Azure Kubernetes Service KubeCon NA 2022 Announcements
Welcome to KubeCon North America 2022! At KubeCon NA 2022, we are announcing several new features for Azure Kubernetes Service (AKS) to give you increased performance and help you operate your Kubernetes clusters and workloads at any scale. We’ve also continued to innovate in the open on improving the security posture and landscape. The end result? A seamless and secure platform for your applications every need.
Performance and operating at scale
More and more customers are looking for additional performance and scale capabilities for their applications running on AKS. We are continuing to make investments across different areas to address this to meet customer demand. We are excited to announce:
Public preview of Azure CNI powered by Cilium
Azure CNI Powered by Cilium is the next-generation networking platform that combines two powerful technologies, viz. Azure CNI that provides a scalable and flexible Pod networking control plane integrated with the Azure Virtual Network stack and Cilium open-source project, a pioneer in providing eBPF-powered data planes to create a modern container networking stack that meets the demands of cloud native workloads.
Azure CNI powered by Cilium supports vnet mode to provide flexibility in network design and overlay mode to minimize IP address utilization concerns while providing direct routing for high performance datapath via azure virtual network stack.
VPA on AKS is based on the Open-Source Virtual Pod Autoscaler which frees users from the necessity of setting up-to-date resource limits and requests for the container in their pods. When configured, it will set the requests automatically based on usage and thus allow proper scheduling onto nodes so that appropriate resource amount is available for each pod. It will also maintain ratios between limits and requests that were specified in the initial container’s configuration.
It can both down-scale pods that are over-requesting resources, and up-scale pods that are under-requesting resources based on their usage over time.
General availability of Premium SSD v2 disks
For those looking to balance performance and cost of storage, we are pleased to share that Premium SSD v2 disks on Azure Disk CSI driver is now generally available. Azure Premium SSD v2 disks allow you to independently provision and scale IOPS, throughput, and capacity based on your workload requirements to cost-effectively run and scale transaction-intensive workloads with sub-millisecond latencies. You can now create custom Storage Classes using this new disk SKU to meet your cost and performance requirements.
Soon to be General availability of Azure Blob Container Storage Interface
Support for Azure Blob Container Storage Interface (CSI) driver is soon to be generally available in AKS. Azure offers a unique capability of mounting Blob Storage as a file system to a Kubernetes pod or application using BlobFuse or NFS 3.0 options. This allows you to use blob storage with a number of stateful Kubernetes applications including HPC, Analytics, image processing, and audio or video streaming. Previously, you had to manually install and manage the lifecycle of the open-source Azure Blob CSI driver including deployment, versioning, and upgrades. Now, you can use the Azure Blob CSI driver as a managed addon in AKS with built in storage classes for NFS and BlobFuse, reducing the operational overhead and maximizing time to value.
Security in the Open
Security is always top of mind for customers. On AKS we are continually evolving our security capabilities to stay in front of attack vectors. We do this in a lot of cases by making Open-Source contributions that we can leverage in AKS. We are excited to announce the following capabilities which will enhance your security posture when leveraging AKS:
Public preview of Image Cleaner on AKS
While it is common for build pipelines to deploy images on AKS clusters, it is not as common for pipelines to remove the stale images left behind, which can introduce unwanted risk to your nodes. To mitigate this, we have introduced Image Cleaner based on project Eraser to clean unused images from your nodes to reduce the risk automatically.
Image Cleaner is a managed AKS addon that will generate a list of images on the AKS worker nodes based on a configurable schedule. The list will disqualify any images that are attached to running pods, and any images that customers want to exclude. Next, Image Cleaner will run a purge job on each node to remove any images that are remaining on the list.
Public preview of Mariner Container Optimized OS on AKS
In another important step for the CBL-Mariner(aka Mariner) project, we’re pleased to announce the public preview of Mariner as a container host for Azure Kubernetes Service (AKS). Mariner is in production today with services such as Xbox, Playfab, MineCraft and 100+ Azure services - today we are delighted to share that the AKS container host used by these services is available to all AKS customers.
Public preview of AKS 1.25
We are also announcing public preview of AKS 1.25 which brings many new capabilities to the platform, including:
PodSecurityPolicy is removed, Pod Security Admission graduates to Stable
Ephemeral Containers Graduate to Stable
Support for cgroups v2 Graduates to Stable
Improved Windows Support
Promoted SeccompDefault to Beta
Support for Kata Containers on AKS for Isolation and Pod Sandboxing
Kata Containers is a popular widely deployed open-source project that helps customers isolate the containers in a lightweight VM to achieve stronger workload isolation. Kata containers deployed on top of an Azure-tuned Mariner Kernel and Cloud-Hypervisor brings hardware enforced isolation with dedicated kernel per pod. This paves the way to achieve higher security for workloads especially when they share a single AKS cluster. Support for Kata Containers is coming soon in limited preview.
General availability of CSI Extensible API
You also have the ability to disable or enable any of the AKS-supported CSI drivers (Disk, Files, Blob, etc.) using the CSI Extensible API, now generally available in AKS. This enables you to maximize resource utilization or use your own custom OSS drivers with AKS.
Azure Kubernetes Fleet Manager to address multi-cluster and at-scale scenarios like Kubernetes resource propagation and multi-cluster load balancing across multiple AKS clusters.
Kubernetes apps to enable partners to create, publish, and manage commercial Kubernetes solutions in the Azure marketplace with click through deployments to Azure Kubernetes service and flexible billing models.
If you are attending KubeCon, be sure to stop by the Microsoft booth to learn more about these features and see demos. If you are attending in-person, join us for booth theatre sessions delivered by Microsoft product experts and our partners. Brendan Burns, co-founder of Kubernetes, will be at the Microsoft booth on Thursday 1:30pm to answer your questions and do a book signing.
Finally, don’t forget to check out the Microsoft Activation Zone featuring Forza Horizon 5 on AKS and compete with your fellow attendees to win cool prizes!
And next month, join us on Nov 15th for Ask the Experts: Discover, innovate, and scale with Azure Kubernetes as Microsoft experts Brendan Burns (co-founder of Kubernetes), Bridget Kromhout, Sean McKenna, Jorge Palma, Rita Zhang, and Lachie Evenson discuss containers, Kubernetes, and the future of cloud-native application development.