Kubernetes integration with Azure IoT Edge

in this new episode of the IOT show are we gonna talk about kubernetes integration with IOT edge and for that I have Venkat with me Venkat thanks for coming on the show thank you thanks for watching the @t show i'm olivia your host today I have Venkat with me hey Venkat how you doing okay and we'll talk about kubernetes support for azurite edge right that's right so Venkat you're one of our new members in the azure IOT team right so you're gonna have to introduce yourself to our audience sure absolutely so thank you for having me here my name is Venkat yalla I am a program manager on the azure IOT platform team and I am working on azure IOT edge awesome so we have built some time ago right and we announced support for kubernetes great for azurite eh I'm not a kubernetes guy right so you're gonna have to teach me what is it that what does that mean for us for developers for our customers what is that support for kubernetes about yes absolutely so kubernetes is a cluster manager and it has a bunch of powerful concepts that you can use and we think with this support there are a couple of really interesting use cases for our iot customers okay number one is using kubernetes deployments to specify both your age deployments and your cloud side deployments in one manifest and manage that as one unit in both places right so that that is a really powerful from a single pane of glass manage both of these so this is a really easily so considering as your IT edge being your way of configuring an edge device in terms of what module it runs and that's based on docker containers are you telling me that we're looking at having kubernetes on top of it or leveraging that infrastructure to distribute a cluster across agile some part of it and and the cloud on the other one and that's great so you could have for example your edge deployments could be sending some data to the club so after they do some edge processing some pre-processed data could be sent to the cloud right now those cloud services could be an aks class or an azure community-service cluster but your edge deployments are your modules like you talked about so but you can have one deployment and a single pane of glass to manage both your edge deployments on the on-prem devices but also the service are in the clock so that's that's that's one use case right okay and the other use case is managing devices at scale IOT devices at scale once you have a iot deployment down you know managing it is definitely a big challenge and we can use our kubernetes concepts to manage azure IOT edge deployments and do it at scale okay so that's that's the demo actually that I have going on today okay well wouldn't we're gonna see that demo because the concepts are very interesting and so I want to see that okay yeah so Before we jump into the demo I want to talk about the scenario right I use a scenario what the users trying to do what their options are currently and how they can use the cool stuff okay well so far so let's say you are an operator of an IOT deployment okay and you have thousands of devices all around the world and you have two hubs one is for your u.s. devices and one our one is a Europe hub for your Europe devices a very common use case right and now you have 500 of 500 devices that are connected to your US hub okay and you have about 500 devices connected to your Europe ah and for those finite devices in the US hub the software configuration is exactly the same and you want to manage them as a unit when you want to update software configuration or workloads on this device you want to do it as a unit okay so the natural thing to use there is IOT edge deployments right so where you specify what your modules need to be our edge device and then you say by the way apply to devices with this tag and voila you get all of your 500 devices in in the u.s. configured with the configuration you want okay now a very common use cases by the way I want the same configuration on my Europe devices okay but the challenge there is the the deployment the IOT H deployment is scoped to an IOT hub so if you want to manage the the same configuration you want to apply to your Europe devices you have two options first you kind of manually copy that deployment and paste it and then every time you make a change in one place you go to the other and then you know you it becomes very tedious very fast you have another hub you know your order flow the other one is you write a bunch of custom code we have we have API so you can talk to a iot hubs from your custom app and you have credentials for each hub and you do that but there you have to firstly there are some issues there you have to manage a bunch of write some custom code manage that custom code right then you have secrets that you have to manage because to talk to these IOT hubs you have you have you know connection strings and credentials and you want to make sure those are the keys to your kingdom so you make sure they are well protected and all of that so can we do better using some of the support we have built with Google Apps okay and that's what we will dive into ok so now I'm going to show you the demo so I guess we can do better yes ok so let me show you the demo it's obviously it's kubernetes so it's all in the command line interface ok so what we have here is like we talked about a device 1 and device – okay right and these are VMs that are running on my system currently they are actually live systems connected to the IOT hub and it happens that our us hub is on top and the Europe hub is at the bottom ok right and on the Left we have our kubernetes console ok kubernetes has a command line tool called cube CTL so I will show you that real quick cube CTL and you have a command called get node now when I run this you will see that there is one particular node this is an a KS cluster and as your kubernetes cluster in the cloud it has one node nodes are pretty much computers on which workloads run right so when you have kubernetes deployments they run on nodes they are sometimes back they can be backed by bare metal systems but usually they are virtual machine ok but to leverage our support we are for our IOT edge support we are using something called the virtual cubelet and the virtual cubelet is an open so project that lets you create a virtual node in the kubernetes cluster now the special thing about this virtual node is it looks just like a regular node to kubernetes scheduler but instead of being backed by a VM it can be backed by a third-party service any service for example as your container instances okay right but what the IOT team went ahead and did is create a special edge provider for the virtual cubelet okay so the virtual cubelet working in tandem with the edge provider can now create a virtual node that is backed by an IOT hub mmm makes sense so it's pretty good yeah I like that right and what you can do is you can submit kubernetes first-class kubernetes deployments through the kubernetes scheduler to the virtual node and behind the covers our iot edge provider converts that into IOT edge deployments and sends it back to the backing IOT hub okay and the IOT hub is a deployment it has a device selector to which which controls which devices this deployment applies to and it gets all the way to the endpoint devices on them which are the IOT edge device all right so basically if I understand correctly kubernetes will behind the scenes talk to IOT hub yes right and we'll do a regular ith modules deployment but base for kubernetes it will actually just look like if it's a new node exactly that's exactly and so we will start off with that so I'm gonna use a program called helm and install these virtual nodes that we talked about okay so while this is deploying I can show you what this looks like so there is a deployment for the for the virtual node and as you see over here these are two containers if you look here first we have the virtual cubelet right okay and right there side by side we have our IOT Edge virtual cubelet provider okay and part of it is what we are saying is we are going to save our secrets like the IOT hub connection string and we are going to leverage kubernetes secrets to securely store these okay so this is the problem where we came out you need to where we talked about where we need to protect these secrets mm-hm it becomes a lot easier because we can use first-class support in kubernetes to securely store these and then you can use role based access control to limit access to these secrets so right here we have the IOT hub we are using the hub zeros connection string and we are going to call this node the IOT edge connector u.s. hub okay and I the previous command that I entered have created another node as well and that's going to create it's going to create another virtual node that is now connected to your Europe so let's look at that in action so now if I do cube CT I'll get nodes do you see that right there you have I or th connector you're not half Europe up and us us hub right and and these are two devices that are connected live to one of these okay okay so now let's start up these devices I'm going to restart the i/o th runtime yeah so these are the ones your password there you go so you're just running the regular Edge runtime on these devices right that's correct yep they are not configured with any software configuration yet okay they are freshly unboxed so what what this command is going to do is restart the edge runtime okay and it's going to list the containers that are running on system or the modules that are running on the system okay and it's going to be refreshing every couple of seconds all right so right now you would see that the edge agent which is part of the edge runtime is the only module that is running ok so now we got to fill up this box with stuff with cool stuff right so and we want to do it at scale so how do we do that so let's dive into kubernetes deploy so I will go ahead and apply a deployment and we can talk about what is going on there okay so the temp sensor module of course which is our okay these will your objective is to say I want to have a new module running on all these edge devices and that's gonna be this yes this is this template this is going to real this deployment is going to take that and let's look at how this deployment looks like yep okay right so it's a Yama file of course so this is a kubernetes deployment the cool thing is this is completely first-class kubernetes deployment you have no I Oh th specific stuff in there except there are few annotations that are each provider will key off off to convert this into a format that we require so for example one of the things we need is these annotations here that we say this is an edge deployment okay and this is my device selector I don't want to target all of the devices connected to this IOT hub I want to just target the ones in building 43 okay right and then there is priority and then there's this other key information here which is the containers that I want to run okay so this one is a ith container exactly this is an IO th module right so there's an IO th module this is the simulated temperature sensors that we know and love in the IOT edge world and we do love it yes of course yeah that's that's like our hello world yeah show up all the time here and the key aspect is the node selector so we are telling kubernetes this particular container don't schedule it on any other kubernetes node stargate only the virtual cubelet for this mmm-hmm and so that makes sure that it goes to our virtual node and another key piece of information that we have here is these replicas so you're saying run two copies of this application now what the kubernetes caterer is going to do like I have to I have two copies to write yeah which node do I send it to oh yeah I have two virtual nodes my Europe and my u.s. not to send one to each and immediately as part of that it will go to the backing IOT hub these are two separate IOT hubs remember and they have gone to if you look at the screen right here one has been submitted to our u.s. hub and the tensor is up and running already nice and we'll one command the same temp sensor is running in our your as well okay you didn't touch the configuration right to edge you did everything from cube radius control toolkit tool right awesome and I have one deployment that I was able to do more and and it gets better so do we want to share more this is wait is more yes and that is more than a s'more so now we know that edge devices are never static yeah there are always updates to the configuration that are required software updates or security updates okay so let's imagine a very common customer scenario where after this temp sensor you want to also get for example a Modbus module onto this particular device okay so how do you update this deployment so let me go off go and kick that off as well so you do coop CTL the same way that you do that before by – F and then we have this other Yama file and then okay we will do – – record as well for this so while this is deploying let me look at let me show you what the other yama that's okay this is exactly the same as before right so there is no change but if you notice my containers have changed I am saying that I want in addition to the temp sensor which I had before yeah I also want the Modbus module running on this device right so this is a configuration change that we have yeah and everything else is same it's the replica is everything else the same let me ask you if I wanted to remove the temp sensor one I could just remove it from this update and it would go and remove it exactly and that's a great question and I will show you the next cool okay not going too fast so yeah you're asking all the right questions so so there you go so now you have for example now you look at our edge devices immediately what was module running on both very nice so here we want to so let's see we wanna we want to look at all of the history then this kubernetes deployment has gone through right so you have a command right here called kubernetes rollout history deployment temp sensor okay and if you see it right here it will show you exactly what changes the deployment has gone through uh-huh so in the first one was the create stem sensor and then the second one she's one just the adverse module right okay and then let's say again a very common scenario if you make a mistake we want to rollback something so again that is just one command away what you can do is run kubernetes rollout undo deployment temp sensor okay now immediately the the deployment will roll back to its previous version and now if you see the history you will show that you have a new revision where you've moved back to the temp sensor module right and again on our edge device right there we see that already our Europe device has gone ahead and killed off the Modbus module and got the temp sensor back which was our previous deployment and the same things just happened to the US hub that's that's impressive oh yeah very impressive I love that right so if you think about this what is this this is like vm checkpoints where you can move your virtual machine from one checkpoint to the other but instead this is checkpoints for your entire IOT deployment that could span multiple IOT hubs across the world you do all of that with a single command not write a single line of code the other thing that's great that's just awesome just mind-blowing I love that I'm gonna do demos well thanks Venkat for showing me that and showing everyone actually that was the integration of IOT edge with kubernetes and I'm sure we're gonna see even more of that soon right absolutely awesome things men can't see thank you

One Comment

  1. Steven Tobias said:

    This is very interesting. I'm curious what the support roadmap looks like with the recent momentum behind the operator framework?

    May 22, 2019

Leave a Reply

Your email address will not be published. Required fields are marked *