What Is Azure Kubernetes Service AKS?

What is Cloud Data Security

AKS integrates seamlessly with Azure services and makes Kubernetes management simpler, offering high availability, security features, and Microsoft support – perfect for businesses already using Azure at competitive pricing.

AKS autoscales your cluster as demand for applications grows, increasing VMs and storage to maintain application performance. This feature of AKS’ service is of critical importance.


Kubernetes, a cloud-native application platform, offers unlimited scalability that makes it an ideal platform for the deployment of workloads across data centers and edge locations. AKS allows automatic scaling of Kubernetes clusters according to demand for applications allowing your applications to scale without worrying about managing and provisioning additional resources yourself.

As soon as you deploy an AKS cluster, it automatically creates both a control plane and worker nodes that execute your workloads. The control plane hosts Kubernetes services such as API server and etcd that keep information about cluster configuration in sync between management tools such as dashboard and kubectl; etcd is highly available with replication ensuring your configuration and deployments remain in sync.

AKS manages the lifecycle of worker nodes and infrastructure so you can focus on building and deploying cloud-native applications without worrying about upgrades and patches to hardware. AKS integrates with developer productivity tools for agile CI/CD processes as well as DevOps workflow automation for streamlined DevOps processes with scalable container orchestration.

Dependent upon your requirements, AKS size SKUs offer several cluster options that meet them. For instance, selecting one which supports the number of pods your applications are expected to run ensures enough available capacity without reliability issues arising. You can even enable container insights for monitoring purposes as well as setting alerts in case reliability-impacting events occur.

AKS also helps meet your scalability and security requirements, including PCI-DSS 3.2.1 isolation requirements or DoD Impact Level 5 isolation thresholds. AKS supports secure communication between worker nodes and control plane nodes as well as supports secure worker-node communications.

Your AKS cluster can be tailored specifically to the requirements of your applications by selecting virtual machine sizes that include CPUs, memory and storage type you require for each VM size. In addition, system node pool size reflects how many nodes make up your cluster; you can configure autoscaling so your node pools automatically adapt as workload demands change.


AKS provides multi-zone deployments as a high availability solution, using Azure VMs across availability zones to protect applications and data against failure in their hosting region, helping guard against data center and cluster outages. A multi-zone cluster can use cross-region replication as disaster recovery.

When creating an AKS cluster, the Resource Manager template allows for specifying any number of availability zones you would like your cluster to reside within. Once deployed, AKS then deploys it accordingly. If no explicit availability zone designations are made for any resource or resource type, Kubernetes assumes it’s no longer necessary and automatically schedules pods that claim PersistentVolumeClaim (PVCs) into their appropriate availability zones.

Kubernetes provides network policies to restrict traffic between pods, providing secure multi-tenant environments for your workloads. You can also use network policies to either allow or restrict access for workloads to data storage services.

No matter if your workloads are containerized or not, persistent data storage will likely be needed for them. AKS makes this easy by providing dynamic or static storage volumes specifically tailored for these workloads; in addition, AKS supports labeling data across volumes for easier management.

AKS can be accessed using Azure CLI, Azure Portal and Kubernetes command line interface (kubectl). Third-party tools like VMware vSphere Client may also allow access to an AKS cluster on local computers. AKS also supports hybrid cloud models which allows users to seamlessly integrate identity solutions from Active Directory into your Kubernetes cluster.

AKS also integrates seamlessly with Azure AD to provide seamless authentication and authorization between on-premises AD and your cluster, making management of Kubernetes clusters simpler while decreasing risk.

AKS clusters are constructed using the latest security updates from Azure. Operating system security patches for Linux-based nodes and kernel updates for Windows Server nodes are applied automatically by Azure as soon as they become available, while there is also a secure communication channel between control plane and nodes ensuring nodes only communicate when necessary, and aren’t vulnerable to outside attackers.


AKS provides a single-tenant control plane that deploys and manages cluster nodes. You select their size and number, while Azure secure communication between the control plane and nodes is configured through Kubernetes APIs such as Kubectl. Your bills only reflect resources used by containers running within this environment.

AKS was built for high availability and reliability, deploying its cluster nodes across paired regions for disaster recovery and creating multiple availability zones within each region to maintain application uptime during data center failures. Furthermore, AKS offers automatic upgrades, cluster auto-repair capabilities, as well as automated scaling to maximize uptime and availability.

AKS provides additional security and monitoring features, beyond its high availability features, to protect and monitor containerized applications. These features include Azure Active Directory integration and role-based access control (RBAC), to ensure secure containerized applications. AKS also collects performance metrics like processor and memory usage from containers and nodes to provide insight into application health.

AKS management portal, CLI and APIs make deploying and scaling Kubernetes clusters simple. You can quickly create one using either portal, CLI or script; AKS portal also enables selecting resource groups like myResourceGroup before entering size/node count details to complete creation of an AKS cluster.

Your deployment type and cluster settings, such as replication, scaling, node pools and network configurations are also customizable. Node pools allow you to group nodes with similar configurations for use with specific applications – for instance those equipped with graphics processing units (GPUs). Your cluster’s Scheduler uses these node pools when allocating pods across your cluster.

AKS is compatible with popular DevOps tools like Jenkins and Git, offering support for continuous integration/continuous deployment pipelines via Azure Container Registry (ACR), where container images are stored and deployed. Furthermore, ACR authentication with service principal or managed identity authentication enables your applications to safely pull images from ACR into an AKS cluster for deployment.


Azure Kubernetes Service AKS monitors your cluster to make sure it is operating optimally, managing its control plane, virtual machines (VMs), storage volumes and virtual networks as well as your application ensuring its compatibility with its underlying infrastructure. AKS automatically scales and upgrades the cluster as necessary so it remains available for your workloads at all times; should additional resources be required AKS will automatically add more VMs into its configuration.

Utilizing AKS management portal, CLI, or APIs you can obtain performance and availability metrics from your cluster. AKS also collects container logs for advanced analysis and troubleshooting purposes – these logs can be accessed directly from the dashboard or Azure Log Analytics for analysis and alert creation.

AKS also supports GPU-enabled virtual machines in node resource groups to accelerate compute-intensive, graphics-intensive and visualization workloads. You can configure AKS to use one or multiple GPU-enabled VMs for such workloads by using Kubernetes’ command line interface (kubectl).

As well as using the standard Kubernetes monitoring tools to track your application, AKS allows for additional features for monitoring and troubleshooting. For instance, containerized Datadog agents can be deployed to gather metrics and distributed request traces across your entire deployment allowing you to visualize all services, containers, traces and associated alerting in one platform with ease.

Monitor your deployment using AKS by creating metric-based cluster and pod charts, which help you understand how your applications are using the resources that you pay for. Pin these charts directly to your dashboard or set alerts based on specific metric values.

AKS provides you with a collection of recommended Prometheus alerts that you can select in the Metrics Explorer, or create your own. Furthermore, Prometheus metrics can also be sent directly into Azure Log Analytics for analysis and alerting via simple queries – with logs all being easily viewable and managed, offering flexible search/filter capabilities for easier log management.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.