Microsoft AKS updates 2022 - Q4
Within this blog, I want to give an overview of all the feature in Q4 2022 that becomes available in General Availability, Technical Preview or End of Support by Microsoft. This information can be found at Microsoft Azure Updates.
Features that are now supported by Microsoft (GA):
- [General available] Kubernetes 1.25 support in AKS
AKS support for Kubernetes release 1.25 is now generally available. Kubernetes 1.25 delivers 40 enhancements. This release includes new changes such as the removal of PodSecurityPolicy. - [General available] Azure Blob CSI driver support in AKS
Azure offers a unique capability of mounting Blob Storage (or object storage) as a file system to a Kubernetes pod or application using BlobFuse or NFS 3.0 options. This allows you to use blob storage with a number of stateful Kubernetes applications including HPC, Analytics, image processing, and audio or video streaming. Not only that, if your application ingests data into Data Lake storage on Azure Blobs, you can now directly mount and use it with AKS. Previously, you had to manually install and manage the lifecycle of the open-source Azure Blob CSI driver including deployment, versioning, and upgrades. You can now use the Azure Blob CSI driver as a managed addon in AKS with built in storage classes for NFS and BlobFuse, reducing the operational overhead and maximizing time to value. - [General available] CSI Extensible API for AKS
This allows you to enable or disable specific CSI drivers based on your workload requirements. You can use this to enable any drivers that are not preinstalled in your cluster including open-source options. You can also choose to disable any of the pre-installed drivers in case you do not plan to run any stateful workloads in your cluster. - [General available] Dapr extension for AKS and Arc-enabled Kubernetes now support Dapr v1.9.0
Dapr is a developer framework for building cloud-native applications, making it easier to run multiple microservices on Kubernetes and interact with external state stores and databases, secret stores, pub/sub brokers, and other cloud services and self-hosted solutions. The Dapr v1.9 release offers several new features, including pluggable components, resiliency metrics, and app health checks, as well as many fixes in the core runtime and components. - [General available] Premium SSD v2 disks available on Azure Disk CSI driver
Premium SSD v2 is the next-generation Azure Disk Storage optimized for performance-sensitive and general-purpose workloads that need consistent low average read and write latency combined with high IOPS and throughput. With Premium SSD v2, you can independently provision and scale IOPS, throughput, and capacity based on workload requirements to cost-effectively run and scale transaction-intensive workloads. Premium SSD v2 is now available with the Azure Disk CSI driver to deploy stateful workloads in Kubernetes on Azure. Premium SSD v2 disk is the most flexible and scalable block storage for general purpose workloads. - [General available] AKS support for Ubuntu 22.04
Starting with Kubernetes 1.25 on Azure Kubernetes Service (AKS), the operating system AKS uses for Ubuntu based node pools will be changing from Ubuntu 18 to Ubuntu 22. - [General available] ARM64 support in AKS
Announcing the general availability of ARM64 node pool support in AKS. ARM64 provides a better price and compute comparison due to its lower power utilization. - [General available] AMD-based confidential VMs for Azure Kubernetes Service
Azure Kubernetes Service (AKS) provides the capability for organizations to deploy containers at scale. We are expanding the Azure confidential computing portfolio to enable AMD-based confidential VM node pools in AKS, adding defense-in-depth to Azure's already hardened security profile. With the general availability of confidential virtual machines featuring AMD 3rd Gen EPYC™ processors, with Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) security features, organizations get VMs with isolated, encrypted memory, and genuine confidentiality attestation rooted to the hardware. AKS is now equipped to have confidential and non-confidential node pools on a single cluster. This means that applications processing sensitive data can reside in a VM-level Trusted Execution Environment (TEE) node pool with memory encryption keys generated from the chipset itself. Confidential node pools on AKS enable a seamless transition of Linux container workloads to Azure without the overhead of changing code. - [General available] 5,000 node scale in AKS
Azure Kubernetes Service is increasing the maximum node limit per cluster from 1,000 nodes to 5,000 nodes for customers using the uptime-SLA feature. The default limit for all AKS clusters will continue to be 1,000 nodes. However, AKS clusters using the uptime SLA feature can now request an increase in the AKS service quota up to a maximum of 5,000 nodes across all node pools in a cluster by creating a support request. Workloads that need large amount of compute resources can now scale beyond 1,000 virtual machines (nodes) within the same cluster removing the operational overhead of managing cross-cluster deployments and workloads. You can scale your clusters up to 5,000 nodes using both manual and cluster autoscaler. This feature is available for clusters using uptime-SLA and Azure CNI Network plugin only. - [General available] Windows server 2022 host support in AKS
Windows Server 2022 provides new features and significant improvements compared to Windows Server 2019. With this generally available feature, Windows Server 2022 is now supported on AKS. Among other improvements related to security, Windows Server 2022 also provides several platform improvements for Windows Containers and Kubernetes. Windows Server 2022 is available for Kubernetes v1.23 and higher. Windows Server 2019 will remain default until Kubernetes v1.25. - [General available] Event Grid integration with AKS
Event Grid integration with AKS enables you to subscribe to Event Grid notifications and get important event notifications. First is the ‘K8s version available’ event, which helps you to subscribe and tap into the AKS Kubernetes new version available event seamlessly. - [General available] Azure Hybrid Benefit for AKS and Azure Stack HCI
As you increase cloud adoption to run VM-based and containerized applications, you also need to keep workloads on-premises. At Microsoft, we are committed to meeting you where you are. Azure Hybrid Benefit is a program that enables you to significantly reduce the costs of running workloads in the cloud. At Ignite, we are expanding Azure Hybrid Benefit to further reduce costs for on-premises and edge locations. Customers with Windows Server Software Assurance (SA) can use Azure Hybrid Benefit for Azure Kubernetes Service (AKS) and Azure Stack HCI to: Run AKS on Windows Server and Azure Stack HCI at no additional cost in datacenter and edge locations. And also to Use first-party Arc-enabled infrastructure, Azure Stack HCI, at no additional cost. Windows Server Datacenter Software Assurance customers can modernize their existing datacenter and edge infrastructure to run their VM and container-based applications on modern infrastructure with industry-leading price-performance and built-in connectivity to Azure.
Features that are currently in Public Preview and not yet GA
- [Public Preview] Azure Arc enabled Azure Container Apps
Azure Container Apps allows developers to rapidly build and deploy microservices and containerized applications. Common uses of Azure Container Apps include, but are not limited to: API endpoints, background or event-driven processing, and running microservices. Applications can dynamically scale within the limits of the Arc-enabled Kubernetes cluster. - [Public Preview] New UX for the AKS DevX Extension for Visual Studio Code
Originally released in August 2022, the DevX extension enhances your day-to-day life as a developer on Azure Kubernetes Service. New changes to the extension include a brand-new user experience (UX), and new commands that allow you to easily containerize non-container applications using Draft. A list of the commands include: Draft a Docker file, draft a Kubernetes Deployment and Service, Build an image on Azure Container Registry, Prerequisites. - [Public Preview] Rotate SSH keys on existing AKS nodepoolsRotate SSH keys on existing AKS nodepools
Secure shell (SSH) is an encrypted connection protocol that allows secure sign-ins over unsecured connections. SSH is the default connection protocol for Linux VMs hosted in Azure. You can now rotate SSH keys on existing AKS nodepools and no longer require a node reimage. - [Public Preview] Azure CNI Powered by Cilium
Azure CNI powered by Cilium provides native support for the next generation Cilium eBPF dataplane in AKS clusters running Azure CNI. It offers Pod networking, basic Kubernetes Network Policies, and high-performance service load balancing. The eBPF dataplane is available in both VNet mode and Overlay mode of Azure CNI. - [Public Preview] Mariner container optimized OS
Optimized for AKS, the Mariner container host provides reliability and consistency from cloud to edge across the AKS, AKS-HCI, and Arc products. You can deploy Mariner node pools in a new cluster, add Mariner node pools to your existing Ubuntu clusters, or migrate your Ubuntu nodes to Mariner nodes. The Mariner container host on AKS uses a native AKS image that provides one place to do all Linux development. Every package is built from source and is validated, ensuring your services run on proven components. Mariner is lightweight, only including the necessary set of packages needed to run container workloads. It provides a reduced attack surface and eliminates patching and maintenance of unnecessary packages. At Mariner's base layer, it has a Microsoft hardened kernel tuned for Azure. - [Public Preview] AKS image cleaner
It's common to use pipelines to build and deploy images on Azure Kubernetes Service (AKS) clusters. This process often doesn't account for the stale images left behind and can lead to image bloat on cluster nodes. These images can present security issues as they may contain vulnerabilities. With image cleaner, we can detect and automatically remove all unused and vulnerable images cached on AKS nodes keeping the nodes cleaner and safer. - [Public Preview] IPVS load balancer support in AKS
Azure Kubernetes Service now supports configuring the kube-proxy mode setting to enable the IP Virtual Server (IPVS) load balancer. The IPVS load balancer is built into the Linux kernel and provides greater configurability, scale, and performance at high service and pod counts. Configurable IPVS features in AKS include protocol-specific timeouts and connection schedulers like round robin or least connections. - [Public Preview] Vertical Pod Autoscaler
Vertical Pod Autoscaler (VPA) is now supported in AKS. VPA is a Kubernetes native tool designed to provide a vertical scaling mechanism for Kubernetes controllers by automatically adjusting resource allocations for the containers that make up pods based on historical and current resource utilization patterns. With VPA enabled on your cluster, you can reduce operational overhead by configuring VPA to provide recommended CPU and memory requests and limits which you can then either update yourself or configure VPA to automatically update the pods for you. You can also maximize cost savings and improve the stability of your cluster by ensuring pods have the optimal amount of resources using an automated approach, resulting in a decrease in unnecessary pod evictions, throttling, or failures due to out of memory errors. - [Public Preview] Rules for Azure Kubernetes Service and Log Analytic workspace resources
The Azure portal now allows you to easily enable a set of recommended alert rules for your Azure Kubernetes Service (AKS) and Log Analytics workspace resources. Enable a set of best practice alert rules on an unmonitored AKS and Log Analytics workspace resource with just a few clicks. - [Public Preview] Azure CNI Overlay mode in Azure Kubernetes Service
Azure CNI Overlay mode is a new CNI network plugin that allocates pod IPs from an overlay network space, rather than from the virtual network IP space. This greatly reduces the IP utilization of Azure CNI as compared to the default mode. This CNI plugin functions like “kubenet” mode, but does not utilize route tables and thus is simpler to set up and much more scalable. - [Public Preview] Kubernetes apps on Azure Marketplace
You can now browse the catalog of solutions specialized for Kubernetes platforms under Kubernetes apps offer in marketplace and select a solution for click through deployment to Azure Kubernetes Service (AKS) with automated Azure billing. Partners of Azure marketplace can create, publish, and manage commercial Kubernetes offers in marketplace with billing models. - [Public Preview] Azure Active Directory workload identity support in AKS
Today with Azure Kubernetes Service (AKS), you can assign managed identities at the pod-level (preview). This pod-managed identity allows the hosted workload or application access to resources through Azure Active Directory (Azure AD). For example, a workload stores files in Azure Storage and when it needs to access those files, the pod authenticates itself against the resource as an Azure managed identity. This authentication method is being replaced with Azure Active Directory (Azure AD) workload identities (preview), which integrate with the Kubernetes native capabilities to federate with any external identity providers. This approach is simpler to use and deploy, and overcomes several limitations in Azure AD pod-managed identity. - [Public Preview] Azure Kubernetes Service hybrid deployment options
Azure Kubernetes Service (AKS) on Azure Stack HCI, Windows Server 2019, and 2022 Datacenter can be provisioned from the Azure Portal/CLI. Additionally, AKS is now in public preview on Windows devices and Windows IoT for lightweight Kubernetes orchestration.AKS on HCI and Windows Server makes it quicker to get started hosting Linux and Windows containers in your datacenter. AKS on Windows IoT brings the same Microsoft-supported Kubernetes platform to lightweight PC-class devices, starting with Windows. Unlike other AKS products that run in the cloud or in an on-prem-cloud environment like HCI, each PC with an AKS-IoT VM (one Mariner Linux VM per PC) restricts the RAM, storge, and physical CPU cores to a static allocation assigned at install time. This enables traditional Windows apps to run side-by-side on the same machine as the AKS-IoT VMs. - [Private Preview] Azure Kubernetes Service (AKS) Backup
Organizations are increasingly adopting Kubernetes which continues to gain momentum. Azure Kubernetes Service (AKS)is preferred by our customers to deploy and run their critical applications on Kubernetes. While enterprise adoption of Kubernetes is on the rise, IT leaders are still figuring out best practices to secure their mission critical containerized applications and data stored inside clusters. With this intent, Azure Backup service is announcing private preview of AKS Backup. Using this feature you can: Backup and Restore your containerized applications, both stateless and stateful, running on your AKS clusters and data stored within Persistent Volumes attached to the clusters. Perform backup orchestration & utilize management capabilities of Azure Backup along with the single pane of glass view of Backup Centre.
For more information about the features that are coming out, please refer to the public roadmap of Microsoft AKS team.
