Azure Kubernetes Service

PreviousGenerating a Universal Link for WorkflowGen Plus v2

Last updated 1 year ago

Azure Kubernetes Service

Overview

This section presents some pointers on setting up and managing a Kubernetes cluster tailored for WorkflowGen in Azure.

Creating a new cluster

To create a new cluster that supports Linux and Windows workloads, see the Microsoft article, which includes step-by-step instructions on how to create the cluster. Follow all the instructions, including creating a Windows node pool. At the end, you should have at least two nodes: a Linux node and a Windows node.

You can use Azure Active Directory to authenticate and authorize users in the cluster. See the Microsoft article for more information.

It's only possible to integrate Azure Active Directory with the creation of a new cluster.

Managing Windows and Linux nodes

By default, AKS doesn't restrict further Windows nodes from preventing Linux deployment on them. It's recommended to use to avoid problems with Linux deployment being scheduled to Windows nodes. The following is an example of how you can use taints and tolerations to manage hybrid deployments.

Taint all Windows nodes

Tainting all Windows nodes will prevent any deployment to Windows nodes from being scheduled except when it has the required toleration. Therefore, for many Linux Helm charts that don't have a node selector, the deployments to Linux nodes will automatically be scheduled. Google Kubernetes Engine does this by default. Execute the following command to taint a Windows node:

kubectl taint nodes "<NODE_NAME>" os=windows:NoSchedule

Replace <NODE_NAME> with the name of the Windows node.

Add tolerations to Windows deployments

To be able to deploy Windows pods to Windows nodes, you have to use a combination of tolerations and node selectors in your deployment specification. For example, consider this WorkflowGen deployment:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: wfgen-webapps
spec:
  replicas: 3
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app.kubernetes.io/name: workflowgen
      app.kubernetes.io/component: webapps
  template:
    metadata:
      labels:
        app.kubernetes.io/name: workflowgen
        app.kubernetes.io/component: webapps
    spec:
      containers:
        - name: wfgen
          image: advantys/workflowgen:7.18.3-win-ltsc2019
          imagePullPolicy: Always
          resources:
            requests:
              memory: "2Gi"
              cpu: "1"
            limits:
              memory: "2Gi"
              cpu: "1"
          ports:
            - name: http
              containerPort: 80
              protocol: TCP
          envFrom:
            - configMapRef:
                name: wfgen-config
          env:
            - name: WFGEN_START_SERVICE
              value: webapps
          livenessProbe:
            periodSeconds: 30
            timeoutSeconds: 5
            initialDelaySeconds: 60
            exec:
              command:
                - powershell
                - C:\healthcheck.ps1
          livenessProbe:
            timeoutSeconds: 5
            initialDelaySeconds: 60
            exec:
              command:
                - powershell
                - -Command
                - if (Test-Path "C:\iislog\W3SVC\*log") { return 0 } else { return 1 }
          volumeMounts:
            - mountPath: C:\wfgen\data
              name: wfgdata
            - mountPath: C:\wfgen\licenses
              readOnly: true
              name: licenses
            - mountPath: C:\secrets
              readOnly: true
              name: secrets
      volumes:
        - name: wfgdata
          persistentVolumeClaim:
            claimName: wfgdata-pvc
        - name: licenses
          secret:
            secretName: wfgen-license-secret
            items:
              # The following must match the name of the license item in 
              # the license secret, e.g. the name of the license file
              - key: WorkflowGen.lic
                path: WorkflowGen.lic
        - name: secrets
            secret:
              secretName: wfgen-sec

In order for it to be scheduled to a Windows node, you would have to add the following to the template's spec:

nodeSelector:
  kubernetes.io/os: windows
tolerations:
  - key: os
    operator: Equal
    value: windows
    effect: NoSchedule

This adds a toleration for the taint that you've just added to the node and tells the Kubernetes scheduler to select a Windows node when scheduling the WorkflowGen pods.

You can also simplify this by creating a RuntimeClass object that holds this information and referencing the runtime class in your Windows deployments:

windows-runtimeclass.yaml

apiVersion: node.k8s.io/v1beta1
kind: RuntimeClass
metadata:
  name: windows-1809
handler: 'docker'
scheduling:
  nodeSelector:
    kubernetes.io/os: 'windows'
    kubernetes.io/arch: 'amd64'
    node.kubernetes.io/windows-build: '10.0.17763'
  tolerations:
  - key: os
    operator: Equal
    value: windows
    effect: NoSchedule

Apply this file:

kubectl apply -f windows-runtimeclass.yaml

Then, add the following to the template's spec:

runtimeClass: windows-1809

As you can see, this RuntimeClass also ensures that the deployment will be on a Windows LTSC 2019 (1809) node.

Managing node updates

Automatically scaling node pools

PreviousGenerating a Universal Link for WorkflowGen Plus v2

Last updated 1 year ago

Overview

This section presents some pointers on setting up and managing a Kubernetes cluster tailored for WorkflowGen in Azure.

Creating a new cluster

You can use Azure Active Directory to authenticate and authorize users in the cluster. See the Microsoft article for more information.

It's only possible to integrate Azure Active Directory with the creation of a new cluster.

Managing Windows and Linux nodes

Taint all Windows nodes

kubectl taint nodes "<NODE_NAME>" os=windows:NoSchedule

Replace <NODE_NAME> with the name of the Windows node.

Add tolerations to Windows deployments

apiVersion: apps/v1
kind: Deployment
metadata:
  name: wfgen-webapps
spec:
  replicas: 3
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app.kubernetes.io/name: workflowgen
      app.kubernetes.io/component: webapps
  template:
    metadata:
      labels:
        app.kubernetes.io/name: workflowgen
        app.kubernetes.io/component: webapps
    spec:
      containers:
        - name: wfgen
          image: advantys/workflowgen:7.18.3-win-ltsc2019
          imagePullPolicy: Always
          resources:
            requests:
              memory: "2Gi"
              cpu: "1"
            limits:
              memory: "2Gi"
              cpu: "1"
          ports:
            - name: http
              containerPort: 80
              protocol: TCP
          envFrom:
            - configMapRef:
                name: wfgen-config
          env:
            - name: WFGEN_START_SERVICE
              value: webapps
          livenessProbe:
            periodSeconds: 30
            timeoutSeconds: 5
            initialDelaySeconds: 60
            exec:
              command:
                - powershell
                - C:\healthcheck.ps1
          livenessProbe:
            timeoutSeconds: 5
            initialDelaySeconds: 60
            exec:
              command:
                - powershell
                - -Command
                - if (Test-Path "C:\iislog\W3SVC\*log") { return 0 } else { return 1 }
          volumeMounts:
            - mountPath: C:\wfgen\data
              name: wfgdata
            - mountPath: C:\wfgen\licenses
              readOnly: true
              name: licenses
            - mountPath: C:\secrets
              readOnly: true
              name: secrets
      volumes:
        - name: wfgdata
          persistentVolumeClaim:
            claimName: wfgdata-pvc
        - name: licenses
          secret:
            secretName: wfgen-license-secret
            items:
              # The following must match the name of the license item in 
              # the license secret, e.g. the name of the license file
              - key: WorkflowGen.lic
                path: WorkflowGen.lic
        - name: secrets
            secret:
              secretName: wfgen-sec

In order for it to be scheduled to a Windows node, you would have to add the following to the template's spec:

nodeSelector:
  kubernetes.io/os: windows
tolerations:
  - key: os
    operator: Equal
    value: windows
    effect: NoSchedule

This adds a toleration for the taint that you've just added to the node and tells the Kubernetes scheduler to select a Windows node when scheduling the WorkflowGen pods.

You can also simplify this by creating a RuntimeClass object that holds this information and referencing the runtime class in your Windows deployments:

windows-runtimeclass.yaml

apiVersion: node.k8s.io/v1beta1
kind: RuntimeClass
metadata:
  name: windows-1809
handler: 'docker'
scheduling:
  nodeSelector:
    kubernetes.io/os: 'windows'
    kubernetes.io/arch: 'amd64'
    node.kubernetes.io/windows-build: '10.0.17763'
  tolerations:
  - key: os
    operator: Equal
    value: windows
    effect: NoSchedule

Apply this file:

kubectl apply -f windows-runtimeclass.yaml

Then, add the following to the template's spec:

runtimeClass: windows-1809

As you can see, this RuntimeClass also ensures that the deployment will be on a Windows LTSC 2019 (1809) node.

Managing node updates

There are two things that you must consider for update management: the Kubernetes version and the operating system update. For information on upgrading the cluster to a specific Kubernetes version, see .

Applying security patches and updating operating systems differ for Linux and Windows nodes. To get started with operating system updates, see for more information. (Don't worry about the title of the article; there's a paragraph about Windows updates in it.)

Automatically scaling node pools

You can use an autoscaler in AKS to automatically scale up the number of nodes in your cluster based on rules to keep up with demands. See for more information. This feature pairs well with the Kubernetes horizontal pod autoscaler. See for more information.

You can also use Azure Container Instances to quickly scale up your cluster for a short period of time. See for more information.