Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Important
Deprecation notice: This article is deprecated and is no longer being updated. To ensure only the best guidance is surfaced, this article will be deleted in May 2026.
For alternative guidance, see Azure Kubernetes Service architecture guidance in the Azure Architecture Center.
If you would like to save this guidance, you can select Download a PDF at the bottom left of this page or download the files from GitHub.
The Azure Kubernetes Services (AKS) landing zone accelerator provides a reference implementation to help you deploy AKS in an Azure landing zone. The following architecture shows how AKS integrates with shared services and aligns with the design areas.
Establish a platform foundation
A platform foundation provides shared services such as networking, identity, security, and governance. This foundation supports consistent and secure AKS deployments across your environment.
Implement a platform foundation using Azure landing zones. Use the Cloud Adoption Framework's Azure landing zone guidance to deploy shared services that include identity providers, hub-and-spoke networking, and centralized policy enforcement. This foundation simplifies security and management across your cloud environment.
Skip this step if your organization already has a platform foundation. If you already have an Azure landing zone, proceed to deploy the AKS landing zone accelerator.
AKS landing zone accelerator
This AKS landing zone accelerator includes a reference architecture that supports AKS deployments in an Azure landing zone.
Use the templates from the official GitHub repository. Use the AKS landing zone accelerator repo to access ARM templates, Bicep templates, and Terraform templates for deploying AKS infrastructure components to fit your environment. Modify environment variables and parameters to align with your organization's naming conventions, policies, and operational requirements.
Deploy the accelerator in the landing zones management group. Place the AKS workload in the appropriate subscription and management group to ensure alignment with platform governance and policy enforcement.
Evaluate the AKS design areas
Design areas help you align your AKS implementation with Azure landing zone principles. Use the following guides to evaluate and configure each area:
- Azure billing and Active Directory (if needed)
- Identity and access management
- Network topology and connectivity
- Resource organization
- Security
- Management and business continuity and disaster recovery (BCDR)
- Platform automation and DevOps
- Storage