cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Updates to Azure Arc enabled Kubernetes
By
Jason Hansen
Published Apr 06 2021 12:54 PM 6,906 Views
Jason Hansen
Microsoft
‎Apr 06 2021 12:54 PM

Updates to Azure Arc enabled Kubernetes

‎Apr 06 2021 12:54 PM

Extending Azure Arc enabled Kubernetes 

The Azure Arc team is excited to bring a new set of capabilities to preview! In the new Azure Arc enabled Kubernetes 1.1 release customers may now turn on additional Azure integrated services for your Azure Arc enabled clusters using the Azure Portal, CLI or REST APIs. These new extension APIs give customers a unified way to turn on additional cluster services and the Azure Arc platform takes care of installing and updating those integrations over time. 

 

Extensions greatly simplify onboarding; customers can deploy Azure integrations with just a few clicks or API calls. Azure Arc enabled Kubernetes ensures that you always have the latest bits and can automatically apply updates as they become available. 

We are excited to bring two services to preview using extensions, Azure Monitor Container Insights and Azure Defender for Kubernetes: 

Azure Defender for Kubernetes is expanding its threat protection capabilities to defend Azure Arc connected clusters, leveraging the new extensions capabilities 

 

When Kubernetes clusters are connected to Azure Arc, a new recommendation from Azure Security Center offers to deploy the Azure Defender extension to them with only a few clicks. 

 

This integration between Azure Security Center, Azure Defender and Azure Arc enabled Kubernetes brings: 

  • Easy provisioning of the Azure Defender extension to unprotected Azure Arc enabled Kubernetes clusters (manually and at-scale) 
  • Monitoring the Azure Defender extension and its provisioning state on Azure Arc Portal 
  • Security recommendations from Azure Security Center are reported in a new Security page of the Azure Arc Portal 
  • Identified security threats from Azure Defender for Kubernetes are reported in new Security page of the Azure Arc Portal  
  • Azure Arc enabled Kubernetes clusters are integrated into the Azure Security Center platform and experience  

Learn more in: Defend Azure Arc enabled Kubernetes clusters 

 

Azure Monitor Container Insights monitors the performance of container workloads deployed to any Azure Arc enabled Kubernetes cluster. Container insights provides performance visibility and log aggregation for Kubernetes controllers, nodes, and containers using standard Kubernetes APIs. Which helps customers: 

  • Identify performance issues through processor and memory utilization 
  • Review historical resource utilization for your workloads, including processes that may be running on underlying hosts 
  • Configure alerts to proactively notify when a threshold is exceeded or a health state changes 
  • Collect metrics from Prometheus endpoints, easily integrating with ecosystem applications 

This preview release streamlines onboarding any Azure Arc enabled Kubernetes cluster using the new Azure CLI or portal experiences and allows automatic agent updates for all the latest container insights releases. 

Learn more and enable Azure Monitor Container insights 

 

Connecting to your Azure Arc enabled clusters 

We are also excited to announce cluster connect in preview which allows developers or cluster administrators to securely access their clusters using standard Kubernetes tooling. Users who have access to your Azure Arc enabled Kubernetes cluster in Azure may request a secure connection to the cluster with authentication provided by Azure Active Directory and authorization for Kubernetes resources within the cluster provided by Kubernetes-native RBAC. 

 

Cluster connect provides secure and seamless connectivity, no matter where your clusters are running and is great for interactive development and debugging in addition to integration into just about any system that speaks Kubernetes APIs. 

Learn more about cluster connect concepts 

 

Custom Locations 

We are also bringing custom locations to public preview, which is a building block for Azure Arc enabled services. Cluster administrators can create a custom location, enable Azure services for that location, and grant access to users within their tenant. We’ll have much more to talk about with custom locations in upcoming blogs. 

Learn more about custom locations in our concepts docs 

 

Azure AD-based Role Based Access Control 

Finally, we are also excited to extend both authentication and authorization for Kubernetes clusters to Azure Active Directory. This is great for customers who would like to use Azure role assignments to not only manage visibility of Azure Arc enabled Kubernetes clusters but also use role assignments to control access to Kubernetes-native constructs. 

Learn more about our Azure RBAC integration in our concepts docs 

 

Get started today 

Azure Arc enabled Kubernetes clusters that have updated to the latest 1.1 agent can start using these features today. Otherwise, grab the latest CLI and connect your first cluster today. 

 

Co-Authors
Version history
Last update:
‎Apr 06 2021 12:53 PM
Updated by:
Labels