Azure Kubernetes Service (AKS) Architecture

Understanding Azure Kubernetes Service (AKS) Architecture

This article provides a comprehensive overview of the architecture of Azure Kubernetes Service (AKS), detailing its components and how they interact to provide a robust and scalable container orchestration platform.

Core Components of AKS

AKS abstracts away the complexity of managing the Kubernetes control plane, allowing you to focus on deploying and managing your containerized applications. The architecture can be broadly divided into two main parts: the control plane and the agent nodes.

Control Plane

The Kubernetes control plane is responsible for maintaining the desired state of your cluster. In AKS, this control plane is managed by Azure as a free, highly available service. The key components of the control plane include:

API Server: The front-end for the Kubernetes control plane. It exposes the Kubernetes API, which is used by developers and administrators to interact with the cluster.
etcd: A consistent and highly available distributed key-value store used as Kubernetes' backing store for all cluster data.
Scheduler: Watches for newly created Pods with no assigned node and selects a node for them to run on.
Controller Manager: Runs controller processes. Logically, each controller is a separate process, but to reduce complexity, they are compiled into a single binary and run as a single process.
Cloud Controller Manager: Integrates with the underlying cloud provider's API to manage resources like load balancers and storage.

Note: Azure fully manages the availability and scaling of the AKS control plane. You do not incur charges for the AKS control plane itself.

Agent Nodes

Agent nodes are the virtual machines that run your containerized applications. These are the nodes you pay for. Each agent node runs the following key components:

Kubelet: An agent that runs on each node in the cluster. It ensures that containers are running in a Pod as described in the PodSpec.
Kube-proxy: A network proxy that runs on each node in your cluster. It maintains network rules on nodes, allowing network communication to your Pods from network sessions inside or outside of your cluster.
Container Runtime: The software responsible for running containers. AKS supports container runtimes like Docker and containerd.

Networking in AKS

AKS provides flexible networking options to suit various application needs. Key networking concepts include:

Azure Virtual Network (VNet): Your AKS cluster can be deployed into an existing Azure VNet or a new one. This provides a private IP address space for your cluster.
Kubernetes Network Model: Each Pod gets its own IP address, and containers within a Pod share the same network namespace. Pods can communicate with each other across all nodes in the cluster without NAT.
Network Policies: You can use Kubernetes Network Policies to control the traffic flow between Pods.
Azure CNI: The Azure Container Network Interface (CNI) plugin assigns an IP address from the VNet to each Pod directly.
Kubenet: A simpler networking solution that uses Azure VNet NAT to provide outbound connectivity for Pods.

Conceptual diagram of AKS architecture.

Storage in AKS

AKS integrates with Azure Storage solutions to provide persistent storage for your applications:

Azure Disks: Persistent block storage for AKS nodes.
Azure Files: Managed file shares that can be mounted by multiple nodes simultaneously.

You can leverage Kubernetes Persistent Volumes (PVs) and Persistent Volume Claims (PVCs) to dynamically provision and consume storage resources.

Integration with Azure Services

AKS seamlessly integrates with other Azure services to enhance its capabilities:

Azure Active Directory (AAD): For authentication and authorization.
Azure Monitor: For logging and monitoring cluster performance and application health.
Azure Container Registry (ACR): To store and manage your container images.
Azure Load Balancer/Application Gateway: To expose your applications to the internet or internal networks.

Key Benefits of AKS Architecture

Managed Control Plane: Reduces operational overhead.
Scalability: Easily scale your applications and cluster resources.
Flexibility: Choose networking and storage options that best fit your needs.
Security: Integrates with Azure AD for robust access control and supports network policies.
Cost-Effectiveness: Pay only for the agent nodes you use.

By understanding the fundamental architecture of AKS, you can better design, deploy, and manage your containerized applications on Azure.