AKS Overview
Azure Kubernetes Service (AKS) is Microsoft Azure’s fully managed Kubernetes service that eliminates the need to install, operate, and maintain your own Kubernetes control plane. AKS runs the Kubernetes control plane across multiple Azure availability zones, automatically handles updates and patching, and offers unique features like Windows container support and virtual nodes for serverless scaling.
What Is AKS?
AKS is a managed Kubernetes service where Microsoft Azure operates the Kubernetes control plane (API server, etcd, scheduler, controller manager) for you. You deploy applications and manage workloads, while Azure ensures the control plane is highly available, secure, and up-to-date.
Think of AKS like a managed database service: Azure handles the complex infrastructure, backups, high availability, and updates, while you focus on using it to run your applications.
How AKS Differs from Self-Managed Kubernetes
When you run Kubernetes yourself (using kubeadm, kops, or other tools), you’re responsible for everything:
| Aspect | Self-Managed | AKS (Managed) |
|---|---|---|
| Control Plane Setup | You install and configure | Azure provides and manages |
| High Availability | You configure multi-master | Azure handles automatically |
| Upgrades | You plan and execute | Azure handles with your approval |
| Security Patches | You apply manually | Azure applies automatically |
| Backups | You configure etcd backups | Azure handles control plane backups |
| Monitoring | You set up monitoring | Azure provides monitoring integration |
| Cost | Infrastructure costs only | Free control plane + infrastructure |
Self-Managed Kubernetes:
- Full control over control plane configuration
- Responsibility for availability, upgrades, and maintenance
- Requires Kubernetes expertise for operations
- Lower cost but higher operational overhead
AKS (Managed):
- Azure manages control plane operations
- Automatic high availability and health monitoring
- Simplified upgrades and maintenance
- Free control plane (pay only for nodes)
- Reduced operational burden
AKS Architecture
AKS runs across multiple components in your Azure subscription:
Control Plane Components
The AKS control plane consists of:
API Server:
- Handles all API requests (kubectl, applications, controllers)
- Validates and processes requests
- Stores state in etcd
- Runs across multiple availability zones
etcd:
- Distributed key-value store for cluster state
- Stores all Kubernetes objects (pods, services, deployments, etc.)
- Replicated across availability zones for durability
Scheduler:
- Decides which node should run each pod
- Considers resource requirements, constraints, and affinity rules
- Runs as a highly available service
Controller Manager:
- Runs controllers that maintain desired state
- ReplicaSet controller, Deployment controller, etc.
- Ensures actual state matches desired state
Data Plane (Worker Nodes)
Worker nodes run in your Virtual Network and are your responsibility:
- Virtual Machines - Azure VMs running Kubernetes node components
- Container Runtime - containerd for running containers
- kubelet - Agent that communicates with the control plane
- kube-proxy - Network proxy for service networking
- Azure CNI or kubenet - Network plugin for pod networking
Key Features and Capabilities
High Availability
AKS control planes run across multiple availability zones automatically:
- Control plane components distributed across 3+ availability zones
- Automatic failover if a component becomes unhealthy
- No single point of failure for the control plane
- 99.95% uptime SLA for the control plane
Azure Integration
AKS integrates deeply with Azure services:
Virtual Network Integration:
- Native VNet integration with Azure CNI or kubenet
- Network Security Groups for network isolation
- Private clusters with private endpoints
- No overlay networks needed (with Azure CNI)
Azure Active Directory Integration:
- Use Azure AD for Kubernetes authentication
- Workload Identity for pod-level Azure permissions
- No need to manage separate Kubernetes user accounts
- RBAC integration with Azure AD groups
Storage Integration:
- Azure Disk for block storage
- Azure Files for shared file storage
- Automatic volume provisioning
- Encryption support
Load Balancing:
- Azure Load Balancer integration
- Application Gateway for HTTP(S) load balancing
- Automatic load balancer creation
Monitoring:
- Azure Monitor for Containers for metrics
- Log Analytics for log aggregation
- Application Insights for distributed tracing
- Native Azure monitoring integration
Security Features
Azure AD Integration:
- Kubernetes authentication via Azure AD
- Workload Identity for pod authentication
- RBAC with Azure AD groups
- Multi-factor authentication support
Encryption:
- Control plane encryption at rest (etcd)
- Encryption in transit (TLS for API server)
- Azure Disk encryption support
- Secrets encryption with Azure Key Vault
Network Security:
- Private clusters (no public endpoint)
- Network Security Groups for network isolation
- Network policies with Calico or Azure Network Policy
- Private endpoints for Azure services
Azure Policy:
- Governance and compliance
- Policy enforcement
- Resource validation
- Cost management policies
Unique Features
Windows Container Support:
- Full support for Windows Server containers
- Windows node pools alongside Linux node pools
- Mixed workloads in the same cluster
- Windows-specific optimizations
Virtual Nodes:
- Serverless container scaling with Azure Container Instances
- Pay-per-second billing
- Rapid scaling without node provisioning
- No need to manage node pools for burst workloads
Azure Arc Integration:
- Manage AKS clusters from anywhere
- Multi-cloud and hybrid deployments
- Centralized governance
- Policy management across environments
Use Cases and When to Choose AKS
Ideal Use Cases
✅ Azure-Native Applications - Applications already using Azure services (Azure SQL, Storage, Service Bus)
✅ Windows Containers - Need to run Windows Server containers alongside Linux
✅ Azure AD Integration - Want to leverage Azure AD for authentication and authorization
✅ Enterprise Requirements - Need compliance certifications and Azure Policy integration
✅ Virtual Nodes - Need serverless scaling without managing nodes
✅ Multi-Cloud/Hybrid - Want Azure Arc for managing clusters across environments
✅ Cost Optimization - Want to use Spot VMs and Azure Reserved Instances
✅ Microsoft Ecosystem - Using Microsoft technologies and services
When to Consider Alternatives
❌ Non-Azure Infrastructure - If you’re primarily on AWS or GCP, their managed services may be better
❌ Very Small Clusters - For small development clusters, AKS control plane (free) may still have infrastructure costs
❌ Full Control Required - If you need to customize control plane components extensively
❌ Cost-Sensitive Small Projects - Self-managed Kubernetes may be more cost-effective for small scale
Pricing Model
AKS pricing consists of different components:
Control Plane Cost
- Free - AKS control plane is provided at no additional charge
- Covers control plane management and high availability
- No per-cluster hourly fee
- No additional charges for control plane operations
Data Plane Cost
You pay for the resources you use:
- Virtual Machines - Standard Azure VM pricing for worker nodes
- Azure Disk - Storage costs for persistent volumes
- Data Transfer - Standard Azure data transfer pricing
- Load Balancers - Azure Load Balancer costs if used
- Other Azure Services - Azure Monitor, Log Analytics, etc.
Cost Optimization Strategies
- Use Spot VMs for non-critical workloads (up to 90% savings)
- Use Azure Reserved Instances for predictable workloads (up to 72% savings)
- Right-size VMs based on actual usage
- Use virtual nodes for variable workloads (pay per pod, not per node)
- Implement cluster autoscaling to scale down during low usage
Comparison with Other Managed Services
AKS vs EKS (Amazon Elastic Kubernetes Service)
| Feature | AKS | EKS |
|---|---|---|
| Control Plane Cost | Free | $0.10/hour |
| Windows Support | Full support | Limited |
| Azure Integration | Native | Limited |
| AWS Integration | Limited | Native |
| Virtual Nodes | Yes (ACI) | Fargate |
Choose AKS if: You’re on Azure, need Windows containers, or require Azure AD integration.
Choose EKS if: You’re on AWS or need AWS service integration.
AKS vs GKE (Google Kubernetes Engine)
| Feature | AKS | GKE |
|---|---|---|
| Control Plane Cost | Free | $0.10/hour (Standard), Free (Autopilot) |
| Windows Support | Full support | Limited |
| Azure Integration | Native | Limited |
| GCP Integration | Limited | Native |
| Autopilot Mode | No | Yes |
Choose AKS if: You’re on Azure, need Windows containers, or require Azure AD integration.
Choose GKE if: You’re on Google Cloud or need advanced multi-cluster features.
AKS vs Self-Managed Kubernetes
| Aspect | AKS | Self-Managed |
|---|---|---|
| Operational Overhead | Low | High |
| Control | Limited | Full |
| Cost (Small) | Similar | Similar |
| Cost (Large) | Similar | Similar |
| High Availability | Automatic | Manual setup |
| Upgrades | Simplified | Manual |
Choose AKS if: You want to focus on applications, need high availability, or lack Kubernetes operations expertise.
Choose Self-Managed if: You need full control, have operations expertise, or cost is the primary concern for small clusters.
Getting Started with AKS
To get started with AKS, you’ll need:
- Azure Subscription - Active subscription with appropriate permissions
- Resource Group - Azure resource group for your cluster
- Service Principal or Managed Identity - For cluster and node pool permissions
- kubectl - Kubernetes command-line tool
- Azure CLI - For Azure service interaction
Typical workflow:
See the Cluster Setup guide for detailed instructions.
Topics
- Cluster Setup - Step-by-step guide to creating AKS clusters
- Networking - Azure CNI, kubenet, and networking configuration
- Storage - Azure Disk, Azure Files, and persistent volumes
- Security - Azure AD, Workload Identity, and security best practices
See Also
- AKS Main Page - AKS documentation hub
- Cloud Platforms Overview - Comparison of managed Kubernetes services
- Cluster Operations - General Kubernetes cluster management