What is Azure Kubernetes Service (AKS) Automatic (preview)?
Applies to: ✔️ AKS Automatic (preview)
Azure Kubernetes Service (AKS) Automatic offers an experience that makes the most common tasks on Kubernetes fast and frictionless, while preserving the flexibility, extensibility, and consistency of Kubernetes. Azure takes care of your cluster setup, including node management, scaling, security, and preconfigured settings that follow AKS well-architected recommendations. Automatic clusters dynamically allocate compute resources based on your specific workload requirements and are tuned for running production applications.
Production ready by default: Clusters are preconfigured for optimal production use, suitable for most applications. They offer fully managed node pools that automatically allocate and scale resources based on your workload needs. Pods are bin packed efficiently, to maximize resource utilization.
Built-in best practices and safeguards: AKS Automatic clusters have a hardened default configuration, with many cluster, application, and networking security settings enabled by default. AKS automatically patches your nodes and cluster components while adhering to any planned maintenance schedules.
Code to Kubernetes in minutes: Go from a container image to a deployed application that adheres to best practices patterns within minutes, with access to the comprehensive capabilities of the Kubernetes API and its rich ecosystem.
AKS Automatic and Standard feature comparison
The following table provides a comparison of options that are available, preconfigured, and default in both AKS Automatic and AKS Standard. For more information on whether specific features are available in Automatic, you may need to check the documentation for that feature.
Pre-configured features are always enabled and you can't disable or change their settings. Default features are configured for you but can be changed. Optional features are available for you to configure and are not enabled by default.
Application deployment, monitoring, and observability
Application deployment can be streamlined using automated deployments from source control, which creates Kubernetes manifest and generates CI/CD workflows. Additionally, the cluster is configured with monitoring tools such as Managed Prometheus for metrics, Managed Grafana for visualization, and Container Insights for log collection.
| Option | AKS Automatic | AKS Standard |
|---|---|---|
| Application deployment | Optional:
|
Optional:
|
| Monitoring, logging, and visualization | Default:
|
Optional:
|
Node management, scaling, and cluster operations
Node management is automatically handled without the need for manual node pool creation. Scaling is seamless, with nodes created based on workload requests. Additionally, features for workload scaling like Horizontal Pod Autoscaler (HPA), Kubernetes Event Driven Autoscaling (KEDA), and Vertical Pod Autoscaler (VPA) are enabled. Clusters are configured for automatic node repair, automatic cluster upgrades, and detection of deprecated Kubernetes standard API usage. You can also set a planned maintenance schedule for upgrades if needed.
| Option | AKS Automatic | AKS Standard |
|---|---|---|
| Node management | Pre-configured: AKS Automatic manages the node pools using Node Autoprovisioning. | Default: You create and manage system and user node pools Optional: AKS Standard manages user node pools using Node Autoprovisioning. |
| Scaling | Pre-configured: AKS Automatic creates nodes based on workload requests using Node Autoprovisioning. Horizontal Pod Autoscaler (HPA), Kubernetes Event Driven Autoscaling (KEDA), and Vertical Pod Autoscaler (VPA) are enabled on the cluster. |
Default: Manual scaling of node pools. Optional: |
| Cluster tier | Pre-configured: Standard tier cluster with up to 5,000 nodes and a cluster uptime Service Level Agreement (SLA). | Default: Free tier cluster with 10 nodes but can support up to 1,000 nodes. Optional:
|
| Node operating system | Pre-configured: Azure Linux | Default: Ubuntu Optional: |
| Node resource group | Pre-configured: Fully managed node resource group to prevent accidental or intentional changes to cluster resources. | Default: Unrestricted Optional: Read only with node resource group lockdown (preview) |
| Node auto-repair | Pre-configured: Continuously monitors the health state of worker nodes and performs automatic node repair if they become unhealthy. | Pre-configured: Continuously monitors the health state of worker nodes and performs automatic node repair if they become unhealthy. |
| Cluster upgrades | Pre-configured: Clusters are automatically upgraded. | Default: Manual upgrade. Optional: Automatic upgrade using a selectable upgrade channel. |
| Kubernetes API breaking change detection | Pre-configured: Cluster upgrades are stopped on detection of deprecated Kubernetes standard API usage. | Pre-configured: Cluster upgrades are stopped on detection of deprecated Kubernetes standard API usage. |
| Planned maintenance windows | Default: Set planned maintenance schedule configuration to control upgrades. | Optional: Set planned maintenance schedule configuration to control upgrades. |
Security and policies
Cluster authentication and authorization use Azure Role-based Access Control (RBAC) for Kubernetes authorization and applications can use features like workload identity with Microsoft Entra Workload ID and OpenID Connect (OIDC) cluster issuer to have secure communication with Azure services. Deployment safeguards enforce Kubernetes best practices through Azure Policy controls and the built-in image cleaner removes unused images with vulnerabilities, enhancing image security.
| Option | AKS Automatic | AKS Standard |
|---|---|---|
| Cluster authentication and authorization | Pre-configured: Azure RBAC for Kubernetes authorization for managing cluster authentication and authorization using Azure role-based access control. | Default: Local accounts. Optional: |
| Cluster security | Pre-configured: API server virtual network integration enables network communication between the API server and the cluster nodes over a private network without requiring a private link or tunnel. | Optional: API server virtual network integration enables network communication between the API server and the cluster nodes over a private network without requiring a private link or tunnel. |
| Application security | Pre-configured: | Optional: |
| Image security | Pre-configured: Image cleaner to remove unused images with vulnerabilities. | Optional: Image cleaner to remove unused images with vulnerabilities. |
| Policy enforcement | Pre-configured: Deployment safeguards that enforce Kubernetes best practices in your AKS cluster through Azure Policy controls. | Optional: Deployment safeguards enforce Kubernetes best practices in your AKS cluster through Azure Policy controls. |
Networking
AKS Automatic clusters use managed Virtual Network powered by Azure CNI Overlay with Cilium for high-performance networking and robust security. Ingress is handled by managed NGINX using the application routing add-on, integrating seamlessly with Azure DNS and Azure Key Vault. Egress uses a managed NAT gateway for scalable outbound connections. Additionally, you have the flexibility to enable Azure Service Mesh (Istio) ingress or bring your own service mesh.
| Option | AKS Automatic | AKS Standard |
|---|---|---|
| Virtual network | Pre-configured: Managed Virtual Network using Azure CNI Overlay powered by Cilium combines the robust control plane of Azure CNI with the data plane of Cilium to provide high-performance networking and security. | Default: Managed Virtual Network with kubenet Optional: |
| Ingress | Pre-configured: Managed NGINX using the application routing add-on with integrations for Azure DNS and Azure Key Vault. Optional:
|
Optional:
|
| Egress | Pre-configured: AKS managed NAT gateway for a scalable outbound connection flows | Default: Azure Load Balancer Optional: |
| Service mesh | Optional:
|
Optional:
|
Next steps
To learn more about AKS Automatic, follow the quickstart to create a cluster.
Azure Kubernetes Service