Skip to main content

AKS Architecture Overview

 AKS is a managed Kubernetes service in Azure where Microsoft manages the control plane and you (the customer) manage the worker nodes and workloads.

At a high level, it consists of:

  1. Control Plane (Master Components) – managed by Azure.

  2. Worker Nodes (Agent Nodes) – managed by you (inside your subscription).

  3. Supporting Azure Resources – networking, storage, monitoring, identity, etc.

🔹 1. Control Plane (Managed by Azure)

This is the brain of the cluster, hosted and managed by Azure. You don’t pay directly for the control plane; it’s included in the service.

Key components:

  • API Server – entry point for kubectl, Azure CLI, and Azure portal requests.

  • etcd – distributed key-value store to keep cluster state (pods, secrets, config, etc.).

  • Scheduler – places pods on the right worker nodes based on resources/constraints.

  • Controller Manager – ensures the desired state matches actual state (e.g., replicas).

  • Cloud Controller Manager – integrates Kubernetes with Azure (load balancer, storage, identities).

In AKS, Microsoft manages availability, patching, and scaling of the control plane.

🔹 2. Worker Nodes (Customer Managed in Subscription)

These are Azure VMs that actually run your applications. You pay for these.

Components on worker nodes:

  • Kubelet – agent that communicates with API server and manages pods.

  • Container Runtime – usually containerd (earlier Docker) to run containers.

  • Kube-proxy – handles network routing, Services, and communication.

  • Pods – smallest deployable units that run your containers.

You can scale worker nodes manually or use Cluster Autoscaler.

🔹 3. Networking in AKS

Two main models:

  • Kubenet (Basic) – assigns private IPs to pods from a local pool and uses NAT for outbound.

  • Azure CNI (Advanced) – each pod gets a real Azure VNet IP address, allowing direct communication.

Load balancing:

  • Azure Load Balancer (Layer 4) – for exposing services externally.

  • Application Gateway/Front Door/NGINX Ingress (Layer 7) – for advanced routing, SSL termination.

🔹 4. Storage in AKS

  • Azure Disks – persistent storage for single pod use.

  • Azure Files – shared storage across multiple pods.

  • Storage Classes & PVCs – Kubernetes abstractions for dynamic provisioning.

🔹 5. Identity & Security

  • Azure AD integration – for RBAC and authentication.

  • Managed Identities – allow pods to securely access Azure resources.

  • Azure Key Vault – for secrets management.

  • Network Policies – control pod-to-pod communication.

🔹 6. Monitoring & Management

  • Azure Monitor & Container Insights – for metrics and logs.

  • Azure Policy for AKS – enforce governance (e.g., allowed container images).

  • Diagnostics – via Log Analytics.


   
Labels:

Comments

Post a Comment

Popular posts from this blog

AKS Architecture - High-Level Workflow

High-Level AKS Workflow User/DevOps Engineer interaction You use kubectl , Azure CLI, Terraform, or the Azure Portal to submit a request (e.g., deploy a pod, scale replicas, expose a service). The request goes to the Kubernetes API Server (running in the AKS control plane). Control Plane Processing API Server validates the request and stores the desired state in etcd (the cluster database). Scheduler checks for available resources (CPU, memory, taints, affinities) across worker nodes and decides where to place the pod. Controller Manager ensures the cluster continuously matches the desired state. Example: If you ask for 5 replicas but only 3 exist, it will create 2 more. Worker Node Execution The Kubelet on the chosen worker node receives instructions from the API server. Container Runtime (containerd) pulls the required container image (from ACR, Docker Hub, etc.) and runs the container inside a pod . Kube-proxy updates networking rules...
Post a Comment
Read more

Top 20 Docker FAQS

  Top 20 Docker Interview FAQs What is Docker, and how is it different from a virtual machine? Explain the architecture of Docker (Client, Daemon, Images, Containers, Registries). What is the difference between a Docker image and a Docker container? How do you create a Docker image? What are best practices for writing a Dockerfile? What is the difference between CMD and ENTRYPOINT in a Dockerfile? What are Docker volumes, and how do they differ from bind mounts? How do you persist data in Docker containers? What is the difference between Docker Compose and Docker Swarm? How does Docker handle networking? Explain different network drivers (bridge, host, overlay). How do you share environment variables and secrets in Docker containers securely? What are multi-stage builds in Docker, and why are they useful? How do you optimize the size of a Docker image? What happens when you run docker run internally? How do you troubleshoot a failing Docke...
Post a Comment
Read more