Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Use Cases supported for DuploCloud Azure
Topics in this section are covered in the order of typical usage. Use cases that are foundational to DuploCloud such as Infrastructure, Tenant, and Hosts are listed at the beginning of this section; while supporting use cases such as Logs, Metrics, and Faults and alerts appear near the end.
Enable Azure Kubernetes Service (AKS) to connect with Azure
Once your Infrastructure and Plan have been created, the final step before creating a Tenant is to enable Azure Kubernetes Service (AKS) to connect with Azure cloud management.
In the DuploCloud Portal, navigate to Administrator -> Infrastructure.
Select the Infrastructure that you created, in the NAME column of the Infrastructure page.
Click the Kubernetes tab. The following message displays: Kubernetes cluster is not yet enabled. Click Here to enable the Kubernetes Cluster.
Click on the Click Here hyperlink. The Configure AKS Cluster pane displays.
Accept the default values and click Create to enable the AKS service for your Infrastructure.
DuploCloud begins creating and configuring an AKS cluster using Kubernetes. You receive an alert message when the Infrastructure has been updated.
It may take some time for enablement to complete. Use the Kubernetes card in the Infrastructure screen to monitor the status, which should display as Enabled when completed. You can also monitor progress by using the Kubernetes tab, as DuploCloud generates your Cluster Name, Default VM Size, Server Endpoint, and Token.
Encrypt an Azure storage account
Secure your Azure cloud data by enabling Azure storage encryption for data at rest, using Encryption Key Management. Configuring this feature for your DuploCloud Infrastructure enables you to specify customer-managed keys or customer-provided keys for your existing Blob storage.
In the DuploCloud Portal, navigate to Administrator -> System Settings.
Click the System Config tab.
In the System Configs area, click Add. The Add Config pane displays.
From the Config Type list box, select Flags.
From the Key list box, select Enable Storage Account Infra Encryption.
From the Value list box, select true.
Click Submit.
The Key/Value pair configuration is displayed in the System Configs area.
Connect to the Cluster namespace using the kubectl token.
DuploCloud provides a way to connect directly to the Cluster namespace using the kubectl
token.
See kubectl Setup for available options.
Upgrade the Azure Kubernetes Service (AKS) version
Microsoft frequently updates the version of AKS based on new features that are available in the Kubernetes platform.
DuploCloud pushes AKS upgrades to the DuploCloud Portal code, but we request that you contact the DuploCloud Support staff on your Slack channel or by email when upgrading, for the moment.
In future releases, this upgrade will be available for customers to install.
Using Tenants in DuploCloud
In Azure, Microsoft cloud features such as Azure resource groups, Azure managed identity, Azure application security groups (ASG), KMS keys, as well as Kubernetes Namespaces, are exposed in Tenants which reference their configurations.
When you create Tenants in an Infrastructure, a namespace is created in the Kubernetes cluster with the name duploservices-TENANT_NAME.
DuploCloud creates the Network Security Group (NSG) for the Tenant which acts as a security boundary.
At the logical level, the Tenant is:
A Container of resources: All resources (except ones corresponding to the Infrastructure) are created within the Tenant. If a tenant is deleted, all the resources in the Tenant are terminated.
A Security Boundary: All resources within a Tenant can talk to each other. For example, a Docker container deployed in an AKG instance within the tenant will have access to Azure Blob storage and Azure SQL databases within the same tenant. SQL database instances in another tenant cannot be reached, for example, by default. Tenants expose endpoints to each other using load balancers or explicit inter-Tenant security groups and identity management policies.
User Access Control: Self-service is the bedrock of the DuploCloud platform. To that end, users can be granted Tenant level access. For example, John and Jim are developers who can be granted access to the DEV01 tenant, Joe is an administrator who has access to all tenants, and Anna is a data scientist who has access only to the DATASCI tenant.
A Billing Unit: Because the Tenant is a container of resources, all resources in the Tenant are tagged with the Tenant's name in the cloud provider, making it easy to segregate usage by Tenant.
A mechanism for alerting: All alerts represent Faults in any resource within the Tenants.
A mechanism for logging: Each Tenant has its unique set of logs.
A mechanism for metrics: Each Tenant has its unique set of metrics.
Many DuploCloud customers create at least two Tenants for both their production and non-production cloud environments (Infrastructures).
You can map Tenants in each or all of your development, testing, staging, Quality Assurance (QA), and production environments.
For example:
Production Infrastructure
Pre-production Tenant - for preparing or reviewing production code
Production Tenant - for deploying tested code
Non-production Infrastructure
Development Tenant - for writing and reviewing code
Quality Assurance Tenant - for automated testing
In larger organizations, some customers create Tenants based on application environments, such as creating a tenant for Data Science applications, another for web applications, etc.
Tenants are sometimes created to isolate a single customer workload, allowing more granular monitoring of performance, the flexibility of scaling, or tighter security. This is referred to as a single-Tenant setup. In this case, a DuploCloud Tenant maps to an environment used exclusively by the end client.
When you have a large set of applications that different teams access, it is helpful to map Tenants to team workloads. For example, you could create Tenants for Dev-analytics, Stage-analytics, and so on.
While Infrastructure provides abstraction and isolation at the Virtual Private Cloud (VPC) and Kubernetes/AKG Cluster level, the Tenant supplies the next level of isolation implemented in AKS by segregating Tenants using the following construct per Tenant
A set of security groups
An identity management role and profile
A Kubernetes Namespace, a read-only service account, and a write service account
KMS Key
PEM file
AKS Worker nodes or virtual machines (VMs) created within a Tenant are given a label with the Tenant Name, as are the node selectors and namespaces. Consequently, even at the worker node level, two tenants achieve complete isolation and independence, even though they may be sharing the same Kubernetes cluster by a shared Infrastructure.
To add a Tenant, navigate to Administrator -> Tenant in the DuploCloud Portal and click Add.
Each Tenant is mapped to a Namespace in Kubernetes. For example, if a Tenant is called Analytics in DuploCloud, the Kubernetes Namespace is called duploservices-analytics
.
All application components within the Analytics Tenant are placed in the duploservices-analytics
namespace. Since nodes cannot be part of a Kubernetes Namespace, DuploCloud creates a tenantname
label for all the nodes that are launched within the Tenant. For example, a node launched in the Analytics Tenant is labeledtenantname: duploservices-analytics
.
Any Pods that are launched using the DuploCloud UI have an appropriate Kubernetes nodeSelector
that ties the Pod to the nodes within the Tenant. If you are deploying via kubectl,
ensure that your deployment is using the proper nodeSelector
.
Manage Tenant expiry settings in the DuploCloud Portal
In the DuploCloud Portal, configure an expiration time for a Tenant. At the set expiration time, the Tenant and associated resources are deleted.
In the DuploCloud Portal, navigate to Administrator -> Tenants. The Tenants page displays.
From the Name column, select the Tenant for which you want to configure an expiration time.
From the Actions list box, select Set Tenant Expiration. The Tenant - Set Tenant Expiration pane displays.
Select the date and time (using your local time zone) when you want the Tenant to expire.
Click Set. At the configured day and time, the Tenant and associated resources will be deleted.
The Set Tenant Expiration option is not available for Default or Compliance Tenants.
Dynamically configure Azure agent pools for optimum performance
When you use autoscaling for Azure agent pools, you allow DuploCloud to manage your application's capacity requirements within your limits.
In the DuploCloud Portal, create an Azure agent pool with the Enable Autoscaling option selected. Each agent pool contains nodes backed by the virtual host machines.
Using Hosts in DuploCloud
Once we have the Infrastructure (Networking, Kubernetes cluster, and other common configurations) and an environment (Tenant) set up, the next step is to create VMs. These could be meant for:
AKS Worker Nodes
Worker Nodes (Docker Hosts) if built-in container orchestration is used.
Regular nodes that are not part of any container orchestration, where a user manually connects and installs applications. For example, when using a Microsoft SQL Server in a VM, when running an IIS application and in other custom use cases.
For ease of use, create a link to the Azure Console from a Host page Action Menu.
Add a Virtual Machine Host. DuploCloud AWS supports Host (Azure Host) and BYOH (Bring Your Own Host) types. Use BYOH for any VM that is not an Azure Host.
Ensure you have selected the appropriate Tenant from the Tenant list box at the top of the DuploCloud Portal.
In the DuploCloud Portal, navigate to Cloud Services -> Hosts.
Click the tab that corresponds to the type of Host you want to create (HOST or BYOH).
Click Add.
It is not necessary to explicitly define Hosts. Instead, you can use Azure Agent Pools and VM Scale Sets.
See Kubernetes StorageClass and PVC.
While lower-level details such as IAM roles and security groups are abstracted, deriving instead from the Tenant, only the most application-centric inputs are required to set up Hosts.
Most of these inputs are optional and some are available as list box selections, set by the administrator in the Plan (for example, Image ID, in Host Advanced Options).
There are two additional parameters
Fleet: This is applicable if the VM is to be used as a host for container orchestration by the platform. The choices are:
Linux Docker/Native: To be used for hosting Linux containers using the Built-in Container orchestration.
Docker Windows: To be used for hosting Windows containers using the Built-in Container orchestration.
None: To be used for non-Container Orchestration purposes and contents inside the VM are self-managed by the user.
Allocation Tags (Optional): If the VM is used for containers, you can optionally set a label on the VM. This label is specified during Docker application deployment to ensure that the application containers are pinned to a specific set of nodes, giving you the ability to split a tenant further into separate pools of servers and deploy applications on them.
If a VM is used for container orchestration, ensure that the Image ID corresponds to the Image in the container. Any name that begins with Duplo is an image that DuploCloud generates for Built-in container orchestration
Autoscaling with Azure Agent Pools and Kubernetes
DuploCloud supports various ways to scale the workload, depending on the underlying Azure services being used.
Backup your hosts (VMs)
Create Virtual Machine (VM) snapshots in the DuploCloud Portal.
In the DuploCloud Portal, navigate to Cloud Services -> Hosts. The Hosts page displays.
Select the Host you want to backup from the Name column.
Click Actions and select Snapshot.
Once you take a VM Snapshot, the snapshot displays as an available Image Id when you .
All the activity in the DuploCloud is logged which can be used for auditing. All the logs are saved into Elasticsearch and can be visualized in Kibana. The URL for the Kibana is available under Diagnostics.
The Elasticsearch & Kibana will be sitting inside the VPC and cannot be accessed from outside. Connect to the VPN and access these URL.
In addition to the visibility of faults in the UI, DuploCloud also supports sending these notifications to the following systems:
Sentry
PagerDuty
NewRelic
AWS WorkDocs
OpsGenie
Refer to the link here for the detailed configuration.
Checking Faults and Alerts in the DuploCloud Portal
Faults that happen in the system be it Infrastructure creation, Container deployments, or Application health checks can be tracked in the DuploCloud portal under Faults Menu.
You can look at Tenant specific faults under Observability -> Faults or all the faults in the system under Administrator -> Faults. In addition to notifying you about the faults, DuploCloud integrates with Sentry, which will send an Email alert for the fault and act as a single place to look at all the events.
You can create Azure alerts for the resources from the DuploCloud portal. The supported resource has Alerts Tab. Click on Add. Metrics are listed as per the resource. Select the required Threshold and configure the Alerts.
Alerts can also be configured from the Observability -> Alerts option.
When the alert Threshold is crossed, a Fault is generated in the DuploCloud portal.
Metrics of the resources created/managed in DuploCloud can be tracked under Observability -> Metrics.
Separate Tabs are available to view the metrics resource type wise.
Create a link to the Azure Portal from DuploCloud
Creating a direct link to the Azure Portal from your DuploCloud Infrastructure saves your time when you work with DuploCloud Azure resources. Instead of toggling between the DuploCloud Portal and the Microsoft Azure Portal, get instant access to the Azure Portal from DuploCloud.
Failure to follow these steps when creating a link to the Azure Portal from the DuploCloud Portal results in the error message:
Error while fetching Azure portal link: Portal url config does not exist
In the DuploCloud Portal, navigate to Administrator -> Infrastructure. The Infrastructure page displays.
From the Name column, select the Infrastructure for which you want to add a link to the Azure Console.
Click the Metadata tab.
Click Add. The Add Infrastructure Tag pane displays.
In the Key field, enter AzurePortalLink.
In the Value field, enter the URL for your Azure Portal.
Click Create.
The Value in the example above is DuploCloud's internal Azure Portal link.
After you configure Azure Portal link to an Infrastructure, access the Azure Console from the DuploCloud Portal in the Actions menu for Azure Hosts.
In the DuploCloud Portal, navigate to Cloud Services -> Hosts. The Hosts page displays.
From the Name column, select the Host you are working with.
From the Actions menu, select Connect -> Azure Portal.
Manage costs for billing and resources
Usage costs for resources can be viewed and managed in the DuploCloud Portal, by month or week, and by Tenant. You can also explore historical resource costs.
To view the Billing page for Azure in the DuploCloud Portal, click Administrator -> Billing.
You can view usage by:
Time
Select the Spend by Month tab and click More Details to display monthly and weekly spending options.
Tenant
Select the Spend by Tenant tab.
How Infrastructures and Plans work together to create a VPC
Infrastructures are abstractions that allow you to create a Virtual Private Cloud (VPC) instance in the DuploCloud Portal. When you create an Infrastructure, a Plan is automatically generated to supply the network configuration necessary for your Infrastructure to run.
DuploCloud creates a VNET with a default subnet and a default Network Security Group (NSG). The creation of an Infrastructure takes about ten (10) minutes.
When you create a DuploCloud Infrastructure, you create an isolated environment that maps to a Kubernetes cluster.
In DuploCloud, an Infrastructure maps one-to-one to a VPC in a specified region. It also maps to an Azure Managed Kubernetes Service cluster that you use for container orchestration.
When creating an Infrastructure, you specify the number of availability zones, the region, VPC Classless Inter-Domain Routing (CIDR), and a subnet mask. DuploCloud creates two subnets in each availability zone, one private and one public, and sets up routes and a NAT gateway.
Create a DuploCloud Infrastructure in the DuploCloud Portal:
Select Administrator -> Infrastructure from the navigation menu.
Click Add.
Define the Infrastructure by completing the fields on the Add Infrastructure form.
Click Create. The Infrastructure is created and is listed on the Infrastructure page.
To enable an AKS cluster for Azure, follow these steps.
Up to one instance (0 or 1) of an AKS is supported for each DuploCloud Infrastructure.
When you create the Infrastructure, DuploCloud creates the following components:
VPC with 2 subnets (private, public) in each availability zone
Required security groups
NAT Gateway
Internet Gateway
Route tables
VPC peering with the master VPC, which is initially configured in DuploCloud
Cloud providers limit the number of Infrastructures that can run in each region. If you have completed the steps to create an Infrastructure and it doesn't show a Status of Complete, try selecting a different region.
You can choose to encrypt your Azure storage account by configuring a Key/Value pair in the Infrastructure.
Once the Infrastructure is created, a Plan (with the same Infrastructure name) is automatically created and populated with the Infrastructure configuration. The Plan is used to create Tenants.