AKS Concepts: Difference between revisions
(24 intermediate revisions by the same user not shown) | |||
Line 4: | Line 4: | ||
* [[AKS#Subjects|AKS]] | * [[AKS#Subjects|AKS]] | ||
* [[Kubernetes Concepts]] | * [[Kubernetes Concepts]] | ||
=Overview= | |||
AKS is the Azure Kubernetes-based implementation of a generic infrastructure platform [[Infrastructure_Concepts#Container_Clusters|container cluster]]. | |||
=Node= | =Node= | ||
Nodes are Azure virtual machines. | Nodes are Azure virtual machines. | ||
=Node Pool= | =Node Pool= | ||
Nodes of the same configuration are grouped together into node pools. | Nodes of the same configuration are grouped together into node pools. | ||
=Access and Identity= | |||
https://docs.microsoft.com/en-us/azure/aks/concepts-identity | |||
=Security= | |||
https://docs.microsoft.com/en-us/azure/aks/concepts-security | |||
==Authentication== | |||
===Cluster Infrastructure Authentication=== | |||
The cluster infrastructure authentication is used by AKS to manage cloud resources attached to the cluster. It can be [[#Service_Principal|service principal]] or [[#System-Assigned_Managed_Identity|system-assigned managed identity]]. | |||
====Service Principal==== | |||
{{External|https://docs.microsoft.com/en-us/azure/aks/kubernetes-service-principal}} | |||
====System-Assigned Managed Identity==== | |||
{{External|https://docs.microsoft.com/en-us/azure/aks/use-managed-identity}} | |||
=Ingress Controller= | =Networking= | ||
{{External|https://docs.microsoft.com/en-us/azure/aks/concepts-network}} | |||
==Network Models== | |||
===Kubenet=== | |||
{{External|https://docs.microsoft.com/en-us/azure/aks/concepts-network#kubenet-basic-networking}} | |||
The kubenet is the default networking model when configuring the AKS cluster. Nodes get an IP address from the Azure virtual network subnet. | |||
===Azure CNI Networking=== | |||
{{External|https://docs.microsoft.com/en-us/azure/aks/concepts-network#azure-cni-advanced-networking}} | |||
==HTTP Application Routing== | |||
{{External|https://docs.microsoft.com/en-us/azure/aks/http-application-routing}} | |||
HTTP application routing is a solution to access applications that are deployed in an AKS cluster, and consists in the automatic configuration of an ingress controller in the AKS cluster. As applications are deployed, the solution also creates publicly accessible DNS names for application endpoints. | |||
When the add-on is enabled, it creates a DNS Zone in the subscription. | |||
The HTTP application routing is designed to let you quickly create an ingress controller and access your applications. It is not currently designed for use in a production environment. For production-ready ingress deployments that include multiple replicas and TLS support, see [[#HTTPS_Ingress_Controller|HTTPS Ingress Controller]]. | |||
==HTTPS Ingress Controller== | |||
{{External|https://docs.microsoft.com/en-us/azure/aks/ingress-tls}} | |||
==Ingress Controller== | |||
{{External|https://docs.microsoft.com/en-us/azure/application-gateway/ingress-controller-overview}} | {{External|https://docs.microsoft.com/en-us/azure/application-gateway/ingress-controller-overview}} | ||
=Egress= | ==Egress== | ||
https://docs.microsoft.com/en-us/azure/aks/egress | https://docs.microsoft.com/en-us/azure/aks/egress | ||
==Private Cluster== | |||
{{External|https://docs.microsoft.com/en-us/azure/aks/private-clusters}} | |||
A private cluster uses an internal IP address to ensure that network traffic between the API server and node pools remains on a private network only. The API server endpoint has no public IP address. To manage the API server, you'll need to use a VM that has access to the AKS cluster's Azure Virtual Network (VNet). | |||
=Storage= | |||
{{External|https://docs.microsoft.com/en-us/azure/aks/concepts-storage}} | |||
==Storage Classes== | |||
{{External|https://docs.microsoft.com/en-us/azure/aks/concepts-storage#storage-classes}} | |||
An AKS cluster has access by default to four [[Kubernetes_Storage_Concepts#Storage_Class_.28SC.29|storage classes]] implemented with [[Kubernetes Storage Concepts#In-Tree_Storage_Plugins|in-tree storage plugins]] and four storage classes implemented with [[Kubernetes_Storage_Concepts#Container_Storage_Interface_.28CSI.29|CSI]] plugins: | |||
===In-Tree Storage Plugins=== | |||
====default==== | |||
Uses Azure StandardSSD storage to create a [[Azure_Storage_Concepts#Managed_Disk|managed disk]]. | |||
====managed-premium==== | |||
Uses Azure Premium storage to create a [[Azure_Storage_Concepts#Managed_Disk|managed disk]]. | |||
====azurefile==== | |||
Uses Azure StandardSSD storage to create an [[Azure_Storage_Concepts#File_Share|Azure File Share]]. | |||
<syntaxhighlight lang='yaml'> | |||
kind: PersistentVolumeClaim | |||
spec: | |||
storageClassName: azurefile | |||
</syntaxhighlight> | |||
====azurefile-premium==== | |||
Uses Azure Premium storage to create an [[Azure_Storage_Concepts#File_Share|Azure File Share]]. | |||
===CSI Storage Plugins=== | |||
====managed-csi==== | |||
Uses Azure StandardSSD storage to create a [[Azure_Storage_Concepts#Managed_Disk|managed disk]]. | |||
====managed-csi-premium==== | |||
Uses Azure Premium storage to create a [[Azure_Storage_Concepts#Managed_Disk|managed disk]]. | |||
====azurefile-csi==== | |||
Uses Azure StandardSSD storage to create an [[Azure_Storage_Concepts#File_Share|Azure File Share]]. | |||
<syntaxhighlight lang='yaml'> | |||
kind: PersistentVolumeClaim | |||
spec: | |||
storageClassName: azurefile-csi | |||
</syntaxhighlight> | |||
====azurefile-csi-premium==== | |||
Uses Azure Premium storage to create an [[Azure_Storage_Concepts#File_Share|Azure File Share]]. | |||
=Scaling= | |||
https://docs.microsoft.com/en-us/azure/aks/concepts-scale | |||
=Azure Container Registry= | |||
=Container Runtime= | |||
AKS clusters based on Kubernetes 1.19+ use [[Kubernetes_Container_Runtime_Concepts#containerd|containerd]] as their container runtime. |
Latest revision as of 04:48, 31 December 2021
External
Internal
Overview
AKS is the Azure Kubernetes-based implementation of a generic infrastructure platform container cluster.
Node
Nodes are Azure virtual machines.
Node Pool
Nodes of the same configuration are grouped together into node pools.
Access and Identity
https://docs.microsoft.com/en-us/azure/aks/concepts-identity
Security
https://docs.microsoft.com/en-us/azure/aks/concepts-security
Authentication
Cluster Infrastructure Authentication
The cluster infrastructure authentication is used by AKS to manage cloud resources attached to the cluster. It can be service principal or system-assigned managed identity.
Service Principal
System-Assigned Managed Identity
Networking
Network Models
Kubenet
The kubenet is the default networking model when configuring the AKS cluster. Nodes get an IP address from the Azure virtual network subnet.
Azure CNI Networking
HTTP Application Routing
HTTP application routing is a solution to access applications that are deployed in an AKS cluster, and consists in the automatic configuration of an ingress controller in the AKS cluster. As applications are deployed, the solution also creates publicly accessible DNS names for application endpoints.
When the add-on is enabled, it creates a DNS Zone in the subscription.
The HTTP application routing is designed to let you quickly create an ingress controller and access your applications. It is not currently designed for use in a production environment. For production-ready ingress deployments that include multiple replicas and TLS support, see HTTPS Ingress Controller.
HTTPS Ingress Controller
Ingress Controller
Egress
https://docs.microsoft.com/en-us/azure/aks/egress
Private Cluster
A private cluster uses an internal IP address to ensure that network traffic between the API server and node pools remains on a private network only. The API server endpoint has no public IP address. To manage the API server, you'll need to use a VM that has access to the AKS cluster's Azure Virtual Network (VNet).
Storage
Storage Classes
An AKS cluster has access by default to four storage classes implemented with in-tree storage plugins and four storage classes implemented with CSI plugins:
In-Tree Storage Plugins
default
Uses Azure StandardSSD storage to create a managed disk.
Uses Azure Premium storage to create a managed disk.
azurefile
Uses Azure StandardSSD storage to create an Azure File Share.
kind: PersistentVolumeClaim
spec:
storageClassName: azurefile
Uses Azure Premium storage to create an Azure File Share.
CSI Storage Plugins
managed-csi
Uses Azure StandardSSD storage to create a managed disk.
Uses Azure Premium storage to create a managed disk.
azurefile-csi
Uses Azure StandardSSD storage to create an Azure File Share.
kind: PersistentVolumeClaim
spec:
storageClassName: azurefile-csi
Uses Azure Premium storage to create an Azure File Share.
Scaling
https://docs.microsoft.com/en-us/azure/aks/concepts-scale
Azure Container Registry
Container Runtime
AKS clusters based on Kubernetes 1.19+ use containerd as their container runtime.