Kubernetes Challenges Guide

Task
A: Setup your infrastructure / environment 

1. Launch the Azure Cloud Shell from the Azure portal and choose Bash.

2. Deploy Kubernetes to Azure, using CLI:
   i. Get the latest available
   Kubernetes version in your preferred region into a bash variable. Replace  with the region of your choosing, for
   example eastus.
     version=$(az aks
   get-versions -l Eastus2 –query 'orchestrators[-1].orchestratorVersion' -o tsv)
   
   ii. Create a Resource Group
     az group create –name akshandsonlab –location Eastus2
   
   iii. Create AKS using the latest version available
    az aks create –resource-group akshandsonlab –name RugamitasAKS01 –enable-addons monitoring –kubernetes-version 1.14.5 –generate-ssh-keys –location EastUS2
   
    Important: Enter a unique AKS cluster name. AKS name must contain between 3 and 31 characters inclusive. The name can contain only letters, numbers, and hyphens. The name must start with a letter and must end with a letter or a number. The AKS deployment may take 10-15 minutes
3. Deploy Azure Container Registry(ACR): Run the below command to create your own private container registry using Azure Container Registry (ACR).
    az acr create –resource-group akshandsonlab –name RugamitasACR01 –sku Standard –location EastUS2
   
    Important: Enter a unique ACR name. ACR name may contain alpha numeric characters only and must be between 5 and 50 characters
4. Grant AKS-generated Service Principal access to ACR : Authorize the AKS cluster to connect to the Azure Container Registry using the AKS generated Service Principal. Replace the variables $AKS_RESOURCE_GROUP, $AKS_CLUSTER_NAME, $ACR_RESOURCE_GROUP with appropriate values below and run the commands.
    # Get the id of the service principal configured for AKS
    CLIENT_ID=$(az aks show –resource-group akshandsonlab –name RugamitasAKS001 –query “servicePrincipalProfile.clientId” –output tsv)
   
   # Get the ACR registry resource id
    ACR_ID=$(az acr show –name RugamitasACR01 –resource-group akshandsonlab –query “id” –output tsv)
   
   # Create role assignment
   az role assignment create –assignee $CLIENT_ID –role acrpull –scope $ACR_ID
   
   For more information see document on how to Authenticate with Azure Container Registry from Azure Kubernetes Service
5. Create Azure SQL server and Database: Create an Azure SQL server.
    az sql server create -l EastUS2 -g akshandsonlab -n rugamitassql01 -u sqladmin -p P2ssw0rd1234
   
   Create a database
    az sql db create -g akshandsonlab -s rugamitassqlQL01 -n mhcdb –service-objective S0
   
    Important: Enter a unique SQL server name. Since the Azure SQL Server name does not support UPPER / Camel casing naming conventions, use lowercase for the DB Server Name field value.

6. The following components – Container Registry, Kubernetes Service, SQL Server along with SQL Database are deployed. Access each of these components individually and make a note of the details which will be used in Exercise 1.

7. Select the mhcdb SQL database and make a note of the Server name.

8. Navigate to the resource group, select the created container registry and make a note of the Login server name.

Now you have all the required azure components to follow this lab.

Note: in case needed you have to create the Application ID (it is recommended to complete this task from the Azure CLI).

Note: In case you access the portal and you don't see the project you may need to switch directory in the Azure DevOps portal.

Task 2: Configure Build and Release pipeline

Lets go to Azure DevOps and we will manually map Azure resources such as AKS and Azure Container Registry to the build and release definitions.

1. Select Builds section under the Pipelines hub and Edit the build definition MyHealth.AKS.Build.

2. In Run services task, select your Azure subscription from Azure subscription dropdown. Click Authorize.

You will be prompted to authorize this connection with Azure credentials. Disable pop-up blocker in your browser if you see a blank screen after clicking the OK button, and please retry the step.
This creates an Azure Resource Manager Service Endpoint, which defines and secures a connection to a Microsoft Azure subscription, using Service Principal Authentication (SPA). This endpoint will be used to connect Azure DevOps and Azure.
 Tip: If your subscription is not listed or to specify an existing service principal, follow the Service Principal creation instructions.

3. Select appropriate values from the dropdown – Azure subscription and Azure Container Registry as shown. Repeat this for the Build services, Push services and Lock services tasks in the pipeline. Click on the Variables tab.

applicationsettings.json file contains details of the database connection string used to connect to Azure database which was created in the beginning of this lab.

mhc-aks.yaml manifest file contains configuration details of deployments, services and pods which will be deployed in Azure Kubernetes Service. The manifest file will look like as below

For more information on the deployment manifest, see AKS Deployments and YAML manifests

4. Update ACR, SQLpassword, SQLserver and SQLuser values for Pipeline Variables with the details noted earlier while configuring the environment. Select the Savebutton.

5. Navigate to the Releases section under the Pipelines, Edit the release definition MyHealth.AKS.Release and select Tasks.

6. In the Dev environment, under the DB deployment phase, select Azure Resource Manager from the drop down for Azure Service Connection Type, update the Azure Subscription value from the dropdown for Execute Azure SQL: DacpacTask task.

7. In the AKS deployment phase, under the Create Deployments & Services in AKS task, update the Azure Subscription, Resource Groupand Kubernetes cluster from the dropdown. Expand the Secrets section and update the parameters for Azure subscription and Azure container registry from the dropdown. Repeat similar steps for Update image in AKS task.

• Create Deployments & Services in AKS will create the deployments and services in AKS as per the configuration specified in mhc-aks.yaml file. The Pod, for the first time will pull up the latest docker image.
• Update image in AKS will pull up the appropriate image corresponding to the BuildID from the repository specified, and deploys the docker image to the mhc-front pod running in AKS.
• A secret called mysecretkey is created in AKS cluster through Azure DevOps by using command kubectl create secret in the background. This secret will be used for authorization while pulling myhealth.web image from the Azure Container Registry.

8. Select the Variables section under the release definition, update ACR and SQLserver values for Pipeline Variables with the details noted earlier while configuring the environment. Select the Save button.
    Note: The Database Name is set to mhcdb and the Server Admin Login is sqladmin and Password is P2ssw0rd1234. If you have entered different details while creating Azure SQL server, update the values accordingly

Task 3: Trigger a build and deploy application

In this exercise, let us trigger a build manually and upon completion, an automatic deployment of the application will be triggered. Our application is designed to be deployed in the pod with the load balancer in the front-end and Redis cache in the back-end.

1. Click on Pipelines tab and select the “MyHealth.AKS.build” pipeline. Click on the “Run pipeline” blue button on the top right corner.

2. We can see the run Summary along with the Releases by clicking on the respective option.
   

3. Within the Summary page, scroll down to the Jobs section and click on the job name so you can see all the tasks performed by the job. Click on the tasks to see the details. 

     4. To view the generated images in the Azure Portal, select the Azure Container Registry and navigate to the Repositories.

 

     5. Switch back to the Azure DevOps portal. Select the Release tab in the Pipelines section and double-click on the latest release. Select In progress link to see the live logs and release summary.

5. Once the release is complete, launch the Azure Cloud Shell and run the below commands to see the pods running in AKS:
   
   1. Type az aks get-credentials –resource-group akshandsonlab –name RugamitasAKS01 in the command prompt to get the access credentials for the Kubernetes cluster. Replace the variables yourResourceGroup and yourAKSname with the actual values.

2. kubectl get pods

The deployed web application is running in the displayed pods.

6. To access the application, run the below command. If you see that External-IP is pending, wait for sometime until an IP is assigned.
   kubectl get service mhc-front –watch

7. Copy the External-IP and paste it in the browser and press the Enter button to launch the application.

Access the Kubernetes web dashboard in Azure Kubernetes Service (AKS)

Kubernetes includes a web dashboard that can be used for basic management operations. This dashboard lets you view basic health status and metrics for your applications, create and deploy services, and edit existing applications. Follow these instructions to access the Kubernetes web dashboard in Azure Kubernetes Service (AKS).

Task 4: Configure Application Insights 

In this taks we have the existing ASPNET.NET Core application, when creating all the infrastructure for the labs, we will need the newly created Instrumentation key to be configured in this project so Application Insights can work.

1. Open Azure DevOps

2. Open the project Repos. Under MyHealth.Web project locate the appsettings.json file.

3. Locate this line from that file.
    “InstrumentationKey”: “YOUR_INSTRUMENTATION_KEY”
4. Substitute the text YOUR_INSTRUMENTATION_KEY with the key of your existing Application Insights service.

Note: If the Application Insights service is not created, create a new one.

5. Application Insights comes in the form of a Nuget package. Review the project.json file of the web project and look for the Application Insights package added.

6. Open the file Startup.cs.

 Note: In this file we give the startup options for the website, we need
to configure Application Insights to read the configuration.
Unlike the setup for other Application Insights SDKs, adding the SDK doesn’t
automatically configure a range of modules to collect different kinds of
telemetry. We’re going to add the modules for Telemetry and Exception so we
need to do a couple of modifications to the Startup.cs

7. Locate the method ConfigureServices and check the line services.AddApplicationInsightsTelemetry(Configuration);.
   This will load the configuration for Application Insights from the
   configuration file for the site.

Lets double check theApplication Insights for Kubernetes Enricher its enable. The code should include something like this:

public void ConfigureServices(IServiceCollection services)
{
    ...
    services.AddApplicationInsightsTelemetry("----Your Application Insights Instrumentation Key ----");
    services.AddApplicationInsightsKubernetesEnricher();
    services.AddMvc();
    ...
}

8. Now locate the method Configure and check these lines:
    *app.UseApplicationInsightsRequestTelemetry();
    *app.UseApplicationInsightsExceptionTelemetry();
   
   With these two lines we are configuring the application to send Telemetry information as well as Exception information to the configured Application Insights.

9. Locate the file _Layout.cshtml inside the Views | Shared folder in the web
   application and open it.
    Note: We need to
   configure also the client-side reporting of Application Insights
   telemetry, which will allow us to have telemetry data of what is happening
   at the client side of our web application.
   This _Layout.cshtml page in ASP.NET is the base page for all the rest
   of the pages for the application, so adding this code here will add the
   code in the rest of the pages of the application at runtime.

10. Look at the first line @inject
    Microsoft.ApplicationInsights.Extensibility.TelemetryConfiguration
    TelemetryConfiguration. This injects the configuration part
    of Application Insights to be available for the client-side scripting.

11. Now look at the line @Html.ApplicationInsightsJavaScript(TelemetryConfiguration).
    This will add the needed Javascript code in the page so Application
    Insights client-side telemetry sends information about client-side
    execution.

Task 5: View telemetry

Exercise
3: Viewing Telemetry

Now that we have configured the application to send telemetry data to Application Insights, let’s review how to send the date and see the telemetry from the Azure Portal.

Lets go the portal opens on a view of the telemetry from your app.

1. Click on Server response time.

This opens the azure blade with all the information about the server response time of all the calls which have ocurred to the application, and its times. So we can detect for example bottlenecks in our application in particular pages.

2. Click on Page View Load Time.

We have a lot of other metrics avaliable, like Page view load time which measures times from client side informing how long the pages take to load in the client side.

Click again, in this new blade in Page View Load Time in the upper part, you can continue drilling down through all the information in Application Insights.