Scale, secure, and optimize Azure Kubernetes Service (AKS)

We’re committed to making AKS the easiest to use managed Kubernetes service for developers and platform teams. Recently, Microsoft was named a leader in the Gartner MQ for Container Management for the second year in a row. At Microsoft Ignite 2024, we’re building on that achievement by announcing new capabilities that simplify operations, enhance security, and enable efficient resource utilization and better observability. Read on for more details on the latest announcements and AKS content at Ignite.

Simplify operations

AKS is designed to simplify Kubernetes adoption for teams of all skill levels. With the introduction of AKS Automatic at Microsoft Build, managing Kubernetes clusters has never been easier. AKS Automatic automates cluster setup and management, embedding best practice configurations to ensure security, performance, and dependability. New capabilities in AKS Automatic and upgrade process enhancements make setup and operations more reliable.

• Dynamic VM SKU selection in AKS Automatic (public preview). Automatically select an appropriate virtual machine SKU for the system node pool based on the capacity available in your Azure subscription.

• Upgrade algorithm enhancements (generally available). An improved upgrade algorithm makes upgrades more reliable by allowing to use any available surge capacity to continue upgrading other nodes if a node is blocked.

• Multi-cluster auto-upgrade in Azure Kubernetes Fleet Manager. Create auto-upgrade profiles that configure a trigger to automatically create and start an update run when new Kubernetes or node image versions are published to Azure.

• Auto-instrumentation for Application Insights (coming soon). Auto- instrumentation enables Application Insights to make telemetry like metrics, requests, and dependencies available in your Application Insights resource. It provides easy access to Application performance monitoring (APM) experiences such as the application dashboard and application map.

Enhance security

Security is a top priority for teams building and operating cloud-native applications. AKS and Azure offer advanced security features to protect your workloads from code to cloud. Defender for Containers, part of Microsoft Defender for Cloud, provides a multi-layered security approach, offering risk-based posture recommendations, vulnerability assessments, and threat protection capabilities. Additionally, the Containers Secure Supply Chain (CSSC) framework offers best practices across the container lifecycle, ensuring your applications are secure from development to deployment. We’re excited to announce new features that improve the security posture of workloads on AKS.

• Trusted launch (generally available). Trusted launch improves the security of generation 2 VMs by protecting against advanced and persistent attack techniques. It enables administrators to deploy AKS nodes, which contain the underlying virtual machines, with verified and signed bootloaders, OS kernels, and drivers. By using secure and measured boot, administrators gain insights and confidence in the entire boot chain's integrity.

• AKS security dashboard (public preview).  You now have full visibility over the host and runtime vulnerabilities in your AKS cluster. The AKS security dashboard (accessed through the Defender for Cloud blade in the AKS portal view) offers a simplified and streamlined experience for the resource owner or a cluster administrator. This capability provides granular visibility into container posture assessments (vulnerability assessment, compliance, security best practices, CVE remediation) and offers actionable security insights at a cluster level without the cluster admin having to leave the AKS portal.

Optimize resources

Platform operators are under increasing pressure to ensure resources are utilized efficiently. Features like node auto-provisioning efficiently allocate infrastructure by provisioning the right-sized virtual machines (VMs) for your workloads, reducing the burden of designing node pool configurations. New features at Ignite make it easier to schedule workloads efficiently across multiple clusters and have visibility into detailed metrics.

• Intelligent workload scheduling in Azure Kubernetes Fleet Manager (generally available). Fleet operators frequently face the challenge of selecting the optimal clusters for workload placement, considering factors like compute costs and available resources such as memory and CPU. Managing Kubernetes resources across multiple clusters manually can be a tedious task. Fleet offers a resource placement capability that automates scheduling decisions based on properties like node count, compute costs in target member clusters, and resource availability (CPU/Memory) in those clusters. Additionally, operators now have the flexibility to "override" cluster and namespace-level resource configurations based on cluster labels, simplifying the deployment of workloads across multiple clusters.

AKS at Microsoft Ignite 2024

With these new announcements, AKS continues to innovate and lead in the Kubernetes space, making it easier for users of all skill levels to adopt and use Kubernetes effectively. We look forward to seeing you during Ignite, either virtually or in-person! See the table below for a list of all the AKS related sessions at Ignite.

You’re also invited to watch the replays from our pre-day event at KubeCon North America in Salt Lake City and to attend our pre-days at KubeCon India in Delhi, Dec 9 – 13. If you can’t attend, you can always catch the replays on the AKS Community YouTube channel.

Ready to get started? Try the AKS Automatic QuickStart to see how easy it is to get up and running.