►
From YouTube: Simplify your Kubernetes setup through AKS Add Ons
Description
Kubernetes Community Days Bengaluru'21
We will see how to leverage Azure Kubernetes Service (AKS) Addons and its benefits. These addons are simple to use and easy to activate. One can enable these addons at the time of cluster creation or enable them at the existing cluster. We will cover some of the popular addons like Application Gateway Ingress Controller (AGIC), Open Service Mesh (OSM), Monitoring, Virtual node (based on virtual Kubelet) etc.
A
A
This
is
the
one
slide
which
you
have
to
know
go
through
each
of
the
items
for
sure
this
is
like
this
is
what
we
have
done:
azure
for
communities
right.
You
start
from
left
side,
we
have
visual
studio
code
and
then,
where
you
have
the
deep
integration
with
kubernetes,
I
mean
aks
right.
You
can
pretty
much
do
certain
things
or
manu
I
mean
you
can
operate
the
cluster
from
the
visual
studio
code.
A
There
is
a
plugin
available
for
that
and
with
the
github
integration
we
have
a
bit
of
actions
can
help
you
to
do
the
ci
cd
pipeline
of
your
containers
to
kubernetes
at
ease
in
a
in
a
better
way
and
with
acr
as
a
container
repository
and
monitor
would
help
you
to
monitor
your
communities
are
clusters,
irrespective
of
you
know
the
place
very
deployed.
You
will
get
a
single
pane
of
glass
to
look
at
everything
at
single
place
and
the
platform
side.
A
If
you
want
to
bring
in
active
directory
integration
and
then
azure
policy,
which
is
very
much
stressed
by
enterprises
today,
to
bring
in
certain
discipline
when
they
create
a
cluster.
So
it's
it's
a
very
good
space
to
watch
out.
There
are
700
plus
azure
policies
available
today.
Out
of
that,
there
are
40
pluses
for
communities.
A
You
can
actually
enforce
this
policy
when
someone
from
your
development
team
is
creating
at
your
subscription,
which
is
which
is
a
nice
thing
right.
So
the
security
center
and
keyword
and
advisor,
which
is
all
available
at
your
disposal,
to
leverage
the
security
portion
of
your
cluster
at
the
bottom
of
the
stack
we
have
azure
art,
which
means
that
using
the
azure
r,
you
can
manage
the
clusters
running
anywhere
and
everywhere
right.
You
can
manage
the
cluster
it
could.
A
It
includes
other
cloud
provider
plus
on
premise
so
with
azure
arc,
you'll
be
able
to
manage
that
single
place
and
that's
a
story
about
our
communities
on
azure
and
if
you,
if
you
talk
community
in
specific,
this
is
what
microsoft
doing
for
the
communities
community.
Since
kubernetes
is
becoming
like
an
enterprise
grade.
Slowly
and
it's
getting
matured,
it's
no
more!
No,
it
is.
It
has
been
considered
as
a
niche
player
right.
It's
been
seriously
debated
and
discussed
and
brainstormed
the
poc
poc
heavily
for
production
workloads.
A
We
are
going
to
see
it's
application
gateway,
ingress
controller.
It's
it's
also
called
the
agic.
It's
a
it's
a
it's
a
load,
balancer,
l7,
load,
balancer
level,
ingress
controller,
the
benefit
it
brings
out.
It
is
so
immense
that
you
can
actually
avoid
having
the
nginx
kind
of
an
ingress
running
inside
your
communities
cluster,
whereas
you
can
leverage
the
angus
options
by
taking
the
help
of
application
gateway,
which
means
that
it
will
free
up
50
of
your
compute
resources
from
your
existing
kubernetes
existing
community
size.
A
If
you
see
that
there
is
a
control
services
created
for
those
individual
parts,
you
also,
you
also
have
to
take
care
of
the
scaling
of
this
part.
So
pretty
much,
you
have
to
do
everything
and
you
also
have
a
classic
load
balancer
in
the
front
right,
whereas
in
the
right
hand,
side
with
the
agi
ic
the
application
gateway,
it
brings
immense
features
like
you
know,
it
helps
you
to
do
the
url
routing
cookie
based
affinities.
Are
it
helps
you
to
achieve
this
empty
and
less?
A
And
I
mean
the
bunch
of
thing
it
supports
it.
It
carries
the
classic
application.
Gateway
features
all
the
way
to
the
communities
world.
Also
now
the
best
thing
about
application
gateway,
it
avoids
the
additional
hog
hop
introduced
in
middle
or
it
doesn't
require
to
have
a
load
balancer
in
the
front
or
public
ip,
whereas
application
gateway
can
directly
talk
to
the
private
ip
of
the
part.
So
it
means
that
it
improves
or
increase
the
latency.
A
I
it
improves
the
latency
between
the
application
gateway
and
then
part
communication.
So
I
highly
recommend
this
agic,
as
in
one
of
the
mature
ingress
controller.
If
you
are
considering
for
any
of
your
production
workload,
let's
see
how
we
can
activate
it's
so
simple.
If
you
look
at
the
screenshot
here
in
the
portal,
you
can
go
to
the
network
settings
of
the
cluster,
and
then
there
is
a
check
box
here.
Just
enable
this
tick
mark
it
automatically
provision
the
application
gateway.
A
If
you
are
not,
if
you
do
not
have
this
gateway
installed,
otherwise
you
also
can
map
the
existing
gateway.
Saying
that
this
is
me
up.
This
is
going
to
my
application
gateway,
which
will
be
mapped
to
this
cluster.
So
if
you
are
provisioning
for
the
first
time,
it
will
take
10
to
15
minutes.
So
there
is
a
brief
warning
message
saying
that
you
know
it
will
take
15
minutes
to
get
created,
but
please
be
patient.
A
It
will
be
created
in
the
back
end
so
that
you
will
see
that
coming
up
so
in
the
yaml
file,
if
you
are
creating
an
ingress
controller,
english
yaml
file,
you
have
to
define
this
class
with
azure
slash
application
gateway.
You
will
find
all
these
examples
and
samples
of
example,
syntax
everywhere
in
the
microsoft
documentation,
and
this
is
how
I've
tried
out
and
then
see
it
worked
very
well.
It
is
so
neat,
it's
so
simple.
A
With
a
few
clicks
and
you
could
be
able
to
know,
I
was
able
to
do
it
so
the
first
command
I
say,
cube
ctl
get
ingress.
You
would
see.
There
is
a
couple
of
ingress
controller.
The
second
one
is
what
I
have
installed
through
application
gateway,
so
I'm
able
to
pretty
much
reach
this.net
core
a
simple,
vanilla
application.
I've
installed.
So
without
any
complexity,
I
was
able
to
manage
it
with
a
simple.
You
know
few
clicks
and
other
things
the
second
add-on.
We
have
the
monitoring
add-on
monitoring
add-on.
A
Is
it's
so
simple
that
you
just
enable
the
flag
in
the
portal
just
go
to
the
command
line
or
cli
azure
sale?
I
be
called
and
then
run
this.
You
know
two
commands
saying
that
azure
aks
enable
add-ons
and
then
dash
a
monitoring,
and
then
you
could
enable
add-ons
on
your
new
cluster
or
maybe
at
the
time
of
I
mean
time
of
creation
of
a
new
cluster.
You
can
define
this
add-ons
or
you
could
also
enable
this
add-ons
in
the
after
you
know
creating
the
cluster
I
mean
for
the
existing
cluster.
A
So
it's
so
simple.
It's
also
must
give
a
try
kind
of
an
add-on,
and
it
else
that
the
best
thing
about
the
monitoring
add-on
is
that
you
could
surface
the
or
scrap
the
logs
from
primitives
as
well.
Right
I
mean
the
deep
integration
with
primitives
is
also
available.
It
is
so
simple
to
give
a
try
and
the
third
one
is
the
virtual
note
it
is.
It
is
based
on
the
virtual
cubelet
project,
as
discussed
in
the
previous
slide.
Virtual
cubelet
was
one
of
the
incubation
project
within
microsoft
by
brandon
bonds.
A
It
has
been
donated
to
cncf.
It
is
getting
nurtured
very
well,
it's
been
getting
graduated
also
and
the
virtual
node
at
microsoft.
Aka
is
based
out
of
this
virtual
cubelet
project.
I've
added
delivered
a
talk
about
virtual
hublet
in
2019
communities
conference
at
infosys,
it's
available
in
utp.
If
you
want
to
take
a
look
at
it,
it's
just
a
one
line
of
command.
It
says
that
az
aks
enable
add-ons
and
then
enable
this
in
add-ons
as
a
virtual
node.
A
So
you
would
get
the
benefit
of
complete
add-on
available
at
your
cluster
right.
The
benefit
about
having
this
add-on
add-ons
in
your
this
kind
of
options
available
at
you
to
make
your
life
easier
in
setting
up
something
are
disabled
when
you
do
not
want
to
continue
with
the
add-ons.
So
if
you
go
back
10-15
years
back,
we
had
a
plug-in
architecture
where
everything
was
developed
as
a
plug-in
where
the
developer
used
to
ship,
these
individual,
dlls
or
jar
copy
to
a
certain
repository
and
then
dynamic
discovery
used
to
happen.
A
Dynamically
load,
the
menus,
dynamically
load,
the
application
features
based
on
the
plugins
right
right
now.
These
add-ons
also
behaves
like
that.
So
you
can
create
an
add-on,
bring
it
to
the
I
mean
the
cloud
provider
can
create
an
add-on
ship
it
to
the
developers.
I
mean
provide
it
to
the
developers.
The
developers
can
experiment
quickly
and
decide
whether
it
helps
or
not
so
without
breaking
any
of
these
underlying
changes
with
underlying
communities.
Concepts
are
writing
any
custom
code.
So
it's
it's
so
simple.
A
I
just
ran
this
add-on
and
then
I
was
able
to
get
these
azure
container
instances
coming
up.
You
could
see
that
there's
a
couple
of
container
instances
which
is
actually
going
out
of
virtual
node.
I
mean
coming
out
from
a
virtual
node
project
right.
So
I
see
there
are
three:
we
have
three
nodes,
whereas
any
extra
spike
in
traffic
would
go
to
the
container
instances.
That
is
the
usefulness
of
this
virtual
node
add-on
and
project.
A
Let's
move
on
there's
a
fourth
one.
Is
the
open
service
mesh?
It's
oism,
it's
a
new
kitty
in
the
block.
It
is
in
preview.
It
is
based
on
based
out
of
I
mean,
based
on
its
online
proxy
cncf
project.
Again,
it's
been
it's
available
in
github,
and
also
there
is
a
separate
portal
available
for
open
service
mess.
It's
very
lightweight
service
mess
which
would
facilitate
your
communication
between
east-west
traffic.
You
want
to
maintain
certain
strategy
in
the
routing.
A
Let's
say
I
want
to
pass
seventy
percent
of
the
traffic
to
the
version,
one
of
the
application
that
has
the
remaining
30
percent
of
the
traffic
to
the
version
2
of
your
same
application,
it's
all
possible,
it
comes.
It,
helps
you
to
immensely
in
the
way
to
debug
the
application
in
a
deeper
way
when
there
is
a
service,
a
communicating
with
the
service
and
within
the
cluster,
it's
all
possible.
It
helps
to
have
this
traffic
encryption
end-to-end
by
mtls,
it's
very,
very
a
fantastic,
and
it's
it's
a
very
hot
project.
A
A
Fifth,
one
is
about
azure
policy
add-on,
azure
policy
add-on.
It
is
a
kind
of
a
built-on
gatekeeper
with
an
admission
controller
or
help
from
open
policy
agent
oppa
it
it
brings
in
certain
discipline
when
we
create
a
cluster
at
an
organization
level.
Let's
say
I
want
to
enforce
a
policy
saying
that
if
any
of
my
junior
developers
are
developers
from
my
organization
create
cluster,
it
should
be
a
private
cluster
right.
A
So
this
I
mean
there
are
like
46.
Such
policies
are
available.
You
could
force
them
to
go
for
an
kind
of
encrypted
nodes
or
maybe
certain
custom
policy
you
want
to
bring
in.
Let's
say
you
want
to
by
default,
create
with
p10
or
p11
disk
attached.
So
it's
all
possible
and
just
a
one
line
of
command
again
enable
add-ons
and
then
say
add-ons
as
your
policy.
It
would
help
you
to
create
it
by
the
way
all
these
things
are
available
in
the
documentation.
A
So
this
is
how
the
experience
looks
like
I
didn't
do
the
live
demo
because
it
takes
some
time
to
enable
the
add-ons
in
the
back
end.
So
when
I
say
ak's
enable
add-ons
for
the
azure
policy,
it
creates
a
bunch
of
things
in
the
backend.
But
but
if
you
go
to
the
portal,
it
will
be
easy
to
understand.
This
is
how
it
looks
under
the
portal.
A
If
you
go
to
the
community
service
in
the
portal,
select
the
community
service
and
then
go
to
under
settings
and
under
the
settings
you
have
policies
just
one
click:
it
enable
the
addon
for
you
either.
You
could
do
the
same
thing
from
cli
or
in
the
portal.
So
it's
the
same
experience
and
the
sixth
one
is
the
application
routing
add-on
again.
A
This
is
a
good
to
try
when
you
are
trying
for
the
first
time
you
need
an
ingress
controller,
exposing
as
a
service
sign
with
a
public
id,
but
it's
not
recommended
to
go
for
a
production
for
the
production
grade,
ingress
controller,
consider
taking
application
gateway,
agic
or
nginx
kind
of
a
matured
ingress
controller.
So
this
is
like
for
a
good
to
test
good
to
have
it
in
the
development
environment,
kind
of
an
ingress
controller,
and
this
is
how
it
gives
the
experience,
let's
say
again
enable
add-ons
and
then
specify
the
add-ons
name.
A
It
will
create
a
bunch
of
things
in
the
back
end.
One
is
the
ingress
controller
and
second
one
is
the
dns
zone,
and
you
can
also
enable
this
add-on
from
the
portal
when
you
are
creating
a
cluster
or
even
after
creating
the
cluster
under
the
network
settings.
Briefly,
there
is
a
checkbox
saying
that
you
know
enable
the
http
application,
routing
add-on
it's
possible
very
much
easily
and
in
the
backend
it
would
create
the
dns
zone
in
the
same
subscription
plus
angus
controller.
A
So
you
can
see
that
it
is
so
easy
to
create
a
simple
linguist
controller.
For
my
dev
space,
this
is
the
last
slide.
I
would
say
I
want
to
compare
side
by
side
all
these
add-ons,
so
this
this
list
is
growing.
I
try
to
compile
as
many
things
from
including
from
the
roadmap.
I
see
the
dapper
is
still
in
development,
but
I
see
briefly
like
seven.
Eight
iodines
are
available
in
a
case
today,
as
we
covered
in
order,
agic
was
the
first
one.
Okay,
there
is
a
typo
in
the
first
one.
A
The
agi
actually
mapped
to
okay,
never
mind
so.
Second,
one
is
the
monitoring.
It
helps
to
monitor
as
we
see
and
whether
it's
a
production
ready
or
not.
Yes,
it's
all
production
ready.
As
in
the
column,
I
have
tried
to
dig
deeper
and
the
last
one
last
one
is
about
the
cube
dashboard
add-on,
which
has
actually
duplicated
starting
from
1.19
onwards.
So
only
commands
it
or
there
are
a
few
commands.
A
A
These
are
some
of
the
aks
tools
which
you
can
actually
go
and
leverage
it's
available
at
your
disposal.
Azure
advisor
within
the
portal.
You
get
a
ton
of
recommendation
about
better
efficiency,
how
to
optimize
certain
things
under
aks
security
center.
It's
a
sentinel.
Sorry.
The
security
center
is
a
it's
been
getting
rebranded
as
a
sentinel,
and
also
it
has
the
tight
coupling
with
the
defender.
You
would
get
a
ton
of
metrics.
A
Any
security
incident
happens.
You
will
get
to
know
from
the
single
place
and
there's
a
cluster
baseline
aks.
Cluster
baseline
is
something
like
a
defined
set
of
architecture.
Best
practices
created
for
you
just
search
for
aks
baseline
architecture.
You
would
get
a
github
link
with
a
sample
architecture
to
you,
know,
roll
out
or
consider
for
your
production
workload.
A
A
It
has
diagnostics
and
a
case
periscope.
It's
helped
you
to
troubleshoot
certain
issues.
It's
all
available
at
the
portal
or
some
of
them
github
is
also
github,
has
got
a
periscope
related
details
and
vs
code
extension
and
best
practices.
Definitely
the
the
day.
One
best
practices
would
be
different
than
day
two.
The
data
complexity
is
always
different,
so
the
documentation
has
got
a
bunch
of
details
about
whether
what
are
the
best
practices
for
day
one
communities
and
day
two
communities,
so
just
take
a
look
at
it.
A
This
brings
my
this
brings
my
last
topic,
or
maybe
the
end
of
community
end
of
conference
talk
here
and
if
you
have,
if
you
want
to
reach
out
to
me,
you
can
connect
to
me
or
twitter
and
I'll
try
to
share
the
slide
that
this.
This
is
actually
all
these
add-ons
can
be
explored
in
a
day,
and
they
could
take
a
call
and
see
what
else
you
know
you
can
do
with
this
add-ons
enjoy
the
conference
stay
tuned,
stay
tuned
for
the
rest
of
the
day.
Thank
you.
So
much
see
them.