|
| 1 | +--- |
| 2 | +title: Azure Kubernetes Service (AKS) Cloud, Edge, and On-Premises Comparison |
| 3 | +description: Compare Azure Kubernetes Service (AKS) features, capabilities, and pricing across cloud, edge, and on-premises environments to choose the best deployment for your needs. |
| 4 | +author: sethmanheim |
| 5 | +ms.topic: concept-article |
| 6 | +ms.date: 06/05/2025 |
| 7 | +ms.author: sethm |
| 8 | +ms.reviewer: rmody |
| 9 | +--- |
| 10 | + |
| 11 | +# Azure Kubernetes Service (AKS) Cloud, Edge, and on-premises comparison |
| 12 | + |
| 13 | +Azure Kubernetes Service (AKS) is a fully managed Kubernetes platform that simplifies how organizations deploy, scale, and manage containerized applications in the cloud. As customer needs evolve to span cloud, on-premises, and edge environments, AKS expands its footprint and brings the same trusted Kubernetes capabilities to a broader range of edge and on-premises infrastructure. |
| 14 | + |
| 15 | +With solutions like AKS on Azure Local, enabled by Azure Arc, organizations can now run AKS clusters closer to where their workloads and data reside whether in remote edge sites or within their own datacenters, while maintaining a consistent operational and developer experience. While AKS is delivered differently across environments, the underlying platform stays aligned in its goals, behavior, and experience. |
| 16 | + |
| 17 | +The focus is on delivering a cohesive and adaptable AKS offering that meets customers across cloud and edge, while preserving the simplicity and power that define the AKS experience. |
| 18 | + |
| 19 | +This article explores how AKS extends across multiple platforms and highlights the unique advantages and capabilities it brings to cloud, on-premises, and edge environments. |
| 20 | + |
| 21 | +> [!NOTE] |
| 22 | +> AKS enabled by Azure Arc architecture on Windows Server (2019 and 2022) isn't supported after April 2025. AKS support on Windows Server continues to evolve. For more information, see [Retirement of AKS architecture on Windows Server 2019 and Windows Server 2022](aks-windows-server-retirement.md). |
| 23 | +
|
| 24 | +## General comparison of AKS across platforms |
| 25 | + |
| 26 | +| Platform | Azure | Azure Local | Edge Essential (Windows IOT /Client/Server) | Windows Server \* | |
| 27 | +| Supported infrastructure for K8s cluster | Azure cloud | Azure Local, version 23H2 or later | Windows 10/11 IoT Enterprise<br>Windows 10/11 Enterprise<br>Windows 10/11 Pro<br>Windows Server 2019/2022 | Windows Server 2019<br>Windows Server 2022 | |
| 28 | +| CNCF conformant | Yes | Yes | Yes | Yes | |
| 29 | +| K8s cluster lifecycle management tools (create, scale, upgrade and delete clusters) | Az CLI<br>Az PowerShell<br>Azure Portal<br>ARM templates<br>Bicep<br>Bicep Kubernetes Provider<br>Azure Developer CLI | Azure Portal<br>Azure CLI<br>ARM templates<br>Bicep templates | PowerShell | PowerShell<br>Windows Admin Center | |
| 30 | +| K8s cluster management plane | AKS is a managed Kubernetes offering. AKS control plane is hosted and managed by Microsoft. AKS worker nodes are created in customer subscriptions. | Kubernetes clusters are managed through Arc Resource Bridge which is automatically created when Azure local gets deployed. | Kubernetes clusters are self-managed, to preserve resources. | Kubernetes clusters are managed using a "management cluster", that is installed using PowerShell before Kubernetes workload clusters can be created. | |
| 31 | +| Support for Kubectl or other open source K8s tool | Yes | Yes | Yes | Yes | |
| 32 | +| Supported K8s Versions | Continuous updates to supported Kubernetes versions. For latest version support, run [az aks get-versions.](/cli/azure/aks#az_aks_get_versions) | Supports K8s only.<br>For latest version support, run: [az aksarc get-versions](/cli/azure/aks#az_aks_get_versions) | Supports K3s and K8s. For the latest K8s version support, visit [steps to prepare your machine for AKS Edge Essentials](aks-edge-howto-setup-machine.md#download-aks-edge-essentials). | Supports K8s only.<br>Continuous updates to supported Kubernetes versions. For latest version support, visit [AKS hybrid releases on GitHub.](https://github.com/Azure/aksArc/releases) | |
| 33 | +| Azure Fleet Manager integration | Yes | No | No | No | |
| 34 | +| Terraform integration | Yes | Yes (Preview) | No | No | |
| 35 | +| Support for Taints and Label | Yes | Yes | Unvalidated – These settings will not persist when cluster is upgraded. | Yes | |
| 36 | +| AKS Automatic | Yes | No | No | No | |
| 37 | + |
| 38 | +## Monitoring and diagnostic capabilities |
| 39 | + |
| 40 | +| Feature | Azure Cloud | AKS on Azure Local | Edge Essential (Windows IOT /Client/Server) | Windows Server* | |
| 41 | +| Azure Monitor Container Insights | Yes | Yes, via arc Extensions | Yes, via Arc Extensions | Yes, via Arc Extensions | |
| 42 | +| Azure Monitor Managed Prometheus and Control plane metrics scraping | Yes | Yes, via arc Extensions | Yes, via arc Extensions | Yes, via arc Extensions | |
| 43 | +| Control plane Audit Logs | Yes | Yes, via arc Extensions | No | No | |
| 44 | +| Platform/Shoebox metrics | Yes | Yes, via arc Extensions | No | No | |
| 45 | +| Diagnostics log collection (local) | Yes | Yes | Yes | Yes | |
| 46 | + |
| 47 | +## Node pool capabilities |
| 48 | + |
| 49 | +| Feature | **Azure Cloud** | **AKS on Azure Local** | **Edge Essential (Windows IOT /Client/Server)** | **Windows Server\*** | |
| 50 | +| **Windows nodepool support** | Yes<br>Windows Server 2019 Datacenter<br>Windows Server 2022 Datacenter | Yes<br>Windows Server 2019 Datacenter<br>Windows Server 2022 Datacenter | Yes<br>Windows Server 2022 Datacenter (Core) | Yes<br>Windows Server 2019 Datacenter<br>Windows Server 2022 Datacenter | |
| 51 | +| **Linux OS offerings** | Ubuntu 18.04<br>Azure Linux | [CBL-Mariner](https://github.com/microsoft/CBL-Mariner) | [CBL-Mariner](https://github.com/microsoft/CBL-Mariner) | [CBL-Mariner](https://github.com/microsoft/CBL-Mariner) | |
| 52 | +| **Container Runtime** | Containerd for Linux and Windows nodes | Containerd for Linux and Windows nodes | Containerd for Linux and Windows nodes | Containerd for Linux and Windows nodes | |
| 53 | +| **Node pool auto-scaler** | Manual<br>Auto-scalar<br>Horizontal pod scalar | Manual<br>Auto-scalar | Manual | Manual<br>Auto-scalar<br>Horizontal pod scalar | |
| 54 | +| **Azure container registry** | Yes | Yes | Yes | Yes | |
| 55 | +| **Azure Container Instance** | Yes | Yes | | | |
| 56 | +| **Start/stop a Kubernetes cluster** | Yes | Yes | | | |
| 57 | +| **Virtual nodes** | Yes | Yes | | | |
| 58 | +| **Private cluster** | Yes | No | | | |
| 59 | +| **Node pool snapshot** | Yes | No | | | |
| 60 | +| **Custom node configuration** | Yes | Yes | | | |
| 61 | +| **SSH to nodes** | Yes | Yes | | | |
| 62 | +| **Availability zones** | Yes | No | | | |
| 63 | +| **Proximity placement groups** | Yes | No | | | |
| 64 | + |
| 65 | +## Networking capabilities |
| 66 | + |
| 67 | +| Feature | **Azure Cloud** | **AKS on Azure Local** | **Edge Essential (Windows IOT /Client/Server)** | **Windows Server\*** | |
| 68 | +| **Network creation and management** | By default, Azure creates a virtual network and subnet for you. You can also choose an existing virtual network to create your AKS clusters. | Setting up networking parameters is a required prerequisite to deploy AKS on Azure Local.<br>Network must have connectivity and IP address availability for successful operation of cluster | You need to provide the IP address range for node IPs and Service IPs, that are available and have the right connection. The network configuration needed for the cluster is handled by AKS. Read [AKS Edge Essentials networking](aks-edge-concept-networking.md). | You need to create the network in Windows Server before creating an AKS cluster.<br>Network must have connectivity and IP address availability for successful operation of cluster. | |
| 69 | +| **Supported networking option** | Bring your own Azure virtual network for AKS clusters | Static IP networks with/without VLAN ID | Static IP address or use reserved IPs when using DHCP | DHCP networks with/without VLAN ID<br>Static IP networks with/without VLAN ID | |
| 70 | +| **SDN support** | Not applicable since the cluster's running on Azure | Not yet | No | Yes | |
| 71 | +| **Support for Arc Gateway** | N/A (works with Azure Application Gateway) | Yes | Yes – (Support for AIO only) | No | |
| 72 | +| **Supported CNIs** | Azure CNI<br>Calico<br>Azure CNI Overlay (Cillium)<br>Bring your own CNI | Calico | Calico (K8s)<br>Flannel (K3s) | Calico | |
| 73 | +| **Service Mesh** | Istio addon | Open Service Mesh, via Arc extensions | Open Service Mesh, via Arc extensions | Open Service Mesh, via Arc extensions | |
| 74 | +| **Load Balancer** | Azure load balancer – Basic SKU or Standard SKU<br>Internal load balancer<br>Bring Your Own Load Balancer (BYOLB) | Bring your own load balancer (BYOLB)<br>MetalLB Arc Extension | KubeVIP<br>Bring your own load balancer (BYOLB) | HAProxy<br>SDN load balancer<br>Bring your own load balancer (BYOLB) | |
| 75 | +| **Customize CoreDNS** | Yes | | | | |
| 76 | + |
| 77 | +## Storage features |
| 78 | + |
| 79 | +| Feature | **Azure Cloud** | **AKS on Azure Local** | **Edge Essential (Windows IOT /Client/Server)** | **Windows Server\*** | |
| 80 | +| Types of supported persistent volumes | Read Write Once<br>Read Write Many | VHDX – ReadWriteOnce<br>SMB or NFS – ReadWriteMany<br>ACSA - ReadWriteMany | PVC using local storage<br>ACSA | VHDX – ReadWriteOnce<br>SMB or NFS - ReadWriteMany | |
| 81 | +| Container storage interface (CSI) support | Yes | Yes | Yes | Yes | |
| 82 | +| CSI drivers | Azure Storage<br>Azure Files and Azure Disk<br>Premium CSI drivers deployed by default. | Disk and Files (SMB and NFS) drivers installed by default. | Support for SMB and NFS storage drivers. | Support for SMB and NFS storage drivers. | |
| 83 | +| Dynamic provisioning support | Yes | Yes | Yes | Yes | |
| 84 | +| Volume resizing support | Yes | Yes | Yes | Yes | |
| 85 | +| Volume snapshots support | Yes | No | No | No | |
| 86 | + |
| 87 | +## Security and authentication options |
| 88 | + |
| 89 | +| Feature | **Azure Cloud** | **AKS on Azure Local** | **Edge Essential (Windows IOT /Client/Server)** | **Windows Server\*** | |
| 90 | +| Access to K8s cluster | Kubectl | Kubectl | Kubectl | Kubectl | |
| 91 | +| K8s cluster authorization (RBAC) | Kubernetes RBAC<br>Azure RBAC | Kubernetes RBAC<br>Azure RBAC | Kubernetes RBAC | Kubernetes RBAC | |
| 92 | +| K8s cluster authentication | Certificate based Kubeconfig<br>Microsoft Entra ID | Certificate based Kubeconfig<br>Microsoft Entra ID | Certificate based Kubeconfig<br>Microsoft Entra ID | Certificate based Kubeconfig<br>Microsoft Entra ID | |
| 93 | +| Support for network policies | Yes | No | No | Yes – only for Linux containers | |
| 94 | +| Support for workload identity | Yes | Yes | Yes - (Support for AIO only) | Yes | |
| 95 | +| Limit source networks that can access API server | Yes | Yes | Yes | Yes | |
| 96 | +| Encrypt etcd secrets | Yes | Yes | Yes | Yes | |
| 97 | +| Certificate rotation and encryption | Yes | Yes | Yes | Yes | |
| 98 | +| Secrets store CSI driver | Yes | Yes | Yes | Yes | |
| 99 | +| gMSA support | Yes | No | Yes | Yes | |
| 100 | +| Azure Policy | Yes | Yes, via Arc extensions | Yes, via Arc extensions | Yes, via Arc extensions | |
| 101 | +| Azure Defender | Yes | Yes, via Arc extensions (preview) | Yes, via Arc extensions (preview) | Yes, via Arc extensions (preview) | |
| 102 | + |
| 103 | +## Pricing and SLA details |
| 104 | + |
| 105 | +| Feature | **Azure Cloud** | **AKS on Azure Local** | **Edge Essential (Windows IOT /Client/Server)** | **Windows Server\*** | |
| 106 | +| Pricing | Unlimited free clusters, pay for on-demand compute of worker node VMs.<br>Paid tier available with uptime SLA, support for 5k nodes. | Included in Azure Local at no additional cost | $2.50 per device per month. | Pricing is based on the number of workload cluster vCPUs. Control plane nodes & load balancer VMs are free. | |
| 107 | +| Azure hybrid benefit support | Not applicable | Not applicable - AKS already included at no additional cost. | No | Yes | |
| 108 | +| SLA | Paid uptime SLA clusters for production with fixed cost on the API + worker node compute, storage and networking costs. | No SLA offered as the K8s cluster is running on premises | No SLA offered as the K8s cluster is running on premises | No SLA offered as the K8s cluster is running on premises | |
| 109 | + |
| 110 | +AI/ML capabilities offered in each platform: |
| 111 | + |
| 112 | +| Feature | **Azure Cloud** | **AKS on Azure Local** | **Edge Essential (Windows IOT /Client/Server)** | **Windows Server\*** | |
| 113 | +| GPU support | Yes | Yes | Yes | Yes | |
| 114 | +| KAITO (K8s AI toolchain operator) | Yes | Yes, via Arc extensions | No | No | |
| 115 | +| Edge RAG | Yes | Yes | No | No | |
| 116 | + |
| 117 | +## Next steps |
| 118 | + |
| 119 | +- Overview of [Azure Kubernetes Service (AKS)](aks-overview.md) |
| 120 | +- [Deploy a Linux application on a Kubernetes cluster](deploy-linux-application.md) |
| 121 | +- [Deploy a Windows Server application on a Kubernetes cluster](deploy-windows-application.md) |
0 commit comments