Last week at KubeCon + CloudNativeCon Europe 2022, we announced the general availability of the Open Service Mesh (OSM) extension for Arc-enabled clusters, Kubernetes secrets encryption with keys stored in Azure Key Vault, and more.
At Microsoft Build, we are announcing several enhancements to the developer and operator experiences for Azure Kubernetes Service (AKS).
Kubernetes for all developers
When developers approach building applications that run on top of Kubernetes, they need to learn many infrastructure concepts, like containerization, Kubernetes manifests, and ingresses, which significantly increases their cognitive overload. As we’re building Azure Kubernetes Service (AKS), we want it to be a destination for all developers with the best getting started experience on Kubernetes, whether it is their first-time trying Kubernetes, or launching an application quickly for testing purposes.
We are excited to bring an initial set of capabilities to Azure Kubernetes Service (AKS) to enable developers to start from source code, and get a non-containerized application deployed on a Kubernetes cluster with secure web application routing out of the box in minutes while supporting a variety of ways to scale the application.
Draft integrated experience (preview)
To address getting from code-to-container-to cloud, we’ve released version 2 of Draft, the open-source project that streamlines Kubernetes development. Draft makes it easier for developers to get started building apps that run on Kubernetes by taking a non-containerized application and generating the Dockerfile, Kubernetes manifests, Helm charts, Kustomize configuration, and other artifacts associated with a containerized application. Draft can also generate a GitHub Actions workflow file to quickly build and deploy applications onto any Kubernetes cluster.
We’re integrating the Draft experience into AKS. Developers will be able to use Draft with AKS using the Azure Command Line Interface (CLI), Visual Studio Code, and later through the Azure portal, to get from source code to a container image that is stored in an Azure Container Registry along with a GitHub Actions workflow to deploy the resulting application to an AKS cluster using a few commands:
git clone https://github.com/myrepo/ContosoAir
az aks draft create --destination ./ContosoAir
az aks draft generate-flow --destination ./ContosoAir
git push
Web application routing add-on (preview)
One of the most common activities that come after deploying a web application is DNS configuration and certificate management. We’re happy to announce the public preview of the web application routing add-on on AKS, the easiest way to get your web application up and running in Kubernetes, securely, while reducing the complexity of managing an ingress controller, certificate management, and DNS configuration. The add-on provides a managed ingress controller based on nginx and integrates out of the box with Open Service Mesh (OSM) to secure intra-cluster communications using mutual TLS.
Scaling apps using Kubernetes-based Event Driven Autoscaling (KEDA) (preview)
Cloud-native applications may have several components that require different scale metrics. Kubernetes enables applications to scale through processor and memory utilization, however, this may be insufficient. Kubernetes-based Event-driven Autoscaling (KEDA) is a popular open-source project to handle autoscaling. KEDA allows developers to set scale rules declaratively based on several metrics including Azure Storage Queue, Azure Service Bus, and over 50 scalers.
The KEDA AKS extension provides a way to enable KEDA on AKS clusters. By enabling the KEDA add-on using the Azure CLI, the add-on provides a fully supported installation of KEDA that is integrated with AKS. With the KEDA AKS extension enabled, deployments can be scaled down to 0 pods, decreasing consumption when not needed. When new requests arrive, KEDA activates the deployment to respond to incoming traffic.
Streamlined experience for operators
AKS is constantly evolving to ensure cluster operators get a streamlined experience while managing their Kubernetes environments. Here is a summary of a series of updates that address such requirements across networking, cluster operations management, and performance optimizations.
Networking updates
- HTTP proxy support is now generally available, to allow you to deploy clusters behind company proxies by exposing a straightforward interface that cluster operators can use to secure AKS-required network traffic in proxy-dependent environments.
- On the networking space, managed Network Address Translation (NAT) gateway integration is now generally available as the preferred egress choice for clusters. This allows up to 64,000 outbound UDP and TCP traffic flows per IP address with a maximum of 16 IP addresses.
- Dynamic allocation of pod IPs and pod subnets is now generally available, allowing increased granular control and efficiency of the cluster IP space.
Cluster operations management
- We want to make sure we provide as much visibility and transparency as we can, so AKS will now be piloting the AKS release tracker. The release tracker is where cluster operators can monitor the status of AKS releases across Azure regions to find when a new fix or feature is deployed. Releases will be directly mapped to the AKS release notes. Learn mode: https://aka.ms/aks/release-tracker
- We’re announcing the general availability of alias minor version. With this feature, you can create clusters and node pools without specifying the exact Kubernetes patch version. When creating a cluster without specifying a patch, the cluster will run the minor version's latest patch.
- Now in public preview, custom certificate authority trust lets you to establish trust between your Azure Kubernetes Service (AKS) cluster nodes and your resources, such as private registries, proxies, and firewalls. A Kubernetes secret is used to store the certificate authority's information, then it's passed to all nodes in the cluster.
- Speaking of trust, the Center for Internet Security (CIS) Ubuntu baseline is now available for AKS Ubuntu worker nodes. This security configuration is based on the Azure Linux security baseline which aligns with CIS benchmark. With this baseline, you can now attest to the state of CIS compliance for your Ubuntu worker nodes.
Performance optimization
- On the cluster performance optimization front, custom node configuration is now generally available. Customizing your node configuration allows you to configure or tune your operating system (OS) settings or the kubelet parameters to match the needs of the workloads
- With the release of Ampere-Altra Arm based node support in AKS, you can now create Arm 64-bit Ubuntu agent nodes as well as mix Intel and Arm architecture nodes within a cluster, which can deliver up to 50 percent better price-performance than comparable x86-based virtual machines for scale out workloads.
- Windows Server 2022 provides new features and significant improvements compared to Windows Server 2019. With this new public preview feature, Windows Server 2022 is now supported on AKS. Among other improvements related to security, Windows Server 2022 also provides several platform improvements for Windows containers and Kubernetes.
-
Finally, to deliver the best experience and performance when running business critical stateful workloads on AKS, we are introducing replica mounts on Azure Disk persistent volumes which automatically pre-creates replica attachments to ensure that your volume will be rapidly available when your pods failover between cluster nodes. Replica mounts are tightly integrated with Kubernetes, to optimize pod placement, and maximize uptime for stateful applications. Along with replica mounts, the latest version of the Azure Disk Container Storage Interface (CSI) driver provides the ability to fine tune performance and increased reliability at scale. If you are interested in participating in the preview, you can get started by requesting access.
Bringing Kubernetes anywhere with Azure Arc
Hybrid and multicloud is a prevalent state in many organizations today and this approach is critical to business success. With Azure Arc-enabled Kubernetes, we are extending the Azure platform so you can build Kubernetes apps and run them consistently across datacenters, edge and multicloud environments.
We’re excited to bring several new capabilities to Azure Arc-enabled Kubernetes to help developers simplify deployment across these multiple locations.
Open Service Mesh for Arc-enabled Kubernetes clusters
The Open Service Mesh extension is now generally available for Azure Arc-enabled Kubernetes clusters. This allows users to uniformly manage, secure, and get out-of-the-box observability features for highly dynamic microservice environments. The extension is lightweight and can be configured Service Mesh Interface APIs and works by injecting Envoy proxy as a sidecar to each application instance. This service mesh provides some of the core features like mTLS traffic encryption between microservices, traffic splitting, access control policies, observability for application performance and much more.
Azure Key Vault secrets provider extension for Arc-enabled Kubernetes
Today, we announced the general availability of Azure Key Vault secrets provider on Arc-enabled Kubernetes clusters. It allows workloads on Arc clusters to access keys, secrets, certificates stored in an Azure Key Vault. Using a centralized secrets store instead of creating Kubernetes secrets locally on the cluster strengthens the security profile of applications. Based on the key rotation frequency enabled for Azure Key Vault, users can customize the polling interval for this extension, the default being 2 minutes. With this extension, you could have multiple teams scoped to namespaces limit the access to their keys or secrets to just their namespaces. At present, the identity mode supported for Arc clusters is Service Principal. Support for workload identity is in the roadmap. Learn more about AKV secrets provider for Arc clusters.
General availability of Flux v2 support for Arc-enabled Kubernetes clusters
Today, we are announcing the general availability of GitOps with Flux v2 in Azure Kubernetes Services and Azure Arc-enabled Kubernetes. With this release, Azure supports GitOps configuration and workload management for your entire cloud and hybrid Kubernetes estate – clusters in AKS and clusters on-premises or in other public clouds. Flux v2 is a major update bringing a Kubernetes-native architecture, observability, and multi-tenancy among other improvements. With a single tool and process, you can manage your modern applications in Kubernetes everywhere.
Landing Zone Accelerator for Arc-enabled Kubernetes
Following our release a few months ago of the new landing zone accelerator for Azure Arc-enabled servers, today, we’re launching the Azure Arc-enabled Kubernetes landing zone accelerator within the Azure Cloud Adoption Framework. The landing zone accelerator provides best practices, guidance, and automated reference implementations so that customers can get started with their deployments quickly and easily. Learn more about the Azure Arc-enabled Kubernetes landing zone accelerator.
Azure Arc Jumpstart ArcBox for DevOps
With the growing number of Azure Arc customers and with Azure Arc-enabled Kubernetes being the foundation for other Azure Arc services such as data services, machine learning, and app services, and integrated as part of our new Azure Arc-enabled Kubernetes landing zone accelerator, it was obvious to us that we needed to develop battle-tested automation to provide our customers a way to get hands-on with the Azure Arc-enabled Kubernetes set of capabilities and features.
Since we released Jumpstart ArcBox 2.0 and the new ITPro flavor back in January, the number of positive responses and customer adoption has been awesome. The new ArcBox modular design allows us to bring new flavors easily and today, we are excited to share the newest flavor - ArcBox for DevOps!
Learn more
We are excited to see what you’ll build. Learn more about these updates and more through the following resources.
- Watch the session on Microsoft Build and read the latest on how Azure powers your app innovation and modernization with the choice of control and productivity you need to deploy apps at scale.
- Watch the scale cloud-native apps and accelerate app modernization keynote to learn more.
- Join the Ask the Experts session to have a chat with the team.