AKS (Azure Kubernetes Services)
- Azure Kubernetes Services is managed Kubernetes offered by Azure
-
Azure has following Pricing Plans
- Free tier
- Standard tier
- Premium tier
- feature comparision
| Feature | Free Tier | Standard Tier | Premium Tier |
|---|---|---|---|
| When to Use | Experimenting with AKS at no extra cost; New to AKS and Kubernetes | Running production or mission-critical workloads; Need high availability and reliability; Financially backed SLA | Mission-critical, at scale, or production workloads requiring extended Kubernetes version support |
| Supported Cluster Types | Development clusters or small-scale testing environments; Clusters with fewer than 10 nodes | Enterprise-grade or production workloads; Clusters with up to 5,000 nodes | Enterprise-grade or production workloads; Clusters with up to 5,000 nodes |
| Pricing | Free cluster management; Pay-as-you-go for resources consumed | Pay-as-you-go for resources consumed; Standard tier cluster management pricing | Pay-as-you-go for resources consumed; Premium tier cluster management pricing |
| Uptime SLA | Not included | Enabled by default; 99.95% availability with Availability Zones; 99.9% without Availability Zones | Enabled by default; 99.95% availability with Availability Zones; 99.9% without Availability Zones |
| Cluster Reliability and Resources | Recommended for clusters with fewer than 10 nodes, but can support up to 1,000 nodes | Greater cluster reliability and resources; Can support up to 5,000 nodes | Includes all current AKS features from Standard tier; Microsoft maintenance past community support |
| Long-Term Support | Not included | Not included | Two years of support per Kubernetes version |
- Azure has started offers AKS automatic
-
AKS w.r.t Networking
- CNI:
- Private vs public cluster
- Ingress
- Network policy
- LoadBalancers
- AKS w.r.t Storage:
- Support for CSI drivers
- AKS Nodes (Virtual machines)
- Node Group: This is virtual machine scale set (VMSS)
- AKS Annotations
CNI Comparision
Sure! Here’s a comparison of the different Container Networking Interfaces (CNIs) offered by Azure Kubernetes Service (AKS) and their features:
| Feature | Azure CNI | Azure CNI Overlay | Kubenet |
|---|---|---|---|
| Networking Model | Flat network | Overlay network | Overlay network |
| Pod IP Addressing | Pods get IP addresses from the same subnet as the nodes | Pods get IP addresses from a logically separate CIDR | Pods get IP addresses from a logically separate CIDR |
| Traffic Routing | Direct routing without SNAT | SNAT for outbound traffic | SNAT for outbound traffic |
| Scalability | Requires more IP addresses; potential for IP exhaustion | Better scalability; reduces the number of VNet IP addresses required | Better scalability; reduces the number of VNet IP addresses required |
| Use Case | When you need to expose pod IP addresses to external services | Most scenarios; recommended for simplicity and scalability | Legacy model; suitable for small-scale or development environments |
| Network Performance | Higher performance due to direct routing | Slightly lower performance due to SNAT | Slightly lower performance due to SNAT |
| Complexity | Requires more planning and IP address management | Simpler to manage | Simpler to manage |
This table should help you understand the differences between the CNIs and choose the one that best fits your needs123.
Findout steps to create AKS Standard cluster
- Try to findout how to select CNI which allows network policy to be enabled
- Watch classroom video
Lets give a reader permission to an azure user
- We have create a user
- assigned the user necessary permission on Azure kubernetes
- Lets create a role
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: reader
namespace: default
rules:
- apiGroups:
- ""
- "apps"
verbs:
- get
- list
- watch
resources:
- pods
- deployments
- replicasets
- services
- Now create a role binding
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: dev-reader
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: reader
subjects:
- apiGroup: "rbac.authorization.k8s.io"
kind: "User"
name: "f09dc0b4-ec7b-4141-90b6-2b9eb1827aa1"
- We need to fix the following issue
