Microsoft AKS updates 2024 - Q2 (together with MSBuild24 updates)
Within this blog, I want to give an overview of all the feature in Q2 2024 that becomes available in General Availability, Technical Preview or End of Support by Microsoft. This information can be found at Microsoft Azure Updates.
Features that are now supported by Microsoft (GA):
- [General available] AKS Run command
AKS run command is now generally available. This command allows you to remotely invoke commands in an AKS cluster through the AKS API. This feature introduces a new API that allows you to, for example, execute just-in-time commands from a remote laptop for a private cluster. This can greatly assist with quick just-in-time access to a private cluster when the client is not on the cluster private network while still retaining and enforcing full RBAC controls and private API server. For example, az aks command invoke "kubectl get nodes". Click here to learn more. - [General available] OS Security Patch channel for Linux in AKS
OS security patch channel for Linux, part of NodeOSUpgrade feature, is now generally available. OS security patches are AKS-tested, fully managed, and applied with safe deployment practices. AKS regularly updates the node's virtual hard disk (VHD) with patches from the image maintainer labeled "security only." This channel is part of nodeosupgrade feature, honors maintenance windows and limits disruption by applying live patching wherever necessary. Click here to learn more. - [General available] Announcing kube-egress-gateway for Kubernetes
kube-egress-gateway is an open-source project that offers a scalable and cost-efficient solution for configuring fixed source IPs for Kubernetes pod egress traffic on Azure. The kube-egress-gateway components run within Kubernetes clusters—whether managed (Azure Kubernetes Service, AKS) or unmanaged—and use one or more dedicated Kubernetes nodes as pod egress gateways, routing pod outbound traffic through a WireGuard tunnel. Compared to existing methods, such as creating dedicated Kubernetes nodes with a NAT gateway or assigning instance-level public IP addresses and scheduling only specific pods on these nodes, kube-egress-gateway is more cost-efficient. It allows pods requiring different egress IPs to share the same gateway and be scheduled on any regular worker node. Click here to learn more. - [General available] Azure Functions extension for Dapr
Azure Functions extension for Dapr is now in generally available. You can use Dapr’s powerful cloud native building block APIs (e.g. Service Invoke with service discovery & mTLS, PubSub, Bindings, Secrets and Actors) and a large array of ecosystem components in the native and friendly Azure Functions triggers & bindings programming model. The extension is available to run on AKS and ACA services. Click here to learn more. - [General available] Azure Kubernetes Fleet Manager workload orchestration
Workload orchestration for Azure Kubernetes Fleet Manager is now generally available with several enhancements, giving you more control over upgrade and workload placement scenarios. With availability based app rollout, Kubernetes Fleet Manager will perform availability checks on Kubernetes workload type resources such as deployment, statefulset, daemonset, job when rolling out an update. This helps ensure that staged rollouts only proceed when your workloads are ready. You can now also set taints to restrict deployment and avoid application scheduling to specific member clusters. For added flexibility you can additionally set tolerations to allow scheduling to clusters with matching taints. Click here to learn more about the Kubernetes Fleet Manager advanced rollout. And click here to learn more about the Kubernetes Fleet Manager taints and app tolerations. - [General available] KEDA in the Azure Portal
Kubernetes Event-Driven Autoscaler (KEDA) is an open-source, lightweight component that allows users to autoscale container workloads on events in external scalers. KEDA extends the functionality of the native Kubernetes Horizontal Pod Autoscaler (HPA) with a wide variety of scalers and scale-to-zero capabilities, thus allowing user applications to meet demand in a more sustainable and cost-efficient manner. Azure Portal now supports KEDA scaling on memory, CPU, cron and Azure Service Bus scalers. You are now able to easily create and monitor your scaled objects all within the Portal interface, and for Azure Service Bus, Portal will handle the deployment and configuration of workload identity. This will streamline the creation and management of KEDA resources through the Portal interface. Click here to learn more. - [General available] Draft now supports best practices via deployment safeguards
The Microsoft open-source project Draft has been updated to include a new feature called “validate”. Draft validate will allow for users to scan their manifests to see if their manifests are following best practices, allowing for users to catch potential problems early in their development lifecycle. All best practices are via the brand-new AKS feature deployment safeguards. Click here to learn more. - [General available] Automated deployments for AKS
Automated deployments for AKS is now generally available. It simplifies the process of setting up the authorization of a workflow to a repository, generation of a starter application, and configuration of a CI/CD pipeline to build and deploy container images and Kubernetes manifests to a cluster. Click here to learn more. - [General available] New version of AKS extension in Visual Studio Code now available
The AKS extension in Visual Studio Code has been updated to version 1.4.3. This new release includes general enhancements as well as a new command “Retina capture”. Retina capture uses Retina, a cloud-agnostic, open-source eBPF network observability tool to help capture logs such as iptables-rules. For more information on the AKS extension in Visual Studio Codecreating new Windows agent pools. Click here to learn more. - [General available] Support for disabling Windows outboundNAT in AKS
Windows OutboundNAT can cause certain connection and communication issues with your AKS pods. An example issue is node port reuse. In this example, Windows OutboundNAT uses ports to translate your pod IP to your Windows node host IP, which can cause an unstable connection to the external service due to a port exhaustion issue. Windows enables OutboundNAT by default. You can now manually disable OutboundNAT when creating new Windows agent pools. Click here to learn more. - [General available] AKS cost views
The Kubernetes clusters and Kubernetes namespaces cost views are now generally available in Cost analysis within Azure portal. You can view the aggregated costs for all your AKS clusters and namespaces across a subscription and drill down into infrastructure and namespaces costs of a cluster. Having granular visibility will help you gain deeper insights into your infrastructure costs enabling you to allocate and optimize your AKS costs efficiently. Please refer to the articles below for instructions on installing the add-on and accessing the cost views. Click here and here to learn more.
Features that are currently in Public Preview and not yet GA
- [Public Preview] Cluster operation status for AKS
Cluster operation status for AKS is now in public preview. With this feature, you can get a snapshot of progress for your long standing operations such as upgrade, scale, create and more. To learn more, click here to learn more. - [Public Preview] Kubernetes Metadata and Logs Filtering in Azure Monitor - Container Insights
Kubernetes Metadata and Logs Filtering enhances the ContainerLogsV2 schema with additional Kubernetes metadata such as PodLabels, PodAnnotations, PodUid, Image, ImageID, ImageRepo and ImageTag. The Logs Filtering feature provides filtering capabilities for both workload and platform (i.e. system namespaces) logs coming out of containers. Enhance your Kubernetes Metadata experience by leveraging the Grafana dashboard to visualize log levels, volume, rate, records and much more. With these features, users gain richer context and improved visibility into their workloads. To learn more, click blog and / or click Microsoft Learn. - [Public Preview] Advanced Container Networking Services for Azure Kubernetes Services (AKS)
Microsoft’s Azure Container Networking team is excited to announce a new offering called Advanced Container Networking Services for Azure Kubernetes Service (AKS). Advanced Container Networking Services is a suite of services built on top of existing networking solutions for AKS to address complex challenges around observability, security, and compliance. The first feature in this suite, Advanced Network Observability, is now available in Public Preview. Advanced Container Networking Services enhances the operational capabilities of your AKS clusters and is designed to address the multifaceted and intricate needs of modern containerized applications. To learn more, click here - [Public Preview] Azure HDInsight on AKS is now available for preview in 6 new regions
Azure HDInsight on AKS is now available for preview in six new regions -Norway East, Switzerland North, France Central, Central US, Southeast Asia and South Central US. To learn more, click here - [Public Preview] App Configuration Extension for AKS
Microsoft isexcited to introduce the public preview of the Azure App Configuration extension for Azure Kubernetes Service (AKS). This extension allows you to install and manage Azure App Configuration Kubernetes Provider on your AKS cluster via Azure Resource Manager (ARM). The provider enables centralized management of application settings and feature flags within AKS clusters, using ConfigMaps and Secrets for streamlined management. With this extension you can enhance operational efficiency with Azure sourced Configuration, without modifying application code. Key benefits include:- Dynamic Configuration: Update configurations without redeploying your applications, enabling faster iterations and reduced downtime.
- Immutable Snapshots: Ensure secure deployment practices with unchangeable configuration snapshots.
- Feature Management: Seamlessly control feature rollouts, allowing for safe and gradual feature deployment.
- Experimentation: Drive continuous improvement and elevate business value through robust experimentation features.
- Enhanced Operational Efficiency: Improve overall efficiency with centralized management of configuration data of all services running in AKS clusters.
- Replica Auto-Discovery and Failover: Achieve scalability and enhanced resiliency against transient failures and regional outages.
To learn more, click here
- Dynamic Configuration: Update configurations without redeploying your applications, enabling faster iterations and reduced downtime.
- [Public Preview] Azure portal now offers in context observability for AKS object overviews
AKS portal blades now show observability data powered by Azure Monitor managed service for Prometheus. With this, customers can now more easily:- Monitor your cluster's performance;
- Ensure key workloads are healthy and running optimally;
- Troubleshoot issues with pending or failed pods.
Users will see enhanced details for their lists of Namespaces and Workloads. View CPU and memory utilization to choose which deployments to investigate. Analyze your resource utilization over time for on the Nodes, Namespaces, Workloads, and Pod blades. The events and utilization summaries provide a snapshot view of your pod's performance.
- Monitor your cluster's performance;
- [Public Preview] Kubernetes version 1.30 support in AKS
Kubernetes version 1.30, the latest version of Kubernetes, is now in public preview for AKS. Version 1.30 introduces several enhancements focused on security and orchestration capabilities of the platform. To learn more, click here. - [Public Preview] Azure Kubernetes Fleet Manager support for property-based scheduling and override
Azure Kubernetes Fleet Manager support for property-based scheduling and override is now available in public preview. Organizations looking to manage hundreds to thousands of AKS clusters efficiently can now leverage Kubernetes Fleet Manager's smart orchestration engine to intelligently place workloads on clusters and have the flexibility to customize cluster-specific resources. From the heuristics of per CPU or per memory cost to availability of resources and number of nodes, Kubernetes Fleet Manager property-based scheduling will help you maximize resource usage. You can continue to tailor workload placement on cluster groups with Kubernetes Fleet Manager resource override, by changing the resources propagated from hub to member clusters. To learn more, click here for workload-scheduling and here for resource override. - [Public Preview] AKS Automatic
Azure Kubernetes Service (AKS) Automatic is now available in public preview. Kubernetes offers organizations the flexibility to build and customize their deployments of to fit their business needs. For many, this level of control and choice is what they need, but for others it may be overwhelming or unnecessary for their workload.AKS Automatic offers a simplified Kubernetes experience for customers. Automatic manages the cluster configuration, including nodes, scaling, security, updates, and other preconfigured settings. Automatic clusters are optimized to run most production workloads and provision compute resources based on Kubernetes manifests. The streamlined configuration follows AKS best practices and recommendations for cluster and workload setup, scalability, and security, freeing developers to run cloud native apps without spending too much time on managing clusters. To learn more, click here. - [Public Preview] Deployment safeguards mutations in enforcement mode for AKS
Deployment safeguards in AKS now support mutations in enforcement mode in public preview. In enforcement mode, deployment safeguards will either deny or mutate (automatically fix) your deployment based on the individual safeguards. A mutation will be triggered if your Kubernetes resources lack the best practices. To learn more, click here. - [Public Preview] Initialization taints in AKS
Taints are a Kubernetes node property that allows nodes to accept or reject pods for scheduling based on specific criteria. There are two types of taints that can be applied to your AKS nodes:- Node taints: These are meant to remain permanently on the node for scheduling pods with node affinity. Node taints can only be removed completely using the AKS API;
- Node initialization taints: Now available in preview, initialization taints are meant to be used temporarily, for example in scenarios where you may need extra time to setup your nodes. Ideally, they should be removed shortly after applying them. Node initialization taints can be removed using the kubernetes API, but they will reappear after scaling or upgrades.
If you want to remove the initialization taints completely, you can remove them using the AKS API after untainting the nodes using the Kubernetes API. Once the initialization taints are removed from cluster spec using AKS API, newly created nodes after reimage operation will no longer have initialization taints. To learn more, click here.
- Node taints: These are meant to remain permanently on the node for scheduling pods with node affinity. Node taints can only be removed completely using the AKS API;
- [Public Preview] Azure HDInsight on AKS is now available for preview in 7 new regions
Azure HDInsight on AKS is now available for preview in seven new regions - East US 2 EUAP, West US, Japan East, Australia East, Canada Central, North Europe, Brazil South. Azure HDInsight on AKS is a modern, reliable, secure, and fully managed Platform as a Service (PaaS) that runs on Azure Kubernetes Service (AKS). HDInsight on AKS allows you to deploy popular Open-Source Analytics workloads like Apache Spark™, Apache Flink®️, and Trino without the overhead of managing and monitoring containers. To learn more, click here.
Features that are retired
- [Retired] None