AKS Concepts
External
Internal
Node
Nodes are Azure virtual machines.
Node Pool
Nodes of the same configuration are grouped together into node pools.
Access and Identity
https://docs.microsoft.com/en-us/azure/aks/concepts-identity
Security
https://docs.microsoft.com/en-us/azure/aks/concepts-security
Authentication
Cluster Infrastructure Authentication
The cluster infrastructure authentication is used by AKS to manage cloud resources attached to the cluster. It can be service principal or system-assigned managed identity.
Service Principal
System-Assigned Managed Identity
Networking
https://docs.microsoft.com/en-us/azure/aks/concepts-network
HTTP Application Routing
HTTP application routing is a solution to access applications that are deployed in an AKS cluster, and consists in the automatic configuration of an ingress controller in the AKS cluster. As applications are deployed, the solution also creates publicly accessible DNS names for application endpoints.
When the add-on is enabled, it creates a DNS Zone in the subscription.
The HTTP application routing is designed to let you quickly create an ingress controller and access your applications. It is not currently designed for use in a production environment. For production-ready ingress deployments that include multiple replicas and TLS support, see HTTPS Ingress Controller.
HTTPS Ingress Controller
Ingress Controller
Egress
https://docs.microsoft.com/en-us/azure/aks/egress
Private Cluster
A private cluster uses an internal IP address to ensure that network traffic between the API server and node pools remains on a private network only.
Storage
https://docs.microsoft.com/en-us/azure/aks/concepts-storage