Key announcements for AKS from KubeCon Europe 2024
Published Apr 24 2024 04:04 PM 1,967 Views
Microsoft

At KubeCon Europe 2024, we showed how Azure and Kubernetes can help you build and deploy intelligent applications. Even if you couldn’t visit us at the Microsoft booth or attend the conference sessions, you can read about all the exciting ways we’re making Azure Kubernetes Service (AKS) the best destination for all things cloud-native—including the latest AI and machine learning (ML) applications. With enhancements to security, performance, networking, observability, and more, AKS provides even more platform-as-a-service benefits on top of a smoother onboarding experience for a great end-to-end developer experience.

 

Powering AI, ML, and compute-intensive workloads

Principal PM Lead for AKS Jorge Palma gave the keynote address, where he explored what AI can do for your platform and how to balance cost and security. Open source tools can give you an advantage, and the new AI toolchain operator (KAITO) add-on for AKS is now in preview. KAITO simplifies the experience of training and inferencing for open-source large language models (LLMs). Using the Karpenter node autoprovisioning functionality, KAITO helps you run AI workloads more cost-effectively by provisioning graphical processing units (GPUs) right when you need them. In other GPU news, AKS now supports Windows GPUs, enabling you to run compute-intensive workloads on Windows nodepools.

 

As the number of Kubernetes clusters grows from hundreds to thousands, you need a way to efficiently manage your platform. We continue to work with the open-source community to extend fleet workload orchestration. With Azure Kubernetes Fleet Manager, you can now schedule workloads to clusters based on new heuristics such as cost and availability of resources. You can also customize cluster-specific resources by targeting groups of clusters through resource override.

 

We’re proud to work with the open-source community on these enhancements. We also contributed to OpenTelemetry on another big milestone: HTTP semantic conventions declared stable.

 

Making Kubernetes easier to adopt

Misconfigurations are the bedbugs of Kubernetes deployments. To make life easier for dev teams, we added safety guardrails to AKS based on Azure Policy controls. You can now configure Deployment safeguards (preview) that apply Kubernetes best practices and notify you of misconfigurations in your AKS cluster. You can even enforce compliance and deny deployments that don’t follow best practices.

 

If you’re a Windows developer, you can now take advantage of Windows Gen 2 VMs and custom kubelet configuration. With these features, you can expect your Windows workloads to run on AKS with better performance, security, and compatibility. Gen2 VMs on Windows are supported for WS2022 only.

We’ve also made it easier to track the everyday costs associated with running Kubernetes clusters. The cost analysis add-on for AKS is now generally available. You can use Azure portal to view costs with Kubernetes-specific levels of granularity, such as by namespace, pod, and cluster in addition to Azure asset categories.

 

Improving security and networking

We announced a host of new security features at KubeCon Europe 2024, starting with Trusted launch (preview). It improves the security of Gen 2 VMs by protecting against advanced and persistent attack techniques.

In addition, the security improvements in the latest Kubernetes 1.29 release (Mandala) are now available to preview in AKS. You can check out ReadWriteOncePod, PersistentVolume access mode, CSI Node Expand Secret feature, and more.

 

Diving deep into network management, we added Azure CNI static block IP allocation for AKS (preview). Now Azure CNI can dynamically allocate pod IPs from a subnet separate from the subnet hosting the AKS cluster. That means better IP utilization, performance, scaling, and policy support.

In related CNI news for Linux users, AKS now supports dual stack networking. Azure CNI Overlay allows nodes and pods to have both IPv4 and IPv6 addresses, enhancing connectivity and application compatibility.

AKS also provides more control over a cluster’s network security group (NSG). You can now directly configure allowed host ports in your node pool settings—you specify the allowed host ports on your node pools and add these pools to an Application Security Group. Also, nodes in a node pool can now receive their own dedicated public IP addresses. You can use instance level public IP tags to choose how your traffic routes between Azure and the Internet. And if your services require direct access to a node's public IP without an intermediary like a load balancer, host ports can now be automatically assigned for pod workloads.

 

Adding more scalability and observability

We’re always looking for ways to empower developers to do more, and now AKS supports more scalability, performance, and observability in the control plane. In the Standard tier, you now have the performance you need to run larger workloads—anything from batch processing jobs and simulations to ML and multitenanted clusters. Standard tier supports up to a maximum of 5,000 nodes and 100,000 pods per cluster.

 

If you want to track all those workloads using Prometheus metrics, now you can. Azure Monitor managed service for Prometheus enables you to collect and analyze metrics at scale based on the Prometheus project from the Cloud Native Computing Foundation. This service debuted last year in 26 regions and is now available in 13 additional public Azure regions.

AKS supports Kubernetes Logs metadata as well. You can query objects using labels and selectors and perform bulk actions on specific subsets, like consumption or updates.

 

For services that use a load balancer, you can now switch the inbound pool type in AKS for greater efficiency in provisioning VMs. This improvement is particularly beneficial for clusters with large numbers of nodes.

 

Managing storage volumes with Azure Container Storage

Last year at KubeCon North America, we released the preview of Azure Container Storage, a fully managed, cost-efficient volume orchestration service built natively for Kubernetes. This year, we have announced notable enhancements that improve costs and simplify tedious tasks, such as manually managing volumes.

 

Azure Container Storage can help you avoid scaling bottlenecks and other challenges that come with running stateful container applications—including the cost of running persistent storage. Check out the overview.

 

Learn more

For more information about working with AKS:

Co-Authors
Version history
Last update:
‎Apr 24 2024 04:05 PM
Updated by: