Migrate to Azure Kubernetes Service (AKS)

To help you plan and execute a successful migration to Azure Kubernetes Service (AKS), this guide provides details for the current recommended AKS configuration. While this article doesn't cover every scenario, it contains links to more detailed information for planning a successful migration.

In this article, we summarize migration details for:

  • AKS with Azure Load Balancer (Standard) and Virtual Machine Scale Sets
  • Existing attached Azure services
  • Ensure valid quotas
  • High availability and business continuity
  • Considerations for stateless applications
  • Considerations for stateful applications
  • Deployment of your cluster configuration

Note

Depending on your scenario, the following open-source tools might help with your migration:

Before you begin

An important practice that you should include as part of your migration process is remembering to follow commonly used deployment and testing patterns. Testing your application before deployment is an important step to ensure its quality, functionality, and compatibility with the target environment. It can help you identify and fix any errors, bugs, or issues that might affect the performance, security, or usability of the application or underlying infrastructure.

AKS with Standard Load Balancer and Virtual Machine Scale Sets

AKS is a managed service offering unique capabilities with lower management overhead. Since AKS is a managed service, you must select from a set of AKS-supported regions. You may need to modify your existing applications to keep them healthy on the AKS-managed control plane during the transition from your existing cluster to AKS.

We recommend using AKS clusters backed by Virtual Machine Scale Sets and Load Balancer (Standard) to ensure you get the following features:

AKS clusters backed by virtual machine (VM) availability sets lack support for many of these features.

Create an AKS cluster with Load Balancer (Standard) and Virtual Machine Scale Sets

The following example creates an AKS cluster with single node pool backed by a Virtual Machine Scale Set. It enables the cluster autoscaler on the node pool for the cluster and sets a minimum of one and a maximum of three nodes.

  1. Create a resource group using the az group create command.

    az group create --name myResourceGroup --location eastus
    
  2. Create an AKS cluster using the az aks create command.

    az aks create \
        --resource-group myResourceGroup \
        --name myAKSCluster \
        --node-count 1 \
        --vm-set-type VirtualMachineScaleSets \
        --load-balancer-sku standard \
        --enable-cluster-autoscaler \
        --min-count 1 \
        --max-count 3 \
        --generate-ssh-keys
    

Existing attached Azure Services

When migrating clusters, you may have attached external Azure services. While the following services don't require resource recreation, they require updating connections from previous to new clusters to maintain functionality:

  • Azure Container Registry
  • Azure Log Analytics
  • Azure Application Insights
  • Azure Traffic Manager
  • Azure Storage account
  • External databases

Ensure valid quotas

Since other VMs are deployed into your subscription during migration, you should verify your quotas and limits are sufficient for these resources. If necessary, request an increase in vCPU quota.

You may need to request an increase for network quotas to ensure you don't exhaust IPs. For more information, see networking and IP ranges for AKS.

For more information, see Azure subscription and service limits. To check your current quotas, in the Azure portal, go to the subscriptions blade, select your subscription, and then select Usage + quotas.

High availability and business continuity

If your application can't handle downtime, you need to follow best practices for high availability migration scenarios. Read more about Best practices for complex business continuity planning, disaster recovery, and maximizing uptime in Azure Kubernetes Service (AKS).

For complex applications, you typically migrate over time rather than all at once, meaning the old and new environments might need to communicate over the network. Applications previously using ClusterIP services to communicate might need to be exposed as type LoadBalancer and secured appropriately.

To complete the migration, you want to point clients to the new services that run on AKS. We recommend you redirect traffic by updating DNS to point to the load balancer sitting in front of your AKS cluster.

Azure Traffic Manager can direct customers to the desired Kubernetes cluster and application instance. Traffic Manager is a DNS-based traffic load balancer that can distribute network traffic across regions. For the best performance and redundancy, direct all application traffic through Traffic Manager before it goes to your AKS cluster.

In a multi-cluster deployment, customers should connect to a Traffic Manager DNS name that points to the services on each AKS cluster. Define these services by using Traffic Manager endpoints. Each endpoint is the service load balancer IP. Use this configuration to direct network traffic from the Traffic Manager endpoint in one region to the endpoint in a different region.

AKS with Traffic Manager

Considerations for stateless applications

Stateless application migration involves the following steps:

  1. Apply your resource definitions (YAML or Helm) to the new cluster.
  2. Ensure everything works as expected.
  3. Redirect traffic to activate your new cluster.

Considerations for stateful applications

Carefully plan your migration of stateful applications to avoid data loss or unexpected downtime.

Azure Files

Unlike disks, Azure Files can be mounted to multiple hosts concurrently. In your AKS cluster, Azure and Kubernetes don't prevent you from creating a pod that your AKS cluster still uses. To prevent data loss and unexpected behavior, ensure the clusters don't simultaneously write to the same files.

If your application can host multiple replicas that point to the same file share, follow the stateless migration steps and deploy your YAML definitions to your new cluster.

If not, a possible migration approach involves the following steps:

  1. Validate your application is working correctly.
  2. Point your live traffic to your new AKS cluster.
  3. Disconnect the old cluster.

If you want to start with an empty share and make a copy of the source data, you can use the az storage file copy command to migrate your data.

Migrating persistent volumes

If you're migrating existing persistent volumes to AKS, you generally follow these steps:

  1. Quiesce writes to the application.
    • This step is optional and requires downtime.
  2. Take snapshots of the disks.
  3. Create new managed disks from the snapshots.
  4. Create persistent volumes in AKS.
  5. Update pod specifications to use existing volumes rather than PersistentVolumeClaims (static provisioning).
  6. Deploy your application to AKS.
  7. Validate your application is working correctly.
  8. Point your live traffic to your new AKS cluster.

Important

If you choose not to quiesce writes, you need to replicate data to the new deployment. Otherwise, you miss the data that was written after you took the disk snapshots.

The following open-source tools can help you create managed disks and migrate volumes between Kubernetes clusters:

Deployment of your cluster configuration

We recommend you use your existing continuous integration and continuous delivery pipeline to deploy a known-good configuration to AKS. You can use Azure Pipelines to build and deploy your applications to AKS. Clone your existing deployment tasks and ensure kubeconfig points to the new AKS cluster.

If that's not possible, export resource definitions from your existing Kubernetes cluster, and then apply them to AKS. You can use kubectl to export objects. For example:

kubectl get deployment -o yaml > deployments.yaml

Be sure to examine the output and remove any unnecessary live data fields.

Moving existing resources to another region

You might want to move your AKS cluster to a different region supported by AKS. We recommend you create a new cluster in the other region and then deploy your resources and applications to your new cluster.

If you have any services running on your AKS cluster, you need to install and configure those services on your cluster in the new region.

In this article, we summarized migration details for:

  • AKS with Load Balancer (Standard) and Virtual Machine Scale Sets
  • Existing attached Azure services
  • Ensuring valid quotas
  • High availability and business continuity
  • Considerations for stateless applications
  • Considerations for stateful applications
  • Deploying your cluster configuration