Blog Azure Cloud Native Modernization

AKS Automatic: The newest way to run AKS, is it worth it?

Kubernetes is the de facto container orchestration platform that runs many of the apps we use today.

Azure Kubernetes Service (AKS) takes care of much of the infrastructure, but you still must configure and manage the cluster yourself — and that takes Kubernetes expertise many teams don’t have.

Microsoft announced a new SKU during the Build keynote last year (2024), called AKS Automatic: a simpler way to run AKS.

But what is AKS Automatic all about? 

Niels Kroeze

Author

Niels Kroeze IT Business Copywriter

Reading time 6 minutes Published: 01 August 2025

What is Azure Kubernetes Service (AKS) Automatic? 

Azure Kubernetes Service Automatic

AKS Automatic is a new offering from AKS, designed to help you start faster with built-in best practices, without having to configure everything manually. 

It comes with many components installed, configured, and managed by default. For example, Azure manages your cluster configuration, your nodes, scaling, security, and other preconfigured settings based on AKS well-architected recommendations. 

 

Why use AKS Automatic? 

The challenge of AKS is that often, many tasks typically fall on the engineer managing the cluster. Think of:  

  • Resource and cost optimisation 
  • Cluster sizing and configuration 
  • Upgrades and patching 
  • Scaling 
  • Security 
  • Monitoring and observability 

Developers who want to focus solely on their apps must also spend time managing and learning AKS. That’s where AKS Automatic comes into the picture. 

Cluster creation, node management, scaling, and core security features are baked in. That’s useful for teams who want to run Kubernetes but don’t want to manage it.  

And you also get: 

  • Faster time to business value 
  • Streamlined cluster operations 
  • Built-in security best practices by default 
  • Lower cost of ownership over time 

Additionally, you can modify how something was configured or add new features, as you still have access to the Kubernetes API. 

“AKS Automatic is designed to enable you to use Kubernetes without needing to manage it. With default-configured settings, you get a cluster that’s ready to run right away.”

The 3 Key Pillars of AKS Automatic

3 key pillars of AKS (Azure Kubernetes Services) Automatic

1. Production-ready by default 

  • Optimal production settings are preconfigured, suitable for most applications. 
  • You don’t have to worry about node autoscaling as it relies on KEDA and the Cluster Autoscaler to scale your nodes vertically and horizontally.  
  • Automatically packs pods efficiently on nodes to maximise usage (bin packing). Meaning, you don’t have to think about how pods are distributed. 

2. Built-in best practices and safeguards 

  • The security configuration is hardened using Microsoft’s recommended practices. 
  • AKS handles node and component patching automatically, following your set maintenance schedule. 

3. Code to Kubernetes in minutes 

  • You can deploy a container image to a live app in minutes. 
  • You have full Kubernetes API access for when you need it. 

 

Default and Pre-configured Configurations 

Let’s look at some of the features AKS Automatic installs and preconfigures for you. 

Microsoft designed AKS Automatic around what they consider best practices, in several areas: 

  • Security 
  • Networking 
  • (Auto) Scaling 
  • Observability (Monitoring and Logging) 

These components allow you to run your workloads run efficiently and securely in AKS, almost from day one.

 

Security 

From a security perspective, we can split it into cluster security and workload security. 

Cluster security means securing access to the cluster and the supply chain. AKS Automatic enables various defaults for the cluster: 

  • Azure Linux OS images 
  • Automatic upgrades* 
  • Azure Role-Based Access Control (RBAC) enabled (like for accessing Kubernetes API) 
  • Local access to the cluster is disabled 
  • SSH access to nodes is disabled 
  • Image Cleaner add-on installed 
  • Network Resource Lockdown (NRG) applies strict network rules to isolate your cluster, allowing outbound access only to approved internet resources. It also blocks traffic between tenants, which is critical if you’re hosting services for multiple clients on the same cluster. 
Note

Automatic upgrades can possibly break production environments, depending on the workload it might not always be a good option. 

Workload security is about making sure your workloads are secure: 

  • Workload identity is enabled (for authenticating to Azure resources using Microsoft Entra ID). 
  • Deployment safeguards help enforce best practices so only trusted containers and safe images are used in deployments 
  • Azure Key Vault provider is enabled to integrate secrets securely with your workloads 
  • Azure Policy add-on enabled

 

Networking 

With regard to networking, we can think of how pods communicate with each other within the Virtual Network (Vnet), and how traffic ingresses and egresses from the cluster. 

Networking in AKS Automatic covers: 

  • Pod networking using Azure CNI overlay with Cilium for the data plane 
  • Ingress using AKS App Routing (a managed NGINX Ingress Controller) which integrates with Azure DNS and Azure Key Vault for an end-to-end application access setup 
  • Egress using AKS NAT Gateway for scalable outbound connections 

 

Scaling 

AKS Automatic leverages several scaling options, which we can split between cluster autoscaling and workload autoscaling. Scaling options include: 

For Cluster Autoscaling, AKS Automatic automatically enables: 

  • Node Autoprovision (NAP): NPA uses the open-source Karpenter project to scale nodes up/down based on workload demand automatically. This Cluster Autoscaler will enable the cluster to routinely check for underused nodes and binpack these workloads to maximise efficiency and ultimately save you money. 

For Workload Autoscaling, AKS Automatic enables: 

  • KEDA: KEDA, Kubernetes Event-Driven Autoscaler, enables you to scale your workloads based on events or metrics. 
  • Vertical Pod Autoscaler (VPA): AKS Automatic will also install the VPA add-on. It will help you automatically adjust resource requests for your workloads. 

 

Observability 

From the get-go, AKS Automatic covers multiple observability needs out of the box: 

  • Azure Managed Prometheus for metrics 
  • Container Insights for logs 
  • Azure Managed Grafana for dashboards 

The managed Grafana instance includes pre-installed dashboards for both Kubernetes and Azure, so you can instantly view your cluster’s health through the Azure portal. 

 

Limitations of AKS Automatic

AKS Automatic simplifies AKS setup, as you don't have to configure everything manually.

However, in return, you give up some flexibility, and the default pre-configurations may not always be beneficial for every use case. Its current limitations include:

  • Limited control over network plugins/custom CNI settings
  • Restrictions on using custom node pools (which are predefined)
  • Limited support for certain add-ons
  • Scaling behaviour is opinionated: KEDA and VPA are enabled by default
  • Pre-configured features cannot be disabled or changed

 

Closing thoughts

Overall, AKS Automatic is more automated and opinionated. You can still apply some security tweaks, but not as many as with AKS Standard. Besides, you still need expertise (like understanding cluster behaviour).

Offloading control to Azure also raises concerns for teams with strict compliance or security needs. You lose visibility and fine-grained configuration, which can be a problem if your policies require full oversight.

Therefore, be sure to consider carefully whether it would work for your organisation.

Coming back to the question: is AKS Automatic worth it? It depends.

  • AKS Automatic works for those who want to a default, preconfigured, ready cluster quickly. 
  • AKS Standard is a better fit when you need granular control, flexibility, or have non-standard workloads.

If AKS Automatic doesn’t suit your organisation, it doesn't mean you're stuck with the complexity and overhead of managing AKS.

Intercept offers you a fully managed solution to simplify your Kubernetes with AKS Control

Accelerated deployment

Simplify Kubernetes in Azure with AKS Control!

Intercept’s AKS Control gives you a fully managed AKS environment, with expert support. From containerisation to AKS cluster management, we manage setup, scaling, and maintenance, optimising performance so you can grow your business with ease.  

Find out what AKS Control can mean for your business!