 So hello and welcome to episode four in our third series of third season of rock to the cloud Let me start by once again offering a massive. Thanks to you all for staying with us on this series as we say every week We really love spending this time with you to discuss all topics around with our server 2022 and Microsoft hybrid cloud solutions although as you probably gauge by now this series been a lot more focused on the latter and Quite frankly this week is no different So in each episode of from rock to the cloud We bring you some of the world's most foremost figures in Windows server and hybrid to help you get whatever you need or just what you want To know about it and per the usual if you have any questions about the episode make sure you pop them into the comment section below We'd love to hear from you So the agenda for today's episode is Azure Kubernetes service and Azure Stack HCI and for the next 30 minutes I'll be catching up with Vinicius a Polinario. I'm just making sure that they're correct I can see a nod there, which is good And we've also got some limits later that you guys can get involved with so do stick around so here on from rock to the cloud We like to bring to you the world's leading voices in Windows server and of course Microsoft hybrid and today's no exception on Today's episode we are joined by the one and only Vinicius a Polinario Vinicius. Can you introduce yourself to the audience watching please? Hi Jason, of course, thanks for having me on the show. I'm Vinicius I work as a cloud advocate And Microsoft and we cover everything about hybrid cloud On-premises infrastructure like Windows server that Jason just mentioned My focus is specifically is more on containers Kubernetes But from the it pro and operations angle And I've been working with containers for a few years I was part of the the product team that actually builds containers inside of Microsoft And now joined the cloud advocacy Wow, excellent. And where are you based Vinicius? I'm based in Redmond, but I'm from Brazil. So yeah, we were just joking about the weird name That probably not familiar to a lot of people For a person that is from Give us the story. Give us the story Alright, so my first name is Vinicius. That's kind of Greek orange My middle name is Ramos, which is from Portugal My last name is a Polinario, which is Italian. I'm from Brazil when I live in the US So of course when someone at Starbucks asked what is your name sir? I don't have a good name to give to the person so they can find me later or write my name correctly So as we said previously in true hybrid fashion, right? Yeah, so perfect. Listen, thank you for joining us once again So what are we jumping to today's topic? Which I repeat is Azure Kubernetes service and Azure Stack HCI So I've got some questions That I'd like to ask you if that's okay like we do in every episode And of course in previous episodes in this series, we have heard about Azure Kubernetes Or AKS as we like to call it here at Microsoft and of course Azure Stack HCI But can you please tell me what does it mean to have AKS on Azure Stack from your perspective? Yep, of course so Kubernetes is For those folks on the watch in our video that don't know what Kubernetes is a brief introduction So when you move from VMs to containers Your compute mode changes from running single instances of an entire operating system to running now a Isolated environment where the application is completely isolated from the others And what the main changes for someone in operations and as an IT Pro is that a VM you give it a name You treat that VM as an entire operating system. You have to manage you have to backup and everything else a Container is a more Short-lived instance if you will for your application to run You don't have any ties in terms of storage or name of the container itself It's a very agnostic way of running your application because everything that matters for the application It's not exactly inside of the container. So you can spin up the container real real quickly And it's a new paradigm of running your application in terms of compute, right? Where Kubernetes comes in is that because of that shift you need something to orchestrate the orchestrator is responsible for that The Kubernetes ends up being the de facto Orchestrator that most of the companies out there today are using for running in production with containers, right? Of course, you can run Windows applications Linux applications on top of Kubernetes on top of Windows containers or Linux containers And so on and so on but the main goal of Kubernetes is to actually manage the nodes that are running your containers Manage the containers is KO ups KO down high availability load balancing network policies monitoring and everything else comes on top of Kubernetes Given the fact that Kubernetes is a big solution for you to manage a lot of companies such as Microsoft Have their own what we call managed service or Kubernetes managed service, right? What that means is that instead of spinning up VMs to run your Kubernetes cluster itself you then Give that operation to Microsoft and you actually run the clusters that are running the application itself So you don't have to worry about the underlying infrastructure, right? Different companies will have different ways that you can actually go and What level of control you have for the VMs or the Kubernetes cluster or the management itself But as we were saying Azure Kubernetes service is the Microsoft version of that where you can run a Kubernetes cluster on top of Azure and You basically delegate the underlying infrastructure to Microsoft so what happens is many customers they have requirements for running their applications on premises, right and that even with that they still want to run those applications on top of Kubernetes and Also, if you think about the whole infrastructure that is needed for running Kubernetes itself Those customers also want a managed experience where part of that infrastructure is actually Remember it's on premises. So there is two going to manage that But it's at least Formatted in a way that is easier for them to go and deploy and manage and everything else So that's what AKS on top of Azure Stack HCI is it's our Kubernetes managed service Going on premises and the place where it's going to run. It's on top of Azure Stack HCI, right? So Azure Stack HCI comes in providing the High availability move to node cluster Where you can go and deploy your Kubernetes infrastructure then that then operates to control your Windows containers or Linux containers and running an application on premises So essentially extending the whole scenario, right? That's correct. Yes Excellent. So why would I choose Azure Kubernetes service HCI over other Kubernetes options? Yeah, so Remember the Kubernetes is an open source project, right? It has a gazillion components that are needed to actually run your Kubernetes infrastructure So you have the deployment of your Kubernetes cluster and as part of that you have your API cluster You have your nodes. You have Management you have to think about security. You have to think about updating the nodes There's a bunch of components that are part of running your Kubernetes infrastructure itself And when you go out and you deploy this simple version or as we call it the vanilla version of Kubernetes where you just go to Kubernetes.io And you get the the binaries and deploy That's all open source. So you have community support Amazing product and amazing community actually However, when you think about Enterprises running their most critical workloads, it's important for those companies to have Some support for from a vendor. So that's one of the things that comes for Microsoft, right? Not only the support is all Microsoft But also all the components needed to run your Kubernetes environment Then are now provided by Microsoft tested by Microsoft and supported by Microsoft That's one of the main things that we are seeing customers really see the value of running AKS on top of HCI For their own premises workloads on Kubernetes So it's fair to say but I mean package the whole solution, right? That's correct. Yes But I mean at the end of the day nothing better than actually seeing what that means in a demo, right? And I know people in this audience like to see the product running. So let me dive into the demo itself Excellent. Good So the first thing I wanted to show is that Everything that I'm going to show in terms of demo people can reproduce on top of a testing environment, right? And what that means is we talked about how AKS on on Azure Stack HCI is for on premises But maybe you want to test AKS on top of HCI and you don't even have an HCI cluster You don't have a actual VM or machine that is actually power enough like 64 gigs 128 gigs of memory to run multiple VMs that can actually go and try so everything I'm going to show today It's actually available for you to try on Azure and we have a guide for AKS on Azure Stack HCI In Azure as an evaluation guide What that means is that it will spin up a Azure VM and then you deploy AKS on HCI as if you were deploying on premises, but it happens to be an Azure VM So it's a simple way for you to get started and try AKS on Azure Stack HCI. So with that said, let me go to Windows Admin Center, which I showed briefly And Windows Admin Center is one of the ways you can go and manage AKS on Azure Stack HCI. The other way is through PowerShell But I'm going to show the Windows Admin Center just because visually it's easier to understand and see what's going on So here you can see I have a single node Like I said for the purpose of this demo I want to show the Azure Kubernetes service running on premises, but in this case It's running on top of a single node However, if you deploy on Azure Stack HCI The only difference is that the underlying infrastructure has HA or high availability available. That will be the only difference When I click Azure Kubernetes service on top of the single node it's going to gather the platform information So basically what I did here is previously I used that evaluation guide to go and deploy. It takes some time to go and deploy especially because part of the process is to actually Download from the Microsoft servers the images for the Windows nodes and the Linux nodes that you're going to run your applications on top of Right You can see that I have my cluster over here. I have a total disk space How much memory I have available the versions of AKS and Kubernetes? This is already synced to Azure one of the ways we build customers on how they are using is to do the compute nodes And you have to sync with Azure in order for us to know how much you're using and and and everything else This deployment of AKS has a what we call as a target cluster. So think about AKS as Your underlying infrastructure to run Kubernetes But then you have to have your clusters that are actually the places where you are going to run the application itself and that's what we are seeing here my Vini AP cluster and Basically, this is running this version of Kubernetes. The state is healthy, which is good And I have two node pools one for Linux and one for Windows This is also connected to Azure Arc. We're going to talk about that later But now let me switch to PowerShell so I can show some of the configuration that I have through the Kubernetes Configuration itself and the tool we use for that in Kubernetes is called kubectl some people call kubectl Whatever you prefer what I'm gonna do here is I'm gonna say kubectl get nodes and basically what I'm doing is I'm asking the output to show more information than you would By default so kubectl get nodes. It's gonna show my nodes that are part of that cluster that I just said You can see that I have the control plane that I was talking about and then you have one node dedicated for Linux containers and one node Dedicated to Windows containers right one curious thing about what I'm just showing you here Is that you see that I have a Mariner Linux? That's Microsoft's own Distribution of Linux that is packed for AKS. So when you run Linux containers on top of AKS and Azure Stack HCI You are running on top of a Microsoft Linux distribution So that's to say we support the whole thing for the customers when you deploy your applications on top of AKS HCI All right, the other thing I wanted to show here is that in terms of cluster management Azure Stack HCI I'm sorry AKS on Azure Stack HCI has all the configuration Here on Windows admin center. So if I click for example the settings here, you can see I'm not gonna have any updates Because there are none available for me right now. I have the latest in terms of the Kubernetes version of the Or the nodes that are running on Windows or Linux Those configurations will show up here And I have an easy way to just go and update based on what Microsoft released for AKS on Azure Stack HCI So as you can see everything is very straightforward One of the things about Kubernetes is as I mentioned before you have multiple components that you have to configure You have to make sure that they are talking to each other everything is configured correctly One of the benefits of using AKS on Azure Stack HCI is everything is very straightforward Installation is very straightforward. You come to the Windows admin center UI. You have a step-by-step guidance That takes you from deploying your cluster deploying your target cluster Configuring the nodes configuring the node pools and then you can go and deploy the applications itself Excellent now. Thank you. That's an excellent demo Just curious what kind of applications can be deployed I'm assuming it's not just for Windows only Yeah, so No, although it's a Microsoft product You can run as I mentioned Linux and Windows applications It's just that when it comes to Kubernetes you have node pools and what node pools are They are as the name says actually pools of servers that are supporting Those types of applications in Kubernetes you create pools for Linux workloads and pools for Windows workloads You can't have a mixed version of node pools Other than that you can deploy any application that was containerized, right? So of course not all applications can be containerized, but as long as application is running on containers You can go and deploy to AKS In fact, I have an example of an application that I deployed so I'm gonna switch back to the demo and What I'm gonna show you here is back to our PowerShell You can see that I'm on a folder here called as your vote and that's a sample application that we have To show how deploying applications to Kubernetes work On this folder. I have a YAML file So YAML files are used to describe how the Kubernetes Configuration should be for my application to run So if I look at this YAML file over here on notepad you can see that I have blocks of code and each of these blocks They are part of a configuration on top of Kubernetes and in this case AKS HCI So this first block basically deploys a type of deployment, which is basically a pod or a container Give it a name. How many replicas I should have It gives the name for a label which is Azure vote back So my application is composed by a back end and a front end This is the back end. This is the image that we are going to use For the application It talks about how much CPU and memory and as you can see it goes on to the next block And the next block is a service services related to networking So I have the networking configuration of my back end And then I have another deployment, which is my front end and the front end uses a different image And uses a different service as well Specifically for the front end you can see the difference that we have a load balancer here And if you're not familiar with Kubernetes if you're not familiar with the YAML files don't get too Hanging to the complexity of the YAML file. A lot of this is documented And there's a bunch of example and sample files that you can reuse for your own application And most of the time from an operations perspective This YAML file will be provided for you by the developer of the application itself Describing how the application should work and then it's your job as an operations person to go and work on How many resources? What are the namespaces that are going to be deployed? The namespaces being how you Contain your application into specific node pools or give access to some people and something like that So with all that said this YAML file over here describes how my application works And now what I have to do is I have to go and deploy this YAML file to my Kubernetes cluster What I'm going to do is I'm going to use kubectl again I'm going to say apply for to apply my configuration and I'm going to pass on Dash f that specifies the file and the file I'm going to use here is azure vault YAML, so I'm going to click okay. You can see that nothing changed because in fact, I actually just deployed this application before the And let's take a look at what was deployed to kubernetes because I showed the YAML file is one thing Which showing on kubernetes how this is deployed now is another so i'm going to show you first The pods or the containers that I have running so kubectl Get pods And as you can see I have the back end and the front end And the reason you see here that I have one of one is because if you remember the YAML file I showed before It was saying one replica right so we're going to change that in a second And basically what I have now is I have one pod Of the one total that I asked for the application to have in terms of replica It's running for a few days because I read this last week Let's take a look at the Service configuration now And as you can see I have the load balancer here for the front end of my application And because this is the front end with the load balancer I have an external ip address So my customers can go and connect you so i'm going to open a new tab over here And here's my application up and running So it's a sample Very simple application where you come here and you vote either cats or dogs and Then the result of that Is recorded down here and I can reset whole configuration and start voting again So that's the deployment of a linux application. It's actually very straightforward once you have your application Containerized ready to be deployed You apply the configuration of your application to Kubernetes Kubernetes will basically Try to Apply exactly the configuration that you specified in your file to the configuration On your cluster. So if you have multiple nodes, one of the nodes goes down It will bring the node the pod or the application to another node to spin it up Higher viability load balancing and all the things that we were talking about now Just for the sake of showing How kubernetes work in terms of how you Specify things on your yaml file. I'm going to change the number of replicas for my front end and my back end to chew I'm going to save this file I'm going to Provide the same kubectl apply here. There's a warning here about the specification Because it was deprecated in an earlier version doesn't change the fact that this was applied. So just ignore the warning And now let's take a look at the pods They showed before and you can see that I have now four pods in total For two for my back end and two for the front end So in that way, I just scaled up my application by just changing the file of the application itself Wow, you make it look all so simple For somebody like myself, I'll be honest with you. I always get a little lost there that um I suppose from my own perspective as well, you know from as I take it from many years ago being at the command line It was quite nostalgic But look with in azure product Can you elaborate on how the pricing works for azure for azure kubectl service and hc and i'm assuming This is going to be quite an important question for the audience, right? Yeah, absolutely In fact, I think I mentioned before everything you run on azure kubectl service is On azure azure stack hci is based on your compute note So whenever you deploy a cluster and then those clusters have nodes up and running That's how you're going to be charged for azure stack hci. I'm not going to go into the pricing itself I'm going to talk about the model on how it works. So let me explain What we have here in terms of our cluster, right? So if you look at this vneap cluster I have one Linux node and one windows node So I have two nodes running over here And when you deploy a cluster you specify what is the size of the nodes that you want to deploy either for the Linux node pools or windows node pools And when you create the node pool, you say, what is the size of the VMs you are going to run when you run VMs on that node pool, right? so Getting out of aks on azure stack hci itself and showing the virtual machines I have running here You see that I have a few vms up and running and those vms are exactly the nodes that I showed before But from the aks perspective and now I'm showing from the vm perspective on On my environment, right? So look at this. I have my vneap cluster control plane I have the load balancer and I have this windows server pool and this linux pool vm over here These two are the machines that are actually Being charged for aks hci to go and run And what happens is You keep a connectivity to azure Let me go back to the aks ui There you go. So the synchronization to the cloud is the process of Showing to microsoft what you have up and running in your environment. We have more details about this Uh in our documentation for aks on hci Uh, but that's basically how customers are going to be charged The size of the vms and how many vms you have up and running with aks hci so yeah So yeah, so just one other question then in terms of scaling up and down Is does if you're going to reduce your footprint or increase your footprint, how does that work? Does that come out of your azure billing or is it something different? Yeah, remember that this is an azure product, right? So it's azure kubernetes service on azures.hci. So it's azure billing And basically you can scale up or down your pods or your containers But that's not exactly going to affect the number of nodes you have running on your cluster, right? So the number of nodes you have running is going to affect The the the billing for azures.hci. I'm sorry for aks on azures.hci All the mouthful, right? And speaking of connectivity with azure, can I plug in azure arc on aks? Yep, so we touched briefly on this azure arc is available If you're not familiar with azure arc, azure arc is basically a way for you to show azure what are the resources you have outside of the azure environment itself You have azure arc for servers So if you have a vm or a physical server running on premises or in another cloud You can use azure arc to apply azure policies Configure tags or anything else you want to configure that is available for that resource One of the type of resources available for azure arc is kubernetes So we call that azure arc enabled kubernetes And aks.hci is one of the kubernetes cluster types that is supported with azure arc, right? So what that means is as you see here, I can inform azure the azure cloud itself not on premises But I can inform azure that this kubernetes cluster on premises running on aks.hci exists And manage that cluster via azure. So let me show you what that means real quick So as you can see, I already configured azure arc for this cluster The configuration itself is honestly a very simple command that you run on PowerShell from aks.hci And after that it's going to show that it's connected So if you go to azure itself, of course you'll have that tied to a resource group I'm using this arc demo for this case You can see that both of my cluster the management cluster and the target cluster are showing up here But of course the one that we care about is a target cluster And look, this is a cluster that runs on premises that now I'm managing from the azure portal Right? So right from the azure portal, I have connectivity to the cluster And I have the information about the cluster right here So remember that we show the kubernetes version, the agent Everything that I showed you from the Women's Admin Center UI on premises I can now see from the azure portal Now that's just showing you some information There are extensions that you can enable on top of a arc enabled kubernetes cluster Right? One of those being azure policy, for example So let me show you what that means If I go back here, you can see the whole extensions we have Like open service mesh, GitOps Some of these are pretty cool So for example, GitOps Let's say you have an application that your developer put in a on GitHub For example, or in a Git repository You can use GitOps for deploying the application to your kubernetes cluster And you can create something like a CICD pipeline That says every time the application is updated You're going automatically deploys the applications Or automatically or not, of course Deploys to your kubernetes cluster So you can integrate your AKSHCI with GitOps via azure arc But let's go talk about policies, right? So if you are familiar with azure You're probably familiar with azure policy It basically gives you the ability to centralize policies for configuring And monitoring your workloads or your resources on azure But in this case, we're doing this with a non-premise resource So if I go to the azure policy configuration here You see that I have my set of policies, the default one And it's showing us non-compliant So let's take a look at why this is saying non-compliant for this cluster I'm going to open the configuration of the policies And just like any other set of default policies on azure You can see that I have a bunch of policies covering stuff like network security Logging and threat detection I have identity management, privileged access, and so on and so on So all of these are all pre-populated policies I can have my own custom policies as well, of course But the point here is that For this case, azure policy identified two of the policies That my cluster don't meet the requirements So let's take a look at this one So basically what's saying here is that I should have The azure guidance here is to use the threat detection capability Of azure defender services in Microsoft Defender for cloud for their respective azure services So what that means is that I don't have this enabled for my cluster In terms of scanning vulnerabilities And all the things that Microsoft Defender for cloud does Is not being applied to this cluster And I don't have any way to know if something is correctly configured Or exposed or not So I have the configuration of the policy here And I have the resource compliance So I can see my VDAP cluster is non-compliant With this specific policy that by default Is scanned for all Kubernetes cluster So if I were to do this on-premises by myself Using any other tool, I would spend probably a day And this was just a PowerShell command that I ran To enable the azure policy configuration for that cluster And now I have my cluster scanned And all the configuration is now showing up here on the azure portal So keeping it nice and simple and streamlined of course, right? Yeah, absolutely Hey listen, thank you so much for that That's absolutely fantastic But now I'm afraid to say We'll have to stop all that interesting stuff And come some fun stuff And now we're going to go to a part of the show What we call the server acronym review And like everyone involved in the tech world I just love a good long confusing acronym That doesn't make any sense And luckily for us, the producers have found a few server acronyms to show us And we're going to put ourselves on the spot You and I, Mishis All right And guess what they are We'd also love for you guys to pop your thoughts in the comment section below And tell us what you think about these acronyms So let's go ahead and let's look at acronym number one please E-F-S Does it relate to your file system? Encrypted file system, there you go That's I think that's it You know what, I'll take your word for it And I would have changed the first letter personally, but there we go This is an old one I was going to say a quarter of Windows 2000, yes Blimey, that is going back some time, right? Well done, well done Right, let's move on to the next one I had a bunch of issues with E-F-S, by the way I know this one Let me go Configuration Management Database He's there, there we go, look at that All right Yeah, I used to work in tools that were very interconnected with the CMDBs So yeah, that was kind of an easy one for me Do we have any more? It brings back things like ITU or something like that, right? Correct, yes, ITU certification, SCDPM Now I know this one Then I think you've got to go System-Sender Data Protection Management Do you know something? I probably should have got that Because I was looking at something around the DPN the other day I just didn't quite connect them together They were bad for me So let's just recap then, shall we? And I've kind of been trying to take some notes here But let's just keep it really simple So Kubernetes is ultimately for deploying container-based applications And specifically for HCI is to put that at the edge For your on-premise footprint Enable you to spin them up quickly And it's something that's basically The platform is for the underlying infrastructure Would that be correct to say in terms of the Canubi... It's bringing it all together to give you that underlying infrastructure To be able to run your container applications Within Kubernetes Would that be a fair statement? That is correct That is correct And the most important thing is that Because it's all Microsoft It's overly simplified So customers can easily deploy and manage that cluster All with tested and approved And blast Microsoft configurations Excellent, thank you For that clarification of my notes And from a on-premise perspective It supports all types of applications We utilize pools that are designed for the OS specifically Such as Linux and Microsoft And indeed it can be integrated into Azure Arc Whereby you can settle your policies Such as Defender and so on and so forth To make sure that that Kubernetes cluster Will remain compliant Fair statement That's correct Yes Again, my notes are good I'm impressed with myself Thank you Venetians, be validated So look, thanks so much for tuning into this episode Thank you Venetians Again for today Super insightful Gave me a bit of nostalgia In terms of getting that command line I'll be honest with you I was a bit lost in certain areas But you know That's why we bring the experts Like you on to the show And again, thanks to the audience For tuning into this episode From Rock to the Cloud Again, keep an eye out right here On ITOpsTalk, LinkedIn Or YouTube for the next episode And remember to drop your thoughts And comments below We always love to see them And look forward to the next episode When we see you again Thank you very much indeed Thanks again Venetians