AKS Concepts

From NovaOrdis Knowledge Base
Jump to navigation Jump to search

External

Internal

Overview

AKS is the Azure Kubernetes-based implementation of a generic infrastructure platform container cluster.

Node

Nodes are Azure virtual machines.

Node Pool

Nodes of the same configuration are grouped together into node pools.

Access and Identity

https://docs.microsoft.com/en-us/azure/aks/concepts-identity

Security

https://docs.microsoft.com/en-us/azure/aks/concepts-security

Authentication

Cluster Infrastructure Authentication

The cluster infrastructure authentication is used by AKS to manage cloud resources attached to the cluster. It can be service principal or system-assigned managed identity.

Service Principal

https://docs.microsoft.com/en-us/azure/aks/kubernetes-service-principal

System-Assigned Managed Identity

https://docs.microsoft.com/en-us/azure/aks/use-managed-identity

Networking

https://docs.microsoft.com/en-us/azure/aks/concepts-network

Network Models

Kubenet

https://docs.microsoft.com/en-us/azure/aks/concepts-network#kubenet-basic-networking

The kubenet is the default networking model when configuring the AKS cluster. Nodes get an IP address from the Azure virtual network subnet.

Azure CNI Networking

https://docs.microsoft.com/en-us/azure/aks/concepts-network#azure-cni-advanced-networking

HTTP Application Routing

https://docs.microsoft.com/en-us/azure/aks/http-application-routing

HTTP application routing is a solution to access applications that are deployed in an AKS cluster, and consists in the automatic configuration of an ingress controller in the AKS cluster. As applications are deployed, the solution also creates publicly accessible DNS names for application endpoints.

When the add-on is enabled, it creates a DNS Zone in the subscription.

The HTTP application routing is designed to let you quickly create an ingress controller and access your applications. It is not currently designed for use in a production environment. For production-ready ingress deployments that include multiple replicas and TLS support, see HTTPS Ingress Controller.

HTTPS Ingress Controller

https://docs.microsoft.com/en-us/azure/aks/ingress-tls

Ingress Controller

https://docs.microsoft.com/en-us/azure/application-gateway/ingress-controller-overview

Egress

https://docs.microsoft.com/en-us/azure/aks/egress

Private Cluster

https://docs.microsoft.com/en-us/azure/aks/private-clusters

A private cluster uses an internal IP address to ensure that network traffic between the API server and node pools remains on a private network only. The API server endpoint has no public IP address. To manage the API server, you'll need to use a VM that has access to the AKS cluster's Azure Virtual Network (VNet).

Storage

https://docs.microsoft.com/en-us/azure/aks/concepts-storage

Storage Classes

https://docs.microsoft.com/en-us/azure/aks/concepts-storage#storage-classes

An AKS cluster has access by default to four storage classes implemented with in-tree storage plugins and four storage classes implemented with CSI plugins:

In-Tree Storage Plugins

default

Uses Azure StandardSSD storage to create a managed disk.

managed-premium

Uses Azure Premium storage to create a managed disk.

azurefile

Uses Azure StandardSSD storage to create an Azure File Share.

kind: PersistentVolumeClaim
spec:
  storageClassName: azurefile

azurefile-premium

Uses Azure Premium storage to create an Azure File Share.

CSI Storage Plugins

managed-csi

Uses Azure StandardSSD storage to create a managed disk.

managed-csi-premium

Uses Azure Premium storage to create a managed disk.

azurefile-csi

Uses Azure StandardSSD storage to create an Azure File Share.

kind: PersistentVolumeClaim
spec:
  storageClassName: azurefile-csi

azurefile-csi-premium

Uses Azure Premium storage to create an Azure File Share.

Scaling

https://docs.microsoft.com/en-us/azure/aks/concepts-scale

Azure Container Registry

Container Runtime

AKS clusters based on Kubernetes 1.19+ use containerd as their container runtime.