Explore: Kubernetes resource view (Preview) in AKS

Microsoft has been making some amazing enhancements to AKS and in the open-source space in general. This effort has been making it easier to use Kubernetes and easier for folks who are getting started with Kubernetes.

Recently Microsoft has added more functionally called “Kubernetes resource view“.

Kubernetes resource view in Azure Portal
Kubernetes resource view in Azure Portal

This allows you to see and work with some Kubernetes resources directly in the Azure portal. As you can see in the previous screenshot it includes Namespaces, Workloads, and Services. When you deploy a new AKS cluster this is enabled by default.

If you have deployed an AKS cluster before this functionality was release you will need to enable the Kubernetes resource view. You can choose what namespace to enable this on. It will look like this:

Enable Kubernetes resource view button
Enable Kubernetes resource view button

The three main areas of resources are:

  • Namespaces
  • Workloads
    •  Deployments
    •  Pods
    •  Replica Sets
    •  Daemon sets
  • Services and ingresses

In these resource areas, you can view the resources, add, delete, and show labels.

You can click on a resource to see the properties of it under Overview. The overview tab has valuable information for example for a pod you can see the pod status, the containers that belong to it, its conditions, and more.  Here are some screenshots:

You can see any events around the resource and you can even view or edit the resources Yaml. Here is what it looks like when editing a resource:

Well, this was a quick blog post to give an early look at the new Kubernetes resource view in AKS. I recommend you check out it! Remember this is a preview and it’s going to get better and better.

I can imagine in the future we will be able to access more Kubernetes resources and API Objects in the Azure portal. For example, it will be cool to be able to work with Secrets, and Configmaps right in the Azure portal! I don’t know about you, but I am very excited about what Microsoft has been doing with AKS!

Read more

Passed – AWS Cloud Practitioner Exam

I decided it was time to branch out into other clouds. We live in a multi-cloud world and it does not hurt to at a minimum understand what other clouds offer and how they work. I decided to go after the base level AWS certification. On 7/24/2020 I took the AWS Certified Cloud Practitioner exam and passed!

Here is my Acclaim badge for it: https://www.youracclaim.com/badges/309a8223-fd41-4e5a-876a-0066f4d32e23

I am still primarily Azure focused but you might see me working with AWS a little more. I may decide at some point to pursue some more AWS certs and potentially GCP.

Here is what I used to study:

AWS Certified Cloud Practitioner course on Pluralsight:

https://app.pluralsight.com/library/courses/aws-certified-cloud-practitioner/table-of-contents

AWS to Azure services comparison:

https://docs.microsoft.com/en-us/azure/architecture/aws-professional/services

AWS Certified Cloud Practitioner Study Guide blog post by Janeice DelVecchio and Scott Selikoff (includes a PDF):

https://www.selikoff.net/2019/01/20/how-i-recommend-studying-for-the-aws-certified-cloud-practitioner-exam/

The test was not super hard. Good luck if you plan to take it!

Read more

Inside Azure Management Sessions now on YouTube

I recently presented at the Inside Azure management event. This event was packed full of Microsoft MVP’s and community experts from around the world. The focus on the event was around Azure Management based topics with some Kubernetes, AI, and DevOps topics sprinkled in.

My session was “Azure Policy Insights & Multi-Tag demo via Azure Policy” Here is what it covered: “Azure Policy is a great tool when it comes to auditing and ensuring your cloud governance is met. In this session 9 time Microsoft Azure MVP Steve Buchanan is going to take you on a full-speed ride on the ins and outs of Azure Policy and land you with a recipe for handling a multi-tagging strategy with Azure Policy. Some of the key topics you will learn from this session include:

  • Overview of Azure Policy
  • Azure Policy Configuration best practices to meet compliance (NIST, PCI, ISO, HIPPA)
  • Securing Azure services: AKS / Networking / SQL / App Service
  • Azure Policy vs RBAC
  • Overview of Azure Policy Guest Configuration
  • Tagging and more

The event has passed and if you didn’t make it no worries! All of the sessions have been recorded and uploaded to the Inside Azure management YouTube channel to be watched at your leisure. Here is the link to the YouTube channel where you can watch all the sessions:

https://bit.ly/azurevideos

The event coordinators have also set up some Youtube playlists to make it easier to find videos on the topics that pertain to you. They broke these out in the following categories: Azure Management, Artificial Intelligence in Azure, Cloud Governance, Cybersecurity, and DevOps.

You can watch my session right here:

Also here is the direct link to the video of my session on YouTube: https://youtu.be/EfAiITcExK0

Thanks for checking out my session and others from this event. Stay tuned to my blog for info on where I will be speaking next!

Read more

Third Pluralsight Course Published – Microsoft Azure Pricing and Support Options

Today my third Pluralsight course has been published. This course is titled “Microsoft Azure Pricing and Support Options“. It is a part of an AZ-900 learning path that will help you prepare for the Microsoft Azure Fundamentals AZ-900 exam. Learn more about that exam here: https://docs.microsoft.com/en-us/learn/certifications/exams/az-900 .

I was excited about this course as it is a part of my day to day focus on Azure. Also, this is a chance to help those that are getting started with Azure. Here is what you will gain from this course:

This course will teach you the fundamental knowledge about the pricing and support options in Azure one of the core skills measured in the AZ-900: Azure Fundamentals exam.

In this course, Microsoft Azure Pricing and Support Options, you’ll learn to estimate the pricing and support of Azure cloud services. First, you’ll explore Azure subscriptions, subscription management, and management groups.

Next, you’ll discover, plan, and manage Azure costs. Finally, you’ll learn how to understand Azure SLA’s, various Azure service lifecycles, and how to select the right support options. When you’re finished with this course, you’ll have the skills and knowledge of Azure pricing and available support needed to estimate Azure costs and select the right support options.

Please check out this new course here: https://app.pluralsight.com/library/courses/microsoft-azure-pricing-support-options

Also, be sure to follow my profile on Pluralsight so you will be notified as I release new courses! I will be releasing more courses soon!

Here is the link to my Pluralsight profile: https://app.pluralsight.com/profile/author/steve-buchanan

Read more

Speaking at Inside Azure Management Summit

I was recently added to the speaker lineup for the “Inside  Azure Management Summit” happening on 7/23/2020. This event is a FREE 1-day virtual event. It features the Microsoft cloud experts from the authoring team of “Inside Azure Management” book, Microsoft MVP’s, and community experts from around the world.

Attendees will get a day full of deep-dive technical sessions across a variety of Microsoft cloud topics including:

  • DevOps and Automation
  • Cyber Security
  • Cloud Governance
  • Migration and Monitoring
  • Docker and Kubernetes
  • AI and Identity

The sessions will span a 13-hr period to allow audiences from around the world to join a portion of the event.

 I will be giving a session on Azure Policy. Here is my session info:

Session Title:

Azure Policy Insights & Multi-Tag demo via Azure Policy

 

Session Abstract:

Azure Policy is a great tool when it comes to auditing and ensuring your cloud governance is met. In this session 9 time Microsoft Azure MVP Steve Buchanan is going to take you on a full-speed ride on the ins and outs of Azure Policy and land you with a recipe for handling a multi-tagging strategy with Azure Policy. Some of the key topics you will learn from this session include:

  • Overview of Azure Policy
  • Azure Policy Use Cases
  • How Azure Policy can meet NIST standards
  • Azure Policy vs RBAC
  • Overview of Azure Policy Guest Configuration
  • Tagging and more

Here is the direct link to my session:

https://insideazuremgmt.com/session/azure-policy-insights-multi-tag-demo-via-azure-policy/

Be sure to register for this event to check out all the great sessions including mine on Azure Policy.

Here is the link to the official site:

https://www.insideazuremgmt.com

Here is the link to register:

https://www.eventbrite.com/e/inside-azure-management-the-virtual-summit-tickets-109230577598?aff=ebdssbeac

Read more

Microsoft MVP for the 9th year!

Wow! Today I was honored to be renewed as an MVP again. This marks year #9! Here is a screenshot of the official email from Microsoft:

I never take this award for granted. It is not guaranteed. Every year when July 1 rolls around I never truly know if I will be back in the MVP program or not. 2020 has been a tough year with the COVID19 pandemic and racial tensions in the US coming to a head. Me being renewed as an MVP this time around is a boost of much needed good news.

This marks the second year for me as a Microsoft Azure MVP! It is not easy to be a part of these ranks with so many talented people in the cloud space.

I am looking forward to the 2020-2021 MVP award year with some things already in the works such as guest spots on podcast shows, speaking at some virtual conferences, organizing an Azure user group, speaking at user groups, more courses, and of course, more blog posts to come around Azure, Azure Kubernetes Service (AKS), Hybrid Cloud, and more.

This year I also aim in doing my part to exposing the MVP program to underrepresented people and encouraging them to contribute to the tech community at large potentially even having some new faces join the ranks as an MVP.

As always I am honored to remain a part of MVP ranks. I will continue to do all that I can in the Azure, Azure Stack, AKS, and CloudOps/DevOps communities this year.

My Microsoft MVP Profile: http://mvp.microsoft.com/en-us/mvp/Steve%20Buchanan-4039736

Read more

Guest on “Lisa at the Edge” Podcast EP13

I recently had the honor of being a guest on the “Lisa at the Edge” Podcast. Lisa is a Microsoft Hybrid Cloud Strategist and an influencer in the hybrid cloud community based out of Scotland. She runs a blog and this year she started a popular podcast.

On Lisa’s podcast, she covers Careers in Tech and Microsoft Hybrid Cloud and a range of other topics with experts across the tech community.

This is an episode you don’t want to miss. This was one of the most entertaining podcasts I have been on. It took some interesting turns in regards to topics and very engaging. In the podcast episode Lisa and I talk about:

  • Evolving your career as technology evolves
  • Transformation of IT dept to Strategic Business Partner
  • DevOps
  • Containers 101
  • Azure Kubernetes Service
  • Diversity in tech

You can listen to the episode here:


or here
https://anchor.fm/lisaattheedge/episodes/EP13—Career-Development–Containers-101-and-Diversity-in-Tech-with-Steve-Buchanan-efnjrp

You can stay up to date with what Lisa is doing in the tech community here:

Lisa at the Edge Podcast – – https://anchor.fm/lisaattheedge
Lisa at the Edge Blog – https://lisaattheedge.com/blog/
Twitter – https://twitter.com/lisaattheedge

Read more

Second Pluralsight Course Published – Monitor and Maintain a Software-Defined Datacenter with SCOM

Pluralsight has recently published my second course. This course is Monitor and Maintain a Software-Defined Datacenter with SCOM. This one took me back to my System Center roots focusing on Operations Manager.

This course prepares you for the 70-745 exam, while simultaneously showing you how to use SCOM for your datacenter.

In the course you will learn:

  • How to plan, deploy, and configure Operations Manager.
  • Then, you will discover how to tune Operations Manager.
  • Finally, you will learn about monitoring infrastructure and virtual machine workloads.

By the end of this course, you will have a better understanding of how monitoring works using SCOM.

Please check out the course here: https://app.pluralsight.com/library/courses/monitor-maintain-software-defined-datacenter-scom/table-of-contents

Also, be sure to follow my profile on Pluralsight so you will be notified as I release new courses! I will be releasing an Azure course soon!

Here is the link to my Pluralsight profile: https://app.pluralsight.com/profile/author/steve-buchanan

 

Read more

HashiCorp – Terraform Certified Associate exam & Study Guide

Yesterday HashiCorp announced their Terraform and Vault certification exams have gone public! This is exciting news for those that want to get certified on these technologies. Here is the blog announcing this: https://www.hashicorp.com/blog/announcing-hashicorp-cloud-engineering-certifications/ .

I am proud to say that I helped contribute to the Terraform Certified Associate exam. Check out my badge here: https://www.youracclaim.com/badges/077f51e4-74cd-478a-af4b-ec338dae8559 . I plan to contribute more in the future.

I am also happy to announce that I was a tech reviewer on the first study guide for this cert titled “HashiCorp Terraform Certified Associate Preparation Guide“. You can find it here: https://leanpub.com/terraform-certified/. This guide was authored by fellow Microsoft MVP Ned Bellavance and Microsoft CSA Adin Ermie. Huge thanks guys for letting me be a part of this project!

If you work with Terraform I hope you get certified and be sure to use the study guide!

Read more

Use Azure Container Registry with Azure Kubernetes Service

When working with Containers a common need is to store Container images somewhere. Container Registries are the go-to for this. Docker hub is an example of a Container Registry and it is the most well-known Container Registry.

What is a Container Registry?

A Container Registry is a group of repositories used to store container images. A container repository is used to manage, pull or push container images. A Container Registry does more than a repository in that it has API paths, tasks, scanning for vulnerabilities, digital signature of images, access control rules and more.

Container registries can be public or private. For example, a public registry is Docker Hub and anyone can access its container repositories to pull images. A private registry is one that you would host either on-premises or on a cloud provider. All of the major cloud providers including Azure has a Container Registry offering.

Integrate ACR with AKS

With AKS it is a good idea to use a private container registry to host your container images. The process is used Docker to build your image>push the image to your Azure Container Registry>Pull the image from the registry when deploying a Pod to your AKS cluster.

There are 3 ways to integrate AKS with Azure Container Registry. I typically only use one way and will focus on that in this blog post.

2 of the ways you can integrate AKS with Azure Container Registry. The first is through an Azure AD service principal name (SPN) that assigns the AcrPull role to the SPN. More on this here. You would use this first way in scenarios where you only have one ACR and this will be the default place to pull images from.

The second is to create a Kubernetes ServiceAccount that would be used to pull images when deploying pods. With this you would add “kind: ServiceAccount” to your Kubernetes cluster and it would use the ACR credentials. Then in your pods yaml files you would need to specify the service account for example “serviceAccountName: ExampleServiceAccountName”.

The way I like to integrate AKS with Azure Container Registry is to use Kubernetes Secret of type docker-registry. With this option basically, you create a secret in the Kubernetes cluster for your Azure Container Registry. You then specify the secret in your pod yaml files. This allows you to have multiple container registries to pull from. This option is also quick and easy to setup.  Ok.

To get started you need to build your Docker image and push it up to your Azure Container Registry. In this blog post, I will not cover deploying ACR, or building the Docker image assuming you have already done these things. Now let’s set up the ACR and AKS integration using a docker-registry Kubernetes secret.

1. For the first step, you will need the credentials to your Azure Container Registry. To get this go navigate to:

Azure Portal (portal.azure.com) > Container registries > YOURCONTAINERREGISTRY | Access keys

2. The second step push your Docker image up to your ACR.

# Log into the Azure Container Registry
docker login ACRNAMEHERE.azurecr.io -u ACRUSERNAMEHERE -p PASSWORDHERE

# Tag the docker image with ACR
docker tag DOCKERIMAGENAMEHERE ACRNAMEHERE.azurecr.io/DOCKERIMAGENAMEHERE:v1

# Push the image to ACR
docker push ACRNAMEHERE.azurecr.io/DOCKERIMAGENAMEHERE:v1

3. The third step create the docker-registry Kubernetes secret by running following syntax from Azure Cloud Shell:

kubectl create secret docker-registry NEWSECRETNAME --docker-server ACRNAMEHERE.azurecr.io --docker-username ACRUSERNAMEHERE --docker-password YOURPASSWORDGOESHERE

4. The fourth step is to create the Yaml file for your pod. The following is an example:

apiVersion: v1
kind: Pod
metadata:
  name: myapp
spec:
  containers:
  - name: myapp
    image: ACRNAMEHERE.azurecr.io:myapp:v1
  imagePullSecrets:
  - name: NEWSECRETNAME

The following is an example of a yaml file with a service, deployment, and pod:

apiVersion: v1
kind: Service
metadata:
  name: eotdservice
spec:
  type: LoadBalancer
  ports:
    - port: 80
      targetPort: 80
  selector:
    app: eotd
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: eotddeployment
  labels:
    app: eotd
spec:
  replicas: 4
  selector:
    matchLabels:
      app: eotd
  template:
    metadata:
      labels:
        app: eotd
    spec:
      containers:
      - name: eotd   
        image: ACRNAMEHERE.azurecr.io/eotd:v1
        imagePullPolicy: Always
        ports:
        - containerPort: 80
      imagePullSecrets:
       - name: NEWSECRETNAME

5. The fifth and final step is to deploy the pod to your AKS cluster by running the following syntax from Azure Cloud Shell.

kubectl apply -f YOURPODNAME.yaml

That wraps up this blog post. Thanks for reading and happy containerizing!

Read more