Published
August 1, 2025

Work smarter, not harder: AKS cluster deployment and maintenance with Palette

Adelina Simion
Adelina Simion
Documentation & Education Manager

There are many advantages to using Palette to manage Kubernetes Infrastructure as a Service (IaaS) clusters, and these have been covered in detail in several of our blog posts. Two excellent resources on this topic are the Choosing an enterprise Kubernetes platform: an analyst's guide webinar and the Kubernetes Day 2 Operations with Cluster Profiles blog.

However, you’ve probably already heard that with managed Kubernetes services, like EKS, AKS and GKE, deployments are much smoother to deploy and maintain. You don’t need all the help of a K8s management platform in environments where the complexity is offloaded to the public cloud provider. Riiiight???!!! 

The reality is that managed Kubernetes deployments are also complex and require extensive cloud infrastructure knowledge. This blog post explores how Palette streamlines operations on managed Kubernetes clusters, taking a closer look at cluster deployment on Azure Kubernetes Service (AKS). 

By the end we promise you’ll have a good answer to the question “Why should you care about Palette when using a managed Kubernetes solution like AKS?”.

Peeking under the AKS hood

In clusters deployed by AKS, Azure handles and abstracts away the complexities of the control plane, including high availability, security, and scalability. It also maintains etcd, which is a key-value store for cluster configurations. The scheduler and controller manager continuously monitor and drive the cluster state. 

The customer (that’s you) manages the worker nodes, including the health of deployed apps and container behavior. The API server acts as the main control interface and communicates with the kubelet agent responsible for starting and managing pods. The kubelet agent must be deployed on every node and be running before other containers start operating. The kube-proxy DaemonSet provides service discovery, routing, and load balancing. A kube-proxy pod must be deployed on every node. 

AKS managed resources vs customer managed resources

AKS installs kube-proxy and kubelet on every worker node, making it much less time-consuming to deploy a cluster. One of the main reasons to opt for AKS when first starting with Kubernetes is that it makes deploying clusters much faster and easier. 

However, once the AKS cluster deployment is complete, the customer (again, that’s you) manages the worker nodes that run the application workloads. This responsibility requires sufficient Azure and Kubernetes infrastructure knowledge to handle various advanced operational tasks. 

The following table contains some of these tasks and how to use the Azure CLI, where possible.

Task What you need to do
Provision and configure node pools Define node pools in AKS using az aks nodepool add or Infrastructure as Code (IaC) solutions such as Terraform.

Specify VM sizes (e.g., Standard_DS2_v2, Standard_NC6s_v3 for GPU computing), OS types (Ubuntu, Windows, Azure Linux), availability zones, and node labels or taints.
Manage node scaling and autoscaler behavior Configure cluster autoscaler via the --enable-cluster-autoscaler flag or through IaC solutions, specifying --min-count and --max-count for node pools.

Ensure readiness probes and PodDisruptionBudgets (PDBs) are set to prevent service disruption during autoscaling events.
Handle OS and node image upgrades Initiate node image upgrades using az aks nodepool upgrade or set up automatic node image updates via --enable-node-public-upgrade.

Upgrade OS patches, kubelet, and kube-proxy versions. Maintain node capacity during rolling updates, and drain nodes safely using kubectl drain or AKS node cordon scripts.
Implement monitoring and logging Enable and configure Azure Monitor for Containers, which provides insights into node CPU, memory, disk usage, kubelet status, pod availability, and controller behavior.

Integrate with Prometheus and Grafana via open-source Helm charts or Azure-managed Grafana, and use Azure Alerts and Log Analytics queries for proactive notifications.

Enable Container Insights to ship logs from the AKS control plane, kubelet, and container errors to Azure Log Analytics.
Secure node networking and IP allocation Based on the choice of IP management model, choose between Azure CNI and Kubenet.

Integrate Azure Firewall or Private Link for controlled egress and internal access.
Apply node and workload security best practices Encrypt node OS disks using Azure Disk Encryption with customer-managed keys (CMK).

Deploy hardened node images using a custom image gallery or Azure-published secure baselines.

Apply Microsoft Defender for Containers for node and container vulnerability scanning.

In other words, managing AKS clusters remains almost as complex as managing Kubernetes clusters on pure IaaS, despite AKS’s managed control plane. While Azure handles critical components such as the API server, all node-level responsibilities fall to the customer. This means that you are still responsible for configuring, maintaining, securing, and scaling the infrastructure that runs your workloads. The illusion of simplicity fades once the cluster begins supporting real-world production systems.

Palette and AKS

As you can see, there is no easy road to Kubernetes cluster deployment. While AKS does significantly lighten the initial load, you still must carry a multitude of burdens. What you have seen in this blog is far from the good life you imagined at the start! 

At the risk of getting a little salesy on you, Palette's workflows significantly simplify the configuration and maintenance of AKS clusters. It supports the creation, management, and operation of AKS clusters, including the following integrations: 

  • Azure cloud accounts
  • Custom storage
  • OIDC integration with Microsoft Entra ID
  • Network configurations 

First, you create infrastructure cluster profiles to standardize deployments and manage configurations declaratively. These profiles provide the infrastructure stack that will be used to deploy the worker nodes, outlining an OS layer, Kubernetes version, CNI, and CSI layer. 

Cluster profiles can also contain add-on layers that deploy custom workloads. They can be specified using packs, Helm charts, or manifests. The Spectro Cloud registries contain packs for popular open-source solutions such as Prometheus, Redis, and Postgres

The following cluster profile deploys an infrastructure profile and an add-on pack with the Hello Universe demo application.

AKS cluster deployment

Palette also manages versions and updates based on these cluster blueprints. Spectro Cloud publishes updates to packs and facilitates cluster updates, enabling you to upgrade your nodes with a single click. It also supports multiple Kubernetes versions for AKS, typically following the N-3 minor version policy (current and three previous minor versions), with support extended for 14 months. Palette also automatically performs rolling updates to worker nodes, removing the need to drain and cordon nodes manually.

Once you have created the cluster profile, you can deploy as many clusters as you want, by configuring the region, instance type, OS type, and disk size of the worker pools to be deployed. Palette also allows you to deploy Windows workloads on AKS by enabling you to add Windows node pools to your clusters. 

After providing the required configuration, Palette deploys the AKS control plane and configures worker nodes without further input. Additionally, it deploys the Palette agent to poll for the health of the nodes and report it in the Palette UI, removing the need for you to integrate monitoring and logging solutions. 

It’s worth noting that while in this blog we’re demonstrating operations using the UI, you can also programmatically create AKS clusters using the Palette API and the Spectro Cloud Terraform provider.

Creating AKSn cluster with Palette API

Finally, you can manage the worker nodes directly from Palette as well. You can add worker nodes and node pools, change instance types, resize disk allocations, and apply node labels, taints, and tolerations. Additionally, worker node pools support autoscaler configurations, which integrate with the Azure Autoscaler

This administration tab is a powerful tool for the worker node management operations for which AKS customers are responsible. Palette applies your configurations in this pane to the Kubernetes resources deployed to your worker nodes. Additionally, the Palette dashboard allows you to manage all your clusters from a single central location so that you can review and apply these configurations across all your clusters.

Managing your AKS cluster from a single central location

Finally, Palette provides functionality to ensure your workloads remain secure, helping you implement and maintain security best practices on your clusters. This security feature is another maintenance burden you don’t have to worry about. You can run compliance, security, conformance, and software bill of materials (SBOM) scans on a schedule or on demand. All completed scan reports are available in the Palette UI, allowing you to track the evolution of your cluster security. You can then download your reports in CSV or PDF formats.

Try it for yourself

Palette manages all the resources it deploys and helps alleviate some of the burden of managing an AKS cluster by providing the tools to make these configurations on all your worker nodes. 

Adopting Palette with your AKS workloads saves you considerable time and effort. If you consider that Kubernetes minor releases happen roughly every four months, you would have to perform the complex worker node maintenance we discussed so far three times every year, without counting any urgent patches or security vulnerabilities that you may have to address. Taking a conservative estimate of 1 day’s engineering effort to perform the upgrade, your team will be using 3 days per year to upgrade just a single cluster. Of course, this number skyrockets for large production environments with many clusters, which often have different custom configurations applied as well. Palette can save you a lot of hassle and engineering costs.

AKS manages the control plane, and Palette manages the rest, allowing you to get the best of both worlds. You can now leverage the Azure ecosystem, using advantages such as AKS integrated services support and autoscaler, while also offloading the management of worker nodes from your teams to Palette. Now that’s what I call the good life!

Once you have familiarized yourself with the Palette workflows, you will be able to deploy and operate clusters on any supported cloud platform, whether public cloud providers like AWS or data center solutions like Canonical MAAS. This can make the journey to deploying multicloud and multicluster architectures significantly easier, as Palette takes care of the low-level details that you may not be familiar with yet. 

Palette also supports Azure Government regions, Microsoft’s specialized cloud offering designed to meet the strict security and compliance requirements of U.S. government agencies and their partners. You can confidently host your sensitive workloads in Palette. Additionally, if you require FIPS compliance, you can use  Palette VerteX, our self-hosted Kubernetes platform designed for regulated industries.  

If this blog has sparked your interest and you want to try Palette, contact us for a quick 1:1 demo. Our team can answer all of your Azure and AKS migration questions. 

Tags:
Developers
Docs
Managed Kuberneets
Managed Kuberneets
AKS
AKS
Subscribe to our newsletter
By signing up, you agree with our Terms of Service and our Privacy Policy