AKS
By default when you create a AKS cluster it creates a system node pool. AKS control plane is free. EKS $2.5 per day
In the system node pool minimum required components will be running. (whatever the nodes we will run we have to pay)
Node pools:
system node pool
user node pool (Linux/Windows)
virtual node
Authentication:
system assigned managed identity
Kubernetes RBAC
AKS managed Azure AD
Networking:
Azure CNI
standard Load balancer
Public/private cluster
Integration:
Container Registry
monitor
Azure log analytics
Basic:
versions
zones
kubectl create --name pod1 --image nginx:latest
kubectl get pods
kubectl get po
kubectl get pods -o wide # to get more informations about the pod
kubectl describe pod pod1
kubectl get pod pod1 -o yaml # Get pod definition YAML output
services:
Through service we can access the container externally from internet.
kubectl expose pod pod1 --type=LoadBalancer --port=80 --name=pod1-service
kubectl get service
kubectl get svc
kubectl describe service pod1-service
kubectl get service pod1-service -o yaml # Get service definition YAML output
How do you implement network isolation in AKS, explain briefly ?
We can implement network isolation in AKS in 2 ways: Network Policies and Azure Private Link.
Network Policies: –
Use Kubernetes-native constructs (e.g., pod labels, namespaces)
– Define ingress/egress rules for traffic control
– Advantages: Fine-grained control, easy integration with existing Kubernetes resources
– Limitations: Requires additional management overhead, limited to cluster-level isolation
Azure Private Link:
– Expose AKS API server over a private IP within the virtual network
– Traffic remains within the Azure backbone network
– Advantages: Enhanced security, reduced exposure to public internet, simplified network architecture
– Limitations: Additional cost, increased complexity during setup, limited to control plane isolation