Microsoft Centers Azure’s Container Services Around Kubernetes
Microsoft’s new Azure Kubernetes Service (AKS), now in preview, extends the company’s existing Azure Container Service into a more managed environment, one built around the Cloud Native Computing Foundation’s Kubernetes container orchestration engine.
“We heard very clearly from customers that what they want going forward is a fully managed experience,” said Microsoft’s lead program manager for containers on Azure, Gabe Monroy. “The biggest difference is that [Microsoft’s basic Azure Container Service] is offering an unmanaged experience whereas AKS is a managed experience.”
Basing that managed service on Kubernetes isn’t Microsoft picking a winner the way it would have in the old days; nowadays the Microsoft strategy is to go where its customers are and to support a full range of options. That’s why the Azure Container Service supports Swarm and DC/OS as well as Kubernetes; there’s still a lot of demand for those and these alternate orchestrators will continue to be “first-class solutions on Azure” he confirmed. The container service isn’t going away, but AKS is the next version of the service.
“I think we’ve seen both inside Microsoft as well as outside, a pretty rapid consolidation around Kubernetes as sort of a de facto open source container orchestrator,” Monroy told us. The strength of the Kubernetes community and ecosystem has a lot to do with that.
As Kubernetes co-founder and Microsoft distinguished engineer Brendan Burns told the New Stack recently, orchestrators should be boring. “The specific difference in features are just not very important for customers,” Monroy pointed out. “They’re really looking to move on from that layer and focus on the next set of problems like service mesh technology, developer tooling, security and how to integrate all of this into a coherent software lifecycle and governance framework. Kubernetes out of all the orchestration options has the strongest ecosystem, so if you’re trying to solve a lot of problems, doing that with Kubernetes is going to be easier.”
Even large organizations in traditionally conservative and regulated areas like financial services are adopting Kubernetes containers at what he called “breathtaking speed.” “The value proposition of containers and orchestration are sufficiently promising that folks are ready to make bets on them despite the lack of managed services being widely available.”
Containers and Beyond
As a new service still in preview, AKS doesn’t have all the features that are in the basic container service, although Monroy told us the gap will close rapidly, because “we really see AKS as the future of our next service offering.”
In preview, only Linux containers are supported — because some core Kubernetes components still have to run on Linux hosts — but both Windows only and mixed Linux and Windows node pools are on the roadmap. Some of that depends on work being done in Kubernetes itself; there’s some progress in 1.9 and more improvements in 1.10, and the AKS team is targeting the first half of 2018 for Windows container support.
“Most of the features we’re being asked for right now fall into networking and security customization,” Monroy said, adding that they’re things competing solutions don’t offer, meaning “customers are asking us to lead the industry.”
The top request from users is support for integrating Kubernetes into an existing virtual network service endpoints (VNET), the way you already can with the basic container service. Custom virtual networks should be added before the service moves to general availability. Role-based access controls and network policies aren’t in the preview yet, but they’re planned for the release version.
Persistent volumes work the way they do in the container service; currently, Azure files, Azure Data Disks and Azure Managed Disks are supported. You can pick specific VM types for nodes as long as they’re available in the Azure region, although some VM types aren’t an option yet — adding Azure NC6 VMs with NVidia drivers is coming, and you can’t yet pre-attach managed disks to agent VMs. Auto-scaling is also planned, assuming the upstream Kubernetes auto-scaler is merged into the core release.
In preview, upgrading the control plane causes a brief (10-15 second) downtime window; both that and node upgrade will work without any downtime when the service comes out of preview.
The Kubernetes dashboard is available with AKS. Defaults can’t yet be changed but there will be options for changing some of them before launch. PowerShell support will also come by the time the service reaches general availability, and all the AKS functions will eventually be supported through the Azure CLI, the Azure portal and the Azure APIs as well.
Because the basic container service will still be available there’s no automatic migration to AKS, but Microsoft is working with Kubernetes service provider Heptio to make sure tools like Heptio’s Ark will support migration to AKS, including options like persistent volumes.
The preview was initially available in the East US and West Europe regions, followed by Central US; West US and UK West seem to be the next regions coming, based on the region list on GitHub.
The initial demand was much higher than Microsoft had expected. “We were really surprised by how quickly people dove head first into some of these deep technical issues,” Monroy said. “Typically, with this sort of infrastructure software when you release it people don’t immediately have time to kick the tires; that requires time and the type of operational person doing these evaluations has to wait until their schedule frees up.”
Although he wouldn’t commit to Microsoft bringing AKS to the company’s on-premises version of Azure, Azure Stack, he did confirm that the team is discussing the possibility and is “excited about the prospect.”
Integrating with AKS
AKS isn’t an Azure-specific flavor of Kubernetes, but it will get deep integration with Azure services to bring those to the customers who are picking Kubernetes for its portability and openness by exposing them through the Kubernetes APIs.
“The goal is for it to be solid and reliable and a plumbing service that is part of the infrastructure. We don’t want to turn AKS into a full-blown platform; the idea is to provide a Kubernetes API as a service. However, we do want to make it a great platform on which to build, so we’re working with a lot of different partners to take this piece of infrastructure plumbing that we’re building and really flesh it out to a much bigger solution.”