AKS Concepts
External
Internal
Overview
AKS is the Azure Kubernetes-based implementation of a generic infrastructure platform container cluster.
Node
Nodes are Azure virtual machines.
Node Pool
Nodes of the same configuration are grouped together into node pools.
Access and Identity
https://docs.microsoft.com/en-us/azure/aks/concepts-identity
Security
https://docs.microsoft.com/en-us/azure/aks/concepts-security
Authentication
Cluster Infrastructure Authentication
The cluster infrastructure authentication is used by AKS to manage cloud resources attached to the cluster. It can be service principal or system-assigned managed identity.
Service Principal
System-Assigned Managed Identity
Networking
Network Models
Kubenet
The kubenet is the default networking model when configuring the AKS cluster. Nodes get an IP address from the Azure virtual network subnet.
Azure CNI Networking
HTTP Application Routing
HTTP application routing is a solution to access applications that are deployed in an AKS cluster, and consists in the automatic configuration of an ingress controller in the AKS cluster. As applications are deployed, the solution also creates publicly accessible DNS names for application endpoints.
When the add-on is enabled, it creates a DNS Zone in the subscription.
The HTTP application routing is designed to let you quickly create an ingress controller and access your applications. It is not currently designed for use in a production environment. For production-ready ingress deployments that include multiple replicas and TLS support, see HTTPS Ingress Controller.
HTTPS Ingress Controller
Ingress Controller
Egress
https://docs.microsoft.com/en-us/azure/aks/egress
Private Cluster
A private cluster uses an internal IP address to ensure that network traffic between the API server and node pools remains on a private network only. The API server endpoint has no public IP address. To manage the API server, you'll need to use a VM that has access to the AKS cluster's Azure Virtual Network (VNet).
Storage
Storage Classes
An AKS cluster has access by default to four storage classes implemented with in-tree storage plugins and four storage classes implemented with CSI plugins:
In-Tree Storage Plugins
default
Uses Azure StandardSSD storage to create a managed disk.
Uses Azure Premium storage to create a managed disk.
azurefile
Uses Azure StandardSSD storage to create an Azure File Share.
kind: PersistentVolumeClaim
spec:
storageClassName: azurefile
Uses Azure Premium storage to create an Azure File Share.
CSI Storage Plugins
managed-csi
Uses Azure StandardSSD storage to create a managed disk.
Uses Azure Premium storage to create a managed disk.
azurefile-csi
Uses Azure StandardSSD storage to create an Azure File Share.
kind: PersistentVolumeClaim
spec:
storageClassName: azurefile-csi
Uses Azure Premium storage to create an Azure File Share.
Scaling
https://docs.microsoft.com/en-us/azure/aks/concepts-scale
Azure Container Registry
Container Runtime
AKS clusters based on Kubernetes 1.19+ use containerd as their container runtime.