Advanced Kubernetes/AKS Network & Infrastructure

Explore Azure Kubernetes Service architecture, comparing private and public clusters, ingress with a load balancer, and access for admins and DevOps to manage pods, deployments, and services.

Create an Azure Kubernetes Service cluster end-to-end, configure networking and security, scale nodes, and deploy pods, deployments, and services in a guided workflow.

Discover how an AKS cluster creates two resource groups, a virtual network with VM scale-set nodes, and a load balancer, plus kubeconfig access and node-level details.

Create and manage pods, deployments, and services in a Kubernetes cluster using kubectl and YAML, then expose a service with a public IP and inspect pod details.

Create scalable deployments with deployment objects that wrap replica sets and pods, deploy three Engine X instances with kubectl, generate YAML, and distribute pods across machines for availability.

Exec into a pod to access its shell in interactive mode. Explore inter-pod communication via pod IPs and Calico network policy.

Scale pods in Kubernetes with kubectl scale on the Engine X deploy to five replicas, verify with get deployments and get pods -o wide, then scale back to three.

Create a kubernetes service to provide stable, internal access for pods with changing IPs, using kubectl expose and a service name to route traffic to endpoints.

Change the engine service from cluster IP to load balancer using kubectl edit, then describe and get svc to reveal the external public IP while keeping the private IP.

View Kubernetes objects in the Azure portal by inspecting services, pods, and deployments, filtering namespaces, and examining public IP addresses and load balancer front-end configuration.

Explore public cluster, private cluster, and V net integration feature for accessing the control plane and how developers and DevOps access the API server to deploy and configure applications.

Learn how a public kubernetes cluster exposes the control plane via a public endpoint and a public ip address, enabling kubectl access over the internet with authorized ip ranges.

Secure a Kubernetes cluster by enabling a private endpoint for the control plane, eliminating public access and routing traffic through a private DNS zone and private link.

Discover how a public cluster with vnet integration secures control plane access via an internal load balancer and private ip, enabling private node communication within a delegated subnet.

Explore how a private Kubernetes cluster with vnet integration uses an internal load balancer and delegated subnet to expose only a private control plane, with access via the access vnet.

Access a private cluster via kubectl through the Azure control plane for debugging. Use a jump box VM, express route or vpn into the VNet, or a private endpoint.

Review four options to create the Kubernetes control plane, including public clusters with public FQDNs and IP, and private clusters with private endpoints and VNet integration.

Explore how a network isolated AKS cluster blocks egress by default, using a private ACR and artifact cache to fetch system images, keeping all traffic within the private network.

Learn to create a network isolated AKS cluster with outbound type none, connect to a private ACR via private endpoint and artifact cache, and source system images from MCR.

Learn to securely access a private AKS cluster via Azure Bastion, using a jump box inside the virtual network to reach the private endpoint over TLS.

Use terraform to deploy a private AKS cluster with a private DNS zone, a jump box, and Azure Bastion in a single virtual network; access AKS via bastion or CLI.

Access an AKS cluster via Azure Bastion, Azure VM, or a private endpoint in a hub and spoke network setup, ensuring VNet peering and private DNS resolution.

Explore how AKS uses networking plugins to assign pod IPs, compare the default Kubernetes CNI, Azure CNI, and the overlay mode, and review options like Cilium and bring-your-own CNI plugin.

Configure kubenet in AKS to assign node IPs from the subnet and pod IPs from a separate pod CIDR, enabling NAT routing and conserving IP space, with a 400-route limit.

Explore Azure CNI network mode in AKS, where each pod gets a subnet IP and direct access, emphasizing IP planning, subnet sizing, and cluster provisioning with Azure as network plugin.

Compare Kubenet and Azure CNI in Kubernetes networking, assessing subnet capacity, pod and node limits, and scenarios for using CNI with overlays to optimize IP usage.

Azure CNI overlay mode assigns pods IPs from a private CIDR while nodes keep subnet IPs, forming an isolated overlay with no route table required and direct pod-to-pod connectivity.

Azure CNI overlay scales to 1000 nodes per cluster, requires no route table, and improves pod-to-pod performance, with Azure, Calico, and Cilium policies; Kubenet tops at 400 nodes and Linux-only.

Deploy an ecs cluster using a bring your own CNI plugin with Cilium CNI, open source or enterprise, and leverage ebpf while supporting Calico, Canal, Flannel, Weave via CNI standard.

Choose non overlapping cidr ranges for subnet, pods, service, and docker bridge within a cluster; subnet must be unique across clusters, while service, pod, and docker bridge can repeat.

Learn DNS configuration for private AKS, including disable public FQDN and private DNS zone options (none, system, resource ID, or bring your own), plus hub and spoke and A records.

Explore scalable private dns resolution for AKS clusters, comparing decentralized public fqdn, centralized hub-spoke dns, and per-cluster private dns with hub linking, for nodes, jump boxes, and CI/CD pipelines.

Explore centralized DNS resolution for AKS hub-and-spoke deployments, leveraging a shared private DNS zone, private endpoints, and private FQDNs to resolve cluster IPs across hub and spoke networks.

Demonstrates decentralized DNS resolution for a hub-and-spoke AKS deployment, enabling private DNS zones per spoke, private endpoints, and Terraform-driven deployment to resolve the cluster FQDN privately.

Deploys an external DNS pod in a Kubernetes cluster to automate custom domain mapping for public services and ingresses to Azure DNS, authenticating with a service principal or managed identity.

Automate DNS management in a Kubernetes cluster using external DNS to create and update A records and TXT records in Azure DNS for mapping to load balancer or ingress services.

Learn how external dns integrates with Azure DNS to auto-create and synchronize custom domain records for Kubernetes ingresses and load balancer services, using a service principal and Azure JSON secret.

Discover how to deploy core dns in a kubernetes cluster to map custom domain names, using config maps to customize resolution and replacing kube dns with a private cluster domain.

Demonstrate setting up custom domain names inside a Kubernetes cluster with CoreDNS, using a CoreDNS config map rewrite rule to map x.com to Engine X service.

Enable Core DNS logging for DNS queries by deploying a custom Core DNS config map with the log plugin, restart Core DNS, and verify nslookup requests appear in logs.