What Is AKS?

Azure Kubernetes Service (AKS) is a managed Kubernetes service from Microsoft Azure that aims to simplify the deployment and management of Kubernetes clusters. To achieve this, AKS offloads the cluster management operational tasks to Azure, where Azure handles the Kubernetes control plane and simplifies the worker nodes’ setup. The AKS service itself is free, and you only pay for worker node uptime.

Using AKS has many benefits:

• Faster application development: AKS takes care of patching, auto-upgrading, monitoring, scaling, and self-healing. This frees development teams from operational tasks and allows them to concentrate on building services.
• Dynamic resource utilization: As a fully managed service, AKS allows you to quickly deploy and run containerized services by leveraging an elastic infrastructure that scales with demand—without the need to manage any Kubernetes component directly.
• Security and compliance: AKS complies with multiple standards, including PCI-DSS or SOC.

What Is Kubernetes?

Kubernetes is an open-source orchestration system that facilitates the deployment and scaling of containerized workloads. Despite its popularity and widespread use, manually deploying and maintaining a Kubernetes cluster is still not an easy task. Microsoft’s Azure Kubernetes Service (AKS) helps engineers manage Kubernetes clusters. With AKS, the operational tasks of managing Kubernetes environments become easier.

Containers are an excellent way to bundle and run applications, but running them in production introduces several challenges which include:

• Failover handling
• Horizontal scaling
• Service discovery
• Implementation of different deployment patterns
• Container security

Kubernetes Capabilities

Some of the main Kubernetes capabilities include:

Service Discovery

Kubernetes-hosted workloads can be automatically discoverable and exposed through DNS or IP addresses, making it easier for other workloads to find those services and initiate communication.

Load Balancing

With workloads abstracted as Services, Kubernetes can offer basic load-balancing capabilities between multiple replicas of the same workload.

Storage Orchestration

Kubernetes makes it easier to mount a storage system and make it available to your container for persisting data. Kubernetes can integrate with a node’s local storage and with remote, cloud-hosted volumes.

Workload Deployment

Kubernetes-hosted workloads are described declaratively, and the Kubernetes engine takes care of the actual deployment by ensuring all required dependencies are present. By leveraging concepts like Deployments, workloads can be easily declared—including their rollout and rollback strategies.

Bin Packing

Kubernetes lets you specify the number of resources (requests and limits) each workload replica can use. This allows computing resources to be better utilized, preventing wasted resources and protecting against workloads consuming the resources of other workloads.

Self-Healing

Leveraging liveness, readiness, and startup probes, Kubernetes ensures services are healthy and capable of receiving traffic, restarting them when necessary.

Configuration Management and Secrets

ConfigMaps and Secrets make it easy for workloads to obtain the necessary configuration parameters, connection details, and credentials from centralized, secure locations. This helps reduce dependence on third-party configurations or secret managers.

Kubernetes Components

Kubernetes comprises several components that run between a control plane and worker nodes. The control plane components handle the administrative functions of a Kubernetes cluster. These components make decisions that affect the cluster’s overall operation. Different components are responsible for managing different tasks.

Component	Description
kube-apiserver	All communication with a Kubernetes cluster goes through the kube-apiserver. This component exposes the Kubernetes API and serves as its “front end.” By design, the kube-apiserver is horizontally scalable to handle increasing load.
etcd	The Kubernetes engine uses etcd, a key-value store, to store all cluster-related information like new resources, configurations, updates, and much more.
kube-scheduler	This component is responsible for scheduling new Pods. The kube-scheduler looks out for Pods with no assigned node and decides where to schedule them. It makes complex scheduling decisions, considering factors like hardware requirements or affinity and anti-affinity constraints.
kube-controller-manager	The kube-controller-manager runs the controller processes. Kubernetes clusters can have multiple controllers (for example, a node controller or a job controller), and the kube-controller-manager ensures the controllers run correctly.
cloud-controller-manager	The cloud-controller-manager runs controllers specific to different cloud providers. This makes it easy to use a specific provider’s functionality (such as the creation of disk volumes) when necessary. Node components run on every worker node, and every cluster needs to have at least one worker node. Node components perform tasks like ensuring Pods are running or communicating node status to the kube-apiserver.
kubelet	kubelet runs on every worker node and confirms containers are running and healthy. It uses pod specifications to ensure this.
kube-proxy	This Kubernetes network proxy manages network rules at the node level and contributes to implementing the Service abstraction.
Container runtime	A container runtime runs containers. Each node needs a container runtime, and Kubernetes supports multiple runtimes, such as containerd or CRI-O.

8 AKS Capabilities

Some of Azure Kubernetes Services (AKS) capabilities include:

1. Entra ID (Azure ID) Integration

AKS offers easy integration with the Entra ID (formerly Azure AD) service. You can give existing AD users and groups access to the cluster environment through integrated sign-on, simplifying user management. You can also secure cluster access for those existing identities.

2. Integrated Logging and Monitoring

Running workloads involves monitoring their performance and capacity to avoid any unwanted outages. The Azure Monitor allows you to collect metrics from containers, nodes, clusters, and AKS component logs. Azure streamlines your ability to store that data in a Log Analytics workspace and makes it available for consumption through the Azure Portal, Azure CLI, or Azure API.

3. Cluster Node and Pod Scaling

Kubernetes clusters need to scale up and down with demand. This involves both Pod and node scaling. The AKS cluster autoscaler can resize Kubernetes clusters automatically by adjusting node counts to satisfy application traffic.

4. GPU-Enabled Nodes

GPU-enabled nodes are ideal for compute-intensive tasks like graphics processing or machine learning. AKS streamlines the provisioning of these node types and their attachment to Kubernetes clusters on demand.

5. Cluster Node Upgrades

Kubernetes API versions change frequently, and enterprises running large fleets of Kubernetes clusters can quickly lose track of which versions they are running for different workloads across different environments. AKS supports running multiple Kubernetes versions simultaneously, granting you time to test functionality before upgrading. Once you decide to upgrade, AKS takes care of upgrading the cluster and moving workloads to nodes running the new version, which minimizes disruption.

6. Storage Volume Support

Most applications—whether containerized or not—need to persist information. Some containerized applications may need to access the same storage volume after their Pods are scheduled to a new node. AKS allows workloads to provision static or dynamic volumes for persistent data.

7. Docker Image Support and its Own Private Container Registry

AKS is OCI-compliant and supports the Docker image format. Azure also supports private image registries by offering Azure Container Registry (ACR), which easily integrates with AKS.

8. Azure Virtual Networks

AKS offers two network models: Kubenet and Azure Container Networking Interface (CNI) networking. You can define your desired network configuration, and AKS will take care of the implementation.

The Challenge of Self-Managed Kubernetes

Given the complex nature of the components listed above, running and managing a Kubernetes cluster at scale requires effort and expertise. Apart from the underlying infrastructure components (such as servers, storage, and networking), all previously described components must be in place for Kubernetes to function. They must also be secured, maintained, scaled, and upgraded when necessary.

Running your custom-built Kubernetes cluster may necessitate employing a dedicated team of engineers for all of the operational tasks. This is ideal if your core business involves building tools for the Kubernetes ecosystem or if you have some requirement that forces you to run your own clusters. However, in most other cases, it’s best to offload these cluster management tasks to a dedicated service. This is where AKS comes in.

Apart from handling most of the operational aspects of running Kubernetes clusters, AKS offers some extra functionality that makes it an attractive platform for organizations running containerized workloads.

How CrowdStrike Can Help With AKS Logging

Kubernetes makes it easier to run containerized workloads. It addresses problems like service discovery and self-healing. However, maintaining a Kubernetes-based system at scale is not an easy task. The Azure Kubernetes Service can abstract many of these operational tasks, such as control plane management and dynamic resource allocation.

Logs from AKS-hosted workloads are helpful for application debugging and can be used for threat detection. CrowdStrike Falcon^® LogScale is a SaaS logging platform that can store unlimited volumes of logs from your AKS cluster and other sources.

How does CrowdStrike help with AKS logging?

It allows your organization to run powerful queries on your logs, create dashboards, and configure alerts.