APPUiO Managed - Microsoft Azure AKS

APPUiO Managed Kubernetes Services with Microsoft Azure Kubernetes Service (AKS) is our product to provide services for the managed Kubernetes offering of Microsoft Azure.

Use Cases

Full Production Readiness

Managed cloud services are engineered for production. Leveraging these services is the recommended path into production.

Step in to the Cloud

Managed cloud services are perfect to start using the cloud. If the cloud is already used, managed cloud services are the perfect way to use Kubernetes.

Scalability

Using Kubernetes from Hyperscaler clouds allows for full scalability. With Hyperscaler-managed Kubernetes, you can get rid of infrastructure "pets" that need special attention. See The History of Pets vs Cattle and How to Use the Analogy Properly for a good read.

Flexibility

Hyperscaler clouds not only offer Kubernetes, but a large amount of other services. By using the Kubernetes offering of a Hyperscaler cloud, all the other available services are just waiting to be used. All our APPUiO Managed clusters have the Application Catalog on board.

Costs saving

Usually big clouds are not necessarily cheaper out of the box. By using the possibilities the cloud offers with integrated Cluster autoscaling or other optimization tricks like "Spot" instances a huge cost saving can be achieved.

VSHN Supported Features and Configuration

Supported by default

These features and configurations are available out-of-the box and installed and configured by default.

Feature / Configuration Description

Cluster Maintenance

Kubernetes control-plane and node updates are applied continuously when they’re available. See also Version and Upgrade Policy.

Persistent Storage with CSI

Storage is provided by the native cloud storage offering using officially support CSI integrations. This includes RWO and RWX storage classes.

Cluster Backup

A full backup of the etcd database is made every 30 minutes. A dump of all objects in JSON format is executed every hour, this way single objects can be restored on request. The backup data is encrypted before it is stored in an object storage backend, usually on the same cloud as the cluster is running. K8up is used as the backup operator, using Restic as backup backend.

Persistent storage volumes are not automatically backed up. The user of persistent volumes is obliged to take care of this. For that purpose, K8up is available on the cluster to help with that task. We’re also happy to help, just let us know.

Cluster Monitoring and Alerting

The cluster is monitored according best practices rules. Alerts are sent to our on-call management for routing it to the responsible person.

Cluster Metrics in Azure Monitor

Azure predefined Metrics are automatically collected by Azure and they are visible in Azure Monitor. VSHN doesn’t depend on them and is exclusivly using the Prometheus stack running on the cluster. However own alerts can be defined in the Azure Monitor.

Cluster Logs in Log Analytics workspace

Container logs are sent to Azure Log Analytics workspace by default.

Cluster limits

We’re following the recommendations of upstream Kubernetes. See Limits for more details.

Supported on request

These features or configuration adjustments must be specifically requested and some restrictions apply. Activation and configuration of these features imply additional engineering costs and can cause additional recurring engineering costs for operating them.

Feature / Configuration Description

Cluster Autoscaling

Cluster autoscaling configuration is fully supported, depending on the possibilities of the cloud service.

Ingress via Application Gateway Ingress Controller

The Azure Application Gateway Ingress Controller uses Kubernetes Ingress objects to configure an Azure Application Gateway. An Azure Application Gateway is deployed in this case and a prerequisite for this option.

Ingress via Ingress NGINX Controller

An Ingress NGINX Controller is going to be deployed. Requires an Azure Load Balancer in front of the cluster to send traffic to the Ingress NGINX Controller.

Unsupported

These features or configuration adjustments are not supported by VSHN, but can still be activated, changed or used, although are neither monitored, backed up nor maintained. No guarantees are given, use them at your own risk.

Still interested in one (or more) of these unsupported options? Get in contact with sales@vshn.ch and we figure out together what we can offer.
Feature / Configuration Description

Azure Kubernetes Service Diagnostics

Azure Kubernetes Service Diagnostics can potentially be configured via Terraform. Not yet engineered.

Logs: Kubernetes API Server, Audit, Audit Admin Logs, Controller Manager, Scheduler, Cluster Autoscaler, Cloud Controller Manager, guard, csi-azuredisk-controller, csi-azurefile-controller, csi-snapshot-controller

Metrics: AllMetrics

Custom Metrics

Custom metrics apart from what Azure has configured by default.

Istio

Currently not supported, because it is in preview state.

Grafana for Azure

Not engineered.

Version and Upgrade Policy

Supported are only the Kubernetes versions of Microsoft Azure: AKS Kubernetes Release Calendar. Installations must be upgraded to the next release within three months after a new release is available.

Pricing

See Pricing.

Pricing information of AKS can be found under Azure Kubernetes Service (AKS) pricing.

Minimum Requirements

Item Description

AKS control plane

1 control plane

See Kubernetes core concepts for Azure Kubernetes Service (AKS) for a description.

AKS nodes

At least 3 nodes

Refer to Kubernetes core concepts for Azure Kubernetes Service (AKS) for options.

Limits

Please refer to Quotas, virtual machine size restrictions, and region availability in Azure Kubernetes Service (AKS) to see the current limits and quotas for the AKS product.

Some resources are reserved for the cluster to work, this is described under Kubernetes core concepts for Azure Kubernetes Service (AKS) → Resource reservations.

Known Quirks and Issues