header banner
Default

CrowdStrike explains what Azure Kubernetes Service (AKS) is


What Is AKS?

Azure Kubernetes Service (AKS) is a managed Kubernetes service from Microsoft Azure that aims to simplify the deployment and management of Kubernetes clusters. To achieve this, AKS offloads the cluster management operational tasks to Azure, where Azure handles the Kubernetes control plane and simplifies the worker nodes’ setup. The AKS service itself is free, and you only pay for worker node uptime.

Using AKS has many benefits:

  • Faster application development: AKS takes care of patching, auto-upgrading, monitoring, scaling, and self-healing. This frees development teams from operational tasks and allows them to concentrate on building services.
  • Dynamic resource utilization: As a fully managed service, AKS allows you to quickly deploy and run containerized services by leveraging an elastic infrastructure that scales with demand—without the need to manage any Kubernetes component directly.
  • Security and compliance: AKS complies with multiple standards, including PCI-DSS or SOC.

What Is Kubernetes?

Kubernetes is an open-source orchestration system that facilitates the deployment and scaling of containerized workloads. Despite its popularity and widespread use, manually deploying and maintaining a Kubernetes cluster is still not an easy task. Microsoft’s Azure Kubernetes Service (AKS) helps engineers manage Kubernetes clusters. With AKS, the operational tasks of managing Kubernetes environments become easier.

Containers are an excellent way to bundle and run applications, but running them in production introduces several challenges which include:

  • Failover handling
  • Horizontal scaling
  • Service discovery
  • Implementation of different deployment patterns
  • Container security

Learn More

VIDEO: Azure Kubernetes Services (AKS) Overview
John Savill's Technical Training

Read our post on container security to learn more about how important it is and best practices to ensure all containers stay protected.  Read: Container Security

Kubernetes Capabilities

VIDEO: Azure Kubernetes Service (AKS) Networking Essentials
Microsoft Azure

Some of the main Kubernetes capabilities include:

Service Discovery

VIDEO: How Kubernetes works
Microsoft Azure

Kubernetes-hosted workloads can be automatically discoverable and exposed through DNS or IP addresses, making it easier for other workloads to find those services and initiate communication.

Load Balancing

VIDEO: Azure Kubernetes Service (AKS) Networking Deep Dive
John Savill's Technical Training

With workloads abstracted as Services, Kubernetes can offer basic load-balancing capabilities between multiple replicas of the same workload.

Storage Orchestration

VIDEO: Introduction To Azure Kubernetes Service (AKS) | Azure Container Service | Azure Training | Edureka
edureka!

Kubernetes makes it easier to mount a storage system and make it available to your container for persisting data. Kubernetes can integrate with a node’s local storage and with remote, cloud-hosted volumes.

Workload Deployment

VIDEO: Azure Kubernetes Service (AKS) microservices architecture
cloarde

Kubernetes-hosted workloads are described declaratively, and the Kubernetes engine takes care of the actual deployment by ensuring all required dependencies are present. By leveraging concepts like Deployments, workloads can be easily declared—including their rollout and rollback strategies.

Bin Packing

VIDEO: How to build and deploy a containerized app to Azure Kubernetes Service (AKS) | Azure Friday
Microsoft Azure

Kubernetes lets you specify the number of resources (requests and limits) each workload replica can use. This allows computing resources to be better utilized, preventing wasted resources and protecting against workloads consuming the resources of other workloads.

Self-Healing

VIDEO: Deploy a web application to Azure Kubernetes Service (AKS) cluster
Thetips4you

Leveraging liveness, readiness, and startup probes, Kubernetes ensures services are healthy and capable of receiving traffic, restarting them when necessary.

Configuration Management and Secrets

VIDEO: Demystifying the Splunk CIM
Splunk How-To

ConfigMaps and Secrets make it easy for workloads to obtain the necessary configuration parameters, connection details, and credentials from centralized, secure locations. This helps reduce dependence on third-party configurations or secret managers.

Kubernetes Components

Kubernetes comprises several components that run between a control plane and worker nodes. The control plane components handle the administrative functions of a Kubernetes cluster. These components make decisions that affect the cluster’s overall operation. Different components are responsible for managing different tasks.

ComponentDescription
kube-apiserverAll communication with a Kubernetes cluster goes through the kube-apiserver. This component exposes the Kubernetes API and serves as its “front end.” By design, the kube-apiserver is horizontally scalable to handle increasing load.
etcdThe Kubernetes engine uses etcd, a key-value store, to store all cluster-related information like new resources, configurations, updates, and much more.
kube-schedulerThis component is responsible for scheduling new Pods. The kube-scheduler looks out for Pods with no assigned node and decides where to schedule them. It makes complex scheduling decisions, considering factors like hardware requirements or affinity and anti-affinity constraints.
kube-controller-managerThe kube-controller-manager runs the controller processes. Kubernetes clusters can have multiple controllers (for example, a node controller or a job controller), and the kube-controller-manager ensures the controllers run correctly.
cloud-controller-managerThe cloud-controller-manager runs controllers specific to different cloud providers. This makes it easy to use a specific provider’s functionality (such as the creation of disk volumes) when necessary.

Node components run on every worker node, and every cluster needs to have at least one worker node. Node components perform tasks like ensuring Pods are running or communicating node status to the kube-apiserver.

kubeletkubelet runs on every worker node and confirms containers are running and healthy. It uses pod specifications to ensure this.
kube-proxyThis Kubernetes network proxy manages network rules at the node level and contributes to implementing the Service abstraction.
Container runtimeA container runtime runs containers. Each node needs a container runtime, and Kubernetes supports multiple runtimes, such as containerd or CRI-O.

8 AKS Capabilities

Some of Azure Kubernetes Services (AKS) capabilities include:

1. Entra ID (Azure ID) Integration

VIDEO: Kubernetes Full Course in 5.5 Hours (in Telugu)
NextOps Videos

AKS offers easy integration with the Entra ID (formerly Azure AD) service. You can give existing AD users and groups access to the cluster environment through integrated sign-on, simplifying user management. You can also secure cluster access for those existing identities.

2. Integrated Logging and Monitoring

VIDEO: Kubernetes Services explained | ClusterIP vs NodePort vs LoadBalancer vs Headless Service
TechWorld with Nana

Running workloads involves monitoring their performance and capacity to avoid any unwanted outages. The Azure Monitor allows you to collect metrics from containers, nodes, clusters, and AKS component logs. Azure streamlines your ability to store that data in a Log Analytics workspace and makes it available for consumption through the Azure Portal, Azure CLI, or Azure API.

3. Cluster Node and Pod Scaling

VIDEO: Kubernetes Explained in 6 Minutes | k8s Architecture
ByteByteGo

Kubernetes clusters need to scale up and down with demand. This involves both Pod and node scaling. The AKS cluster autoscaler can resize Kubernetes clusters automatically by adjusting node counts to satisfy application traffic.

4. GPU-Enabled Nodes

VIDEO: AKS CI CD Tutorial in Azure DevOps | Azure Kubernetes Service App Deployment
DevOps Shack

GPU-enabled nodes are ideal for compute-intensive tasks like graphics processing or machine learning. AKS streamlines the provisioning of these node types and their attachment to Kubernetes clusters on demand.

5. Cluster Node Upgrades

VIDEO: Excellent Senior DevOps AWS Cloud Engineer Interview | Every DevOps Engineer MUST watch
DevOps and Cloud Labs

Kubernetes API versions change frequently, and enterprises running large fleets of Kubernetes clusters can quickly lose track of which versions they are running for different workloads across different environments. AKS supports running multiple Kubernetes versions simultaneously, granting you time to test functionality before upgrading. Once you decide to upgrade, AKS takes care of upgrading the cluster and moving workloads to nodes running the new version, which minimizes disruption.

6. Storage Volume Support

VIDEO: DevOps Real-time Project #1- Deploy AKS Cluster in Azure With Terraform
Tech Tutorials with Piyush

Most applications—whether containerized or not—need to persist information. Some containerized applications may need to access the same storage volume after their Pods are scheduled to a new node. AKS allows workloads to provision static or dynamic volumes for persistent data.

7. Docker Image Support and its Own Private Container Registry

VIDEO: Kubernetes Toughest Interview Scenarios & Questions | How many can you answer ? |#devops #interview
Abhishek.Veeramalla

AKS is OCI-compliant and supports the Docker image format. Azure also supports private image registries by offering Azure Container Registry (ACR), which easily integrates with AKS.

8. Azure Virtual Networks

VIDEO: Kubernetes Explained in 100 Seconds
Fireship

AKS offers two network models: Kubenet and Azure Container Networking Interface (CNI) networking. You can define your desired network configuration, and AKS will take care of the implementation.

Learn More

VIDEO: Azure DevOps Tutorial for Beginners | CI/CD with Azure Pipelines
TechWorld with Nana

Read our post comparing the containerization technologies of Kubernetes and Docker and the benefits of using them together.Docker vs Kubernetes

The Challenge of Self-Managed Kubernetes

Given the complex nature of the components listed above, running and managing a Kubernetes cluster at scale requires effort and expertise. Apart from the underlying infrastructure components (such as servers, storage, and networking), all previously described components must be in place for Kubernetes to function. They must also be secured, maintained, scaled, and upgraded when necessary.

Running your custom-built Kubernetes cluster may necessitate employing a dedicated team of engineers for all of the operational tasks. This is ideal if your core business involves building tools for the Kubernetes ecosystem or if you have some requirement that forces you to run your own clusters. However, in most other cases, it’s best to offload these cluster management tasks to a dedicated service. This is where AKS comes in.

Apart from handling most of the operational aspects of running Kubernetes clusters, AKS offers some extra functionality that makes it an attractive platform for organizations running containerized workloads.

How CrowdStrike Can Help With AKS Logging

Kubernetes makes it easier to run containerized workloads. It addresses problems like service discovery and self-healing. However, maintaining a Kubernetes-based system at scale is not an easy task. The Azure Kubernetes Service can abstract many of these operational tasks, such as control plane management and dynamic resource allocation.

Logs from AKS-hosted workloads are helpful for application debugging and can be used for threat detection. CrowdStrike Falcon® LogScale is a SaaS logging platform that can store unlimited volumes of logs from your AKS cluster and other sources.

How does CrowdStrike help with AKS logging?

It allows your organization to run powerful queries on your logs, create dashboards, and configure alerts.

Sources


Article information

Author: Chase Price

Last Updated: 1704106804

Views: 1401

Rating: 4.2 / 5 (99 voted)

Reviews: 93% of readers found this page helpful

Author information

Name: Chase Price

Birthday: 1969-07-22

Address: 9859 Natasha Lodge, Brenthaven, KY 94328

Phone: +4091643689430774

Job: Renewable Energy Analyst

Hobby: Painting, Web Development, Animation, Cross-Stitching, Kite Flying, Wine Tasting, Video Editing

Introduction: My name is Chase Price, I am a steadfast, resolute, fearless, radiant, brilliant, candid, venturesome person who loves writing and wants to share my knowledge and understanding with you.