High-Performance Ingress for Azure Kubernetes AI Workloads

Question

Pulumi · Accepted Answer

When setting up a high-performance ingress for AI workloads in Azure Kubernetes Service (AKS), you'll want to ensure there's a combination of powerful networking capabilities and proper autoscaling for your workload demands. AKS is a managed container orchestration service provided by Azure, which simplifies the deployment, management, and operations of Kubernetes.

The resources we'll define in our Pulumi program include:

1. **Azure Kubernetes Service (AKS)**: This will be our Kubernetes cluster where we can deploy our AI workloads. It provides a managed Kubernetes service where you can deploy your containers without managing the underlying Kubernetes infrastructure.
   
2. **Application Gateway Ingress Controller (AGIC)**: For handling ingress, we can use Azure's Application Gateway as an Ingress Controller, which allows us to utilize Azure's native managed application delivery controller that offers various Layer 7 load balancing capabilities.

3. **Virtual Network (VNet)** and **Subnets**: We will create a virtual network and dedicated subnets for our AKS cluster. This setup allows us to connect Kubernetes services securely with other parts of our Azure infrastructure.

4. **Scaling Settings**: We need to ensure we configure the auto-scaler settings properly for handling AI workloads efficiently. AI workloads can be demanding, so a proper scaling strategy is required to handle the load while optimizing cost.

5. **Node Pool**: The AKS cluster will be configured with a node pool suitable for AI workloads. Depending on your specific needs, the node pool can be tailored with respect to the size and type of VMs.

Below is a Python program written in Pulumi that sets up an Azure Kubernetes Service (AKS) with the necessary components for a performant ingress setup.

```python
import pulumi
import pulumi_azure_native as azure_native
from pulumi_azure_native import resources, containerservice
from pulumi_azure_native.network import VirtualNetwork, Subnet

# Create an Azure Resource Group
resource_group = resources.ResourceGroup('ai_workload_rg')

# Create an Azure Virtual Network and a Subnet for AKS
vnet = VirtualNetwork(
    'ai_vnet',
    resource_group_name=resource_group.name,
    address_space=azure_native.network.AddressSpaceArgs(
        address_prefixes=['10.0.0.0/16'],
    ),
    location=resource_group.location
)

subnet = Subnet(
    'ai_subnet',
    resource_group_name=resource_group.name,
    address_prefix='10.0.0.0/24',
    virtual_network_name=vnet.name,
    service_endpoints=['Microsoft.ContainerRegistry'],
)

# Create an AKS cluster
aks_cluster = containerservice.ManagedCluster(
    'ai_aks_cluster',
    resource_group_name=resource_group.name,
    location=resource_group.location,
    agent_pool_profiles=[{
        'name': 'aiagentpool',
        'count': 3,
        'vm_size': 'Standard_DS3_v2',
        'os_type': 'Linux',
        'type': 'VirtualMachineScaleSets',
        'mode': 'System',
        'vnet_subnet_id': subnet.id,
    }],
    dns_prefix='aiworkload',
    enable_rbac=True,
    kubernetes_version='1.19.6',
    network_profile=containerservice.ContainerServiceNetworkProfileArgs(
        network_plugin='azure',
        service_cidr='10.10.0.0/16',
        dns_service_ip='10.10.0.10',
        docker_bridge_cidr='172.17.0.1/16',
        load_balancer_sku='Standard',
    ),
)

# Expose the Kubernetes cluster name and the kubeconfig
pulumi.export('kubeconfig', aks_cluster.kube_config_raw)
pulumi.export('cluster_name', aks_cluster.name)
```

Explanation:

- We start by creating an Azure resource group. This is a logical container for Azure resources and will hold our AKS and related network resources.
- We create a virtual network and define an address space for it. Inside this virtual network, we create a subnet dedicated to the AKS nodes.
- The `ManagedCluster` resource is the key component of our program. It creates the AKS cluster within the specified resource group and location. We specify an agent pool profile that defines the size and count of nodes in the default pool, with a VM size that supports AI workloads (you can adjust this according to your specific workload requirements).
- The network profile contains the settings for the AKS networking, specifying the use of Azure CNI plugin which allows the AKS cluster to communicate with the Virtual Network natively.
- Finally, we export the raw Kubernetes configuration (`kube_config_raw`) to allow the user to interact with the AKS cluster using `kubectl`.

**Please note that you need to adjust the VM sizes, the node count, and the Kubernetes version to fit your specific scenario.**

Now, if you want to use the Application Gateway as an Ingress Controller (AGIC), you would integrate it into this setup. As AGIC specifics can considerably vary based on your architecture, please refer to the [official Azure documentation](https://docs.microsoft.com/azure/application-gateway/ingress-controller-overview) for the most up-to-date guidance.

The Pulumi program can be extended to create the Application Gateway and configure it as an ingress controller for your AKS cluster. You must ensure you have the correct permissions and prerequisites set up in your Azure environment to create and manage these resources through Pulumi.