Azure -- AKS - How to set up Kubernetes on AKS - Page-1

 Service Endpoint : 

A Service Endpoint is not a separate device, tunnel, VPN, or NIC. It is a feature of an Azure subnet that tells Azure:

"When resources in this subnet access a specific Azure service (Storage, SQL, Key Vault, etc.), identify the traffic as coming from this subnet and keep it on the Azure backbone network."

Let's walk through how it is established.

 

Private EndPoint : 

 

A Private Endpoint does not change the Storage Account itself to have a private IP.

Instead, Azure creates a private network interface (NIC) with a private IP inside your VNet, and that NIC becomes the private entry point to the Storage Account.

 

 ----

 

In Azure Kubernetes Service (AKS), the architecture is broadly divided into the System Node Pool and User Node Pool. Understanding what runs in each is important for designing a reliable cluster.

1. System Node Pool

A System Node Pool is dedicated to Kubernetes and AKS platform components that keep the cluster running.

Components typically running on System Nodes

  • CoreDNS
    • Provides DNS resolution for pods and services inside the cluster.
  • Metrics Server
    • Collects CPU and memory metrics used by autoscaling and monitoring.
  • Kubernetes Dashboard (if installed)
    • Web UI for cluster management.
  • Azure CNI / Kubenet networking components
    • Networking plugins that connect pods to the network.
  • kube-proxy
    • Manages networking rules and service routing.
  • Container Runtime
    • Usually containerd, responsible for running containers.
  • Node Problem Detector
    • Detects and reports node health issues.
  • AKS-managed add-ons
    • Examples:
      • Azure Monitor agents
      • OMS/Log Analytics agents
      • Azure Policy agents
      • Microsoft Defender for Containers components
      • CSI drivers for storage
  • System DaemonSets
    • Any daemonset required on every node for cluster operation.

Characteristics

  • Must contain at least one node.
  • Recommended VM size: 4 vCPUs or more.
  • Hosts critical infrastructure workloads.
  • Usually tainted to prevent regular application workloads from being scheduled.

Example taint:

CriticalAddonsOnly=true:NoSchedule
 
2. User Node Pool
A User Node Pool is where your business applications run.
Components typically running on User Nodes
  • Application Pods

    • Web applications

    • APIs

    • Microservices

    

  • Stateful workloads

    • Databases

    • Caches

    • Message brokers

    

  • Batch workloads

    • CronJobs

    • Data processing jobs

    

  • Custom DaemonSets

    • Logging agents

    • Security agents

    • Monitoring sidecars

    

Examples
  • Frontend application

  • Backend services

  • Java/.NET applications

  • AI/ML workloads

  • Kafka consumers

  • Worker pods

Characteristics
  • Can have multiple node pools.

  • Can use different VM sizes.

  • Can be autoscaled independently.

  • Can be specialized for:

    • GPU workloads

    • High-memory workloads

    • Spot instances

    • Linux or Windows workloads
 
AKS Cluster Architecture
 
AKS Cluster

├── Control Plane (Managed by Microsoft)
│   ├── API Server
│   ├── Scheduler
│   ├── Controller Manager
│   └── etcd

├── System Node Pool
│   ├── CoreDNS
│   ├── Metrics Server
│   ├── kube-proxy
│   ├── Azure CNI
│   ├── CSI Drivers
│   └── Monitoring/Policy Agents

└── User Node Pool
    ├── Frontend Pods
    ├── Backend Pods
    ├── Database Pods
    ├── Batch Jobs
    └── Custom Applications 
 
Control Plane vs Node Pools
Control Plane (Managed by Microsoft)
AKS manages these components for you:
  • Kubernetes API Server

  • etcd

  • Scheduler

  • Controller Manager

  • Cloud Controller Manager

You do not see or manage the VMs running these components.
Node Pools (Managed by You)
You manage:
  • Node count

  • VM sizes

  • Autoscaling

  • Application deployment

  • Upgrades (with AKS orchestration)
 
Typical Production Setup
 
AKS Cluster

├── System Pool
│   ├── 3 x Standard_D4s_v5
│   └── AKS/Kubernetes system pods

├── User Pool 1
│   ├── 5 x Standard_D8s_v5
│   └── Application workloads

├── User Pool 2
│   ├── 2 x GPU VMs
│   └── AI/ML workloads

└── User Pool 3
    ├── Spot VMs
    └── Batch processing 

Comments

Post a Comment

Popular posts from this blog

Azure Migrate

Image
 Azure Site Recovery an earlier tool for migration: Thought purpose built for Disaster Recovery ASR: Azure Site Recovery Yes — Azure Site Recovery (ASR) is commonly used as a migration tool , even though its primary purpose is disaster recovery. How ASR Is Used for Migration Organizations use ASR to perform: Lift-and-shift migrations VMware to Azure migrations Hyper-V to Azure migrations Physical server to Azure migrations ASR replicates workloads continuously from on-premises infrastructure to Azure. During the final cutover, the replicated VM is started in Azure with minimal downtime. Migration Workflow Using ASR Typical Flow Discover on-prem servers Enable replication Continuous data synchronization Test failover (optional) Planned failover/cutover Azure VM becomes production workload This approach minimizes: Downtime Data loss Manual rebuild effort Why ASR Is Popular for Migration ASR vs Azure Migrate Real-World Use Case Example: Company has 200 VMware VMs on-premises. The...
Read more

Azure -- All Networking Components

   1. Virtual Network (VNet) 📌 One-paragraph explanation A Virtual Network (VNet) is the core private networking space in Azure where all cloud resources communicate securely. It is used to isolate workloads, control IP ranges, and create a private environment similar to a traditional data center network but fully software-defined in the cloud. 🔍 Details Where used: Hosting VMs, AKS clusters, databases, internal services Connected services: VM, Load Balancer, Application Gateway, Azure Firewall, Private Endpoint Dependencies: None (foundation component) Purpose in architecture: Acts as the main “network boundary” for all resources 🧩 2. Subnet 📌 One-paragraph explanation A subnet is used to divide a VNet into smaller logical networks so that different layers of an application (web, app, database) can be separated and controlled independently for security and traffic management. 🔍 Details Where used: Tiered architectures (web/app/db layers), microse...
Read more

All Kuberneters - Components

  Kubernetes Core Resources Explained 1. Pods What It Is A Pod is the smallest deployable unit in Kubernetes. It contains one or more containers that share: Network Storage Lifecycle Used For Running application containers Grouping tightly coupled containers together Example A web application container running inside a pod. 2. Deployments What It Is A Deployment manages Pods and ReplicaSets. Used For Rolling updates Application version upgrades Scaling applications Self-healing applications Example Deploying 3 replicas of an NGINX application. 3. ReplicaSets What It Is A ReplicaSet ensures a specified number of pod replicas are always running. Used For High availability Maintaining desired pod count Example Keeping 5 backend pods running at all times. 4. DaemonSets What It Is A DaemonSet ensures one pod runs on every node (or selected nodes). Used For Monitoring agents Log collectors Security agents Example Running Fluentd or Prometheus Node Exporter on all nodes. 5. StatefulSets W...
Read more