Azure Day with Kubernetes

Within this blog, I want to give an overview of all the feature that where shared on Azure Day with Kubernetes that became available in General Availability or Technical Preview by Microsoft. This information can be found at Microsoft Azure Updates.

Features that are now supported by Microsoft (GA):

  • [General available] Kubernetes 1.26 support in AKS
    Kubernetes version 1.26 support in AKS is now generally available. You can now take advantage of the v1.26 features in production. To learn more about features in 1.26, see Patch Releases | Kubernetes and Kubernetes 1.26 and Kubernetes 1.26 changelog.
  • [General available] Long term support version in AKS
    You can now enable Long Term Support starting with Kubernetes 1.27. Once enabled, this will provide you a 2 year support window for a specific version of Kubernetes. We will provide the ability to have one Kubernetes version enabled for LTS at any one time. For example, the next LTS capable version would be 1.27 plus 2 years (1.33). To learn more, visit: https://aka.ms/aks/upgrades-and-lts.
  • [General available] Azure CNI Overlay for Linux
    Azure CNI Overlay simplifies managing cluster nodes and pods within an Azure Virtual Network (VNet) subnet. Nodes are placed directly in the VNet subnet, while pods get IP addresses from a separate private CIDR. An Overlay network handles pod and node traffic within the cluster. To reach external resources, the node's IP address is used for Network Address Translation. This method conserves VNet IP addresses, making it easy to scale your cluster to larger sizes. Plus, the private CIDR can be reused in various AKS clusters, significantly increasing the IP space for containerized AKS applications. To learn more, visit: https://learn.microsoft.com/en-us/azure/aks/azure-cni-overlay.
  • [General available] OpenCost for AKS cost visibility
    Born out of Kubecost, Opencost introduces a new community-driven specification and accompanying implementation to bring greater visibility into current and historic Kubernetes spend and resource allocation. OpenCost is an open-source, vendor-neutral CNCF sandbox project that recently became a FinOps Certified Solution. Working in collaboration with project maintainers and community members, AKS has made several contributions to augment OpenCost and enable seamless integration with Azure. To learn more, click on this link.
  • [General available] Azure Active Directory workload identity with AKS
    In Azure Kubernetes Service (AKS) today, a preview feature allows you to assign managed identities at the pod-level. This pod-managed identity allows the hosted workload or application access to resources through Azure Active Directory (Azure AD). For example, a workload stores files in Azure Storage, and when it needs to access those files, the pod authenticates itself against the resource as an Azure managed identity. This authentication method is now replaced with Azure Active Directory (Azure AD) workload identities, which integrate with the Kubernetes native capabilities to federate with any external identity providers. This approach is simpler to use and deploy, and overcomes several limitations in Azure AD pod-managed identity:
    • Removes the scale and performance issues that existed for identity assignment;
    • Supports Kubernetes clusters hosted in any cloud or on-premises;
    • Supports both Linux and Windows workloads;
    • Removes the need for Custom Resource Definitions and pods that intercept Azure Instance Metadata Service (IMDS) traffic;
    • Avoids the complicated and error-prone installation steps such as cluster role assignment from the previous iteration.
      Azure AD workload identity works especially well with the Azure Identity client library using the Azure SDK and the Microsoft Authentication Library(MSAL) if you're using application registration. Your workload can use any of these libraries to seamlessly authenticate and access Azure cloud resources.
      Learn more: https://aka.ms/aks/workloadidentity.
  • [General available] Azure CNI Overlay
    Azure CNI overlay in now generally available. Azure CNI overlay addresses performance, scalability and IP exhaustion challenges while using traditional Azure Container Networking Interface (CNI). With Azure CNI overlay AKS clusters can be scaled to very large sizes by assigning pod IP addresses from user defined overlay address space which are logically different from VNet IP address space hosting the cluster nodes. Additionally, user defined private CIDR can be reused in different AKS clusters, truly extending the IP space available for containerized applications in AKS. Pod and node traffic within the cluster use an overlay network via Azure Software Defined Network (SDN) without any additional encapsulation. Network Address Translation (using the node's IP address) is used to reach resources outside the cluster. To learn more, visit: Configure Azure CNI Overlay networking in Azure Kubernetes Service (AKS) - Azure Kubernetes Service | Microsoft Learn.

Features that are currently in Public Preview and not yet GA

  • [Public Preview] AKS service mesh addon for Istio
    Azure Kubernetes Service (AKS) addon for service mesh based on Istio is now available in public preview. Istio addresses the challenges developers and operators face with a distributed or microservices architecture and can be used to streamline traffic management, security, and observability for service-to-service communication scenarios. The AKS addon for service mesh builds on top of open source Istio and provides additional benefits such as compatibility testing done between Istio with supported versions of AKS, managed external/internal ingresses, and scaling of Istio control plane components. To learn more about this addon and get started, visit: https://aka.ms/asm-aks-addon-docs. To learn more about the roadmap for service mesh area, visit: https://aka.ms/asm-roadmap.
  • [Public Preview] Fail Fast Upgrade on API Breaking change detection
    Azure Kubernetes Service (AKS) now supports fail fast on minor version change cluster upgrades. This feature alerts you with an error message if it detects usage on deprecated APIs in the intended goal version provided you are using the latest preview API version. Detecting the change at this stage saves you from having to spend time on post upgrade workload troubleshooting. The deprecated APIs are as per the Deprecated API Migration Guide | Kubernetes.
  • [Public Preview] Isovalent Cilium Enterprise through Azure Marketplace
    Isovalent Cilium Enterprise platform is now available through Azure Marketplace. With this offering, Isovalent Cilium Enterprise can be deployed on Azure with just a few clicks from the Azure Marketplace. You can either create a new Azure Kubernetes Service (AKS) cluster orseamless upgrade an existing AKS cluster running Azure CNI powered by Cilium with Isovalent Cilium Enterprise package. There is zero datapath downtime while upgrading Cilium OSS -> Cilium Enterprise via Azure Marketplace. In addition Azure Marketplace provides unified billing experience and an integrated experience for your Isovalent Cilium Enterprise usage while ensuring minimal management overhead for customers in maintaining the upgrades. The tight integration into the Azure platform simplifies operations by enabling auto-upgrades for minor versions. Try it out today on the Azure Marketplace. To learn more on Isovalent Cilium Enterprise Features, read Isovalent Blog Post and Isovalent Cilium Enterrpise Product Page.
  • [Public Preview] Node Resource Group (NRG) lockdown
    Node Resource Group Lockdown removes the ability for customers to modify resources created as part of the AKS cluster. Currently customers can directly modify and delete resources created by AKS, which can lead to an unstable environment. To reduce these scenarios, NRG Lockdown applies a deny assignment to the node resource group, and any changes must happen through the AKS control plane.
    To learn more, visit: https://aka.ms/aks/nrg_lockdown.

Other interesting tooling (outside of Azure Updates), which was demoed on the Azure Day with Kubernetes

  • [OpenSource] Kubectl OpenAI plugin
    This project is a kubectl plugin to generate and apply Kubernetes manifests using OpenAI GPT.
  • [OpenSource] Kubernetes Copilot
    Kubernetes Copilot powered by OpenAI. Copilot may generate and execute inappropriate operations, do not use in production environment! Features:
    • Automatically operate Kubernetes cluster based on prompt instructions;
    • Human interactions on uncertain instructions to avoid inappropriate operations;
    • Native kubectl and bash commands for accessing Kubernetes cluster;
    • Web access and Google search support without leaving the terminal.
  • [OpenSource] Azure Service Operator (for Kubernetes)
    Azure Service Operator (ASO) helps you provision Azure resources and connect your applications to them from within Kubernetes. If you want to use Azure resources but would prefer to manage those resources using Kubernetes tooling and primitives (for example kubectl apply), then Azure Service Operator might be for you.
  • [OpenSource] Kubernetes Event-driven Autoscaling (KEDA)
    KEDA is a Kubernetes-based Event Driven Autoscaler. With KEDA, you can drive the scaling of any container in Kubernetes based on the number of events needing to be processed. KEDA is a single-purpose and lightweight component that can be added into any Kubernetes cluster. KEDA works alongside standard Kubernetes components like the Horizontal Pod Autoscaler and can extend functionality without overwriting or duplication. With KEDA you can explicitly map the apps you want to use event-driven scale, with other apps continuing to function. This makes KEDA a flexible and safe option to run alongside any number of any other Kubernetes applications or frameworks.
  • [OpenSource] Carbon Aware KEDA Operator
    This Kubernetes operator that aims to reduce carbon emissions by helping KEDA scale Kubernetes workloads based on carbon intensity. Carbon intensity is a measure of how much carbon dioxide is emitted per unit of energy consumed. By scaling workloads according to the carbon intensity of the region or grid where they run, we can optimize the carbon efficiency and environmental impact of our applications. This operator can use carbon intensity data from third party sources such as WattTime, Electricity Map or any other provider, to dynamically adjust the scaling behavior of KEDA. The operator does not require any application or workload code change, and it works with any KEDA scaler. Use cases for the operator include low priority and time flexible workloads that support interuptions in dev/test environments. Some examples of these are non-critical data backups, batch processing jobs, data analytics processing, and ML training jobs.
  • [OpenSource] AKS Periscope
    Quick troubleshooting for your Azure Kubernetes Service (AKS) cluster. AKS Periscope allows AKS customers to run initial diagnostics and collect and export the logs (such as into an Azure Blob storage account) to help them analyze and identify potential problems or easily share the information to support to help with the troubleshooting process with a simple az aks kollect command. These cluster issues are often caused by incorrect cluster configuration, such as networking or permission issues. This tool will allow AKS customers to run initial diagnostics and collect logs and custom analyses that helps them identify the underlying problems.
  • [OpenSource] Inspektor-gadget
    Inspektor Gadget is a collection of tools (or gadgets) to debug and inspect Kubernetes resources and applications. It manages the packaging, deployment and execution of eBPF programs in a Kubernetes cluster, including many based on BCC tools, as well as some developed specifically for use in Inspektor Gadget. It automatically maps low-level kernel primitives to high-level Kubernetes resources, making it easier and quicker to find the relevant information.
  • [Public Preview] Azure Developer CLI - azd
    Azure Developer CLI (azd) is an open-source tool that accelerates the process of building cloud apps on Azure. The CLI provides best practice, developer-friendly commands that map to key stages in your workflow, whether you’re working in the terminal, your editor or integrated development environment (IDE), or DevOps. You can use the azd with extensible azd templates that include everything you need to get an application up and running in Azure. These templates include application code, and reusable infrastructure as code assets.
  • [Public Preview] Azure Kubernetes Service (AKS) DevX Extension for Visual Studio Code
    The AKS DevX extension for Visual Studio Code (Preview) is an extension focused on enhancing your day-to-day life as a developer on Azure Kubernetes Service. This extension is focused on non-cluster developer experiences. If you are more interested in cluster operations, download the aks-extension.
  • [General Available] Azure Load Testing
    Generate high-scale load without the need for complex infrastructure. Create tests quickly without prior knowledge of load testing tools, or run existing test scripts at scale with high-fidelity support for Apache JMeter. Streamline load testing with a fully managed service that automatically incorporates networking best practices to ensure a frictionless testing experience for public and private endpoints hosted on Azure or multicloud, on-premises, or hybrid environments.

For more information about the features that are coming out, please refer to the public roadmap of Microsoft AKS team.