Azure Kubernetes Service
Modern applications are increasingly built as microservices — many small, independent services rather than one large monolithic application. Running, scaling, and managing dozens or hundreds of containers across multiple servers by hand is impractical. Kubernetes is the industry-standard container orchestration platform that automates this. Azure Kubernetes Service (AKS) is Microsoft's managed Kubernetes offering — delivering the power of Kubernetes without the complexity of managing the control plane.
Understanding Containers First
A container packages an application and all its dependencies (libraries, runtime, configuration) into a single lightweight, portable unit. Containers run identically on any machine — a developer's laptop, a test server, or a cloud data center. Docker is the most common container runtime.
Virtual Machines vs Containers
Virtual Machine: Container: ┌─────────────────────┐ ┌─────────────────────┐ │ App A │ │ App A App B │ │ ───────── │ │ ─────── ─────── │ │ OS (Full Windows │ │ Libs A Libs B │ │ or Linux — 20GB) │ │ ───────────────── │ └─────────────────────┘ │ Container Runtime │ ┌─────────────────────┐ │ (Docker) │ │ App B │ │ ───────────────── │ │ OS (Full — 20GB) │ │ Host OS (shared) │ └─────────────────────┘ └─────────────────────┘ Each VM has its own OS. Containers share the host OS. Heavy, slow to start (~mins) Lightweight, fast (~seconds)
What is Kubernetes?
Kubernetes (also called K8s) is an open-source platform for managing containerized applications at scale. It handles:
- Scheduling containers onto the right servers
- Restarting containers if they crash
- Scaling the number of running containers up or down
- Load balancing traffic across container instances
- Rolling out new versions without downtime
- Managing secrets and configuration for containers
AKS Architecture
AKS Cluster
│
├── Control Plane (Managed by Microsoft — FREE)
│ ├── API Server ← Receives all kubectl commands
│ ├── Scheduler ← Decides which node to run a pod on
│ ├── etcd ← Stores cluster state (key-value store)
│ └── Controller Mgr ← Watches for desired state and corrects drift
│
└── Node Pool (Worker Nodes — You pay for these VMs)
├── Node 1 (VM: Standard_D4s_v5)
│ ├── Pod: web-app (Container: nginx)
│ └── Pod: api-service (Container: node:18)
├── Node 2 (VM: Standard_D4s_v5)
│ ├── Pod: web-app (Container: nginx)
│ └── Pod: database-worker (Container: python)
└── Node 3 (VM: Standard_D4s_v5)
└── Pod: api-service (Container: node:18)
Key Kubernetes Concepts
| Concept | Description | Analogy |
|---|---|---|
| Pod | The smallest deployable unit — one or more containers that run together | A shipping container with one or more items inside |
| Deployment | Manages how many copies (replicas) of a pod run and handles rolling updates | Factory production line — keeps a set number of units in production |
| Service | A stable network endpoint that routes traffic to pods — pods have changing IPs, Services have fixed IPs | A post office box — a fixed address that forwards to wherever the recipient currently is |
| Namespace | A virtual partition within a cluster to separate environments or teams | Separate floors of an office building |
| ConfigMap | Stores non-sensitive configuration data for containers | A settings file for the application |
| Secret | Stores sensitive data (passwords, tokens) for containers in encoded form | A locked safe for sensitive papers |
| Ingress | Routes external HTTP/HTTPS traffic to internal services based on URL rules | A reception desk that directs visitors to the right department |
| Node Pool | A group of VMs (nodes) in the AKS cluster — different pools can have different VM sizes | A department with specific specialized workers |
Creating an AKS Cluster
# Create AKS cluster with 3 nodes
az aks create \
--resource-group myRG \
--name myAKSCluster \
--node-count 3 \
--node-vm-size Standard_D2s_v5 \
--enable-addons monitoring \
--generate-ssh-keys
# Download credentials to connect with kubectl
az aks get-credentials \
--resource-group myRG \
--name myAKSCluster
# Verify connection — list all nodes
kubectl get nodes
# NAME STATUS ROLES AGE
# aks-nodepool1-12345-0 Ready agent 2m
# aks-nodepool1-12345-1 Ready agent 2m
# aks-nodepool1-12345-2 Ready agent 2m
Deploying an Application to AKS
# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: web-app
spec:
replicas: 3 # Run 3 identical pods
selector:
matchLabels:
app: web-app
template:
metadata:
labels:
app: web-app
spec:
containers:
- name: web-app
image: myacr.azurecr.io/webapp:v1.0
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: web-app-service
spec:
type: LoadBalancer # Creates a public Azure Load Balancer
selector:
app: web-app
ports:
- port: 80
targetPort: 80
# Apply the deployment
kubectl apply -f deployment.yaml
# Check status
kubectl get pods
kubectl get service web-app-service # Shows the public IP after a minute
AKS Autoscaling
AKS supports two levels of autoscaling:
- Horizontal Pod Autoscaler (HPA): Automatically increases or decreases the number of pod replicas based on CPU or memory usage. When traffic spikes, more pods are created. When traffic drops, pods are removed.
- Cluster Autoscaler: Automatically adds or removes nodes (VMs) from the node pool. If pods cannot be scheduled because all nodes are full, a new node is added. If nodes are underutilized, they are removed to save cost.
AKS Integration with Azure Services
| Integration | Purpose |
|---|---|
| Azure Container Registry (ACR) | Private registry for storing Docker images used in the cluster |
| Azure Active Directory | Azure AD identities control who can access the cluster and what they can do |
| Azure Key Vault | Secrets from Key Vault are mounted directly into pods as files or environment variables |
| Azure Monitor | Container Insights provides metrics, logs, and dashboards for all pods and nodes |
| Azure Policy | Enforce governance rules on the cluster (e.g., no privileged containers, required labels) |
| Azure Virtual Network | AKS nodes and pods get private IPs from the VNet — enabling secure communication with other Azure services |
Key Takeaways
- AKS is a managed Kubernetes service — Microsoft manages the control plane for free; the user pays only for worker nodes.
- Kubernetes manages container scheduling, scaling, self-healing, and rolling deployments automatically.
- Key concepts: Pod (container group), Deployment (manages replicas), Service (stable network endpoint), Namespace (logical isolation).
- Horizontal Pod Autoscaler scales pods based on CPU/memory; Cluster Autoscaler scales the number of nodes.
- AKS integrates natively with Azure Container Registry, Azure AD, Key Vault, Monitor, and Virtual Networks.