Azure Kubernetes Service (AKS)

Edge Essentials
Azure Kubernetes Service (AKS) hybrid options on Windows

Deploy your Linux and/or Windows containerized workloads

AKS hybrid options on Windows

Azure Arc control plane to manage your cluster in Azure Standard kubectl to manage your cluster using PowerShell

CNCF-conformant Kubernetes platform

PowerShell cmdlets and agents to enable provisioning and control of VMs and infra

Windows 10/11 ( IoT Enterprise / Enterprise / Pro ) and Windows Server

Edge computing devices (with 8GB+ RAM)

Azure Kubernetes Service Edge Essentials (AKS EE) architecture

AKS Edge Essentials

Mariner VM Windows VM (Optional)

Built from EFLOW Base

K8s/K3s Azure containers User containers User containers

Linux Worker

Any Linux Windows container

Flux & other Azure agents K8s/K3s
K8s/K3s
Windows Worker
Control Plane Any Linux Windows container
Arc-Connected Cluster
Mariner User Any Linux Windows container

Mariner kernel Windows

Windows Host OS (with Hyper-V) as “Type-1” Hypervisor

Hardware
AKS Edge Essentials architecture

Interop AKS EE
AKS EE Mariner VM AKS EE Windows VM (Optional)
Built from EFLOW Base
Windows native applications
K8s/K3s Azure containers User containers User containers
Linux Worker

Any Linux Windows container

K8s/K3s
Edge Console Win32 .NET UWP K8s/K3s Flux & other Azure agents
Windows Worker
Browser App App App App Control Plane Any Linux Windows container
Arc-Connected Cluster
Mariner User Any Linux Windows container

Windows User APIs

Mariner kernel Windows

AKS EE Installer, PowerShell, and agent

Windows

Hardware
 Azure Resource Manager Deploy Cluster extensions Deploy your own workloads OS and VM Updates
Build and manage cloud deployments Azure Monitor GitOps
directly from the Azure portal Monitor servers in Azure, machines Manage your desired state Windows Update
on-premises or at other cloud providers. Kubernetes cluster Get the latest fixes,
PR Pipeline App repository configurations with Git updates and security
improvements
Azure Policy
Enforce organizational standards and assess
compliance at-scale.

Azure App Service CI Pipeline CD Pipeline GitOps repository

Quickly build, deploy, and scale web apps
and APIs on Kubernetes or Azure. Microsoft Artifact Registry
Build, store, and manage container
artifacts for your deployments

Azure Arc

Cluster User Flux

extensions workloads Pull cluster desired state

Deploy AKS-IoT on a
Containerized workloads
device like an application
From cloud
AKS EE Kubernetes Platform
to edge
and back K8s/K3s
Connected via
Azure Arc-enabled Kubernetes
Windows VM
Linux VM
(optional)

Connected via
Azure Arc-enabled servers
Windows Host OS (with Hyper-V)

Hardware
 Azure Resource Manager Deploy Cluster extensions Deploy your own workloads OS and VM Updates
Build and manage cloud deployments Azure Monitor GitOps
directly from the Azure portal Monitor servers in Azure, machines Manage your desired state Windows Update
on-premises or at other cloud providers. Kubernetes cluster Get the latest fixes,
PR Pipeline App repository configurations with Git updates and security
improvements
Azure Policy
Enforce organizational standards and assess
compliance at-scale.

Azure App Service CI Pipeline CD Pipeline GitOps repository

Quickly build, deploy, and scale web apps
and APIs on Kubernetes or Azure. Microsoft Artifact Registry
Build, store, and manage container
artifacts for your deployments

Azure Arc

Cluster User Flux

extensions workloads

Deploy AKS-IoT on a
Containerized workloads
device like an application Cache containers Cache updates
From cloud
AKS EE Kubernetes Platform
to edge
and back K8s/K3s On-premises, user-owned private
Connected via
Container Registry
Azure Arc-enabled Kubernetes
Windows VM
Linux VM Pull cluster
(optional) desired state
Windows Server Update Services
(WSUS) enables IT admins to
deploy Microsoft updates.
GitOps repository

Windows Host OS (with Hyper-V)

Hardware Disconnected on-premises

On a managed VM
With a managed VM you do not need to manage two operating systems

Use your choice of world-class Windows management & Use Azure to manage all your Containers and
deployment tools for device config and updates Kubernetes configs across cloud and on-prem with Arc-enabled Kubernetes

Remote Remote Image building

Desktop PowerShell and Reflash

Endpoint Azure Arc- Ecosystem of AKS Edge Essentials

Manager enabled servers MDMs & Tooling

Mariner VM Windows VM (Optional)

Built from EFLOW Base

K8s/K3s Azure containers User containers User containers

Linux Worker

VM Policies Any Linux Windows container

VM config and A/B VM Update Flux & other Azure agents K8s/K3s
K8s/K3s
packages including Mariner OS + Windows Worker
Control Plane Any Linux Windows container
Kubernetes patches Arc-Connected Cluster
Mariner User Any Linux Windows container

Mariner kernel Windows

OS Polices
OS Configurations, Updates, Windows Host OS (with Hyper-V) as “Type-1” Hypervisor
and Certificates

Hardware
Azure Kubernetes Service Edge Essentials (AKS EE)
Single Node Cluster with Internal Virtual Switch network architecture

AKS Edge Essentials (AKS EE) single node cluster

AKS EE Mariner VM AKS EE Windows VM

(Optional)
K8s/K3s
Linux Worker

K8s/K3s K8s/K3s
Linux Control Plane Windows Worker

Mariner kernel Windows OS

Linux VM Windows VM
Network Adapter Network Adapter
(virtual NIC) (virtual NIC)
192.168.0.2 192.168.0.3
External network
(10.0.0.0/24)

aksedgesw-int
Hyper-V Internal
Virtual Switch

Hyper-V Host
Network Adapter Network address Physical Network Adapter
(virtual NIC) translation (NAT) 10.0.0.2
Windows 192.168.0.1
Hyper-V Host

Hardware (physical)
Azure Kubernetes Service Edge Essentials (AKS EE)
Multi-Machine Cluster with External Virtual Switch network architecture
AKS Edge Essentials (AKS EE) - Device 1 AKS Edge Essentials (AKS EE) - Device 2

AKS EE Mariner VM AKS EE Windows VM AKS EE AKS EE Mariner VM AKS EE Windows VM

(Optional) multi-node cluster (Optional)
K8s/K3s K8s/K3s
Linux Worker Linux Worker

K8s/K3s K8s/K3s K8s/K3s K8s/K3s

Linux Control Plane Windows Worker Linux Control Plane Windows Worker

Mariner kernel Windows OS Mariner kernel Windows OS

Linux VM Windows VM Linux VM Windows VM

Network Adapter Network Adapter Network Adapter Network Adapter
(virtual NIC) (virtual NIC) (virtual NIC) (virtual NIC)
192.168.0.101 192.168.0.102 192.168.0.103 192.168.0.104

aksedgesw-ext aksedgesw-ext
Hyper-V External Virtual Switch Hyper-V External Virtual Switch

Hyper-V Host Hyper-V Host

vEthernet vEthernet
Windows Hyper- Network Adapter Network Adapter Windows Hyper-
Physical Physical 192.168.0.3
192.168.0.2
V Host Network Adapter Network Adapter V Host

Physical hardware Physical hardware

External network (192.168.0.0/24)

Azure Kubernetes Service Edge Essentials (AKS EE)
Storage options

Azure Arc-enabled Kubernetes cluster

Linux/Windows Worker node Linux/Windows Worker node

Storage Class
Pod Pod
PVC uses Storage Class to
dynamically provision
Persistent Volumes
Persistent Volume Claim (PVC) Persistent Volume Claim (PVC)

Persistent Volume (PV)

Storage infrastructure type selected at deployment time

External Plugins Remote on-premises Local Kubernetes worker node

StorageClass Provisioners StorageClass Provisioners StorageClass Provisioner

NFS
Support for 3rd Local-Path
SMB*
party plug-ins: (NVMe, SSD,
Host File &
Longhorn HDD)
Folder sharing*
OpenEBS

Storage infrastructure bases on Kubernetes StorageClass

Azure Kubernetes Service Edge Essentials (AKS EE)
Networking – Comparison by deployment type

Single Machine Scalable Cluster

Type of Virtual switch Internal External
Virtual switch creation Automatic Automatic Based on NetAdapterName
IP address assignment Automatic – Addresses defined Static IP addresses
Outbound connections Using NAT Directly using Physical Net Adapter
Inbound connections Not reachable Using Node IP Address
K8s – Calico K8s – Calico
Network Plugin
K3s – Flannel K3s – Flannel
DNS Configurable – If not provided, use Windows host DNS servers Configurable – If not provided, use Windows host DNS servers
Proxy Configurable – http_proxy, https_proxy & no_proxy Configurable – http_proxy, https_proxy & no_proxy
Offline deployment Available Available
Service IP range If ServiceIPRangeSize is defined, will start at 192.168.0.4 Both ServiceIPRangeStart and ServiceIPRangeSize can be defined
Static MAC Address Available Available
Network MTU Available Available
 AKS EE multi-node cluster

AKS EE Node 1 AKS EE Node 2 AKS EE Node 3

Industrial
AKS EE Mariner VM AKS EE Mariner VM AKS EE Mariner VM Camera
RTSP Simulator RTSP Simulator RTSP Simulator

OPC UA Publisher OPC UA Publisher OPC UA Publisher

Influx DB Influx DB Influx DB

Edge AI Inferencing Edge AI Inferencing Edge AI Inferencing

K8s/K3s K8s/K3s K8s/K3s

Linux Control Plane & Worker Linux Control Plane & Worker Linux Control Plane & Worker

Mariner kernel Mariner kernel Mariner kernel

Motor

aksedgesw-ext aksedgesw-ext aksedgesw-ext

Hyper-V External Virtual Switch Hyper-V External Virtual Switch Hyper-V External Virtual Switch

Windows IoT Enterprise LTSC Windows IoT Enterprise LTSC Windows IoT Enterprise LTSC

ThinkEdge S30 ThinkEdge S30 ThinkEdge S30

External Private network

Akri Architecture

Edge Cluster
Control Plane etcd
kind: Configuration
Configuration CRD metadata:
Kubernetes
Akri Controller name: akri-<protocol>
Scheduler <protocol> spec:
Configuration
discoveryHandler:
name: <protocol>
brokerSpec:
Instance CRD
containers:
<protocol> - name: custom-broker
API Server Instance image: “ghcr.io/...”

...

Node
<protocol> Custom <protocol>
Kubernetes
Akri Agent Discovery Broker
Scheduler
Handler
Leaf Device