Edit

Share via

Azure Kubernetes Service for Extended Zones (preview)

  • Article

Azure Kubernetes Service (AKS) for Extended Zones provides an extensive and sophisticated set of capabilities that make it simpler to deploy and operate a fully managed Kubernetes cluster in an Extended Zone scenario.

Important

AKS preview features are available on a self-service, opt-in basis. Previews are provided "as is" and "as available," and they're excluded from the service-level agreements and limited warranty. AKS previews are partially covered by customer support on a best-effort basis. As such, these features aren't meant for production use. For more information, see the following support articles:

What are Azure Extended Zones?

Azure Extended Zones are small-footprint extensions of Azure placed in metros, industry centers, or a specific jurisdiction to serve low latency and data residency workloads. Azure Extended Zones supports virtual machines (VMs), containers, storage, and a selected set of Azure services. They can run latency-sensitive and throughput-intensive applications close to end users and within approved data residency boundaries.

Azure Extended Zones are part of the Microsoft global network that provides secure, reliable, high-bandwidth connectivity between applications that run on an Azure Extended Zone close to the user. Extended Zones address low latency and data residency by bringing all the benefits of the Azure ecosystem (access, user experience, automation, security, and more) closer to you or your jurisdiction. Azure Extended Zone sites are associated with a parent Azure region that hosts all the control plane functions associated with the services running in the extended zone.

Extended Zones use cases

Azure Extended Zones enable low latency and data residency scenarios. For example, you might want to run media editing software remotely with low latency or keep your applications' data within a specific geography for privacy, regulatory, and compliance reasons.

The following table highlights some of the industries and use cases where Azure Extended Zones can provide benefits:

Industry Use cases
Healthcare • Remote patient care
• Remote clinical education
• Pop-up care and services
Public infrastructure • Visual detection
• Critical infrastructure
• Emergency services
• Surveillance and security
Manufacturing • Real-time command and control in robotics
• Machine vision
Media and gaming • Gaming and game streaming
• Media editing, streaming, and content delivery
• Remote rendering for mixed reality and Virtual Desktop Infrastructure scenarios
Oil and gas • Oil and gas exploration
• Real-time analytics and inference via artificial intelligence and machine learning
Retail • Digital in-store experiences
• Connected worker

For more information, see the Azure Extended Zones overview.

What is AKS for Extended Zones?

AKS for Extended Zones enables organizations to meet the unique needs of extended zones while leveraging the container orchestration and management capabilities of AKS, making the deployment and management of applications hosted in extended zones much simpler. Just like a typical AKS deployment, the Azure platform is responsible for maintaining the AKS control plane and providing the infrastructure, while your organization retains control over the worker nodes that run the applications.

An architecture diagram of an AKS for Azure Extended Zones deployment, showing that the control plane is deployed in an Azure region while agent nodes are deployed in an Azure Extended Zone.

Creating an AKS for Extended Zones cluster uses an optimized architecture that is specifically tailored to meet the unique needs and requirements of Extended Zones applications and workloads. The control plane of the clusters is created, deployed, and configured in the closest Azure region, while the agent nodes and node pools attached to the cluster are located in an Azure Extended Zone. The components in an AKS for Extended Zones cluster are identical to those in a typical cluster deployed in an Azure region, ensuring that the same level of functionality and performance is maintained. For more information, see Kubernetes core concepts for AKS.

Deploy a cluster in an Azure Extended Zone location

Deploying an AKS cluster in an Azure Extended Zone is similar to deploying an AKS cluster in any other region. All resource providers provide a field named extendedLocation, which you can use to deploy resources in an Azure Extended Zone. This allows for precise and targeted deployment of your AKS cluster.

Prerequisites

  • Before you can deploy an AKS for Extended Zones cluster, your subscription needs to have access to the targeted Azure Extended Zone location. This access is provided through our onboarding process, done by following the steps outlined in the Azure Extended Zones overview.
  • Your cluster must be running Kubernetes version 1.24 or later.
  • The identity you're using to create your cluster must have the appropriate minimum permissions. For more information on access and identity for AKS, see Access and identity options for Azure Kubernetes Service (AKS).

Limitations and constraints

When deploying an AKS cluster in an Azure Extended Zone, the following limitations and constraints apply:

  • AKS for Extended Zones allows for autoscaling only up to 100 nodes in a node pool.
  • In all Azure Extended Zones, the maximum node count is 100.
  • In Azure Extended Zones, only selected VM SKUs are offered.

You use the extendedLocation parameter to specify the desired Azure Extended zone in an ARM template.

"extendedLocation": {
    "name": "<extended-zone-id>",
    "type": "EdgeZone",
},

The following ARM template deploys a new cluster in an Azure Extended Zone.

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "metadata": {
    "_generator": {
      "name": "bicep",
      "version": "0.9.1.41621",
      "templateHash": "2637152180661081755"
    }
  },
  "parameters": {
    "clusterName": {
      "type": "string",
      "defaultValue": "myAKSCluster",
      "metadata": {
        "description": "The name of the Managed Cluster resource."
      }
    },
    "location": {
      "type": "string",
      "defaultValue": "[resourceGroup().location]",
      "metadata": {
        "description": "The location of the Managed Cluster resource."
      }
    },
    "edgeZoneName": {
      "type": "String",
      "metadata": {
        "description": "The name of the Azure Extended Zone"
      }
    },
    "dnsPrefix": {
      "type": "string",
      "metadata": {
        "description": "Optional DNS prefix to use with hosted Kubernetes API server FQDN."
      }
    },
    "osDiskSizeGB": {
      "type": "int",
      "defaultValue": 0,
      "maxValue": 1023,
      "minValue": 0,
      "metadata": {
        "description": "Disk size (in GB) to provision for each of the agent pool nodes. This value ranges from 0 to 1023. Specifying 0 will apply the default disk size for that agentVMSize."
      }
    },
    "agentCount": {
      "type": "int",
      "defaultValue": 3,
      "maxValue": 50,
      "minValue": 1,
      "metadata": {
        "description": "The number of nodes for the cluster."
      }
    },
    "agentVMSize": {
      "type": "string",
      "defaultValue": "standard_d2s_v3",
      "metadata": {
        "description": "The size of the Virtual Machine."
      }
    },
    "linuxAdminUsername": {
      "type": "string",
      "metadata": {
        "description": "User name for the Linux Virtual Machines."
      }
    },
    "sshRSAPublicKey": {
      "type": "string",
      "metadata": {
        "description": "Configure all linux machines with the SSH RSA public key string. Your key should include three parts, for example 'ssh-rsa AAAAB...snip...UcyupgH azureuser@linuxvm'"
      }
    }
  },
  "resources": [
    {
      "type": "Microsoft.ContainerService/managedClusters",
      "apiVersion": "2022-05-02-preview",
      "name": "[parameters('clusterName')]",
      "location": "[parameters('location')]",
      "extendedLocation": {
        "name": "[parameters('edgeZoneName')]",
        "type": "EdgeZone"
      }
      "identity": {
        "type": "SystemAssigned"
      },
      "properties": {
        "dnsPrefix": "[parameters('dnsPrefix')]",
        "agentPoolProfiles": [
          {
            "name": "agentpool",
            "osDiskSizeGB": "[parameters('osDiskSizeGB')]",
            "count": "[parameters('agentCount')]",
            "vmSize": "[parameters('agentVMSize')]",
            "osType": "Linux",
            "mode": "System"
          }
        ],
        "linuxProfile": {
          "adminUsername": "[parameters('linuxAdminUsername')]",
          "ssh": {
            "publicKeys": [
              {
                "keyData": "[parameters('sshRSAPublicKey')]"
              }
            ]
          }
        }
      }
    }
  ],
  "outputs": {
    "controlPlaneFQDN": {
      "type": "string",
      "value": "[reference(resourceId('Microsoft.ContainerService/managedClusters', parameters('clusterName'))).fqdn]"
    }
  }
}

If you're unfamiliar with ARM templates, see the tutorial on deploying a local ARM template.

Next steps

After deploying your AKS cluster in an Azure Extended Zone, learn about AKS cluster configuration options.