Speed Innovation with Arc-enabled Kubernetes Applications

As our annual Ignite conference begins in Chicago, I am delighted to share the latest in our effort to empower our customers to rapidly build and scale applications across boundaries: Azure Container Storage, Azure Key Vault Secret Store, Arc Gateway, Azure Monitor Pipeline, Workload Identity Federation, new options for AI workloads with AKS Arc, and the launch of our Azure Arc ISV partner program. In addition, we just published a white paper with more details.

In today’s quickly evolving business environment, speed and agility in software innovation are crucial for companies to compete. Organizations of all shapes and sizes need to rapidly build (or buy), deploy, and operate secure, resilient applications to stay competitive. Cloud computing has revolutionized how companies do this with modern, cloud native practices. But many applications don’t just run in the cloud, they run across the vast, distributed landscape that defines customer environments today.

		Coles, an Australian supermarket retailer, needed to streamline their development and update process for the applications their customers depend on whether they are in-store, online or engaged in a hybrid experience using their mobile app.
		Emirates Global Aluminium needed to optimize production, support advanced AI and automation solutions, enhance cost savings by applying intelligence at the edge, and optimize processing for massive amounts of real-time readings from sensors, machinery, and production lines.

Delivering on the needs of organizations like Coles and Emirates Global Aluminum requires specific technologies that help teams reduce complexity and increase release velocity across the application development lifecycle. I like to think of these in three groups, representing areas of investment for us today and moving forward.

As customers invest in applications to fuel their business, many of these solutions come from the broad ecosystem of independent software vendors (ISVs). We are taking an ecosystem approach, helping ISVs to develop and market modern, Arc-enabled applications.  This is why I am very excited to announce our Azure Arc ISV partner program and our first set of Arc-enabled applications in the Azure Marketplace.

Below is a full list of the announcements we are making for this space at Ignite:

Announcements

New capabilities for the development of enterprise-class Kubernetes applications

• Azure Container Storage: At the edge, customers experience multiple challenges with data: sharing, resiliency, storage capacity, space management, and cloud connection, among others. We are proud to announce Azure Container Storage enabled by Azure Arc (ACSA), a first-party Kubernetes native Arc extension designed to solve these customer edge storage needs. ACSA offers high availability and fault tolerance for Kubernetes clusters ReadWriteMany persistent volumes that can be provisioned as Kubernetes native Persistent Volume Claims (PVCs). Available configuration options include keeping data local or transferring it to Azure storage services, such as Blob, ADLSgen2 and OneLake Fabric. ACSA is suitable for production workloads and is available as a standard component of the Azure IoT Operations GA release.
  
  
• Azure Key Vault Secret Store: Customers need the confidence and scalability that comes with unified secrets management in the cloud, while maintaining disconnection-resilience for operational activities at the edge. To help them with this, the Azure Key Vault Secret Store Extension for Arc-enabled Kubernetes automatically synchronizes secrets from an Azure Key Vault to a Kubernetes cluster for offline access. This means customers can use Azure Key Vault to store, maintain, and rotate secrets, even when running a Kubernetes cluster in a semi-disconnected state. Synchronized secrets are stored in the cluster secret store, making them available as Kubernetes secrets to be used in all the usual ways—mounted as data volumes or exposed as environment variables to a container in a Pod. 
  
  
• Azure Arc Gateway: Customers face challenges with complex network configurations and multiple endpoints, which can be difficult to manage and secure. The Azure Arc Gateway for Arc-enabled Kubernetes alleviates these issues by reducing the number of required endpoints for using Azure Arc, thereby streamlining the enterprise proxy configuration. This simplification makes it significantly easier for customers to set up their networks and leverage the full capabilities of Azure Arc. By centralizing network traffic through a single, unique endpoint, the Azure Arc Gateway not only enhances security by minimizing the attack surface but also improves operational efficiency by reducing the time and effort needed for network setup and maintenance. This centralized approach ensures that customers can manage their Kubernetes clusters more effectively, providing a seamless and consistent experience across diverse environments.
  
  
• Azure Monitor Pipeline: As enterprises scale their infrastructure and applications, the volume of observability data naturally increases, and it is challenging to collect telemetry from certain restricted environments. We are extending our Azure Monitor pipeline at the edge to enable customers to collect telemetry at scale from their edge environment and route to Azure Monitor for observability. With Azure Monitor pipeline at edge, customers can collect telemetry from the resources in segmented networks that do not have a line of sight to cloud. Additionally, the pipeline prevents data loss by caching the telemetry locally during intermittent connectivity periods and backfilling to the cloud, improving reliability and resiliency.
  
  
• Workload Identity Federation: Customers need both simplicity and strong security from their workload identity management, especially when their solutions run in or across distributed environments. Workload Identity Federation delivers this by allowing software workloads running on Kubernetes clusters to access Azure resources without using traditional application credentials like secrets or certificates, which pose security risks. Instead, you can configure a user-assigned managed identity or app registration in Microsoft Entra ID to trust tokens from an external identity provider (IdP) like Kubernetes. This authentication option eliminates the need for manual credential management and reduces the risk of credential leaks or expirations. 

Creating an ecosystem of Arc-enabled Kubernetes applications

• Azure Arc ISV partner program: Customers want the ability to utilize third-party (3P) software to build their enterprise applications on Kubernetes. Currently, customers have to run multiple scripts to install any third party application on an Arc-enabled Kubernetes cluster. We are excited to announce the launch of our Azure Arc ISV ecosystem, which enables Azure to be a one-stop-shop. Now customers can install an application that has been validated on Arc and enabled onto their cluster through the Azure portal. With the click of a button in the Azure portal, users can install MongoDB, Redis, CloudCasa, MinIO, and DataStax on their Arc-enabled Kubernetes cluster. This enables customers to develop using enterprise grade tools on top of Azure Arc. This program will enhance the developer ecosystem as we onboard more and more partners.
  
  

Exciting new ways to engage and get started 

Join the Adaptive cloud community: Connect with professionals passionate about hybrid, multi-cloud, and edge technologies. This space is designed for those looking to engage with peers and Microsoft experts, explore the latest in Azure Arc, Azure Local, AKS, and IoT, and expand their knowledge through valuable resources and discussions. Whether you are just starting out or an industry professional, this community is the perfect platform to share insights, ask questions, and grow your skills in the evolving Adaptive cloud ecosystem. Learn more about ways to get involved on our Adaptive cloud GitHub.

• Join the Adaptive cloud Community LinkedIn Group
• Join the Adaptive cloud Community Teams Channel

Visit Arc Jumpstart: Explore the resources available to help you learn what Azure Arc can do for you and your business. Recent additions include Jumpstart Drops, an opportunity to contribute to and use community contributions, and Jumpstart Agora Hypermarket an industry scenario bringing the power of the Adaptive cloud approach for retail to life.

I hope you enjoy the week visiting or tuning into Microsoft Ignite. You can find a full listing of opportunities to learn more about our Adaptive cloud approach at Ignite here: aka.ms/AdaptiveCloudIgnite.