Microsoft Build 2022
7 TopicsAnnouncing landing zone accelerator for Azure Arc-enabled Kubernetes
Following our release a few months back of the new landing zone accelerator for Azure Arc-enabled servers, today we’re launching the Azure Arc-enabled Kubernetes landing zone accelerator within the Azure Cloud Adoption Framework.13KViews3likes0CommentsAzure Arc-enabled SQL Managed Instance Business Critical now generally available!
Today we announced the General availability of Azure Arc-enabled SQL MI Business critical tier at the Microsoft Build 2022 conference. This is the second major release of Arc-enabled SQL MI and SQL Server on Arc-enabled server which will help SQL Server customers globally to achieve business continuity running their data workloads on the Azure Edge while connected to Azure. In this blog, we will do a tour of these new improvements and benefits of the Business critical tier and General purpose tier.17KViews2likes0CommentsGA: Azure Key Vault secrets provider extension for Arc enabled Kubernetes clusters
The Azure Arc team is happy to announce the GA of Azure Key Vault Secrets Provider extension for Arc enabled Kubernetes clusters. This is a Microsoft managed extension that allows you to get secret contents stored in an Azure Key Vault instance and mount them into Kubernetes pods of your Azure Arc enabled Kubernetes clusters, thereby reducing the exposure of secrets to the minimum. It can pull any type of object from an Azure Key Vault, including keys, secrets and certificates. The extension is installed by a cluster admin. With the installation, Secrets Store CSI driver and AKV secrets provider are deployed as daemon sets. On application pod start and restart, the Secrets Store CSI driver communicates with the Azure Key Vault secrets provider using gRPC to retrieve the secret content from the Azure Key Vault. Then the volume is mounted in the pod as tmpfs and the secret contents are written to the volume. On pod delete, the corresponding volume is cleaned up and deleted. This extension can be deployed using az k8s-extension CLI and also using Azure Portal. For deployment through portal, go to the Arc connected Kubernetes cluster and click on Extensions under Settings. Further, click on +Add to add Azure Key Vault Secrets Provider extension. Check out the full documentation on how to enable it for an Arc enabled Kubernetes cluster. The extension allows for 3 configuration options: Secret Rotation - Periodically update the pod mount with the latest secret from the AKV secrets store. The polling of latest secret does not require pod restart. It is disabled by default. Rotation Poll Interval - Frequency of the pod mount update if Secret Rotation configuration is enabled. The default is 2 minutes. Sync as Kubernetes secret - Create Kubernetes secret(s) to mirror the mounted content. It is disabled by default. A service principal is required to enable the access to Azure Key Vault from within the Arc cluster. Further, a Kubernetes secret needs to be created in the application namespace that references this service principal in order to gain access to the vault. What next? The identity option available today is service principal. However, we are investing in using workload identity as another option in future. Learn more at the Azure Hybrid, Multicloud, and Edge Day digital event We will be hosting our annual Azure Hybrid, Multicloud, and Edge Day digital event on June 15, 2022. You’ll hear from Microsoft leadership and engineers on how you can innovate anywhere with Azure Arc, learn from customers using Azure solutions for their hybrid scenarios, and get to ask questions in the live Q&A chat. Register now >9.8KViews2likes0CommentsAnnouncing ArcBox for DevOps
Since we released Jumpstart ArcBox 2.0 and the new ITPro flavor, the number of positive responses and customer adoption has been awesome. The new ArcBox modular design allows us to more rapidly iterate, and today we are excited to share a new offering: ArcBox for DevOps.5.2KViews2likes0CommentsGeneral Availability of the Dapr Extension
We are excited to announce General Availability of the Dapr extension for Arc-enabled Kubernetes clusters alongside AKS. Distributed Application Runtime (Dapr) is a set of incrementally adoptable APIs that ease the implementation of common cloud-native patterns found in microservice applications. By leveraging the benefits of a sidecar architecture, Dapr helps developers tackle the challenges of building microservices while keeping code platform-agnostic. Dapr APIs, also referred to as building blocks: Seamlessly fit with your preferred language or framework Allow you to use one, several, or all the building blocks, depending on your needs Are built on best practice industry standards For example, you can enable Dapr on your application to provide intercommunication through messaging via the Pub/Sub API, or reliable and secure service-to-service calls via the Service Invocation API. The below image depicts the various Dapr building blocks your microservices can leverage. The Dapr extension provisions Dapr on your Arc-enabled Kubernetes clusters, eliminating the overhead of downloading any Dapr tooling or manually installing and managing the Dapr runtime on your cluster. After writing Dapr into your application (in this example, using the Dapr .NET SDK to publish a message to a topic): using var client = new DaprClientBuilder().Build(); await client.PublishEventAsync("order_pub_sub", "orders", order); You can use the az k8s-extension CLI to install the Dapr control plane on your Arc-enabled Kubernetes clusters. The same Azure CLI commands are used to managed Dapr on AKS clusters. For AKS, swamp out the --cluster-type value of connectedClusters with managedClusters. Use the following command in the Azure CLI: az k8s-extension create --extension-type Microsoft.Dapr \ --cluster-type connectedClusters \ --cluster-name myCluster \ --resource-group myResourceGroup \ --name myDaprExtension The extension offers a fully supported version of Dapr and integrates with all native Dapr configuration capabilities through simple command-line arguments. For example, to provision Dapr with high availability (HA) enabled, set the global.ha.enabled parameter to ‘true’: --configuration-settings "global.ha.enabled=true" The extension platform provides the ability to set auto-upgrades for the Dapr control plane, making it easy for you to align to the latest minor version of Dapr. Specify the --auto-upgrade-minor-version parameter and setting the value to 'true': --auto-upgrade-minor-version true Once the extension is installed, the Dapr control plane is created on your Arc-enabled Kubernetes cluster. Your application code, instrumented with Dapr, can immediately begin leveraging the Dapr APIs. Try the Dapr extension sample on your Arc-enabled Kubernetes cluster. For more information, refer to the Dapr cluster extension documentation.4KViews1like0Comments