What is Azure Kubernetes Service (AKS) Automatic (preview)?

Applies to: ✔️ AKS Automatic (preview)

Azure Kubernetes Service (AKS) Automatic offers an experience that makes the most common tasks on Kubernetes fast and frictionless, while preserving the flexibility, extensibility, and consistency of Kubernetes. Azure takes care of your cluster setup, including node management, scaling, security, and preconfigured settings that follow AKS well-architected recommendations. Automatic clusters dynamically allocate compute resources based on your specific workload requirements and are tuned for running production applications.

  • Production ready by default: Clusters are preconfigured for optimal production use, suitable for most applications. They offer fully managed node pools that automatically allocate and scale resources based on your workload needs. Pods are bin packed efficiently, to maximize resource utilization.

  • Built-in best practices and safeguards: AKS Automatic clusters have a hardened default configuration, with many cluster, application, and networking security settings enabled by default. AKS automatically patches your nodes and cluster components while adhering to any planned maintenance schedules.

  • Code to Kubernetes in minutes: Go from a container image to a deployed application that adheres to best practices patterns within minutes, with access to the comprehensive capabilities of the Kubernetes API and its rich ecosystem.

AKS Automatic and Standard feature comparison

The following table provides a comparison of options that are available, preconfigured, and default in both AKS Automatic and AKS Standard. For more information on whether specific features are available in Automatic, you may need to check the documentation for that feature.

Pre-configured features are always enabled and you can't disable or change their settings. Default features are configured for you but can be changed. Optional features are available for you to configure and are not enabled by default.

Application deployment, monitoring, and observability

Application deployment can be streamlined using automated deployments from source control, which creates Kubernetes manifest and generates CI/CD workflows. Additionally, the cluster is configured with monitoring tools such as Managed Prometheus for metrics, Managed Grafana for visualization and Container Insights for log collection.

Option AKS Automatic AKS Standard
Application deployment Optional:
  • Use automated deployments to containerize applications from source control, create Kubernetes manifests, and continuous integration/continuous deployment (CI/CD) workflows.
  • Create deployment pipelines using GitHub Actions for Kubernetes.
  • Bring your own CI/CD pipeline.
Optional:
  • Use automated deployments to containerize applications from source control, create Kubernetes manifests, and continuous integration/continuous deployment (CI/CD) workflows.
  • Create deployment pipelines using GitHub Actions for Kubernetes.
  • Bring your own CI/CD pipeline.
Monitoring, logging, and visualization Default: Optional:

Node management, scaling, and cluster operations

Node management is automatically handled without the need for manual node pool creation. Scaling is seamless, with nodes created based on workload requests. Additionally, features for workload scaling like Horizontal Pod Autoscaler (HPA), Kubernetes Event Driven Autoscaling (KEDA), and Vertical Pod Autoscaler (VPA) are enabled. Clusters are configured for automatic node repair, automatic cluster upgrades, and detection of deprecated Kubernetes standard API usage. You can also set a planned maintenance schedule for upgrades if needed.

Option AKS Automatic AKS Standard
Node management Pre-configured: AKS Automatic manages the node pools using Node Autoprovisioning. Default: You create and manage system and user node pools
Optional: AKS Standard manages user node pools using Node Autoprovisioning.
Scaling Pre-configured: AKS Automatic creates nodes based on workload requests using Node Autoprovisioning.
Horizontal Pod Autoscaler (HPA), Kubernetes Event Driven Autoscaling (KEDA), and Vertical Pod Autoscaler (VPA) are enabled on the cluster.
Default: Manual scaling of node pools.
Optional:
Cluster tier Pre-configured: Standard tier cluster with up to 5,000 nodes and a cluster uptime Service Level Agreement (SLA). Default: Free tier cluster with 10 nodes but can support up to 1,000 nodes.
Optional:
Node operating system Pre-configured: Azure Linux Default: Ubuntu
Optional:
Node resource group Pre-configured: Fully managed node resource group to prevent accidental or intentional changes to cluster resources. Default: Unrestricted
Optional: Read only with node resource group lockdown (preview)
Node auto-repair Pre-configured: Continuously monitors the health state of worker nodes and performs automatic node repair if they become unhealthy. Pre-configured: Continuously monitors the health state of worker nodes and performs automatic node repair if they become unhealthy.
Cluster upgrades Pre-configured: Clusters are automatically upgraded. Default: Manual upgrade.
Optional: Automatic upgrade using a selectable upgrade channel.
Kubernetes API breaking change detection Pre-configured: Cluster upgrades are stopped on detection of deprecated Kubernetes standard API usage. Pre-configured: Cluster upgrades are stopped on detection of deprecated Kubernetes standard API usage.
Planned maintenance windows Default: Set planned maintenance schedule configuration to control upgrades. Optional: Set planned maintenance schedule configuration to control upgrades.

Security and policies

Cluster authentication and authorization use Azure Role-based Access Control (RBAC) for Kubernetes authorization and applications can use features like workload identity with Microsoft Entra Workload ID and OpenID Connect (OIDC) cluster issuer to have secure communication with Azure services. Deployment safeguards enforce Kubernetes best practices through Azure Policy controls and the built-in image cleaner removes unused images with vulnerabilities, enhancing image security.

Option AKS Automatic AKS Standard
Cluster authentication and authorization Pre-configured: Azure RBAC for Kubernetes authorization for managing cluster authentication and authorization using Azure role-based access control. Default: Local accounts.
Optional:
Cluster security Pre-configured: API server virtual network integration enables network communication between the API server and the cluster nodes over a private network without requiring a private link or tunnel. Optional: API server virtual network integration enables network communication between the API server and the cluster nodes over a private network without requiring a private link or tunnel.
Application security Pre-configured: Optional:
Image security Pre-configured: Image cleaner to remove unused images with vulnerabilities. Optional: Image cleaner to remove unused images with vulnerabilities.
Policy enforcement Pre-configured: Deployment safeguards that enforce Kubernetes best practices in your AKS cluster through Azure Policy controls. Optional: Deployment safeguards enforce Kubernetes best practices in your AKS cluster through Azure Policy controls.

Networking

AKS Automatic clusters use managed Virtual Network powered by Azure CNI Overlay with Cilium for high-performance networking and robust security. Ingress is handled by managed NGINX using the application routing add-on, integrating seamlessly with Azure DNS and Azure Key Vault. Egress uses a managed NAT gateway for scalable outbound connections. Additionally, you have the flexibility to enable Azure Service Mesh (Istio) ingress or bring your own service mesh.

Option AKS Automatic AKS Standard
Virtual network Pre-configured: Managed Virtual Network using Azure CNI Overlay powered by Cilium combines the robust control plane of Azure CNI with the data plane of Cilium to provide high-performance networking and security. Default: Managed Virtual Network with kubenet
Optional:
Ingress Pre-configured: Managed NGINX using the application routing add-on with integrations for Azure DNS and Azure Key Vault.
Optional:
Optional:
Egress Pre-configured: AKS managed NAT gateway for a scalable outbound connection flows Default: Azure Load Balancer
Optional:
Service mesh Optional: Optional:

Next steps

To learn more about AKS Automatic, follow the quickstart to create a cluster.