Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New post - AKS: Things you wish you knew! #4437

Open
wants to merge 14 commits into
base: master
Choose a base branch
from

Conversation

pavneeta
Copy link
Contributor

Creating a new blog post with 5 features that customers should use but dont use them often enough and how they help

@pavneeta pavneeta requested review from palma21 and a team as code owners July 25, 2024 01:43
@pavneeta pavneeta requested a review from juan-lee July 25, 2024 01:43
@@ -0,0 +1,35 @@
---
title: "2024-07-24-AKS:Things you wish you knew!"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can remove the date from this title. This field represents how the post will be titled, do it should be something like "Things you wish you knew!"

The file name needs to have the date and follow an exact format. Such as: 2024-07-24-aks-things-you-wish-you-knew.md

Copy link
Contributor

@Azure/aks-pm issue needs labels

1 similar comment
Copy link
Contributor

@Azure/aks-pm issue needs labels

Copy link
Contributor

@pauldotyu pauldotyu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mostly spelling, line-breaks, and URL edits.

@@ -0,0 +1,59 @@
---
title: "AKS:Things you wish you knew!"
description: "List of features and configuraitons that make your life easier in running your workloads on AKS in produciton environments"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
description: "List of features and configuraitons that make your life easier in running your workloads on AKS in produciton environments"
description: "List of features and configurations that make your life easier in running your workloads on AKS in production environments"

## Background

Networking, Observability and Upgrades are among the most common topics of discussions that we face with customers on AKS. Users have a number of options for these on AKS and they often wonder what are the best features to adopt for the same and what are AKS's recommended options.
Furthermore, we have seen a common patterns in majority of the support issues that customers create and the conversations that we have with customers, where they are either not using best practice configuraiton or features, in-turn making life harder for themselves. *So, we wanted to share some of those common mistakes that customers make and what are the right settings and features for customers to use to make running AKS in production at scale easier.*
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Furthermore, we have seen a common patterns in majority of the support issues that customers create and the conversations that we have with customers, where they are either not using best practice configuraiton or features, in-turn making life harder for themselves. *So, we wanted to share some of those common mistakes that customers make and what are the right settings and features for customers to use to make running AKS in production at scale easier.*
Furthermore, we have seen a common patterns in majority of the support issues that customers create and the conversations that we have with customers, where they are either not using best practice configuration or features, in-turn making life harder for themselves. **So, we wanted to share some of those common mistakes that customers make and what are the right settings and features for customers to use to make running AKS in production at scale easier.**


Networking, Observability and Upgrades are among the most common topics of discussions that we face with customers on AKS. Users have a number of options for these on AKS and they often wonder what are the best features to adopt for the same and what are AKS's recommended options.
Furthermore, we have seen a common patterns in majority of the support issues that customers create and the conversations that we have with customers, where they are either not using best practice configuraiton or features, in-turn making life harder for themselves. *So, we wanted to share some of those common mistakes that customers make and what are the right settings and features for customers to use to make running AKS in production at scale easier.*
If you are new to AKS, you should skip this and first check out our new offering [AKS Automatic] - that lets you create and manage production-ready clusters with minimal effort and added confidence.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Linking to other posts within Jekyll can be a bit tricky, but this should work.

Suggested change
If you are new to AKS, you should skip this and first check out our new offering [AKS Automatic] - that lets you create and manage production-ready clusters with minimal effort and added confidence.
If you are new to AKS, you should skip this and first check out our new offering [AKS Automatic](/AKS{% post_url 2024-05-22-aks-automatic %}) - that lets you create and manage production-ready clusters with minimal effort and added confidence.

If you are new to AKS, you should skip this and first check out our new offering [AKS Automatic] - that lets you create and manage production-ready clusters with minimal effort and added confidence.

## AKS Auto Upgrades
Kubernetes upgrades like any change event can be hard to manage, especially when you are running multiple clusters across your fleet or you are falling behind on the n-3 supported versions. It is important to maintain a secure Kuberntes environment by applying the latest security patches, while ensuring your applicaitons and workloads do not see any disruption that can have an impact on the business.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Kubernetes upgrades like any change event can be hard to manage, especially when you are running multiple clusters across your fleet or you are falling behind on the n-3 supported versions. It is important to maintain a secure Kuberntes environment by applying the latest security patches, while ensuring your applicaitons and workloads do not see any disruption that can have an impact on the business.
Kubernetes upgrades like any change event can be hard to manage, especially when you are running multiple clusters across your fleet or you are falling behind on the n-3 supported versions. It is important to maintain a secure Kubernetes environment by applying the latest security patches, while ensuring your applications and workloads do not see any disruption that can have an impact on the business.

Comment on lines +19 to +28
AKS Cluster auto-upgrade provides a "set once and forget" mechanism that yields tangible time and operational cost benefits. Azure Kubernetes Service (AKS) auto-upgrade feature addresses the critical challenge of maintaining up-to-date Kubernetes clusters without manual intervention. By automating the upgrade process, it ensures that clusters receive the latest security patches, bug fixes, and new features, significantly reducing the risk of vulnerabilities and operational issues associated with outdated software.
It provides you with the flexibility to schedule your upgrades on a specific, repeatable cadnece to ensure critical business is not effected, and allows you to pick from 4 upgrade channels "none". "patch", "stable" and "rapid" so that you can controls the timing of the upgrade. To learn more visit [here](https://learn.microsoft.com/en-us/azure/aks/auto-upgrade-cluster?tabs=azure-cli)

Enable Auto-upgrade on your new or existing clusters today:

![image](blog/assets/images/THings you wish you knew - upgrade.png)

## System pool VM SKU and Managed Disk Performance Tiers
AKS clusters have two types of nodepool. System pool, which is meant to run the system processes, addons and critical compoenets such as coredns, metrics-server, Konnectivity agents etc and the User pool, which are meant to run the user's worklaod applications.
One of the most common mistakes that we see users make , is that since they are not running thier user workload on the system pool, they will try to save cost by chosing the smallest possible VM SKUs for system pools, often even 2 core VMS. While that might work at very small scale, that is not the recommended guidance and users are essentially are settting themselves up for failure and pain later, impacting business and ultimately revenue.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
AKS Cluster auto-upgrade provides a "set once and forget" mechanism that yields tangible time and operational cost benefits. Azure Kubernetes Service (AKS) auto-upgrade feature addresses the critical challenge of maintaining up-to-date Kubernetes clusters without manual intervention. By automating the upgrade process, it ensures that clusters receive the latest security patches, bug fixes, and new features, significantly reducing the risk of vulnerabilities and operational issues associated with outdated software.
It provides you with the flexibility to schedule your upgrades on a specific, repeatable cadnece to ensure critical business is not effected, and allows you to pick from 4 upgrade channels "none". "patch", "stable" and "rapid" so that you can controls the timing of the upgrade. To learn more visit [here](https://learn.microsoft.com/en-us/azure/aks/auto-upgrade-cluster?tabs=azure-cli)
Enable Auto-upgrade on your new or existing clusters today:
![image](blog/assets/images/THings you wish you knew - upgrade.png)
## System pool VM SKU and Managed Disk Performance Tiers
AKS clusters have two types of nodepool. System pool, which is meant to run the system processes, addons and critical compoenets such as coredns, metrics-server, Konnectivity agents etc and the User pool, which are meant to run the user's worklaod applications.
One of the most common mistakes that we see users make , is that since they are not running thier user workload on the system pool, they will try to save cost by chosing the smallest possible VM SKUs for system pools, often even 2 core VMS. While that might work at very small scale, that is not the recommended guidance and users are essentially are settting themselves up for failure and pain later, impacting business and ultimately revenue.
AKS Cluster auto-upgrade provides a "set once and forget" mechanism that yields tangible time and operational cost benefits. Azure Kubernetes Service (AKS) auto-upgrade feature addresses the critical challenge of maintaining up-to-date Kubernetes clusters without manual intervention. By automating the upgrade process, it ensures that clusters receive the latest security patches, bug fixes, and new features, significantly reducing the risk of vulnerabilities and operational issues associated with outdated software.
It provides you with the flexibility to schedule your upgrades on a specific, repeatable cadence to ensure critical business is not affected, and allows you to pick from 4 upgrade channels "none". "patch", "stable" and "rapid" so that you can controls the timing of the upgrade. To learn more visit [here](https://learn.microsoft.com/azure/aks/auto-upgrade-cluster?tabs=azure-cli)
Enable Auto-upgrade on your new or existing clusters today:
![image](blog/assets/images/THings you wish you knew - upgrade.png)
## System pool VM SKU and Managed Disk Performance Tiers
AKS clusters have two types of nodepool. System pool, which is meant to run the system processes, addons and critical components such as coredns, metrics-server, Konnectivity agents etc. and the User pool, which are meant to run the user's workload applications.
One of the most common mistakes that we see users make, is that since they are not running their user workload on the system pool, they will try to save cost by choosing the smallest possible VM SKUs for system pools, often even 2 core VMS. While that might work at very small scale, that is not the recommended guidance and users are essentially are setting themselves up for failure and pain later, impacting business and ultimately revenue.

## System pool VM SKU and Managed Disk Performance Tiers
AKS clusters have two types of nodepool. System pool, which is meant to run the system processes, addons and critical compoenets such as coredns, metrics-server, Konnectivity agents etc and the User pool, which are meant to run the user's worklaod applications.
One of the most common mistakes that we see users make , is that since they are not running thier user workload on the system pool, they will try to save cost by chosing the smallest possible VM SKUs for system pools, often even 2 core VMS. While that might work at very small scale, that is not the recommended guidance and users are essentially are settting themselves up for failure and pain later, impacting business and ultimately revenue.
By not providing sufficeint resoruces for your system component pods, users can run into issues such as dns resulition issues(Coredns), loss of metrics and alerting(metrics-server), control plane response latency or failures (Konnectivity) due to resource starvation for these critical components or even node failure, forcing them to spend time diagnosing and mitigating easily avoidable issues.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
By not providing sufficeint resoruces for your system component pods, users can run into issues such as dns resulition issues(Coredns), loss of metrics and alerting(metrics-server), control plane response latency or failures (Konnectivity) due to resource starvation for these critical components or even node failure, forcing them to spend time diagnosing and mitigating easily avoidable issues.
By not providing sufficient resources for your system component pods, users can run into issues such as DNS resolution issues (coredns), loss of metrics and alerting (metrics-server), control plane response latency or failures (Konnectivity) due to resource starvation for these critical components or even node failure, forcing them to spend time diagnosing and mitigating easily avoidable issues.

Comment on lines +30 to +42
For these reasons, we recommend using a minimum of 4 core VMs in general with 3 nodes for system pool, and at larger scale (think +1,000 nodes and +10,0000) use 16 core VMs.

###Ideal recommendaiton for system pool:
VM SKU: Standard_D8ds_v5
OS disk type: Ephemeral
No. of VMs : >3

When using VM SKUs that do not support ephemeral OS disks, be sure to set a high performance tier for your managed disks to ensure sufficient I/O throughput for your critical addons and processes.

## AKS Diagnostic Settings and recommended alerts
Troubleshooting issues in Kubernetes can be hard, Users often struggle with pinpointing performance issues, security threats, and operational glitches within their clusters. Part of the problem is ensuring that the right set of metrics, logs , events are captured and stored in a easy to query mannger.
AKS Diagnostics setting centralizes the enablement and data collection experience into a single view, leveraging built in data collection, storage and visualization tools in Azure Monitor and Log Analytics.
With a few clicks, you can select which logs are collected such as k8s audit logs, control plane logs and audit admin logs; you can select the destination in which to store that data - from log analytics workspace, cold storage to third-part montiroing solutions and you can also configure the granularity of the logs to resoruce level logs.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
For these reasons, we recommend using a minimum of 4 core VMs in general with 3 nodes for system pool, and at larger scale (think +1,000 nodes and +10,0000) use 16 core VMs.
###Ideal recommendaiton for system pool:
VM SKU: Standard_D8ds_v5
OS disk type: Ephemeral
No. of VMs : >3
When using VM SKUs that do not support ephemeral OS disks, be sure to set a high performance tier for your managed disks to ensure sufficient I/O throughput for your critical addons and processes.
## AKS Diagnostic Settings and recommended alerts
Troubleshooting issues in Kubernetes can be hard, Users often struggle with pinpointing performance issues, security threats, and operational glitches within their clusters. Part of the problem is ensuring that the right set of metrics, logs , events are captured and stored in a easy to query mannger.
AKS Diagnostics setting centralizes the enablement and data collection experience into a single view, leveraging built in data collection, storage and visualization tools in Azure Monitor and Log Analytics.
With a few clicks, you can select which logs are collected such as k8s audit logs, control plane logs and audit admin logs; you can select the destination in which to store that data - from log analytics workspace, cold storage to third-part montiroing solutions and you can also configure the granularity of the logs to resoruce level logs.
For these reasons, we recommend using a minimum of 4 core VMs in general with 3 nodes for system pool, and at larger scale (think +1,000 nodes and +10,0000) use 16 core VMs.
### Ideal recommendation for system pool:
VM SKU: `Standard_D8ds_v5`
OS disk type: `Ephemeral`
No. of VMs : `>3`
When using VM SKUs that do not support ephemeral OS disks, be sure to set a high-performance tier for your managed disks to ensure sufficient I/O throughput for your critical addons and processes.
## AKS Diagnostic Settings and recommended alerts
Troubleshooting issues in Kubernetes can be hard, Users often struggle with pinpointing performance issues, security threats, and operational glitches within their clusters. Part of the problem is ensuring that the right set of metrics, logs, events are captured and stored in an "easy to query" manner.
AKS Diagnostics setting centralizes the enablement and data collection experience into a single view, leveraging built in data collection, storage and visualization tools in Azure Monitor and Log Analytics.
With a few clicks, you can select which logs are collected such as k8s audit logs, control plane logs and audit admin logs; you can select the destination in which to store that data - from log analytics workspace, cold storage to third-part monitoring solutions and you can also configure the granularity of the logs to resource level logs.

## Summary


[AKS Automatic](blog/_posts/2024-05-22-aks-automatic.md)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Move link to be inline instead.

Suggested change
[AKS Automatic](blog/_posts/2024-05-22-aks-automatic.md)

Copy link
Contributor

@Azure/aks-pm issue needs labels

7 similar comments
Copy link
Contributor

@Azure/aks-pm issue needs labels

Copy link
Contributor

@Azure/aks-pm issue needs labels

Copy link
Contributor

@Azure/aks-pm issue needs labels

Copy link
Contributor

@Azure/aks-pm issue needs labels

Copy link
Contributor

@Azure/aks-pm issue needs labels

Copy link
Contributor

@Azure/aks-pm issue needs labels

Copy link
Contributor

@Azure/aks-pm issue needs labels

Copy link
Contributor

@Azure/aks-pm issue needs labels

13 similar comments
Copy link
Contributor

@Azure/aks-pm issue needs labels

Copy link
Contributor

@Azure/aks-pm issue needs labels

Copy link
Contributor

@Azure/aks-pm issue needs labels

Copy link
Contributor

@Azure/aks-pm issue needs labels

Copy link
Contributor

@Azure/aks-pm issue needs labels

Copy link
Contributor

@Azure/aks-pm issue needs labels

Copy link
Contributor

@Azure/aks-pm issue needs labels

Copy link
Contributor

@Azure/aks-pm issue needs labels

Copy link
Contributor

@Azure/aks-pm issue needs labels

Copy link
Contributor

@Azure/aks-pm issue needs labels

Copy link
Contributor

@Azure/aks-pm issue needs labels

Copy link
Contributor

@Azure/aks-pm issue needs labels

Copy link
Contributor

@Azure/aks-pm issue needs labels

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants