Azure Kubernetes Service: What GA Means for Production Adoption, Lavkesh Dwivedi

Azure Kubernetes Service reached general availability in June 2018 but spent 2019 maturing into a production-grade service. The 2019 improvements make AKS a credible enterprise Kubernetes platform.

The free control plane

AKS provides the Kubernetes control plane (API server, scheduler, controller manager, etcd) at no additional cost. You pay only for the worker node VMs. This cost model makes small AKS clusters economical and removes the minimum cluster cost that dedicated control plane VMs would require. The trade-off: the control plane is managed by Microsoft with a shared responsibility model, you cannot directly access or customise the control plane.

AAD integration for enterprise auth

AKS's Azure Active Directory integration allows Kubernetes RBAC to be backed by Azure AD groups and users. Engineers authenticate to the AKS cluster using their corporate Azure AD credentials; Kubernetes RBAC policies reference Azure AD group memberships. The integration eliminates the need for Kubernetes-specific user management and integrates with corporate identity governance (access reviews, lifecycle management).

Virtual Node for serverless pods

Azure Virtual Nodes (powered by Azure Container Instances) allow AKS to schedule pods on serverless compute that starts in seconds rather than waiting for cluster autoscaler to provision new VMs. For workloads with burst requirements, batch jobs that arrive sporadically, development environment pods, Virtual Nodes provide near-instant scale-out without pre-provisioned capacity.

The upgrade experience in 2019

AKS cluster upgrades in 2019 require planning. An upgrade moves the control plane to the new version first, then upgrades node pools by cordon-and-drain cycling through each node. The upgrade is in-place with no new cluster provisioning. PodDisruptionBudgets must be configured correctly to prevent upgrade-time pod disruption. The operational guidance: test upgrades in a non-production cluster first, upgrade node pools during low-traffic windows, and validate application health after each node upgrade.