Last updated: May 2026

Azure ContainersIntermediateAZ-104⏱ 14 min read

Azure Kubernetes Service (AKS)

Azure Kubernetes Service is a managed Kubernetes service — Microsoft manages the control plane (API server, scheduler, etcd) for free, while you manage the worker nodes. AKS is the standard for running production containerised workloads at scale — providing auto-scaling, self-healing, rolling deployments, service discovery, and native Azure integration out of the box.

What you'll learn Core Kubernetes concepts — pods, deployments, services, namespaces · AKS architecture — control plane vs node pools · Node pool types · Networking options (kubenet vs Azure CNI) · Storage classes · RBAC in AKS · AKS + ACR integration · Monitoring with Azure Monitor

Table of Contents

Core Kubernetes Concepts
AKS Architecture
Node Pools
Networking Options
Storage in AKS
RBAC and Authentication
ACR Integration
Practice Questions

Core Kubernetes Concepts

Concept	Description
Pod	Smallest deployable unit — one or more containers sharing network and storage
Deployment	Manages a set of identical pods — handles rolling updates and rollbacks
Service	Stable network endpoint for pods — load balances traffic across pod replicas
Ingress	HTTP/HTTPS routing rules — routes external traffic to internal services
Namespace	Virtual cluster within a cluster — isolates resources between teams/environments
ConfigMap	Store non-sensitive configuration as key-value pairs
Secret	Store sensitive configuration (passwords, keys) — base64 encoded
PersistentVolume	Cluster-level storage provisioned from Azure Disks or Azure Files
Node	A VM in the cluster — runs pods

AKS Architecture

AKS splits into two planes:

Component	Managed By	Cost
Control Plane — API server, scheduler, controller manager, etcd	Microsoft (free)	No charge
Node Pools — Worker VMs that run your pods	You	Standard VM rates

ℹ️

Free Control Plane Azure manages and pays for the Kubernetes control plane — the API server, etcd, and scheduling infrastructure. You only pay for the worker node VMs. This is a significant cost advantage vs self-managed Kubernetes.

Node Pools

Node pools are groups of VMs with the same configuration. AKS supports multiple node pools:

Pool Type	Description
System node pool	Runs critical system pods (CoreDNS, metrics-server). Required — at least one per cluster.
User node pool	Runs your application workloads. Optional — add multiple for different VM sizes or OS types.
Spot node pool	Uses Azure Spot VMs — up to 90% cheaper but can be evicted. For fault-tolerant batch workloads.

Networking Options

	Kubenet (Basic)	Azure CNI (Advanced)
Pod IP addresses	Private, not routable from VNet	Real VNet IPs — routable from VNet
VNet visibility	Pods not directly accessible from VNet	Pods directly accessible from VNet
IP consumption	Low — node IPs only	High — every pod uses a VNet IP
Best for	Simple clusters, limited VNet IPs	Enterprise, VNet integration, internal load balancers

Storage in AKS

Storage Class	Backend	Access Mode	Best For
default / managed-csi	Azure Managed Disk	ReadWriteOnce (single pod)	Databases, single-pod storage
azurefile-csi	Azure Files (SMB)	ReadWriteMany (multiple pods)	Shared storage across pods
azurefile-csi-premium	Azure Files Premium	ReadWriteMany	High-performance shared storage

RBAC and Authentication

AKS supports two RBAC modes:

Kubernetes RBAC — Built-in Kubernetes roles (ClusterAdmin, Admin, Edit, View) managed via kubectl
Azure AD integration — Use Azure AD users and groups to control kubectl access. Recommended for enterprise — leverages existing identity management.

ACR Integration

Grant AKS permission to pull images from ACR without managing credentials:

Azure CLIAttach ACR to AKS — grant pull permissions

# Grant AKS Managed Identity permission to pull from ACR
az aks update \
  --name myAKSCluster \
  --resource-group myRG \
  --attach-acr myregistry2026

# AKS can now pull images from ACR without credentials in YAML manifests

💡

AZ-104 Exam Tip Know that AKS control plane is free — you only pay for worker node VMs. Know the difference between kubenet and Azure CNI networking. Know that system node pools are required and run critical system pods. Know that AKS integrates with ACR via Managed Identity (no credentials needed in manifests).

📝 Practice Questions

Click an option to check your answer.

Q1. In AKS, what does Microsoft manage and what do you pay for?

A — You manage and pay for everything including the control plane

B — Microsoft manages the control plane for free — you pay only for worker node VMs

C — Everything is free — AKS has no charges

D — You pay for the control plane — Microsoft manages and pays for worker nodes

Q2. What is the smallest deployable unit in Kubernetes?

A — Pod

B — Deployment

C — Node

D — Service

Q3. Which AKS networking plugin assigns real VNet IP addresses to pods?

A — Kubenet

B — Azure CNI

C — Flannel

D — Calico

Q4. Which Kubernetes storage class should you use when multiple pods need to read and write to the same volume simultaneously?

A — default (Azure Managed Disk)

B — azurefile-csi (Azure Files)

C — managed-csi

D — azuredisk-shared

Q5. What Kubernetes object provides a stable network endpoint that load balances traffic across multiple pod replicas?

A — Deployment

B — Service

C — Namespace

D — ConfigMap

← PreviousAzure Container Instances Next →Create an AKS Cluster

Comments

Disclaimer: RedKite Cloud is an independent educational resource and is not affiliated with Microsoft Corporation.