Azure Kubernetes Service (AKS) Made Easy

Compare containers with virtual machines, showing how containers pack apps with their dependencies and share the host kernel for lightweight, portable, and fast isolation using namespaces and cgroups.

Explore microservices architecture and how containers support it, compared to monolithic apps. See how authentication, catalog, and cart services can be deployed independently for scalable, resilient updates.

Explore Docker, Dockerfile, and Docker Hub: build images from a Dockerfile, run and manage containers, and use Docker Hub as a registry for distributing images.

Create a simple containerized website using nginx alpine, customize index.html with a Dockerfile, build and push the image to Docker Hub, then run it locally on port 80.

Create a troubleshooting container app that measures request time and HTTP status codes, build and push its Docker image to Docker Hub, then run with interval and host variables.

Understand why a container orchestrator like Kubernetes is essential for scaling, high availability, and managing containerized apps, including load balancing, resource management, networking, service discovery, and automated rollouts and rollbacks.

Introduction to Kubernetes covers its origin, open source container orchestrator, architecture with master and worker nodes, pods, deployments, replica sets, services, and basic capabilities like scaling and load balancing.

Explore the Kubernetes architecture, from the control plane and etcd to pods, deployments, and services, and learn how kubectl creates pods and exposes apps with load balancers in AKS.

Compare self-managed and cloud-managed Kubernetes clusters on Azure AKS, highlighting setup complexity, customization, management overhead, security, and ecosystem integration, with cloud managed offering faster deployment and built-in maintenance.

Azure Kubernetes Service simplifies deploying and managing Kubernetes clusters by handling the control plane and maintenance, letting you focus on your application with fast provisioning, scaling, upgrades, security, and monitoring.

Explore Azure pricing for AKS, including free accounts, pay-as-you-go, reserved and spot options, and region-based costs. Understand control plane costs and use the pricing calculator.

Discover cost-saving considerations for AKS, including cost analysis at resource group and subscription levels, right-sized node pools, stop/start, autoscaling, spot VMs, and virtual nodes.

Log in to Azure via the Azure CLI using easy login or device code, then set the subscription with account set --subscription for an AKS cluster creation.

Learn how to create your first aks cluster using Azure CLI and the portal, manage resource groups and the infrastructure resource group (node resource group), and understand the cluster's lifecycle.

Install azure cli and kubectl, and connect to the cluster using azure cloud shell or terminal to update kube config. Explore Kubernetes resources in portal, including pods, services, and secrets.

Explore the aks-preview extension to access preview commands in the Azure CLI, install and update it, and register preview features like vertical pod autoscaler.

Configure kubectl autocompletion and aliases in bash to speed commands and persist settings. Use vscode extensions for kubernetes and azure kubernetes service to generate yaml, manage deployments, and switch namespaces.

Learn PowerShell basics in AKS: connect to Azure, create an AKS cluster, set completion and aliases with kubectl, manage profiles and namespaces.

Compare imperative and declarative approaches to create, update, and delete Kubernetes resources in AKS, using kubectl apply and YAML manifests for scalable, repeatable deployments.

Recaps core Kubernetes objects such as nodes, pods, deployments, replica sets, daemonsets, services, secrets, and config maps, and shows how they are created and used in practice.

Explore how AKS assigns IPs from virtual network and subnet address spaces, including pod CIDR and service CIDR ranges, and verify with kubectl and Azure portal.

Node pools in Azure Kubernetes Service group nodes with the same configuration to run containerized applications. Use node pools, including system and user pools, to tailor resources and isolate workloads.

Shows how to connect to AKS nodes with kubectl debug and kubectl node shell, using a third-party tool via n center to run a privileged helper pod on the node.

Explore the default Kubernetes components on AKS worker nodes, including containerd, kubelet, metrics server, kube proxy, CSI Azure Disk and File, and related DaemonSets; AKS reconciles these with add-on labels.

Explore kubelet, the on-node agent in aks that keeps containers and worker nodes running. Learn to view its configuration and troubleshoot logs using journalctl and systemctl.

Discover containerd, the default container runtime for Linux in Kubernetes, replacing Docker since 2022, and learn how the CRI-based Kubelet runs containers efficiently with crystal tooling.

Azure masquerade agent acts as an ip masquerade daemon in AKS, configuring iptables nat rules and using the non masquerade property to exclude specific ip ranges from masquerading.

Discuss cloud node manager, a daemonset under the life cycle controller and cloud controller manager, updating nodes with cloud identifiers, hostname, network address, and health checks.

Explore CoreDNS in AKS, and learn how plugins like the Kubernetes plugin, forward plugin, and log plugin enable a central, flexible service discovery and DNS resolution inside the cluster.

Discover how the DNS autoscaler deployment automatically adjusts coordinates replicas, controlled by the core DNS autoscaler config map, based on cores or nodes.

Explore the container storage interface (CSI) and how it standardizes persistent storage for apps. Learn Azure Disk, Azure File, and Azure Blob use CSI as daemon sets to provide storage.

Discover how the connectivity agent communicates with the connectivity server to form TLS tunnels between the API server and kubelet, enabling kubectl logs, exec, port forwarding, and webhooks in AKS.

Explore how kube-proxy, a daemonset network proxy, configures iptables to route traffic to pods via Kubernetes services. See nginx deployment, service exposure, and scaling illustrate endpoint updates.

Explore how the metrics-server deployment aggregates CPU and memory usage, exposes metrics via the Kubernetes API, and powers horizontal and vertical pod autoscalers and kubectl top queries.

Explore the Azure infrastructure resources that support an AKS cluster, including the infrastructure resource group and its lifecycle, pre-created resources, the cluster autoscaler, and a resource visualizer.

Explore virtual machine scale sets, a group of similar, load-balanced vms managed by a node pool. Learn scaling at the node pool level and base 36 versus base 10 naming.

discover how Azure virtual network and subnets segment address spaces, assign ip ranges to node pools, reserve special addresses, and manage DNS settings to ensure secure cloud resource connectivity.

Discover how network security groups filter Azure resource traffic with source, destination, port, and protocol rules. Understand default subnet-level rules, their priority, and when to use Kubernetes network policies.

explore how azure route tables control subnet and vnet traffic across on-premises, internet, and hops; learn kubenet pod routing and automatic route management in AKS, including firewall forwarding.

Understand how Azure load balancer (layer 4) distributes traffic to AKS nodes, using a public IP for outbound connectivity and exposing apps via a Kubernetes service of type load balancer.

Discover how Azure managed identities enable resource authentication without credentials, including system assigned and user assigned types, with AKS using a default system identity for container registry access.

Explore Azure Kubernetes Service (AKS) support policy, clarifying Microsoft's managed control plane, and customer duties—avoiding unsupported node modifications, using daemonsets, and maintaining supported versions.

Master AKS best practices by avoiding direct node resource group actions, using the NRG lockdown feature to enforce read-only mode, reconcile clusters, and manage node pools and load balancers safely.

Learn how the stop and start feature saves compute costs by pausing an AKS cluster when workloads run only during business hours, with API server unreachable and possible IP changes.

Learn to use get credentials to download and merge kubeconfig, then switch between multiple AKS clusters with kubectl contexts and use the Kubernetes extension as a UI.

Deploy and manage Kubernetes extensions from Azure Marketplace using the Azure Portal or Azure CLI, supplying resource group and cluster details, then verify, update, or delete the extension.

Learn to extend kubectl with plugins using the crew (krew) plugin manager, discover from a centralized repo, manage plugins such as grep, and ensure compatibility with kubectl and Kubernetes versions.

Explore virtual machine scale sets and availability sets in akS, how they distribute virtual machines across fault domains and update domains, and their autoscaler and node pools limitations.

Learn how system node pools run crucial system pods, such as core DNS connectivity, while user node pools host application pods; explore taints, tolerations, and node affinity that guide scheduling.

Connect to AKS nodes with kubectl debug and helper pods, exposing host IPC, host network, and host PID, using privileged access to enter node namespaces.

Connect to aks nodes via ssh using Azure Bastion, a fully managed service providing tls encrypted access from the Azure portal without public ips to Linux nodes.

Learn to connect to AKS nodes from a pod using SSH, without Azure Bastion provisioning, by deploying a pod with SSH client, copying your key, and SSH into any node.

Azure VMs run command invoke lets you execute scripts on virtual machine instances without access, with outbound connectivity required, outputs limited to 4096 bytes, and one script at a time.

Explore AKS node operating systems, including Ubuntu 18 for Kubernetes 1.24 or lower, Ubuntu 22 for 1.25 or higher, Azure Linux Mariner as default, and Windows Server options.

Create an azure linux (mariner) node pool in aks, a lightweight, secure mariner-based os with a microsoft hardened kernel; manage packages with dnf and install tcpdump for networking.

Create a Windows node pool in Azure Kubernetes Service, update with a Windows admin password, and connect to Windows nodes via ssh or PowerShell to manage pods.

Learn to schedule pods on node pools or os types using node selectors and labels. Deployments direct nginx pods to Linux or Windows nodes with agent pool and kubernetes.io/os labels.

Customize kubelet and Linux parameters in AKS by creating a new node pool with a tailored config, then verify the changes with kubectl using a json example.

Learn how to customize node kernel settings in AKS with a daemonset that adjusts vm max map count on nodes using a busybox container with privileged and host PID access.

Discover Azure OS disk types: managed disks provide persistent OS and boot storage, while ephemeral disks offer non-persistent, low-latency local storage ideal for stateless workloads.

default os disk size depends on vcpus. 1–7 vcpus map to 128gb; 2 vcpus to 120gb, and ephemeral disks aren’t supported, cannot be changed after cluster or node pool creation.

Learn how spot node pools cut costs by using Azure's underutilized capacity, configure them with a regular vm scale set, and manage eviction, max price, and workloads that tolerate interruptions.

Explore configuring GPU node pools in AKS to accelerate graphics and visualization workloads using GPU optimized sizes, taints, and either a GPU image or the NVIDIA device plugin.

Learn how Azure Kubernetes Service node pool snapshots enable creating new node pools or clusters from a snapshot, preserving Kubernetes version, node image, OS type, and region constraints.

Learn how to resize an AKS node pool by creating a new node pool, cordoning and draining old nodes to evict pods, and avoiding VM resizing.

Learn kubernetes networking with kubenet, including pod IP space, node routing, arp, and cross-node communication via Azure route tables, plus its limitations and retirement in 2028.

Explore the Azure CNI networking plugin, comparing traditional versus dynamic pod subnet allocations, learn max pods per node, IP masquerade implications, and direct pod-to-pod or VNet communications.

Explore Azure CNI overlay in AKS, where pods get IP addresses from a pod space and communicate via an overlay network. Learn benefits and tradeoffs, including scaling and external access.

Compare kubenet, azure cni, and azure cni overlay to understand IP requirements, pod IPs, IP exhaustion, subnet planning, and traffic patterns for AKS networking.

Bring your own VNet, subnet, NSG, and route table into an AKS cluster and customize routing while AKS manages pod networking with Azure CNI.

Learn how to manage AKS load balancer services in Azure by using Kubernetes annotations to set DNS labels, propagate changes automatically, and control access with NSG rules.

Learn how to handle two NSGs in an AKS cluster by configuring the subnet NSG alongside the AKS managed NIC NSG and adding matching inbound rules for http traffic.

Learn how to create and use a Kubernetes internal load balancer in Azure Kubernetes Service to restrict access to apps within the vnet.

Enable private access to an AKS internal load balancer by provisioning an Azure Private Link private endpoint, linking a Privatelink service for private traffic over the Microsoft network.

Discover how Azure vnet peering connects virtual networks via the Azure backbone without gateways, enforcing non-overlapping IP addresses and enabling AKS clusters to reach the Kubernetes internal load balancer.

SNAT provides outbound Azure connectivity for AKS backends using NAT ports and ephemeral ports, with connection pools to prevent port exhaustion.

Explore outbound connectivity options for AKS, including load balancer, NAT gateway, and user defined routing (UDR), and learn how port allocation and idle timeouts affect scalability.

Create an AKS cluster with a managed NAT gateway, configure outbound type to public IPs, set a 4-minute idle timeout, and manage the NAT gateway in the Azure portal.

Create an AKS cluster with outbound connectivity through an Azure firewall, configure routes and firewall rules, then deploy a simple web app and validate access.

Learn how to configure an AKS cluster to use an http proxy, deploy a mitmproxy setup, and understand proxy exclusions, outbound dependencies, and egress traffic.

Create an Azure VM in a resource group, install mitmproxy on Ubuntu Server, and enable SSH access; test traffic via curl through port 8080, then plan AKS integration.

Set up an aks cluster behind an http proxy by creating and peering vnets, preparing the proxy config, and deploying with kubenet.

Explore how AKS uses an http proxy with mitmproxy to route internet traffic. Block Docker.io, update proxy configurations, and troubleshoot pods and nodes across node pools.

Explore AKS cluster types by control plane access, from public to private API servers. See how kubeconfig, public IPs, vnet integration, internal load balancers, and private DNS zones govern connectivity.

Explore public AKS cluster connectivity, fetch kubeconfig with the ACR get credentials command, and verify API server access using kubectl get node and kubectl get svc.

Create a public AKS cluster with API server Vnet integration using a preview CLI extension, then verify public fqdn and private worker node connectivity via the API server load balancer.

Enable api server authorized ip ranges on a public AKS cluster to restrict kubectl access to defined ip ranges, with up to 200 ranges and no 0.0.0.0/32.

Explore two private AKS clusters (general and with VNet integration), inspect private DNS zones and endpoints, and learn to connect via a jump box using kubectl.

Learn to use az aks invoke to run kubectl or helm commands through the Azure API, enabling private AKS cluster access via a temporary command pod and yaml deployment.

Learn to run kubectl from a worker node via vm run command invoke using the node’s kubeconfig to manage AKS clusters, including private endpoint and VNet integration, with cleanup steps.

Explore how AKS-managed Azure Active Directory integration enables OpenID Connect. Apply Azure RBAC and Kubernetes RBAC to fine-tune access with roles, role bindings, and cluster roles.

Prepare the Azure RBAC environment by creating two Azure AD users, adding them to a group, enabling AD integration on an AKS cluster, and assigning reader roles.

Enable Azure AD authentication with RBAC on an AKS cluster, assign John as reader and Anna as writer (standalone and group-based), grant credentials access, and illustrate namespace-based permissions.

Create a custom Azure RBAC role for John to deploy with kubectl and scale the AKS node pool, including role propagation and portal assignment.

Prepare an AKS cluster by enabling Azure Active Directory with Kubernetes RBAC, create admin, edit, and test users, form admin and edit groups, and assign subscription-level reader role.

Enable ad authentication with Kubernetes RBAC on AKS cluster and assign admin group. Create a cluster role binding to grant test users view and deploy permissions in the test namespace.

Explore Kubernetes RBAC with local accounts, admin roles, and role bindings; secure access by enabling and disabling local accounts, and remove credentials to prevent security breaches.

Explore identities in AKS, including system assigned and user assigned managed identities, service principals, and kubelet identity, to authenticate AKS resources with Azure Container Registry or ECR.

Create a service principal with az ad sp create-for-rbac and use its app ID and secret to deploy an AKS cluster, then rotate credentials after one year.

Explore how Kubernetes certificates secure cluster communications, understand cluster CA expiry, and verify API server and kubelet certificates, including automatic and manual rotation with RBAC.

Implement network policies in AKS to restrict pod-to-pod traffic and enforce least-privilege access using Azure Network Policy Manager or Calico. Learn how policy rules affect ingress, egress, and DNS resolution.

Learn how Azure Key Vault provider for Secrets Store CSI Driver enables AKS to fetch secrets from Azure Key Vault via a Secret Provider Class and mount them into pods.

Enable the autorotation feature at the addon level for the Azure Key Vault Secret Provider add-on. Watch secret versions update in the key vault and reflect in the pod status.

Master Azure policy for Kubernetes in AKS, enforce security and governance across subscriptions with policy definitions and constraint templates, monitor compliance, and deploy an add-on for centralized policy management.

Explore how Microsoft Defender for Containers in AKS provides hardening and runtime protection, with threat detection, control plane alerts, and data plane checks via Azure Policy add-on and Defender profile.

Explore how AppArmor in AKS enhances security by enforcing profiles that restrict container actions, with enforce mode, complain, and unconfined modes, and apply custom profiles via Kubernetes annotations.

Explore seccomp in AKS, a Linux kernel feature that restricts a container’s system calls to reduce attack surface, and implement node-level profiles referenced by pod-level security contexts.

Learn to use image cleaner (eraser) in AKS to automatically identify and remove unreferenced images with vulnerability data via a CRD image list, while preserving running images.

Explore AKS resource reservations and kube reserved optimization, including CPU and memory calculations for Kubernetes 1.28 and lower versus 1.29 and higher, and their impact on allocatable capacity.

Manually scale pod replicas with kubectl, and scale the Azure node pool to adjust VMs, keeping at least one node and allowing zero only for user node pools.

Learn scale down mode in AKS: delete mode removes nodes and incurs disk charges, while allocate (deallocate) mode stops nodes, preserves images, and speeds up scaling.

Explore how the horizontal pod autoscaler (HPA) automatically scales Kubernetes deployments using observed CPU utilization and custom metrics, with the metrics server guiding replica counts from 1 to 10.

Explore the vertical pod autoscaler (VPA), a Kubernetes component that automatically adjusts CPU and memory for containers based on usage. Learn its four modes and recommender, updater, and admission plugin.

Discover how the cluster autoscaler in AKS automatically adjusts node pool counts, scaling up unschedulable pods and scaling down unused nodes.

Learn how the virtual node add-on for AKS lets you run Kubernetes pods on Azure container instances, enabling fast, scalable workloads with minimal node management.

Explore Keda in Aks to enable event driven autoscaling with the scaled object custom resource definition, scaling an nginx deployment by pending requests using http scaled object.