Azure Kubernetes Service (AKS) continues to set the standard for cloud-native platforms, delivering innovations that simplify Kubernetes management and accelerate adoption across industries. At KubeCon North America 2024 and Microsoft Ignite 2024, the spotlight was firmly on advancements designed to empower developers, operators, and businesses in their cloud-native journey.

In this blog post, we’ll dive into the key highlights from these landmark events, providing a curated summary to help you stay ahead of the curve in the evolving Kubernetes ecosystem.

Key Highlights from KubeCon North America 2024

Network Isolated Clusters (Preview): Isolate AKS clusters from external networks for enhanced security. This feature ensures that your clusters are protected from potential external threats, providing a more secure environment for your applications.

Azure Linux 3.0 (Preview): The latest iteration of Azure Linux, optimized for container workloads. Azure Linux 3.0 brings improved performance and reliability, making it an ideal choice for running containerized applications.

Advanced Container Networking Services (GA): Improved networking capabilities for containerized applications. These services enhance the connectivity and performance of your containerized workloads, ensuring seamless communication between different components.

FQDN Network Policies (Preview): Manage traffic based on Fully Qualified Domain Names, offering granular network control. This feature allows you to define network policies that control traffic flow based on domain names, providing more precise control over your network traffic.

Static Egress Gateway (Preview): Streamline outbound traffic with static egress IP addresses. This feature simplifies the management of outbound traffic by providing static IP addresses, making it easier to manage and secure your network.

Mixed SKU Node Pools (Preview):Use node pools with varying VM sizes, allowing cost optimization and workload customization. This feature enables you to optimize costs and tailor your node pools to meet the specific needs of your workloads.

Seccomp Default Profiles (Preview): Strengthen container security with default Seccomp profiles. These profiles provide an additional layer of security by restricting the system calls that containers can make, reducing the attack surface.

Fleet Manager: Simplify management of multiple AKS clusters with a unified interface. Fleet Manager provides a centralized interface for managing multiple clusters, making it easier to oversee and maintain your Kubernetes environment.

Multi-cluster Auto-upgrade (Preview): Automatically upgrade multiple AKS clusters in a coordinated manner. This feature ensures that your clusters are always up-to-date with the latest features and security patches, reducing the administrative burden.

Cross Cluster Workload Placement (GA): Deploy workloads across multiple AKS clusters for higher resilience and scalability. This feature allows you to distribute your workloads across different clusters, enhancing the resilience and scalability of your applications.

Hyperlight: Hyperlight is a groundbreaking open-source project from Microsoft’s Azure Core Upstream team, designed to execute lightweight functions securely and efficiently. Built in Rust, Hyperlight employs hypervisor-based isolation, creating new virtual machines in just 1–2 milliseconds for each function call. This innovation provides robust protection for untrusted code execution, combining strong security guarantees with near-instantaneous performance.

Key Highlights from Microsoft Ignite 2024

AKS Security Dashboard - Defender (Preview): AKS is introducing a security dashboard in the portal. You can now have full visibility over the vulnerabilities of runtime and host in your AKS cluster. The Defender for Cloud blade in the Azure Kubernetes Service (AKS) portal offers a simplified and streamlined experience for the resource owner or a cluster administrator.

Trusted Launch Enabled AKS Nodes (Preview): Trusted launch improves the security of generation 2 virtual machines (VMs) by protecting against advanced and persistent attack techniques. It enables administrators to deploy AKS nodes, which contain the underlying virtual machines, with verified and signed.

IMDS Restriction (Preview): Restrict access to Instance Metadata Service (IMDS) for improved security. This feature enhances the security of your AKS clusters by limiting access to the metadata service, reducing the risk of unauthorized access.

Auto-instrumentation with Application Insights (Preview): Auto-instrumentation automatically injects the Azure Monitor OpenTelemetry distro into your application pods to generate application monitoring telemetry. This feature simplifies the process of monitoring your applications, providing valuable insights into their performance and health.

Upgrade Algorithm Improvements (GA): AKS upgrades currently fail when encountering a Pod drain failure. To improve upgrade efficiency, a new algorithm is being introduced. It allows you to configure upgrades so that if a node is blocked, AKS will use any available surge capacity to continue upgrading other nodes, labeling the blocked node as 'quarantined'. Failure error messages are updated to reflect the post-upgrade status accurately.

Fleet Property-based Scheduling/Override (Preview): Assign workloads based on custom properties across multiple clusters. This feature provides more flexibility in managing your workloads, allowing you to schedule them based on specific properties.

New: Multi Region Compute Fleet - Dynamically distribute workloads across regions: Achieve seamless multi-region scaling and workload distribution with the new Multi-Region Compute Fleet feature. Designed to optimize resource utilization and enhance application availability, this feature allows you to dynamically deploy and manage compute resources across multiple Azure regions. 

AKS Automatic Dynamic System Node Pools (Preview): Dynamically scale system node pools based on workload requirements. This feature allows your AKS clusters to automatically adjust the size of system node pools, ensuring optimal resource utilization.

With these innovations, AKS and Azure’s cloud-native platforms are better positioned to meet the demands of modern, complex Kubernetes workloads.

Explore Further:

For a deeper dive into these features and announcements:

• Check out the AKS blog for KubeCon for updates from the open-source community and AKS product team.
• The Ignite session catalog is your one-stop reference. This link points to a search for all AKS and Kubernetes related announcements.
• Subscribe to the AKS YouTube channel, where you can catch Brendan Burns’ video on Microsoft’s open-source investments (watch here) and the recordings from the AKS Pre-Day
• For KubeCon sessions most talks were recorded and are already available on the CNCF YouTube channel. You can also find session slides on the KubeCon schedule webpage.
• AKS Blog: http://aka.ms/aks/blog
• AKS Public Roadmap: https://aka.ms/aks/roadmap ​