AKS Concepts: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 44: Line 44:
==Storage Classes==
==Storage Classes==
{{External|https://docs.microsoft.com/en-us/azure/aks/concepts-storage#storage-classes}}
{{External|https://docs.microsoft.com/en-us/azure/aks/concepts-storage#storage-classes}}
An AKS cluster has access by default to four [[Kubernetes_Storage_Concepts#Storage_Class_.28SC.29|storage classes]] implemented with [[Kubernetes Storage Concepts#In-Tree_Storage_Plugins|in-tree storage plugins]] and four storage classes implemented with CSI plugins:
An AKS cluster has access by default to four [[Kubernetes_Storage_Concepts#Storage_Class_.28SC.29|storage classes]] implemented with [[Kubernetes Storage Concepts#In-Tree_Storage_Plugins|in-tree storage plugins]] and four storage classes implemented with [[Kubernetes_Storage_Concepts#Container_Storage_Interface_.28CSI.29|CSI]] plugins:
===In-Tree Storage Plugins===
===In-Tree Storage Plugins===
====default====
====default====

Revision as of 23:38, 31 March 2021

External

Internal

Node

Nodes are Azure virtual machines.

Node Pool

Nodes of the same configuration are grouped together into node pools.

Access and Identity

https://docs.microsoft.com/en-us/azure/aks/concepts-identity

Security

https://docs.microsoft.com/en-us/azure/aks/concepts-security

Authentication

Cluster Infrastructure Authentication

The cluster infrastructure authentication is used by AKS to manage cloud resources attached to the cluster. It can be service principal or system-assigned managed identity.

Service Principal

https://docs.microsoft.com/en-us/azure/aks/kubernetes-service-principal

System-Assigned Managed Identity

https://docs.microsoft.com/en-us/azure/aks/use-managed-identity

Networking

https://docs.microsoft.com/en-us/azure/aks/concepts-network

HTTP Application Routing

https://docs.microsoft.com/en-us/azure/aks/http-application-routing

HTTP application routing is a solution to access applications that are deployed in an AKS cluster, and consists in the automatic configuration of an ingress controller in the AKS cluster. As applications are deployed, the solution also creates publicly accessible DNS names for application endpoints.

When the add-on is enabled, it creates a DNS Zone in the subscription.

The HTTP application routing is designed to let you quickly create an ingress controller and access your applications. It is not currently designed for use in a production environment. For production-ready ingress deployments that include multiple replicas and TLS support, see HTTPS Ingress Controller.

HTTPS Ingress Controller

https://docs.microsoft.com/en-us/azure/aks/ingress-tls

Ingress Controller

https://docs.microsoft.com/en-us/azure/application-gateway/ingress-controller-overview

Egress

https://docs.microsoft.com/en-us/azure/aks/egress

Private Cluster

https://docs.microsoft.com/en-us/azure/aks/private-clusters

A private cluster uses an internal IP address to ensure that network traffic between the API server and node pools remains on a private network only. The API server endpoint has no public IP address. To manage the API server, you'll need to use a VM that has access to the AKS cluster's Azure Virtual Network (VNet).

Storage

https://docs.microsoft.com/en-us/azure/aks/concepts-storage

Storage Classes

https://docs.microsoft.com/en-us/azure/aks/concepts-storage#storage-classes

An AKS cluster has access by default to four storage classes implemented with in-tree storage plugins and four storage classes implemented with CSI plugins:

In-Tree Storage Plugins

default

managed-premium

azurefile

azurefile-premium

CSI Storage Plugins

managed-csi

managed-csi-premium

azurefile-csi

azurefile-csi-premium

Scaling

https://docs.microsoft.com/en-us/azure/aks/concepts-scale

Azure Container Registry