Azure AKS Deployment
This guide covers deploying Greenfield Cluster on Azure Kubernetes Service (AKS) with ARM Ampere Altra instances for optimal price/performance.
Overview
Azure Kubernetes Service provides managed Kubernetes clusters on Microsoft Azure, offering:
- Managed Control Plane: Azure handles the Kubernetes control plane (free)
- ARM Ampere Support: Better price-performance with Ampere Altra processors
- Azure Integration: Native integration with Azure services
- Availability Zones: Multi-zone deployments for high availability
- Azure Monitor: Built-in monitoring and logging
Prerequisites
- Azure subscription with appropriate permissions
- Azure CLI v2.50+
- Terraform >= 1.0 (for IaC)
- kubectl v1.24+
Deployment Options
Option 1: Terraform (Recommended)
Use our Terraform configuration for automated, reproducible deployments.
Quick Start
# Navigate to Azure infrastructure directory
cd infrastructure/azure/
# Login to Azure
az login
az account set --subscription "YOUR_SUBSCRIPTION_ID"
# Initialize Terraform
terraform init
# Review planned changes
terraform plan
# Create cluster (takes 5-10 minutes)
terraform apply
# Configure kubectl
az aks get-credentials \
--resource-group greenfield-cluster-rg \
--name greenfield-cluster
# Verify cluster
kubectl get nodes
Custom Configuration
Create terraform.tfvars:
cluster_name = "greenfield-cluster"
location = "East US"
resource_group = "greenfield-rg"
environment = "dev"
use_arm = true # Use ARM Ampere Altra
node_count = 3
arm_node_size = "Standard_D2ps_v5" # 2 vCPU, 8GB RAM
kubernetes_version = "1.28"
Apply configuration:
See the complete Azure Infrastructure Guide for all options.
Option 2: Azure CLI
Quick cluster creation using az command-line tool.
Basic Cluster with ARM
# Create resource group
az group create \
--name greenfield-rg \
--location eastus
# Create AKS cluster with ARM
az aks create \
--resource-group greenfield-rg \
--name greenfield-cluster \
--node-count 3 \
--node-vm-size Standard_D2ps_v5 \
--enable-managed-identity \
--generate-ssh-keys \
--enable-cluster-autoscaler \
--min-count 2 \
--max-count 6 \
--network-plugin azure \
--enable-addons monitoring
Multi-Zone Cluster (High Availability)
az aks create \
--resource-group greenfield-rg \
--name greenfield-cluster \
--node-count 3 \
--zones 1 2 3 \
--node-vm-size Standard_D2ps_v5 \
--enable-managed-identity \
--generate-ssh-keys \
--enable-cluster-autoscaler \
--min-count 3 \
--max-count 9
Option 3: Azure Portal
Manual creation through Azure Portal:
- Navigate: Portal → Kubernetes services → Create
- Basics:
- Subscription: Select subscription
- Resource group: Create greenfield-rg
- Cluster name: greenfield-cluster
- Region: East US
- Kubernetes version: 1.28 or later
- Node Pools:
- Node size: Standard_D2ps_v5 (ARM)
- Scale method: Autoscale
- Node count: Min 2, Max 6, Initial 3
- Networking:
- Network configuration: Azure CNI
- DNS name prefix: greenfield
- Integrations:
- Container monitoring: Enabled
- Azure Policy: Optional
- Review + Create: Validate and create
Architecture
Default Configuration
| Component | Configuration |
|---|---|
| Region | East US (configurable) |
| K8s Version | 1.28+ (auto-upgrade available) |
| Control Plane | Managed by Azure (Free) |
| Node Size | Standard_D2ps_v5 (ARM Ampere) |
| Node Count | 2-6 (3 desired, auto-scaling) |
| Node Storage | 128 GB managed disk |
| Network Plugin | Azure CNI |
| Identity | System-assigned managed identity |
ARM vs x86 VM Options
ARM (Ampere Altra) - Default
Advantages: - Better price-performance ratio - Modern ARM architecture - Energy efficient
VM Sizes (Dps_v5 series):
- Standard_D2ps_v5: 2 vCPU, 8 GB RAM (~$0.096/hr)
- Standard_D4ps_v5: 4 vCPU, 16 GB RAM (~$0.192/hr)
- Standard_D8ps_v5: 8 vCPU, 32 GB RAM (~$0.384/hr)
x86 (Intel/AMD) - Fallback
VM Sizes (Ds_v5 series):
- Standard_D2s_v5: 2 vCPU, 8 GB RAM (~$0.096/hr)
- Standard_D4s_v5: 4 vCPU, 16 GB RAM (~$0.192/hr)
- Standard_D2s_v3: 2 vCPU, 8 GB RAM (~$0.096/hr)
When to use x86: - Applications requiring x86 architecture - Legacy software without ARM support
Network Architecture
┌──────────────────────────────────────────────┐
│ Azure Virtual Network │
│ 10.0.0.0/16 │
│ ┌────────────────────────────────────────┐ │
│ │ AKS Subnet 10.0.1.0/24 │ │
│ │ │ │
│ │ ┌──────────┐ ┌──────────┐ ┌──────┐│ │
│ │ │ Node 1 │ │ Node 2 │ │Node 3││ │
│ │ │ (Zone 1)│ │ (Zone 2)│ │(Z 3) ││ │
│ │ └──────────┘ └──────────┘ └──────┘│ │
│ └────────────────────────────────────────┘ │
└──────────────────────────────────────────────┘
Deploying Greenfield Cluster
After creating your AKS cluster:
1. Configure kubectl
# Get credentials
az aks get-credentials \
--resource-group greenfield-cluster-rg \
--name greenfield-cluster
# Verify connection
kubectl cluster-info
kubectl get nodes
2. Deploy Greenfield
Using Kustomize:
# Deploy base configuration
kubectl apply -k kustomize/base/
# Or use environment overlay
kubectl apply -k kustomize/overlays/prod/
Using Helm:
helm install greenfield helm/greenfield-cluster \
--namespace greenfield \
--create-namespace \
--values helm/greenfield-cluster/values-prod.yaml
3. Configure Ingress (Optional)
NGINX Ingress Controller:
# Install NGINX ingress with Azure annotations
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm install ingress-nginx ingress-nginx/ingress-nginx \
--namespace ingress-nginx \
--create-namespace \
--set controller.service.annotations."service\.beta\.kubernetes\.io/azure-load-balancer-health-probe-request-path"=/healthz
Application Gateway Ingress Controller:
# Enable AGIC addon
az aks enable-addons \
--resource-group greenfield-cluster-rg \
--name greenfield-cluster \
--addons ingress-appgw \
--appgw-name greenfield-appgw \
--appgw-subnet-cidr "10.0.2.0/24"
Cost Optimization
Estimated Monthly Costs
Development (Standard_D2ps_v5, 3 nodes): - Control Plane: Free - Worker Nodes: ~$210 (3 × $0.096/hr × 730hr) - Managed Disks: ~$15 (300GB standard SSD) - Total: ~$225/month
Production (Standard_D4ps_v5, 5 nodes, multi-zone): - Control Plane: Free - Worker Nodes: ~$700 (5 × $0.192/hr × 730hr) - Managed Disks: ~$40 (500GB) - Load Balancer: ~$20 - Total: ~$760/month
Cost Reduction Tips
- Use ARM Instances: Similar price, better performance
- Spot Instances: Up to 90% savings for interruptible workloads
- Reserved Instances: 1-3 year commitments for 20-72% savings
- Auto-shutdown: Dev/test clusters during off-hours
- Right-sizing: Use cluster autoscaler to scale down
- Azure Hybrid Benefit: Save on Windows node pools
- Standard vs Premium Disks: Use standard SSD when possible
Enable Spot Node Pool
For fault-tolerant workloads:
az aks nodepool add \
--resource-group greenfield-rg \
--cluster-name greenfield-cluster \
--name spotpool \
--priority Spot \
--eviction-policy Delete \
--spot-max-price -1 \
--node-count 2 \
--min-count 0 \
--max-count 5 \
--enable-cluster-autoscaler \
--node-vm-size Standard_D2ps_v5
Auto-Start/Stop
For dev/test environments:
# Stop cluster (preserves configuration)
az aks stop \
--resource-group greenfield-rg \
--name greenfield-cluster
# Start cluster
az aks start \
--resource-group greenfield-rg \
--name greenfield-cluster
Monitoring and Operations
Azure Monitor
Enabled by default. View metrics:
# View cluster metrics
az aks show \
--resource-group greenfield-rg \
--name greenfield-cluster \
--query "addonProfiles.omsagent"
# Access in portal
# Portal → Kubernetes services → greenfield-cluster → Insights
Cluster Autoscaler
If enabled during creation, configure:
az aks update \
--resource-group greenfield-rg \
--name greenfield-cluster \
--enable-cluster-autoscaler \
--min-count 2 \
--max-count 10
Node Auto-Repair
Automatically enabled on AKS. Check status:
az aks show \
--resource-group greenfield-rg \
--name greenfield-cluster \
--query "agentPoolProfiles[].enableAutoScaling"
Upgrade Cluster
# Check available versions
az aks get-upgrades \
--resource-group greenfield-rg \
--name greenfield-cluster
# Upgrade cluster
az aks upgrade \
--resource-group greenfield-rg \
--name greenfield-cluster \
--kubernetes-version 1.29.0
Security Best Practices
- Managed Identity: Use instead of service principals
- Azure AD Integration: RBAC with Azure AD
- Network Policies: Restrict pod-to-pod communication
- Private Cluster: Control plane on private IP
- Azure Policy: Enforce security policies
- Key Vault Integration: Store secrets in Azure Key Vault
- Regular Updates: Enable auto-upgrade
Enable Azure AD Integration
az aks update \
--resource-group greenfield-rg \
--name greenfield-cluster \
--enable-aad \
--aad-admin-group-object-ids GROUP_ID
Private Cluster
az aks create \
--resource-group greenfield-rg \
--name greenfield-cluster \
--enable-private-cluster \
--node-count 3
Azure Key Vault Integration
# Enable Key Vault secrets provider
az aks enable-addons \
--resource-group greenfield-rg \
--name greenfield-cluster \
--addons azure-keyvault-secrets-provider
Troubleshooting
Nodes Not Ready
# Check node status
kubectl get nodes
kubectl describe node NODE_NAME
# Check node pool
az aks nodepool list \
--resource-group greenfield-rg \
--cluster-name greenfield-cluster
# View activity log
az monitor activity-log list \
--resource-group greenfield-rg \
--offset 1h
Pods Stuck in Pending
# Check events
kubectl get events --sort-by='.lastTimestamp'
# Check node resources
kubectl top nodes
# Scale node pool
az aks nodepool scale \
--resource-group greenfield-rg \
--cluster-name greenfield-cluster \
--name nodepool1 \
--node-count 5
Disk Attachment Issues
# Check storage classes
kubectl get storageclass
# Check PVC status
kubectl get pvc -n greenfield
# List managed disks
az disk list --resource-group MC_greenfield-rg_greenfield-cluster_eastus
Network Issues
# Check network plugin
az aks show \
--resource-group greenfield-rg \
--name greenfield-cluster \
--query networkProfile
# Check CNI configuration
kubectl get pods -n kube-system | grep azure-cni
Cleanup
Terraform
# Delete Greenfield resources first
kubectl delete -k kustomize/base/
# Destroy AKS cluster
cd infrastructure/azure/
terraform destroy
Azure CLI
# Delete cluster (preserves resource group)
az aks delete \
--resource-group greenfield-rg \
--name greenfield-cluster \
--yes
# Delete entire resource group (removes everything)
az group delete \
--name greenfield-rg \
--yes --no-wait
AKS Features Comparison
| Feature | Standard | Premium |
|---|---|---|
| Uptime SLA | 99.5% (zone) / 99.9% (multi-zone) | 99.95% |
| Control Plane | Free | ~$730/month |
| Best For | Most workloads | Mission-critical |