Developers can now seamlessly deploy their Kubernetes workloads to Azure Kubernetes Service (AKS) using the same simplified experience offered by Gravity.
In this post, we will take a look at how the Azure AKS experience looks like for developers.
Bootstrapped AKS Clusters
When you create clusters through Gravity and choose AKS as the “Cluster Engine”, Gravity automatically creates the underlying AKS Control plane along with the required Nodepools.
The infrastructure is created with all the required best practices around networking, security, availability and scalability.
The cluster is bootstrapped with all required components such as Service Mesh, Ingress Controllers, external-dns, observability shippers, CSI for mounting volumes and external secrets.
When the cluster becomes “Available” it is immediately ready to deploy your workloads.
You can create multiple Nodepools for your AKS clusters through Gravity. Nodepools are groups of nodes of the same configuration. For example you can have “Spot” Nodepool that is composed of Spot Instances and a “GPU” Nodepool that comprises GPU based Instances.
When developers are deploying workloads through Gravity, those workloads can be selectively scheduled in specific Nodepools. This allows you to optimally use cluster resources balancing cost, availability and performance.
Azure Active Directory Authentication & RBAC
Gravity integrates Dex OpenId Connect Provider to support OpenId Connect based authentication for clusters.
AKS Clusters created through Gravity can be authenticated by using Azure Active Directory as the identity provider.
Clusters are also RBAC enabled by default and Azure RBAC can be used for authorizing all requests to the cluster.
By leveraging Dex and Azure Active Directory based authentication and RBAC, Gravity helps customers to centrally implement authentication and authorization for multiple clusters.
Pluggable Service Mesh
When you create AKS clusters through Gravity, as part of the cluster bootstrapping process service mesh is installed and pre-configured. By default Gravity installs Istio Service Mesh so that developers can readily deploy their microservices workload.
For workloads deployed through Gravity, developers can use the “Routing” feature to manage how traffic is routed to them.
Developers can create various rules to perform Host, Path and Header based routing to workloads. This can be used to shape traffic during deployments, migrate endpoints or route specific customer traffic to certain workloads.
Azure Key Vault Secrets
You can have your application secrets stored in Azure Key Vault. When you deploy your workloads and those workloads need secrets, Gravity automatically provides the required secrets from Azure Key Vault. Secrets are transparently fetched at runtime without the need for developers performing any additional integrations.
TLS Certs and Azure DNS
For workloads that are exposed outside the cluster at a DNS endpoint, Gravity automatically provisions required TLS certificates and also creates & manages the required DNS records in Azure DNS.
All the developer needs to do is to simply pick a domain for their workload.
Gravity by default uses Lets Encrypt to automatically provision TLS certificates. Gravity also supports custom certificates where you can bring your own certificates and use them for TLS.
Workload Auto Scaling
Developers can enable Auto Scaling for their workloads running in AKS. Gravity supports different types of Auto Scaling:
- Metrics Based: You can configure CPU / Memory based scaling for your workloads where the number of replicas automatically scale based on aggregate CPU / Memory thresholds of your workload.
- Schedule Based: If your workloads receive traffic spikes during specific time of the day and if that’s a well established pattern, then you can configure Auto Scaling to scale the number of replicas during that specific scheduled interval.
- Event Based: You can also configure your Workloads to dynamically scale based on an external event source. For example, if your Workloads are processing events from Azure Event Hubs, then you can have them scaled dynamically based on “UnprocessedEventThreshold” of Azure Event Hubs
1-Click Azure Cloud Services Integration
Developers can integrate Azure Services such as Azure Blob Storage Container or Azure CosmosDB in 1-click.
Gravity automatically creates the required Azure Managed Identities that have fine grained permissions for the workloads running in AKS clusters to securely connect to Azure Cloud Services. Required Kubernetes Service Accounts are also automatically created and attached to Workload Pods.
Without developers performing any additional integrations, Workloads (Kubernetes Pods) receive the required Pod Identities that has fine grained IAM permissions to securely connect with required Azure Cloud Services.
Using the 1-Click Cloud Services integration, developers can seamlessly integrate their workloads with Azure services such as Azure Blob Storage Container, Azure Cache for Redis, Azure Database for PostgreSQL, Azure Service Bus, Azure SQL Database.
In addition, third party services such as MongoDB Atlas, Confluent Kafka can also be integrated in 1-Click with workloads running in Gravity.
Gravity’s low-cost observability stack works for AKS clusters as well. Workloads deployed through Gravity come with Grafana based observability dashboards available to view Metrics, Traces and Logs. Gravity’s default observability stack uses Loki and Tempo that uses Azure Blob Storage Containers to store the observability data making it cost effective for large volumes of Observability data.
Gravity also integrates with popular Observability tools such as New Relic, Datadog, Splunk.
Rolling, Canary, Blue/Green Deployments
When rolling out new versions of workloads, Developers can use different deployment strategies supported by Gravity. By default Gravity uses Rolling deployment strategy to roll out any changes.
In addition, developers can perform Canary deployments by gradually splitting traffic between multiple versions of their workloads.
Developers can also choose to use Blue/Green deployment strategy to shift traffic between multiple versions.
Advanced Routing can also be used during deployments to shape traffic to newer versions of workloads based on Host, Path or Header.
Security & Compliance
AKS Clusters created through Gravity are packaged with the Trivy operator that performs automated vulnerability scanning for Kubernetes workloads.
In addition, configuration audits are also automated through pre-defined rules and policies. Dashboards and reports that provide detailed overview of all the violations in a cluster.Gravity also provides support for running on-demand checks for validating whether Kubernetes is deployed securely by running the checks documented in the CIS Kubernetes Benchmark.
Gravity’s vision is to simplify the developer experience of Kubernetes. And importantly provide that simplified experience, the same way across all cloud providers.
With Azure AKS support, Gravity now has support for two major cloud providers – AWS and Azure.
We will be adding support for other cloud providers too based on customer feedback – so keep those feedback coming in!