Blogs

Backup for Azure Kubernetes Service (AKS) and other new Azure updates

Latest Azure Infrastructure Updates – March 2023

Welcome back to the updates blog, where we cover what is new in Azure Infrastructure and how it may affect you. Lots of new releases and updates in Azure over the past couple of weeks.

Bicep

1. The monthly release 0.15.x was released – https://github.com/Azure/bicep/releases

Summary: Bicep is on a monthly release cadence and this is the latest. 

What Do I Need to Do? Upgrade to the latest version. This month’s release highlights include:

 

Azure Backup

1. Private Preview: Azure Backup enables vaulted backups for Azure Files for comprehensive data protection – https://azure.microsoft.com/en-us/updates/azurefilesvaultedbackups-2/
 

Summary: Azure Backup now supports configuring vaulted backups for Azure Files. A vault is a logical entity that stores the backups and recovery points created over time. You can create a backup policy to define your backup schedule and retention. Based on the policy definition, Azure Backup service transfers backups to the vault and manages their lifecycle. Hence, you get automated managed off-site backups.

What Do I Need to Do? A reasonably niche use case but if it applies to you then a link to sign-up for the private preview is available here

2. Generally available: Immutable vaults for Azure Backup protection – https://azure.microsoft.com/en-us/updates/azure-backup-immutable-vaults-ga/
 

Summary: Immutable vaults, now generally available, provide improved security for your backups by ensuring that recovery points that are once created cannot be deleted before their intended expiry time. Azure Backup does this by preventing any operations on immutable vaults which could lead to loss of backup data. Furthermore, you can lock the immutable vault’s property to make it irreversible. 

What Do I Need to Do? Great for protecting valuable data you can’t afford to lose.

Azure Kubernetes Service (AKS)

1. Release 2023-03-05 – https://github.com/Azure/AKS/releases/tag/2023-03-05

Summary: The latest AKS API release. New releases include feature updates, bug fixes etc. Subscribe to be notified of new releases from the AKS GitHub page https://github.com/Azure/AKS/

What Do I Need to Do? 

  • If you are using pod security policies, note that they will be removed completely from AKS as at the 2023-06-01 API with AKS 1.25 version or higher. Migrate to pod security admission controller before that date or better yet, look to migrate to Azure Policy, especially when managing more than one AKS cluster as the pod security admission controller is best used when running only one cluster.
  • Docker container runtime will be retired for Windows nodepools on May 1, 2023. After the docker container runtime is retired, you may remain on existing deployed instances but scaling operations will fail, nodepool creation will fail, and you will be out of support. Make sure you have a plan to upgrade to containers
  • The KEDA addon currently supports aks versions 1.23, 1.24 and 1.25. the managed KEDA addon will not be supported on 1.26 GA at launch. If you use the KEDA addon, please do not upgrade to 1.26. If you use auto-upgrade with the rapid channel enabled as well as the KEDA addon, please switch off the rapid channel and update manually.
  • AKS will deprecate Kubernetes version 1.23 on April 2nd 2023. Please upgrade your AKS clusters to version 1.24 or above.
 
 

Summary: NodeOSUpgrade channel is a new channel that runs complementary to the existing AutoUpgrade Channel today. Customers can use this channel to disable unattended upgrades and put a maintenance schedule without worrying about Kured for security patches.

What Do I Need to Do? Test out this new functionality which lets you schedule updates to the node OS which are then handled without having to worry about Kured (which can break in situations where you are using auto-scaling)

 

Summary: Azure Kubernetes Service (AKS) now allows you, in public preview, to run pod sandboxed containers.   

What Do I Need to Do? Test out this new functionality which lets you sandbox individual pods at the kernel layer to avoid “Container Breakout” scenarios. This is an important security feature that everyone running AKS should look at.

4. Public preview: Syslog collection with Container Insights – https://learn.microsoft.com/en-us/azure/azure-monitor/containers/container-insights-syslog
 

Summary: Azure Kubernetes Service (AKS) now allows you, in public preview, to collect syslogs from your Linux nodes.  

What Do I Need to Do? If you are running a SIEM then implement this straight away as it will give you insights into any potential security issues on your AKS Linux nodes.

5. Public Preview – Backup for Azure Kubernetes Service (AKS) – https://azure.microsoft.com/en-us/updates/backupforakspublicpreview/
 

Summary: Azure Backup now supports Backup for AKS, which is available in public preview. This solution simplifies the backup and restore of containerized applications and data.  

What Do I Need to Do? Ideal if you are running stateful apps on AKS. 

Azure Networking

1. General availability: New enhanced connection troubleshoot – https://azure.microsoft.com/en-us/updates/general-availability-new-enhanced-connection-troubleshoot/

Summary: A vastly improved service for troubleshooting connectivity issues.

What Do I Need to Do? Refer to Rob McNaught’s excellent article on this new feature https://arinco.com.au/blog/new-enhanced-connection-troubleshoot-for-azure-networking/

2. Azure Virtual Network Manager Event Logging now in public preview – https://azure.microsoft.com/en-us/updates/azure-virtual-network-manager-event-logging-now-in-public-preview/

Summary: The excellent Azure Virtual Network Manager now has the ability to log when a VNet is added or removed from a network group.

What Do I Need to Do? If you are currently running or evaluating Azure Virtual Network Manager, then definitely put this feature into place. Details on AVNM can be found here https://learn.microsoft.com/en-us/azure/virtual-network-manager/overview

Azure Virtual Machines

1. General availability: More transactions at no additional cost for Azure Standard SSD – https://azure.microsoft.com/en-us/updates/more-transactions-at-no-additional-cost-for-azure-standard-ssd/

Summary: Microsoft has made changes to the billable transaction costs per hour that can result in additional cost savings. Now any transactions that exceed the maximum hourly limit will not incur additional charges.

What Do I Need to Do? FYI

2. Generally available: App Insights Extension for Azure Virtual Machines and VM Scale Sets – https://azure.microsoft.com/en-us/updates/generally-available-app-insights-extension-for-azure-virtual-machines-and-vm-scale-sets/

Summary: Allows monitoring of IIS hosted .NET and .NET Core apps running on IaaS via an extension rather than an Agent of the App Insights SDK.

What Do I Need to Do? If you are running IIS Hosted .NET and/or .NET core apps then this is a much easier way of getting information into Application Insights. Recommend looking at implementing.

[mailpoet_form id="1"]

Other Recent Blogs

Microsoft Teams IP Phones and Intune Enrollment

Microsoft Teams provides a growing portfolio of devices that can be used as desk and conference room phones. These IP phones run on Android 8.x or 9.x and are required to be enrolled in Intune. By default, these devices are enrolled as personal devices, which is not ideal as users should not be able to enrol their own personal Android devices.

Read More »

Level 9, 360 Collins Street, 
Melbourne VIC 3000

Level 2, 24 Campbell St,
Sydney NSW 2000

200 Adelaide St,
Brisbane QLD 4000

191 St Georges Terrace
Perth WA 6000

Level 10, 41 Shortland Street
Auckland

Part of

Arinco trades as Arinco (VIC) Pty Ltd and Arinco (NSW) Pty Ltd. © 2023 All Rights Reserved Arinco™ | Privacy Policy | Sustainability and Our Community
Arinco acknowledges the Traditional Owners of the land on which our offices are situated, and pay our respects to their Elders past, present and emerging.

Get started on the right path to cloud success today. Our Crew are standing by to answer your questions and get you up and running.