%3CLINGO-SUB%20id%3D%22lingo-sub-1819937%22%20slang%3D%22en-US%22%3EAzure%20Advisor%20for%20AKS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1819937%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20integration%20of%20Azure%20Advisor%20with%20Azure%20Kubernetes%20Service%20(AKS)%20means%20you%20can%20can%20get%20telemetry%20based%20-%20proactive%20%2B%20actionable%20-%20recommendations%20for%20your%20AKS%20clusters%20enabling%20you%20to%20follow%20best%20practices%20towards%20maintaining%20cluster%20hygiene.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThis%20is%20the%20active%20set%20of%20Advisor%20recommendations%20for%20AKS%20-%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EUse%20of%20Pod%20Disruption%20Budgets%3C%2FLI%3E%0A%3CLI%3EExpired%20Service%20Principals%3C%2FLI%3E%0A%3CLI%3EUnsupported%20Kubernetes%20Versions%3C%2FLI%3E%0A%3CLI%3EExpired%20cluster%20certificates%3C%2FLI%3E%0A%3CLI%3EDeleted%20OMS%20workspace%20for%20Azure%20Monitor%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3Eand%20with%20more%20on%20the%20roadmap%20like%20-%3C%2FP%3E%0A%3CP%3E%3CBR%20%2F%3E-%20Resource%20requests%2Flimits%20not%20set%3CBR%20%2F%3E-%20Namespace%20quotas%20not%20set%3CBR%20%2F%3E-%20Subnet%20running%20out%20of%20IP%20addresses%3CBR%20%2F%3E-%20Service%20address%20range%20overlapping%20with%20another%20CIDR%20range%20in%20the%20VNET%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ELet%20us%20take%20a%20look%20at%20a%20couple%20of%20such%20scenarios%20and%20related%20recommendations%20-%3C%2FP%3E%0A%3CP%3E%3CBR%20%2F%3E%3CSTRONG%3EEnsure%20cluster%20is%20running%20a%20supported%20version%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EI%20have%20a%20relatively%20older%20demo%20cluster%20running%20Kubernetes%20version%20%5B1.16.7%5D%20which%20means%20my%20cluster%20is%20out%20of%20support.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ENot%20upgrading%20the%20cluster%20to%20a%20AKS%20supported%20Kubernetes%20version%20means%20missing%20out%20on%20one%20of%20the%20key%20reason%20to%20use%20managed%20service%20-%20support.%20%3CBR%20%2F%3EAlso%2C%20there%20is%20the%20risk%20of%20running%20a%20cluster%20with%20crtitical%20security%20vulnerabilities.%3C%2FP%3E%0A%3CP%3ELearn%20more%20about%20the%20version%20support%20policy%26nbsp%3B%3CA%20href%3D%22http%3A%2F%2F%20https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Faks%2Fsupported-kubernetes-versions%23kubernetes-version-support-policy%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehere%3C%2FA%3E%26nbsp%3Band%20the%20related%20FAQ%20section%20-%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Faks%2Fsupported-kubernetes-versions%23faq%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehere%3C%2FA%3E%26nbsp%3B.%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CP%3ELet%20us%20list%20the%20supported%20versions%20for%20my%20cluster's%20region%20with%20the%20Azure%20CLI%20command%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%20class%3D%22lia-code-sample%20language-bash%22%3E%3CCODE%3Eaz%20aks%20get-versions%20--location%20canadacentral%20--output%20table%3C%2FCODE%3E%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22supportedVersions.PNG%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F229330iE20BFF938E5D3138%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22supportedVersions.PNG%22%20alt%3D%22supportedVersions.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EThis%20results%20in%20showing%20us%20the%20supported%20versions%20and%20possible%20upgrades%20each%20one%20of%20those%20versions%20could%20have.%20Note%20that%20v1.16.7%20does%20is%20not%20listed.%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CP%3E%3CEM%3ESo%2C%20how%20does%20Azure%20Advisor%20help%20here%20%3F%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3EBy%20providing%20a%20proactive%20recommendation%20based%20on%20detecting%20the%20unsupported%20version%20-%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22EnsureSupportedVersion.PNG%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F229329i1EB60C496B68202A%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22EnsureSupportedVersion.PNG%22%20alt%3D%22EnsureSupportedVersion.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CBR%20%2F%3E%3CSTRONG%3EPod%20Disruption%20Budget%20recommended%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EI%20have%20not%20setup%20PDBs%20for%20a%20set%20of%20my%20active%20deployments%20in%20the%20cluster%20-%20which%20means%20I%20essentially%20run%20the%20risk%20of%20application%20%2F%20service%20unreliability%20by%20not%20following%20the%20best%20practice.%3C%2FP%3E%0A%3CP%3EMore%20details%20of%20PDBs%20an%20related%20best%20practice%20here%20-%3C%2FP%3E%0A%3CP%3E%3CBR%20%2F%3EAzure%20Advisor%20now%20recommends%20as%20depicted%20-%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22PDBRecommended.PNG%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F229328i315C86A998D7948E%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22PDBRecommended.PNG%22%20alt%3D%22PDBRecommended.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EReferences%3A%3CBR%20%2F%3EMicrosoft%20Videos%20%3A%20Bringing%20Kubernetes%20best%20practices%20to%20everyone%20%7C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DPKkDr7Hh53s%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EVideo%201%3C%2FA%3E%26nbsp%3B%20%26nbsp%3B%7C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DcHpmypOk8tA%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EVideo%202%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-1819937%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22AdvisorforAKS.PNG%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F229350iAD6FDE4618431673%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22AdvisorforAKS.PNG%22%20alt%3D%22AdvisorforAKS.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-TEASER%3E
Microsoft

The integration of Azure Advisor with Azure Kubernetes Service (AKS) means you can can get telemetry based - proactive + actionable - recommendations for your AKS clusters enabling you to follow best practices towards maintaining cluster hygiene.

 

This is the active set of Advisor recommendations for AKS -

  • Use of Pod Disruption Budgets
  • Expired Service Principals
  • Unsupported Kubernetes Versions
  • Expired cluster certificates
  • Deleted OMS workspace for Azure Monitor

and with more on the roadmap like -


- Resource requests/limits not set
- Namespace quotas not set
- Subnet running out of IP addresses
- Service address range overlapping with another CIDR range in the VNET

 

 

 

Let us take a look at a couple of such scenarios and related recommendations -


Ensure cluster is running a supported version

I have a relatively older demo cluster running Kubernetes version [1.16.7] which means my cluster is out of support.

 

Not upgrading the cluster to a AKS supported Kubernetes version means missing out on one of the key reason to use managed service - support.
Also, there is the risk of running a cluster with crtitical security vulnerabilities.

Learn more about the version support policy here and the related FAQ section - here .

Let us list the supported versions for my cluster's region with the Azure CLI command

 

 

az aks get-versions --location canadacentral --output table

 

 

supportedVersions.PNG

This results in showing us the supported versions and possible upgrades each one of those versions could have. Note that v1.16.7 does is not listed.

So, how does Azure Advisor help here ?

By providing a proactive recommendation based on detecting the unsupported version -

EnsureSupportedVersion.PNG

 


Pod Disruption Budget recommended

I have not setup PDBs for a set of my active deployments in the cluster - which means I essentially run the risk of application / service unreliability by not following the best practice.

More details of PDBs an related best practice here -


Azure Advisor now recommends as depicted -

 

PDBRecommended.PNG

 

 

 

 

 

 

 

References:
Microsoft Videos : Bringing Kubernetes best practices to everyone | Video 1   | Video 2