lastcoolnameleft

• Create AKS Cluster
• Add cluster to Calico Cloud
  • Calico Cloud -> Add Cluster
• Look at Flow Visualization & Default Service Graph
  • Point out various traffic
• Add Staged Deny All (kubectl apply -f staged-deny-all.yaml)
• Look at Flow Visualization
  • Point out various traffic
• Add Monitoring Addon (az aks enable-addons -a monitoring -n $AKS_NAME -g $RG)
• Look at Flow Visualization

lastcoolnameleft

# Tested in zsh & bash
# This function is designed for Private Clusters with Azure CLI AKS Run Command
# https://docs.microsoft.com/en-us/azure/aks/private-clusters#use-aks-run-command
# It assumes your current context is the private cluster and parses that data from the context data

# Prerequisite: Your private cluster is the Kube config current-context (e.g. az aks get-credentials)
# Usage: azk <command>
# Example: azk kubectl get pods -n kube-system
function azk() {
    AZK_CURRENT_CONTEXT=$(kubectl config current-context)

lastcoolnameleft

thfalgou@kernel-addon-2-md-0-cvx9n:~$ ls /sys/fs/cgroup/cpu/cpu.rt_period_us
/sys/fs/cgroup/cpu/cpu.rt_period_us
thfalgou@kernel-addon-2-md-0-cvx9n:~$ ls /sys/fs/cgroup/cpu/cpu.rt_runtime_us
/sys/fs/cgroup/cpu/cpu.rt_runtime_us
thfalgou@kernel-addon-2-md-0-cvx9n:~$ grep CONFIG_RT_GROUP_SCHED  /boot/config-*
/boot/config-5.4.0-1051-azure:# CONFIG_RT_GROUP_SCHED is not set
/boot/config-5.4.0-1053-azure:CONFIG_RT_GROUP_SCHED=y

lastcoolnameleft

helm upgrade -i kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --debug  \
    --set service.type=ClusterIP \
    --set ingress.enabled=true \
    --set "ingress.paths[0]=/\(\.\*\)" \
    --set "ingress.hosts[0]=$APP_HOSTNAME" \
    --set "ingress.tls[0].secretName=$APP_HOSTNAME-tls" \
    --set "ingress.tls[0].hosts[0]=$APP_HOSTNAME" \
    --set ingress.annotations."kubernetes\.io/ingress\.class"=nginx \
    --set ingress.annotations."cert-manager\.io/cluster-issuer"=letsencrypt-prod \
    --set ingress.annotations."nginx\.ingress\.kubernetes\.io/rewrite-target"="/\$1" \

lastcoolnameleft

## Overview

There are 3 options listed here: https://docs.microsoft.com/en-us/azure/api-management/api-management-kubernetes
* APIM + Public AKS Service, no shared Vnet
* APIM + Public AKS Ingress, no shared Vnet
* APIM + Private AKS in same Vnet, no ingress

A missing scenario is: 
* APIM + Private AKS in same Subnet, with ingress

lastcoolnameleft

Create Cluster

RG=dol-demo
K8S_NAME=dol-demo

az group create -n $RG -l southcentralus
az aks create -g $RG -n $K8S_NAME --enable-vmss

lastcoolnameleft

gen_random() {
  NUM=$1
  if [ $(($NUM%1000000)) -eq 0 ]; then
    echo $NUM
  fi
  RAND=$(head /dev/urandom | tr -dc 'A-Za-z0-9!"#$%&'\''()*+,-./:;<=>?@[\]^_`{|}~\n\t' | head -c100)
  echo "$RAND" | gcc -x c - > /dev/null 2>&1
  RESULT=$?
  if [ $RESULT -eq 0 ]; then
    echo 'SUCCESSFULLY COMPILED!' $NUM

lastcoolnameleft

#!/bin/sh

a=0

while [ $a -lt 1000 ]
do
#   echo $a
   a=`expr $a + 1`

lastcoolnameleft

bash-3.2$ kubectl get pods --namespace voting -w
NAME                                    READY   STATUS            RESTARTS   AGE
voting-analytics-1-0-79fbdb99f9-b6v8c   2/2     Running           0          15m
voting-analytics-1-1-77b6987669-tw9k4   2/2     Running           0          9m50s
voting-analytics-2-0-688f654c6-rdgkf    0/2     PodInitializing   0          8s
voting-app-1-0-ffb8c5dbf-26sn6          2/2     Running           0          15m
voting-app-1-0-ffb8c5dbf-gxl6n          2/2     Running           0          15m
voting-app-1-0-ffb8c5dbf-lsqfn          2/2     Running           0          15m
voting-app-2-0-5cf65b7ccb-cwn65         0/2     PodInitializing   0          7s
voting-app-2-0-5cf65b7ccb-hmrpv         0/2     PodInitializing   0          7s

lastcoolnameleft

Options:

• OneSiren - No software to download. No real way to evaluate
• Fabman -
  • Pro: comprehensive.
  • Con:
    • Paid (€79/ month) + 1% transaction fee on top of Stripe.
• They want you to buy their own hardware.