Azure Kubernetes Service architecture

In this lesson, we explore the architecture of Azure Kubernetes Service (AKS). AKS simplifies container orchestration by leveraging two main types of nodes: Azure Managed (master) nodes and Customer Managed nodes. While the master node is fully managed by Azure, our focus will be on the components within the Customer Managed node and their interaction with the master to maintain the desired state of the cluster.

Node Components

Understanding the components running on each node is critical for effective cluster management.

Kubelet

Kubelet is the primary agent that runs on every node in a Kubernetes cluster. Its responsibilities include:

• Receiving pod specifications from the Kubernetes master when a pod is scheduled.
• Ensuring that the defined containers for each pod are running and healthy.
• Continuously monitoring pod status to maintain the integrity of the cluster.
• Communicating with the container runtime—such as Docker, Containerd, or others—via the Container Runtime Interface (CRI) to manage container lifecycles.

Kube Proxy

Kube Proxy plays an essential role in cluster networking by maintaining network rules to enable communication between pods. Its functions include:

• Observing the Kubernetes master for any service or endpoint updates.
• Configuring routing rules for each service, thereby forwarding traffic from a service's virtual IP to the correct backend port.
• Supporting various operational modes, including user space, iptables, and IPVS, that determine how traffic is handled.

Kube Proxy interacts with the virtual network interfaces at the node level, ensuring seamless pod-to-pod communication across the cluster.

Container Runtime

The container runtime is responsible for running containers and managing their entire lifecycle. Kubernetes supports multiple container runtimes such as Docker, Containerd, CRI-O, among others compliant with the CRI. Key functions include:

• Pulling container images from a repository.
• Unpacking images and instantiating container processes.
• Managing container networking, storage, logging, and other features.

Kubelet utilizes the CRI to communicate with the container runtime, ensuring that every container within a pod is deployed and maintained according to the defined pod specifications.

Interaction Between Master and Node Components

The synergy between master components and node components is integral to the operation of AKS. Here’s how the interaction unfolds:

• The master node, through components like the API server and scheduler, issues pod specifications.
• Kubelet on customer-managed nodes receives these specifications and ensures the associated containers are meeting the desired state.
• Kube Proxy continuously monitors for changes in the network configuration and updates routing rules as needed.
• The container runtime, guided by Kubelet via the CRI, is responsible for pulling images, starting containers, and handling their operational lifecycle.

In summary, the master node maintains the overall desired state of the cluster, while Kubelet, Kube Proxy, and the container runtime on the customer-managed nodes work together to ensure that workloads run smoothly and reliably.

AKS Networking

With an understanding of the core node components and their interaction with the master node, we now turn to AKS networking. The next section details how network communication, routing, and service discovery are managed across the cluster, providing a comprehensive picture of the AKS architecture.