Microsoft AKS updates 2024 - Q4 and KubeCon2024 North America.

calendarNov 12, 2024 · 3 min read · Kubernetes AKS KubeCon Cloudnativecon  ·
Share on: linkedincopy

Within this blog, I want to give an overview of all the feature in Q4 2024 that becomes available in General Availability, Technical Preview or End of Support by Microsoft. This information can be found at Microsoft Azure Updates.

Features that are now supported by Microsoft (GA):

  • [General available] Advanced Container Networking Services
    Advanced Container Networking Services (ACNS) is now generally available. ACNS includes Advanced Network Observability, providing pod-level metrics, DNS insights, and enhanced troubleshooting tools for network debugging in AKS. Additionally, FQDN filtering is also generally available, simplifying network policy management by using domain names instead of IP addresses. This reduces the need for frequent updates and minimizes configuration errors. Both features are integrated with Azure Monitor, enabling customizable metrics and pre-built dashboards in Azure Managed Grafana, improving network management and security for AKS environments. To learn more, click here to read the blog or the documentation.
  • [General available] Delete a specific machine when scaling down a nodepool
    It is now possible to specifically choose which VM to delete and remove when scaling down a node pool in AKS. This provides greater control and flexibility in managing resources within the node pool. To learn more, click here.
  • [General available] Ignore PDBs on node pool deletion
    Node pools in AKS can now be deleted even if there are pods monitored by a PodDisruptionBudget (PDB) – previously, the deletion of the node pool could fail due to an unsatisfied PDB. This enhancement allows the deletion to proceed by ignoring the PDB error that would previously block the deletion from continuing. To learn more, click here.

Features that are currently in Public Preview and not yet GA

  • [Public Preview] Static egress gateway for AKS
    AStatic egress gateway for Azure Kubernetes Service (AKS) is now in public preview. This feature allows AKS customers to configure a fixed source IP for out-of-cluster communications without incurring the significant cost of deploying a dedicated node pool with a NAT gateway. The static egress gateway enables precise control over egress traffic, simplifying integration with external systems and enhancing network security. To learn more, click here.
  • [Public Preview] Azure Linux 3.0 on Azure Kubernetes Service v1.31
    Azure Linux 3.0, the next major version release of the Azure Linux container host for Azure Kubernetes Service (AKS), is now available in preview on AKS version 1.31. Azure Linux 3.0 offers increased package availability and versions, an updated kernel, and improvements to performance, security, and tooling and developer experience. To learn more, click here.
  • [Public Preview] SeccompDefault support in AKS
    SeccompDefault is available in public preview as a new parameter through custom node configuration. Secure computing mode (seccomp) is used to restrict a container’s syscalls that can be sent to the kernel. This establishes an extra layer of protection against common system call vulnerabilities exploited by malicious actors and allows you to specify a default seccomp profile for all workloads in the node. There are two allowed values for SeccompDefault:
    • Unconfined is the default parameter value which does not block any syscalls;
    • RuntimeDefault will block restricted syscalls in the containerd seccomp profile.

      The RuntimeDefault profile allows a common set of syscalls while blocking those that are less likely to be used or potentially unsafe in a containerized application. This profile aims to provide a reliable set of security defaults while maintaining the functionality of the workload. To learn more, click here.

Features that are retired

  • [Retired] None

KubeCon 2024 North America Highlights created by Brendan Burns of Microsoft