubernetes Service) cluster with no public internet access, but still been able to access the cluster using the Azure Portal or Azure CLI "AZ AKS COMMAND" to run commands. More info here: learn.microsoft.com/en-us/azure/aks/private-clusters?tabs=azure-portal learn.microsoft.com/en-us/a...
AKS Partner Session - Dynatrace on AKS
มุมมอง 7722 วันที่ผ่านมา
Unified Observability and Security powered by Hypermodal AI
AKS Partner Session - HashiCorp Vault Integration with AKS
มุมมอง 9422 วันที่ผ่านมา
Provisioning TLS certificates for Kubernetes workloads with HashiCorp Vault
AKS Partner Session - SymphonyAI
มุมมอง 1922 วันที่ผ่านมา
Using Predictive GenerativeAI in anti-financial crime
AKS Partner Session - Scale AI Generative AI Platform in a Box
มุมมอง 8022 วันที่ผ่านมา
GenAI platform in a Box - Scaling New Heights on Azure
AKS Partner Session - Introduction
มุมมอง 6722 วันที่ผ่านมา
Using AKS-managed Istio External Ingress Gateway with Gateway API
มุมมอง 406หลายเดือนก่อน
The Istio-based service mesh add-on for Azure Kubernetes Service (AKS) can be combined with the Gateway API to provide a complete solution for managing traffic flowing into and out of your AKS cluster. The Istio-based service mesh add-on provides a set of preconfigured Istio components that you can use to manage the traffic flowing into and out of your Kubernetes cluster, while the Gateway API ...
Amazing product. Amazing presentation!
Amazing product. Amazing presentation!
Good stuff!
Can you share the github repository for the aks-node-viewer?
We're working on this. Hopefully we will have it by GA
Great demo - can't wait to try out the gateway api.
Awesome @TheDavidHoerster! Yes, this is experimental for now but do give it a try and reach out with any feedback!
Could you please make a vedio related to the Karpenter based on VM sizes.
Thanks for the feedback. Great idea on the Karpenter video. I’m reaching out to our PM on this to get something going!
Can it scale to zero?
Thanks for the good question. Automatic doesn’t quite scale to zero, but pretty close. There is still a system node pool needed for some base AKS system containers. These are fairly small, but not entirely zero. Automatic does use Node Autoprovision (Karpenter) and this will deploy nodes on-demand and re-balance as needed which will also help reduce resources. AKS also supports stop/start which could help depending on your use case. learn.microsoft.com/en-us/azure/aks/start-stop-cluster
@@theakscommunity Thank you for the answer 🙏. So, it is not exactly like GKE Autopilot (At google cloud), if I understand good, here you always pay for provisioned machines? (Where at google only consumed ressources, not at machine scale). Very interesting! I believe Azure Container Apps is more like GKE Autopilot than Automatic.
@@MrBrouilles It’s different in that we allow you to switch between AKS Automatic and Standard. But you won’t actually pay for the provisioned VM’s when this is GA. In the preview, the billing model looks like Standard, but we’re working on the per pod/usage based model for GA. Stay tuned.
@@MrBrouilles To be clear, I don’t think ACA is really like GKE Autopilot. It’s not a Kubernetes solution, so it’s more like a PaaS offering for microservices than any of the managed K8s services like AKS and GKE
@@theakscommunity thank you for your explanations 🙏
I have been using KEDA for past few years. Automatically resizing the resource limits using VPA is a handy feature of AKS Automatic. Looks promising. Thanks for sharing this.
Great. Thanks
Actually starts at 5:08
Thanks for that!
Already have feature requests in for it but....need options to take AGC private. Traffic through Front Door to AGC via Private Link Services. Please and thank you :)
Private front-ends are on our roadmap. We can't provide an ETA at this time
@@theakscommunitycan you link the roadmap so we can subscribe to changes?
Would be keen to use the App Gateway for Containers but the lack of WAF integration is a dealbreaker for us at the moment. Do you have an idea of when this will be added?
This is in the works. I don't have any details on timing, but we will share on this channel as soon as we have a good idea
Nice short tutorial. Thanks!
Is there a public repo for the "aks-node-viewer" coming? I could only find the AWS "eks-node-viewer" and I read on a GitHub issue [kubernetes-sigs/karpenter/issues/970] "AKS has an internal repo implementing the pricing data and forking from EKS node Viewer".
For those who watch the beginning of the stream, I needed to install libssl-dev on wsl for the cargo-component to install.
Thank you
Can you make one on open service mesh on aks apart form istio
Please note that OSM has been archived by it's maintainers. openservicemesh.io/blog/osm-project-update We suggest following this guidance to move to the Istio add-on. learn.microsoft.com/en-us/azure/aks/open-service-mesh-istio-migration-guidance We would love to know if there are any obstacles or missing features that would prevent you from moving forward.
@@theakscommunity thanks a lot means osm is legacy now and istio is new solution do you know in AKS which one I should go
@@amitverma7545 We recommend the Istio Add-on for AKS. It's a managed offering, so we take care of the Istio control plane for you.
Great job Paul!
Can one finally use the Azure installed Gatekeeper for selfmade policies?
You have to go through Azure Policy to create your own policies that sync to Gatekeeper on the cluster. learn.microsoft.com/en-us/azure/aks/use-azure-policy#create-and-assign-a-custom-policy-definition
Amazing!! ❤
Step towards GKE autopilot
nice, thank you!
Perfect! Now let's see it in US gov cloud!
It's not supported in Gov Cloud today,, but it is in our plans. No ETA at this time, but we will be sure to share when we know more
I listened to the end
Great tutorial! Straight to the point! 🎉🎉🎉🎉
Is there any supporting evidence that AGC is performant over other solution?
Thanks for the question. AGC has been completely redesigned from the ground up to improve the performance of both the data plane and control plane. The video demonstrates the performance improvements for the control plane. A quick performance test against the frontend will yield improved results for the data plane as well. Please let us know how us that performing for you.
🤷 'PromoSM'
Nice to see an evolution. In our company we tried to use the Application Gateway Ingress controller however we need to create more than 100 ingresses what is not possible in the Application Gateway. I am eager to test it.
Sounds good. Please let us know how it goes.
is Fleet GA?
The cluster management behavior shown in this video is GA yes. The dataplane part to place workload on member clusters via the hub's apiserver will GA shortly.
Great discussion.. this is my foray into WASI. Have couple of questions though 1. So, WASI is the bytecode the WASM modules should use for making syscalls to use host's resources? And something like wastime implements these new bytecodes and issue syscalls accordingly. 2. How should I think about security/isolation model of wasm modules vs containers? As you've mentioned container runtimes like docker setup required namespaces to isolate containers from other processes on the host. As I understand that in wasm modules, an application has to request explicit networking capabilities to utilize host's networking stack. But, assuming we provide such capabilities to our wasm module, then can our app setup a tap on some other network interface on the host? Like how does WASI wasmtime provide isolation as we are used to containers.
Hey @GK-rl5du, thanks for comment & great questions. I'll do my best to answer and let Yosh correct me if I'm off base. 1. Your understanding matches mine. I've been thinking about WASI as an API. And that API defines the interactions between WebAssembly modules and the host system. Much like syscalls do for the container runetimes like ContainerD. An interesting next step would be to dive into the component model. 2. Capabilities are indeed how the wasm module gets access to the host resources and without those it cannot reach the host. From what I've read and heard it’s supposed to be "sandboxed" but idk what's meant by that. I don't yet understand how the isolation is achieved and if the capability creates an isolated instance of the network interface, for example, or if it's shared. Or if even with an isolated instance if it'd be possible to tap other network interfaces. I'll dig into this and ask ppl smarter on the subject than myself and report back. :)
So, I just spoke with Yosh and here's what I learned. The implementation largely depends on the runtime and how it provides the "API" for the capability. But, all things considered it's isolated by the memory on the host machine that the wasm process is running. And all the data sent and received is locked into that address space. In theory, that shouldn't allow any cross contamination for a lack of a better work. However, that's where hyperlight comes in as a runtime and provides vm level isolation at the process level to ensure isolation.
@@joshduffney7954 thanks for all your efforts Josh 🙂 it's beginning to make sense to me. So, without capabilities based security from runtime and additional help from tech like Hyperlight, a wasm module is similar to an OS process (in terms of isolation/security)? My reasoning is, a vanilla OS process is also memory isolated from other OS processes due to the virtue of Virtual Memory. I'll do my own homework too to understand this better. But this is an interesting tech for sure 😊
nice talk. really explained what WASM really is. good job. subbed. :)
Hey @joebuydem, thanks watching and subscribing. Glad to hear you found value in the conversation. More Wasm content is in the near future! :)
Figured out the issue I ran into around 1:03:33, the dev container uses docker in docker so the registry that was hosted in my local docker desktop wasn't visible. So I needed to run another registry inside the dev container. docker run -d -p 5001:5000 -e REGISTRY_STORAGE_DELETE_ENABLED=true --name registry registry And now I can push the image. docker push localhost:5001/alpine:v1
My apologies for the audio quality on my end... I didn't notice that the wrong mic was selected until afterwards.
2:06 Introduction 5:07 Optimizing Node Performance with Node Saturation Metrics 9:22 Kubernetes Events: Real-time Cluster Signals 10:28 Cluster Autoscaler Metrics: Resource Allocation Fine-Tuning 15:35 Looking ahead
Great presentation!
"Promosm"
To use istio, do we need to pay and Is there any plan in future. I think GCP doing that for their mesh
Please keep doing this meeting even if the view counts is less. Thank you very much ❤
Thank you. We will build up the live audience over time, but we're just getting started!