AKS at Build: Enhancing security, reliability, and ease of use for developers and platform teams

At Microsoft Build 2024, we’re releasing a host of new features for Azure Kubernetes Service (AKS) aimed at making Kubernetes adoption easier and more accessible to a greater number of teams. With a focus on built-in best practices and AI assistance, you no longer need to be a Kubernetes expert to run your workloads on Kubernetes. AKS supports your workloads whether you’re modernizing or building new intelligent applications.

AKS Automatic

AKS Automatic, now available in public preview, provides the easiest managed Kubernetes experience for developers, DevOps, and platform engineers. It’s ideal for modern and AI applications, automating AKS cluster setup and management, and embedding best practice configurations. This ensures users of any skill level have security, performance, and dependability for their applications.

With AKS Automatic, Azure manages the cluster configuration, including nodes, scaling, security, updates, and other preconfigured settings. Automatic clusters are optimized to run most production workloads and provision compute resources based on Kubernetes manifests. The streamlined configuration follows AKS best practices and recommendations for cluster and workload setup, scalability, and security, while still providing flexibility and access to the Kubernetes APIs. AKS Automatic incorporates learnings from Microsoft’s experience running Kubernetes at scale, with Microsoft Teams, Bing, Xbox online services, Microsoft 365, and GitHub Copilot all running on AKS.

Learn more about AKS Automatic and check out BRK122 at Build to see AKS Automatic in action. Automatic enables developers to be more productive; to see how BMW is empowering its developer teams with AKS and GitHub, check out BRK128. You can also download a copy of our new ebook, Code to cloud with AKS, to learn about building a more productive developer experience.

AI assisted operations

With more teams running Kubernetes at scale, the need to manage hundreds to thousands of clusters efficiently becomes a priority. Azure Kubernetes Fleet Manager now helps platform operators schedule their workloads for greater efficiency. To assist platform operators and developers, several new skills are available for AKS in Copilot for Azure. Application auto-instrumentation and Kubernetes Event Driven Autoscaling (KEDA) scaling in Azure portal enhance observability.

• Intelligent workload scheduling through resource override for Azure Kubernetes Fleet Manager (Fleet) is now available in public preview. Leveraging Fleet as a centralized, intelligent orchestration engine, users can tailor workload placement by customizing cluster-specific resources and overriding the resources to be propagated from the hub to member clusters. Learn more and see a demo in DEM719.
• Copilot in Azure has added several new skills for AKS to simplify common management tasks, including the ability to configure AKS backups, change pricing tiers, locate YAML files for editing, and how to construct kubectl commands further simplifying users’ Kubernetes experience.
• Auto-instrumentation for Azure Monitor Application Insights is coming soon to AKS. Auto-instrumentation enables Application Insights to make telemetry like metrics, requests, and dependencies available in Application Insights resource. It provides easy access to Application performance monitoring (APM) experiences such as the application dashboard and application map. Auto-instrumentation automatically injects the Azure Monitor OpenTelemetry distro into application pods to generate application monitoring telemetry. The preview will support .NET, Java, and JavaScript (Node.js). Support for Python is coming soon.
• Azure portal now supports KEDA scaling on memory, CPU, cron, and Azure Service Bus scalers in public preview. Users will be able to easily create and monitor scaled objects and jobs within the portal interface. For Azure Service Bus, portal will handle the deployment and configuration of workload identity. This streamlines the creation and management of KEDA resources through the portal interface.

Learn more about these announcements and how H&M is practicing platform engineering with AKS and GitHub in BRK123. BRK188 will show platform engineering best practices enabled by AKS and Microsoft’s developer and security tools.

Security

Security continues to be top of mind for teams building and operating cloud-native applications. Security-conscious ops teams can apply and enforce Kubernetes policy best practices at the cluster level, thereby strengthening governance and reliability. Deployment safeguards enforcement mode (now available in preview) will either deny or mutate (automatically fix) your Kubernetes resources based on the individual safeguards applied. A mutation will be triggered if your resources deviate from best practices. To view which safeguards allow for mutations, visit the deployment safeguard documentation.

The security of containerized environments requires a holistic approach, spanning the entire software supply chain. Defender for Containers, a plan under Microsoft Defender for Cloud, offers a multi-pronged strategy to bolster Kubernetes security, from code repositories to container images, and container security in runtime, providing an extra layer of protection. It offers risk-based posture recommendations, vulnerability assessment and threat protection capabilities for images, containers, and Kubernetes infrastructure, empowering you to secure your AKS environment from code to cloud. And now AKS Automatic customers can take advantage of the advanced security capabilities of Defender for Containers for a free trial of three (3) months. Learn more about Defender for Containers and how to enable this offer.

In addition to using security tools, container security also requires teams to apply rigorous processes. The Containers Secure Supply Chain (CSSC) framework offers a set of security best practices across the container lifecycle—from acquiring images from public sources to deploying them on AKS. If you want to learn more about securing the supply chain for your containers and AKS workloads with the CSSC framework, see BRK230 at Build.

Running AI/ML workloads on AKS

In addition to AI capabilities like Microsoft Copilot that simplify operations, AKS has released features that make it easier to run your AI/ML workloads on the platform.

Two previous announcements are worth mentioning: node autoprovisioning and the Kubernetes AI toolchain operator add-on, both released at KubeCon Europe 2024 in public preview. Node auto-provisioning efficiently allocates infrastructure for a workload by provisioning the right sized virtual machines (VMs). This greatly reduces the burden of designing node pool configuration before workloads are deployed. The Kubernetes AI toolchain operator (KAITO) is an open-source project also available as an AKS add-on. The KAITO add-on for AKS enables running specialized machine learning workloads like LLMs on more cost-effectively and with less manual configuration.

For many, customers, the easiest way to incorporate AI into their workloads is through hosted services like Azure AI Services. Service Connector greatly simplifies the connection configuration experience for AKS workloads and Azure services, including Azure OpenAI Service. Service Connector takes care of authentication and network configuration securely and follows Azure recommended practices, so you can focus on your application code without worrying about your infrastructure connectivity. Learn more about Service Connector and AKS.

If you’re attending Build in person, be sure to attend LAB303 on building intelligent apps on AKS that connect to Azure OpenAI Service.

AKS at Microsoft Build

With these new announcements, AKS continues to innovate and lead in the Kubernetes space, making it easier for users of all skill levels to adopt and use Kubernetes effectively. We look forward to seeing you during Build, either virtually or in-person!