The Azure Arc team is excited to bring a new set of capabilities to preview! In the new Azure Arc enabled Kubernetes 1.1 release customers may now turn on additional Azure integrated services for your Azure Arc enabled clusters using the Azure Portal, CLI or REST APIs. These new extension APIs give customers a unified way to turn on additional cluster services and the Azure Arc platform takes care of installing and updating those integrations over time.
Extensions greatly simplify onboarding; customers can deploy Azure integrations with just a few clicks or API calls. Azure Arc enabled Kubernetes ensures that you always have the latest bits and can automatically apply updates as they become available.
We are excited to bring two services to preview using extensions, Azure Monitor Container Insights and Azure Defender for Kubernetes:
Azure Defender for Kubernetes is expanding its threat protection capabilities to defend Azure Arc connected clusters, leveraging the new extensions capabilities.
When Kubernetes clusters are connected to Azure Arc, a new recommendation from Azure Security Center offers to deploy the Azure Defender extension to them with only a few clicks.
This integration between Azure Security Center, Azure Defender and Azure Arc enabled Kubernetes brings:
Easy provisioning of the Azure Defender extension to unprotected Azure Arc enabled Kubernetes clusters (manually and at-scale)
Monitoring the Azure Defender extension and its provisioning state on Azure Arc Portal
Security recommendations from Azure Security Center are reported in a new Security page of the Azure Arc Portal
Identified security threats from Azure Defender for Kubernetes are reported in new Security page of the Azure Arc Portal
Azure Arc enabled Kubernetes clusters are integrated into the Azure Security Center platform and experience
Azure Monitor Container Insights monitors the performance of container workloads deployed to any Azure Arc enabled Kubernetes cluster. Container insights provides performance visibility and log aggregation for Kubernetes controllers, nodes, and containers using standard Kubernetes APIs. Which helps customers:
Identify performance issues through processor and memory utilization
Review historical resource utilization for your workloads, including processes that may be running on underlying hosts
Configure alerts to proactively notify when a threshold is exceeded or a health state changes
Collect metrics from Prometheus endpoints, easily integrating with ecosystem applications
This preview release streamlines onboarding any Azure Arc enabled Kubernetes cluster using the new Azure CLI or portal experiences and allows automatic agent updates for all the latest container insights releases.
We are also excited to announce cluster connect in preview which allows developers or cluster administrators to securely access their clusters using standard Kubernetes tooling. Users who have access to your Azure Arc enabled Kubernetes cluster in Azure may request a secure connection to the cluster with authentication provided by Azure Active Directory and authorization for Kubernetes resources within the cluster provided by Kubernetes-native RBAC.
Cluster connect provides secure and seamless connectivity, no matter where your clusters are running and is great for interactive development and debugging in addition to integration into just about any system that speaks Kubernetes APIs.
We are also bringing custom locations to public preview, which is a building block for Azure Arc enabled services. Cluster administrators can create a custom location, enable Azure services for that location, and grant access to users within their tenant. We’ll have much more to talk about with custom locations in upcoming blogs.
Finally, we are also excited to extend both authentication and authorization for Kubernetes clusters to Azure Active Directory. This is great for customers who would like to use Azure role assignments to not only manage visibility of Azure Arc enabled Kubernetes clusters but also use role assignments to control access to Kubernetes-native constructs.