At this year’s first digital Microsoft Ignite conference Microsoft announced several GA and preview features for its Azure Kubernetes Service.
- GA: Azure Policy add-on for AKS
- GA: Ubuntu 18.04 as new base image
- GA: Mutate default storage class
- Preview: Azure RBAC for Kubernetes authorization
- Preview: AKS cluster start/stop feature
- Preview: Kubernetes 1.19 support
- Preview: New AKS extension version for VS Code with periscope and diagnostics support
- Preview: Confidential computing support
- AKS – Windows server container
Let us now dive deeper into the different features.
Azure Policy add-on for AKS
Finally, the managed Gatekeeper implementation went GA. You can now easily implement policies for governance and security via Azure Policy.
The AKS team has done an outstanding job in the last months providing a sophisticated set of built-in policies to get started.
Still custom policies are not supported yet.
A few months back I had written a blog post about Azure Policy for Kubernetes.
As the major pain point got almost resolved by the good set of built-in policies. I will write a new blog post about Azure Policy for AKS in its GA state in the next couple of weeks.
Azure Kubernetes Service got Ubuntu 18.04 as new base image with the general availability of Kubernetes version 1.18 in AKS.
Starting with Kubernetes version 1.18 every new AKS cluster uses Ubuntu 18.04 as base image per default.
Mutate default storage class
Just in short. You can now customize the default storage class in AKS to fit your needs for low cost or high-performance storage.
Preview – Azure RBAC for Kubernetes authorization
Azure RBAC for Kubernetes authorization lets you manage access permissions on your Kubernetes cluster via the well-known RBAC concept in Azure.
Four default roles are available right now.
- Azure Kubernetes Service RBAC Reader
- Azure Kubernetes Service RBAC Writer
- Azure Kubernetes Service RBAC Admin
- Azure Kubernetes Service RBAC Cluster Admin
The roles above are derived from the Kubernetes cluster roles view, edit, admin and cluster-admin.
If you want, you have the possibility to define a more granular role definition than the default ones.
Preview – AKS cluster start/stop feature
Before the AKS cluster start/stop feature you already could stop the VMSS-based or VM-based worker nodes saving compute runtime costs.
But this procedure was neither officially supported nor you had the guarantee that the cluster would be in a healthy state afterwards.
Since Microsoft Ignite you can start/stop an AKS cluster for cost savings in a fully supported way with maintaining state.
Preview – Kubernetes 1.19 support
As one of the first major cloud providers Azure makes the latest Kubernetes release 1.19 available as preview.
Preview – VS Code periscope and diagnostics support
The newest version of the AKS extension for VS Code brings the periscope debugging tool into VS Code which was previously only available via the Azure CLI.
Also, the AKS Diagnostics functionality is now available in VS Code additionally to the Azure portal.
Preview – Confidential computing support
Requiring extra security for your applications? Then Microsoft has good news for you with the support of confidential computing nodes for AKS.
You can choose between enclave aware or confidential containers. The latter one lets you run your container without any modification with code protection.
Azure Kubernetes Service – Windows Server container
Looking at some news about Windows Server container in AKS, the AKS Diagnostics support went into preview.
The node auto-repair feature for Windows Server nodes went into GA instead.
Another exciting news and not directly related to AKS is the Calico network policy support for Windows in open source Calico.