Linkedin-in Youtube Facebook-f

Azure Kubernetes Service

Azure Kubernetes Service

Azure Kubernetes Service (AKS)

Azure Kubernetes Service (AKS) is a managed Kubernetes platform on Azure, designed to simplify deployment, scaling, and management of containerized applications. AKS offloads cluster management tasks to Azure, allowing you to focus on workloads rather than infrastructure.

Key Features

Feature Description
Flexible deployment options Deploy via Azure Portal, CLI, Resource Manager templates, or Terraform. Includes advanced networking, Azure AD integration, monitoring.
Identity & Security Management Supports RBAC and Azure AD integration for identity-based access.
Logging & Monitoring Collects container metrics, logs, and node metrics into Log Analytics.
Cluster Node Scaling Manual or automatic node scaling based on resource demand.
Cluster Node Upgrades Upgrade Kubernetes versions with minimal disruption using cordon and drain.
HTTP Application Routing Automatically configures ingress controllers and DNS names for apps.
GPU-enabled Nodes Support for GPU VMs for compute-intensive workloads.
Development Tooling Supports Helm, Draft, Visual Studio Code extension, and Azure Dev Spaces.
Virtual Network Integration Pods get IPs within existing VNets, can communicate across VNets and on-premises networks.
Private Container Registry Integration with Azure Container Registry (ACR).

Core AKS Concepts

  • Cluster Components:

    • Master Node: Managed by Azure; handles orchestration, API server, scheduler, etc.

    • Nodes: Azure VMs running containerized workloads. Nodes are grouped into node pools.

  • Pods: Smallest deployable units in Kubernetes. Usually contain one container, but can host multiple related containers.

  • Deployments: Manage pods, replicas, and updates.

  • Manifests: YAML files describing deployments and configurations.

Networking

  • Virtual Network: Nodes connected to Azure VNet. Pods get IP addresses for direct communication.

  • Services: Expose pods to internal or external clients.

    • ClusterIP: Internal access only.

    • NodePort: Access via node IP and port.

    • LoadBalancer: Azure load balancer routes traffic to pods.

    • ExternalName: Creates DNS entries for easy access.

  • Ingress Controllers: More advanced routing for HTTP/S traffic.

  • Network Security: Azure NSGs + Kubernetes network policies control traffic.

Storage in AKS

Concept Description
Volumes Temporary storage tied to pod lifecycle; can use Azure Disks or Files.
Persistent Volumes (PV) Survive pod deletion; backed by Azure Disk or Files.
Storage Classes Define tiers like Standard or Premium, with reclaim policies (delete/retain).
Persistent Volume Claims (PVC) Requests storage of a specific class, size, and access mode.

Security in AKS

  • Master Security: Managed by Azure; uses public IP by default with RBAC and optional private access.

  • Node Security: Ubuntu VMs with Docker; nightly OS patches; encrypted Azure Managed Disks; optional SSH access.

  • Cluster Upgrades: Managed via cordon and drain for minimal disruption.

  • Kubernetes Secrets: Store sensitive data (like credentials) securely; only accessible to authorized pods.

Authentication & RBAC

  • Kubernetes Service Accounts: Used by pods/services to access the API server.

  • Azure Active Directory Integration: Use Azure AD identities to access AKS resources.

  • Kubernetes RBAC: Roles and ClusterRoles grant permissions; RoleBindings and ClusterRoleBindings assign roles to users/groups.

  • Azure RBAC: Controls access to Azure resources, complementing Kubernetes RBAC.

Scaling AKS

  • Manual Scaling: Adjust pod replicas or node count manually.

  • Horizontal Pod Autoscaler (HPA): Auto-scales pods based on metrics (CPU, memory).

  • Cluster Autoscaler: Adjusts node count based on pod scheduling needs.

  • Cooldowns: Delay between scaling events to avoid race conditions.

  • Rapid Scaling with ACI: Use Azure Container Instances (ACI) via Virtual Kubelet for fast, on-demand scaling.

AKS Terminology

Term Definition
Pool Group of nodes with identical configurations.
Node VM running container workloads.
Pod Single instance of an application; may contain multiple containers.
Container Portable executable with app and dependencies.
Deployment Manages replicas of pods.
Manifest YAML file describing a deployment.
Linkedin-in Youtube Facebook-f
  • 03304 004 334
  • info@qisltd.co.uk
  • Quantus Information Services Limited
    Unit 5, Minster Court
    Tuscam Way
    Camberley
    Surrey
    GU15 3YY

Pages

Our Services

Subscribe to our Newsletter

Facebook-f Twitter Linkedin-in