Azure Kubernetes Service (AKS) Core Concepts

Understand the fundamental building blocks of AKS for efficient container orchestration.

Introduction to AKS Core Concepts

Azure Kubernetes Service (AKS) simplifies deploying, managing, and scaling containerized applications by leveraging Kubernetes. Understanding the core concepts of Kubernetes and how they are represented in AKS is crucial for effectively building and operating your cloud-native applications.

Key Kubernetes Objects

Kubernetes uses a declarative configuration model. You define the desired state for your applications, and the Kubernetes system works to maintain that state. Here are some of the fundamental objects:

Pods

A Pod is the smallest deployable unit in Kubernetes. It represents a single instance of a running process in your cluster. A Pod can contain one or more containers, and these containers share storage and network resources, as well as specifications on how to run.

  • Containers within a Pod are always co-located and co-scheduled.
  • They share an IP address and port space.
  • They can communicate with each other via localhost.
apiVersion: v1
kind: Pod
metadata:
  name: my-pod
spec:
  containers:
  - name: nginx-container
    image: nginx:latest
    ports:
    - containerPort: 80

Deployments

Deployments provide declarative updates for Pods and ReplicaSets. You describe the desired state in a Deployment object, and the Deployment Controller changes the actual state to the desired state at a controlled rate. Deployments manage rolling updates and rollbacks.

Key features of Deployments:

  • Declarative updates: Define your Pod template and the desired number of replicas.
  • Rolling updates: Gradually update Pods with zero downtime.
  • Rollback: Revert to a previous version if an update fails.
apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-deployment
spec:
  replicas: 3
  selector:
    matchLabels:
      app: my-app
  template:
    metadata:
      labels:
        app: my-app
    spec:
      containers:
      - name: my-app-container
        image: my-repo/my-app:v1.0
        ports:
        - containerPort: 8080

Services

A Service is an abstraction that defines a logical set of Pods and a policy by which to access them. Services enable discovery and load balancing for your Pods. AKS supports different Service types:

  • ClusterIP: Exposes the Service on a cluster-internal IP. This is the default.
  • NodePort: Exposes the Service on each Node’s IP at a static port.
  • LoadBalancer: Exposes the Service externally using a cloud provider's load balancer.
apiVersion: v1
kind: Service
metadata:
  name: my-service
spec:
  selector:
    app: my-app
  ports:
    - protocol: TCP
      port: 80
      targetPort: 8080
  type: LoadBalancer

StatefulSets

StatefulSets are used to manage stateful applications. They provide guarantees about the ordering and uniqueness of Pods. Unlike Deployments, StatefulSets provide:

  • Stable, unique network identifiers.
  • Stable, persistent storage.
  • Ordered, graceful deployment and scaling.
  • Ordered, automated rolling updates.

DaemonSets

A DaemonSet ensures that all (or some) Nodes run a copy of a Pod. DaemonSets are useful for cluster-wide services like log collection or node monitoring.

AKS-Specific Concepts

While AKS is built on Kubernetes, it adds Azure-specific integrations and management capabilities.

Node Pools

Node pools are groups of nodes within your AKS cluster that all have the same configuration. You can have multiple node pools in a single AKS cluster to support workloads with different resource requirements or configurations.

  • System Node Pools: Reserved for system pods (like kube-dns, coredns, metrics-server). Typically must be Linux.
  • User Node Pools: Used for your application workloads. Can be Linux or Windows.

Virtual Nodes (ACI Integration)

AKS integrates with Azure Container Instances (ACI) to provide virtual nodes. This allows you to run Pods without needing to manage the underlying VMs, offering rapid scaling for burst workloads.

Managed Identity

AKS can use Azure Managed Identities to manage access to other Azure resources (like Azure Container Registry, Azure Storage, Azure Key Vault) without needing to store credentials within your cluster.

Networking and Storage in AKS

AKS offers robust options for networking and storage:

Networking Options

  • Azure CNI: Provides full Azure networking capabilities for Pods. Each Pod gets its own IP address from the VNet subnet.
  • Kubenet: A simpler networking solution that uses Azure Virtual Network for pod IP address management, but routes traffic using standard Kubernetes network methods.
  • Network Policies: Enforce rules for network traffic flow between Pods.

Storage Options

  • Azure Disk: Persistent block storage volumes for Pods.
  • Azure Files: Shared file storage accessible by multiple Pods.
  • Azure NetApp Files: High-performance file storage for demanding workloads.

AKS Control Plane

The Kubernetes control plane is responsible for managing the cluster state. In AKS, the control plane is fully managed by Azure, meaning you don't need to deploy, configure, or manage Kubernetes masters. Azure handles:

  • API Server
  • etcd
  • Scheduler
  • Controller Manager
Note: The AKS control plane is provided at no additional cost, but you pay for the worker nodes that run your applications.

Conclusion

A firm grasp of these core concepts—Pods, Deployments, Services, Node Pools, and the managed control plane—will empower you to effectively leverage Azure Kubernetes Service for your containerized application deployments. Explore the related documentation for in-depth guides on specific components and advanced configurations.