Azure Kubernetes Service (AKS)

Announcing Public Preview of Confidential VM on AKS.

Azure confidential VMs (DCav5/ECav5) are VM based Hardware Trusted Execution Environment (TEE) that leverage SEV-SNP security features to deny the hypervisor and other host management code access to VM memory and state, providing defense in depth protections against operator access.

Source: Confidential VM node pool support on AKS with AMD SEV-SNP VM in preview (microsoft.com)

• Simplifies deployment, management, and operations of Kubernetes
• Kubernetes Objects
• Azure Kubernetes Services or AKS
• It makes it quick and easy to deploy and manage containerized applications without container orchestration expertise.
• Eliminates the burden of ongoing operations and maintenance by provisioning, upgrading, and scaling resources on demand
• Master node(s) managed by Microsoft
• Access to enterprise-grade features of Micorosft Azure
• Reduces the complexity and operational overhead of managing a Kubernetes cluster by offloading much of that responsibility to Azure
• Handles critical tasks like health monitoring and maintenance for you

In this overview video I cover the basics of containers, Kubernetes, the Azure Kubernetes Service (AKS) and how all the pieces fit together!

• Automated Kubernetes version upgrade and patching
• Easy cluster scaling
• Self-healing hosted control plane (masters)
• Cost savings

In general, I see two approaches

• Start with App Services for all applications, and only if the complexity and orchestration needs exceed the limits, then go for AKS. This would be my approach as I don’t see either/or, but I would leverage their individual strengths.
• Or if they already plan to introduce a sophisticated AKS infrastructure, then use leverage this (I have the feeling that some at Swiss Re try to go into this direction)

What do/would I consider

• General: have simple applications with just a few Web Apps I would go with App Services, but for a more complex microservice architecture, I would consider AKS.
• Is there a strategic decision already taken
• Is there a Multi-Cloud strategy and need to leverage knowledge (infrastructure) across clouds, then it could make sense to go with AKS as this is more provider agnostic
• If there is no Kubernetes knowledge available, App Services would be simpler to start with
• If you have an Application with just a front-end (maybe SPA) and API backend, then App Services would be preferable
• If it is a containerized application with a lot of containers that need orchestration, then AKS could help
• What Customers need to understand is that there are much more management activities they need to take care of when using AKS compared to App Service. AKS is closer to an IaaS platform from that point of view. So as long as their needs can be met with App Service, I think it’s a much less painful choice compared to AKS.

Private Azure Kubernetes Service Cluster

In a private cluster, the control plane or API server has internal IP addresses that are defined in the RFC1918 - Address Allocation for Private Internet document. Using a private cluster lets you ensure network traffic between your API server and your node pools remains on the private network only.

Create a private Azure Kubernetes Service cluster - Azure Kubernetes Service | Microsoft Docs