Key Kubernetes Concepts for Azure

Overview

Azure Kubernetes Service (AKS) provides a managed Kubernetes environment that abstracts away the complexity of cluster operations while giving you full control over containerized workloads. Understanding the core Kubernetes objects and patterns is essential to building resilient, scalable applications on Azure.

Pods

A Pod is the smallest deployable unit in Kubernetes—an encapsulation of one or more tightly‑coupled containers that share storage, network, and specifications for how to run them.

apiVersion: v1
kind: Pod
metadata:
  name: my-app-pod
spec:
  containers:
  - name: web
    image: mcr.microsoft.com/azuredocs/aci-helloworld:latest
    ports:
    - containerPort: 80

In AKS, pods are scheduled onto virtual nodes that run on Azure VMs. Pods automatically receive a unique IP address within the cluster's overlay network.

Services

A Service provides a stable network endpoint for a set of pods. Azure offers several service types:

TypeUse‑case
ClusterIPInternal communication only
NodePortExpose a port on each node (useful for testing)
LoadBalancerProvision an Azure Load Balancer for external traffic
ExternalNameMap a service to an external DNS name

Deployments

Deployments manage the desired state of pod replicas, facilitating rolling updates and rollbacks.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: web-deploy
spec:
  replicas: 3
  selector:
    matchLabels:
      app: web
  template:
    metadata:
      labels:
        app: web
    spec:
      containers:
      - name: web
        image: mcr.microsoft.com/azuredocs/aci-helloworld:latest
        ports:
        - containerPort: 80

AKS integrates with Azure Container Registry (ACR) for seamless image pulls.

ConfigMaps & Secrets

ConfigMap stores non‑sensitive configuration data, while Secret stores encrypted credentials.

# ConfigMap
apiVersion: v1
kind: ConfigMap
metadata:
  name: app-settings
data:
  LOG_LEVEL: "info"
  FEATURE_FLAG: "true"

# Secret (base64‑encoded)
apiVersion: v1
kind: Secret
metadata:
  name: db-credentials
type: Opaque
data:
  username: YWRtaW4=
  password: c2VjcmV0cGFzcw==

Ingress

Ingress resources expose HTTP/HTTPS routes to services. In AKS, the ingress‑nginx controller is commonly used, but Azure Application Gateway Ingress Controller (AGIC) provides native Azure integration.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: web-ingress
  annotations:
    kubernetes.io/ingress.class: nginx
spec:
  rules:
  - host: www.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: web-service
            port:
              number: 80

Scaling & Autoscaling

AKS supports both manual scaling and the Horizontal Pod Autoscaler (HPA) which adjusts replica counts based on CPU/memory metrics.

apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
  name: web-hpa
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: web-deploy
  minReplicas: 2
  maxReplicas: 10
  metrics:
  - type: Resource
    resource:
      name: cpu
      target:
        type: Utilization
        averageUtilization: 60

Cluster Autoscaler can add or remove VM nodes in response to pod scheduling needs.

Monitoring & Logging

Azure Monitor for containers provides out‑of‑the‑box metrics, logs, and dashboards for AKS clusters.

  • Enable via the Azure portal or az aks enable-addons -a monitoring
  • View logs in Log Analytics workspaces
  • Set up alerts for CPU, memory, and custom metrics

Best Practices

  • Use Azure AD integration for RBAC authentication.
  • Store images in Azure Container Registry with managed identities.
  • Apply network policies to restrict pod‑to‑pod traffic.
  • Leverage pod disruption budgets for graceful node upgrades.
  • Configure Azure Policy for compliance and governance.