The principle behind Azure Arc is to extend Azure management and governance practices to different environments and to adopt solutions and techniques, which are typically used in a cloud environment, even for on-premises environments. This article discusses how Azure Arc allows you to deploy and configure Kubernetes applications homogeneously across all environments, adopting modern DevOps techniques.
Thanks to Azure Arc-enabled Kubernetes it is possible to connect and configure Kubernetes clusters located inside or outside the Azure environment. By connecting a Kubernetes cluster to Azure Arc, this:
- It appears in the Azure portal with an Azure Resource Manager ID and a managed identity.
- It is inserted within an Azure subscription and a resource group.
- Allows it to be associated with tags like any other Azure resource.
To connect a Kubernetes cluster to Azure, the agents must be installed on the various nodes. Such agents:
- They run in the Kubernetes namespace "azure-arc".
- They manage connectivity to Azure.
- They collect Azure Arc logs and metrics.
- They check for configuration requests.
Azure Arc-enabled Kubernetes supports SSL to protect data in transit. Furthermore, to ensure the confidentiality of inactive data, these are stored in an encrypted way in an Azure Cosmos DB database.
Azure Arc agents on Kubernetes systems do not require the opening of inbound ports on firewall systems, but you only need to be enabled to access outbounds to specific endpoints.
For more details on this and for the procedure to follow to connect a Kubernetes cluster to Azure Arc you can consult this official Microsoft documentation.
Azure Arc-enabled Kubernetes can be enabled with any certified Kubernetes cluster Cloud Native Computing Foundation (CNCF)". In fact, the Azure Arc team collaborated with leading industry partners to validate compliance of their Kubernetes distributions with Azure Arc-enabled Kubernetes.
Enabling Azure Arc-enabled Kubernetes The following scenarios are supported:
- Connecting Kubernetes clusters running in environments other than Azure, to perform inventory operations, grouping and tagging.
- Application distribution and configuration management based on GitOps mechanisms. Related to Kubernetes, GitOps is the practice of declaring the desired state of Kubernetes cluster configurations (deployments, namespaces, etc.) in a repository Git. This declaration is followed by a poll and pull-based deployment of these cluster configurations using an operator. The Git repository can contain:
- YAML format manifest describing any valid Kubernetes resources, including Namespaces, ConfigMaps, Deployments, DaemonSets, etc.
- Chart Helm for application distribution.
Flux, a popular open source tool from GitOps, can be deployed on the Kubernetes cluster to facilitate the flow of configurations from a Git repository to a Kubernetes cluster.
For more details on the CI / CD workflow using GitOps for Azure Arc-enabled Kubernetes clusters you can refer to this Microsoft documentation.
- View and monitor cluster environments using Azure Monitor for containers.
- Threat Protection using Azure Defender for Kubernetes. The extension components collect the Kubernetes audit logs from all the nodes of the cluster control plane and send them to the back-end ofAzure Defender for Kubernetesin the cloud for further analysis. The extension is registered with a Log Analytics workspace that is used for the data pipeline, but the audit logs are not stored in the Log Analytics workspace. The extension allows you to protect Kubernetes clusters located at other cloud providers, but it does not allow you to contemplate their managed Kubernetes services.
- Apply settings via Azure Policy for Kubernetes.
- Creation of custom locations used as targets for the deployment of Azure Arc-enabled Data Services, App Services on Azure Arc (which includes web, function, and logic apps) and Event Grid on Kubernetes.
Azure Arc-enabled Kubernetes also supports Azure Lighthouse, which allows service providers to access their tenant to manage subscriptions and resource groups delegated by customers.
Companies that need to operate in a hybrid environment thanks to this technology will be able to minimize the effort of managing containerized workloads, extending services such as Azure Policy and Azure Monitor to Kubernetes clusters located in on-premises environments. Finally, through the GitOps approach, you will be able to simplify updates to cluster configurations in all environments, minimizing the risks associated with configuration problems.