Virtual nodes on Azure Container Instances

This article introduces how virtual nodes on Azure Container Instances (ACI) enable you to orchestrate containerized workloads. This article provides background about the feature set, availability, and resources.

Virtual nodes on Azure Container Instances allow you to deploy pods in your Azure Kubernetes Service (AKS) cluster that run as container groups in ACI. Since virtual nodes are backed by ACI's serverless infrastructure, you can quickly scale up your workload without needing to wait for the Kubernetes cluster autoscaler to deploy VM compute nodes. You can rapidly scale your application workloads and only pay for the time that your pods are running.

Virtual nodes on Azure Container Instances is an evolution on the existing virtual nodes offering for AKS. It offers significantly better support for Kubernetes functionality, removing most of the limitations of the prior implementation. Additionally, it enables you to take advantage of advanced ACI functionality like confidential containers.

Virtual nodes on Azure Container Instances was featured in the AKS keynote at KubeCon NA 2023, with a segment showing some of its many improvements.

Features of virtual nodes on Azure Container Instances

Rapidly scale your application workloads

Pods deployed in a virtual node run on ACI's serverless infrastructure. You don't need to first provision additional VM compute nodes in your AKS cluster when scaling up your workload.

Only pay per second of execution time

With standard AKS cluster nodes, you pay for provisioned VMs even if you are not actively utilizing their capacity. Pods in a virtual node use ACI's per-second billing, so you pay based on what you need.

Deploy confidential container groups

Virtual nodes can be configured to run your pods as confidential container groups in ACI. Confidential containers on Azure Container Instances can run with verifiable execution policies that enable customers to have control over what software and actions are allowed to run within the TEE. These execution policies help to protect against bad actors creating unexpected application modifications that could potentially leak sensitive data. Customers author execution policies through provided tooling, and cryptographic proofs verify the policies.

Region availability

Virtual nodes on Azure Container Instances is supported in all regions where ACI is available. Virtual nodes on confidential Azure Container Instances is supported in all regions where confidential ACI is available.

For more information, see Resource availability & quota limits for ACI.

Resources

• Helm chart for deploying virtual nodes on Azure Container Instances
• Guidance for customizing pods running on virtual nodes
• Guidance for customizing your virtual nodes installation
• Guidance for deploying high-scale workloads on virtual nodes

Next steps

• To try out virtual nodes on Azure Container Instances, see Deploy virtual nodes on Azure Container Instances in your AKS cluster

• If you want to manage multi-instance container groups, see About NGroups.