Mastering Azure Kubernetes Service (AKS): A Complete Beginner-to-Expert Guide Part 1


What is Kubernetes?
Kubernetes is an open-source container orchestration platform for automating the deployment, scaling, and management of containerized applications.
What is AKS?
AKS is a managed Kubernetes service that simplifies deploying, managing, and scaling containerized applications that use Kubernetes.
Cluster components
An AKS cluster is divided into two main components:
Control plane: The control plane provides the core Kubernetes services and orchestration of application workloads.
Nodes: Nodes are the underlying virtual machines (VMs) that run your applications.
The Azure managed control plane is composed of several components that help manage the cluster:
Component | Description |
kube-apiserver | The API server kube-apiserver exposes the Kubernetes API to enable requests to the cluster from inside and outside of the cluster. |
etcd | The highly available key-value store etcd helps to maintain the state of your Kubernetes cluster and configuration. |
kube-scheduler | The scheduler kube-scheduler, helps to make scheduling decisions. It watches for new pods with no assigned node and selects a node for them to run on. |
kube-controller-manager | The controller manager kube-controller-manager, runs controller processes, such as noticing and responding when nodes go down. |
cloud-controller-manager | The cloud controller manager cloud-controller-manager, embeds cloud-specific control logic to run controllers specific to the cloud provider. |
Nodes
Each AKS cluster has at least one node, which is an Azure VM that runs Kubernetes node components. The following components run on each node:
Component | Description |
kubelet | The kubelet ensures that containers are running in a pod. |
kube-proxy | The kube-proxy is a network proxy that maintains network rules on nodes. |
container runtime | The container runtime manages the execution and lifecycle of containers. |
Node pools
In AKS, nodes of the same configuration are grouped together into node pools. These node pools contain the underlying virtual machine scale sets and virtual machines (VMs) that run your applications.
When you create an AKS cluster, you define the initial number of nodes and their size (version), which creates a system node pool. System node pools serve the primary purpose of hosting critical system pods, such as CoreDNS and konnectivity
.
To support applications that have different compute or storage demands, you can create user node pools. User node pools serve the primary purpose of hosting your application pods.
Node resource group
When you create an AKS cluster in an Azure resource group, the AKS resource provider automatically creates a second resource group called the node resource group. This resource group contains all the infrastructure resources associated with the cluster, including VMs, virtual machine scale sets, and storage.
Azure Kubernetes Service (AKS) creates two resource groups during deployment to separate control and infrastructure resources, enabling better resource management, security, and lifecycle control.
1. Primary Resource Group (User-Created)
Purpose: Holds only the AKS Kubernetes service resource itself.
Ownership: You create and manage this group directly.
Contents: The AKS "control plane" resource (i.e., the logical representation of the cluster).
Lifecycle: This resource group persists until you delete the AKS cluster.
2. Node Resource Group (System-Created)
Purpose: Contains all infrastructure resources that support the AKS cluster.
Contents:
Virtual Machine Scale Sets (AKS worker nodes)
Virtual Network (VNet) components
Managed Disks
Load Balancers, Public IPs
Any other Azure resources AKS needs to run your workloads.
Naming Convention:
MC_<PrimaryResourceGroup>_<ClusterName>_<Region>
Example:MC_myResourceGroup_myAKSCluster_eastus
Lifecycle: Automatically created and automatically deleted when you delete the AKS cluster.
Best Practice: Use it only for resources managed by AKS, not for unrelated resources, because it is tied to the cluster’s lifecycle.
Why This Split Architecture?
Separation of Concerns: Allows you to manage the AKS resource and its identity, tags, and policies separately from the underlying infrastructure.
Automated Management: Azure manages the node resource group to handle updates, scaling, and cluster operations efficiently.
Clean Deletion: When you delete the AKS cluster, Azure ensures all dependent infrastructure is deleted, avoiding orphaned resources.
Security & Policy: You can apply different RBAC, policies, and cost tracking on the control plane and the infrastructure.
Cluster modes
In AKS, you can create a cluster with the Automatic (preview) or Standard mode. AKS Automatic provides a more fully managed experience. You can manage cluster configuration, including nodes, scaling, security, and other preconfigured settings. AKS Standard provides more control over the cluster configuration, including the ability to manage node pools, scaling, and other settings.
What is Azure Kubernetes Service (AKS) Automatic (preview)?
Azure Kubernetes Service (AKS) automatically offers an experience that makes the most common tasks on Kubernetes fast and frictionless, while preserving the flexibility, extensibility, and consistency of Kubernetes. Azure takes care of your cluster setup, including node management, scaling, security, and preconfigured settings that follow AKS well-architected recommendations. Automatic clusters dynamically allocate compute resources based on your specific workload requirements and are tuned for running production applications.
Production-ready by default: Clusters are preconfigured for optimal production use, suitable for most applications. They offer fully managed node pools that automatically allocate and scale resources based on your workload needs. Pods are bin-packed efficiently to maximize resource utilization.
Built-in best practices and safeguards: AKS Automatic clusters have a hardened default configuration, with many cluster, application, and networking security settings enabled by default. AKS automatically patches your nodes and cluster components while adhering to any planned maintenance schedules.
Code to Kubernetes in minutes: Go from a container image to a deployed application that adheres to best practices patterns within minutes, with access to the comprehensive capabilities of the Kubernetes API and its rich ecosystem.
Application deployment, monitoring, and observability
Application deployment can be streamlined using automated deployments from source control, which creates a Kubernetes manifest and generates CI/CD workflows. Additionally, the cluster is configured with monitoring tools such as Managed Prometheus for metrics, Managed Grafana for visualization, and Container Insights for log collection.
Option | AKS Automatic | AKS Standard |
Application deployment | Optional:Use automated deployments to containerize applications from source control, create Kubernetes manifests, and continuous integration/continuous deployment (CI/CD) workflows.Create deployment pipelines using GitHub Actions for Kubernetes.Bring your own CI/CD pipeline. | Optional:Use automated deployments to containerize applications from source control, create Kubernetes manifests, and continuous integration/continuous deployment (CI/CD) workflows.Create deployment pipelines using GitHub Actions for Kubernetes.Bring your own CI/CD pipeline. |
Monitoring, logging, and visualization | Default:Managed Prometheus for metric collection when using Azure CLI or the Azure portal.Managed Grafana for visualization when using Azure CLI or the Azure portal.Container insights for log collection when using Azure CLI or the Azure portal. | Optional:Managed Prometheus for metric collection.Managed Grafana for visualization.Container insights for log collection. |
Pricing tiers
AKS offers three pricing tiers for cluster management: Free, Standard, and Premium. The pricing tier you choose determines the features that are available for managing your cluster.
Subscribe to my newsletter
Read articles from Mostafa Elkattan directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by

Mostafa Elkattan
Mostafa Elkattan
Multi Cloud & AI Architect with 18+ years of experience Cloud Solution Architecture (AWS, Google, Azure), DevOps, Disaster Recovery. Forefront of driving cloud innovation. From architecting scalable infrastructures to optimizing. Providing solutions with a great customer experience.