Optimizing Azure Kubernetes Service (AKS) with the Well-Architected Framework

 

The Azure Well-Architected Framework assists architects in the creation and review of their cloud workloads with guidance spanning five pillars – reliability, security, cost optimization, operational excellence, and performance efficiency. These are cross-cutting and cover the entire scope of the workload. Additionally, it's often beneficial for an architect to focus on a core component of the workload, and the Well-Architected Framework also delivers targeted, service-specific guidance on key workload components.

 

Today we’re going to be looking at the Azure Well-Architected Azure Kubernetes Service (AKS) guide. Like all the Well-Architected Framework service guides, the Azure Kubernetes Service (AKS) guide delivers checklists and recommendations across the same five pillars, but with a focus on workload architectures that include AKS. If you’re just starting an architecture that includes AKS or have one already in production, using the checklists and recommendations from this guide can help you identify opportunities to optimize your solution and to make sure you stay on the right path.

 

Scenario

The application development team you work with is nearing completion of containerizing your organization's internal charity donation campaign site and you’re responsible for architecting the Azure application platform that will host it. You’ve selected Azure Kubernetes Service cluster to be the application platform for the workload and you’re familiar with Microsoft's AKS baseline reference architecture as a starting point. Your team has prioritized the cost optimization and security pillars as your primary workload decision drivers; as this application only gets periodic usage and doesn’t generate revenue, but when it is running it needs to maintain a rigorous security level and should only be accessible by employees.

 

As a solution architect, you’ll need to consider the AKS cluster operator's role of providing a cost effective, yet secure, application platform that supports the site's business requirements. Likewise, you’ll need to consider how the development team plans on using Kubernetes-native features to host the workload in a serviceable, scalable, and secure way. You can use the Well-Architected Azure Kubernetes Service (AKS) guide for simple and direct advice for both AKS cluster operators & Kubernetes developers.

 

Combining the Well-Architected Framework's overall guiding tenets with the Well-Architected Azure Kubernetes Service guide for security and cost optimization, plus considering key recommendations items from the other three pillars, you ensure the site's architecture aligns to the guidance. For example, you identify key Azure Policies that should be in place that enforce decisions like the use of internal load balancers, Microsoft Defender for Containers, and that every workload reports metrics to support efficient cluster and pod autoscaling.

 

Using these self-service solutions has helped you produce an architecture that achieves your cost objectives and security requirements. You’re able to scale your internal charity site to a minimum footprint during non-campaign months and you’ve met . You add a backlog item to revisit the guidance periodically to make sure your site's architecture is incorporating any new recommendations and to evaluate any architectural changes made to the site since the last review.

 

Related Azure Well-Architected service guides

Like all application platforms, Azure Kubernetes Service is rarely deployed without supporting Azure resources such as Layer 7 gateways or a dedicated container registry. Check out the Azure Well-Architected service guides for those other services that are in your workload's architecture. For example:

• Azure Application Gateway for fronting web applications hosted in Azure Kubernetes Service
• Azure Container Registry for secure storage of Helm charts and container images
• Azure Firewall for egress traffic control

 

Structured workload reviews

If you’re looking for a more structured review experience, one that can track progress over time, be sure to assess your Azure Kubernetes Service workload in the Azure Well-Architected Review assessment. Also contact your Microsoft Partner or Microsoft architect to help perform a personalized and guided review across one or more pillars.

 

Author Bio

Chad Kittel is a Principal Software Engineer who creates technical assets to support architecture guidance across Microsoft Docs. He also leads the architecture review process for Azure Architecture Center's contributor success program.

 

For more information about the Well-Architected initiative, please click here.