Read more
Content from our Azure Infrastructure and Integration experts
Azure Kubernetes Service in the Landing Zone Model: 4 key points
20 Nov, 2023
When we talk about applications and Kubernetes, we mean applications built from containers
Kubernetes is a frequently heard term in the modern IT world, but what exactly is it and what can you do with it? The system is available on various cloud platforms as a service, but can also run on-premises. We focus on the Azure variant, the Azure Kubernetes Service. Robin Verbeek, Azure Cloud & Integration Architect, highlights four key issues for deploying Azure Kubernetes Service on the Azure Enterprise Landing Zone in this Technology Blog.
In brief: Kubernetes is an open-source container orchestration system that can be used for software deployment and management. Kubernetes started as a project at Google in 2014, but today it is maintained by the Cloud Native Computing Foundation.
The following topics are important for AKS in the Landing Zone Model
• How is AKS structured in Azure and who is responsible for the components?
• What about costs?
• Where do you start and what documentation can be used?
• The AKS landing zone accelerator
To deploy AKS in an Azure environment, it is important that the Azure Enterprise Landing Zone is in place. The model that can be used for this is Microsoft's Enterprise Landing Zone Model, which is described in the Cloud Adoption Framework (CAF).
Landing zones can be linked to the Enterprise Landing Zone Model as building blocks, in which you control governance and security yourself. AKS constitutes just such a landing zone within an environment, for which one or more AKS clusters can be deployed with the same governance and security.
How is AKS structured in Azure and who is responsible for the components?
An AKS cluster consists of 2 sections:
- Cluster Master
- Customer section
The Cluster Master is Azure-managed, meaning Microsoft is responsible for its proper functioning and management. The customer part is Customer-managed, which means the customer is responsible for this. When setting up an AKS cluster, here are some helpful points:
- The Cluster Master is for the core services and handles orchestration
- The applications (containers) and underpinning services are run on the nodes
- A node is an Azure virtual machine (with associated costs)
- Management of the nodes is the responsibility of the customer (including patching of the OS)
What about the cost?
The cost of an AKS cluster is based on several factors, including the type of virtual machines (VMs) used. The Azure price calculator can be used to determine the cost for a specific situation.
These key components can affect costs:
- Virtual machines: AKS uses VMs to host Kubernetes. Costs vary depending on the VM type chosen, such as the number of CPUs, memory size and storage capacity
- Storage: Storage fees may be charged for storing container images, logs and other data within an AKS cluster.
- Costs depend on the storage accounts and storage disks used
- Networking: There may be costs associated with using network services within AKS, such as ‘load balancers,’ public IP addresses and outbound data traffic
- Azure Monitor: When using Azure Monitor to collect and analyze logs and monitoring data, charges may also apply
- Other services: Using additional services, such as Azure Container Registry (ACR) for hosting container images or Azure Log Analytics for log analytics, may incur additional costs
It is advisable to review the documentation on costing so that you are not surprised.
Where do you start and what documentation can be used?
AKS clusters can be deployed in several ways, including through the portal, Azure CLI, PowerShell, Bicep and Terraform templates. We recommend using Infrastructure-As-Code, or templates (Bicep or Terraform).
AKS is easy and quick to roll out but choices must be made that fit the organization. In the beginning, not everything may have been thought through, or not all the possibilities are yet understood. Then start with a proof-of-concept where you land a workload on the cluster so that you encounter all aspects of AKS.
AKS is sometimes referred to as a ‘mini data center’ within the Azure environment. In short, it is extensive and therefore must be carefully considered before taking it into production. This applies both to the design and arranging management.
The AKS Landing Zone Accelerator
Microsoft has described scenarios in the CAF for a number of services belonging to the Modern Application Platform. One of these scenarios specifically describes key points to consider when building an AKS platform in an organization's Azure environment.
In the case of an AKS landing zone, Microsoft assumes a separate subscription in the Enterprise environment, linking to the hub virtual network. Documentation on the AKS Landing Zone Accelerator can be found here. Reference is also made to a GitHub repository with code and a AKS Construction Helper, which one can use to configure and deploy an AKS cluster.
Using Azure Kubernetes Service in your organization?
Before getting started with Azure Kubernetes Service, knowledge must be in place about Kubernetes, the choices that need to be made to deploy it and the security aspects that are important. It all starts with a good design that fits the organization, because an AKS Landing Zone must fit into the Enterprise Landing Zone like a puzzle piece to match the organization.
Our experts are ready to help!