Latest Azure Infrastructure Updates – March 2023
Welcome back to the updates blog, where we cover what is new in Azure Infrastructure and how it may affect you. Lots of new releases and updates in Azure over the past couple of weeks.
1. The monthly release 0.15.x was released – https://github.com/Azure/bicep/releases
Summary: Bicep is on a monthly release cadence and this is the latest.
What Do I Need to Do? Upgrade to the latest version. This month’s release highlights include:
- Nullable types – enables you to clean up your code where a param or var may be required to be set to null. Read the pull request here for details https://github.com/Azure/bicep/pull/9454
- The Kubernetes provider is now in Preview. It can be used to deploy Kubernetes manifest via Bicep https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/bicep-extensibility-kubernetes-provider
Summary: Azure Backup now supports configuring vaulted backups for Azure Files. A vault is a logical entity that stores the backups and recovery points created over time. You can create a backup policy to define your backup schedule and retention. Based on the policy definition, Azure Backup service transfers backups to the vault and manages their lifecycle. Hence, you get automated managed off-site backups.
What Do I Need to Do? A reasonably niche use case but if it applies to you then a link to sign-up for the private preview is available here
Summary: Immutable vaults, now generally available, provide improved security for your backups by ensuring that recovery points that are once created cannot be deleted before their intended expiry time. Azure Backup does this by preventing any operations on immutable vaults which could lead to loss of backup data. Furthermore, you can lock the immutable vault’s property to make it irreversible.
What Do I Need to Do? Great for protecting valuable data you can’t afford to lose.
Azure Kubernetes Service (AKS)
1. Release 2023-03-05 – https://github.com/Azure/AKS/releases/tag/2023-03-05
Summary: The latest AKS API release. New releases include feature updates, bug fixes etc. Subscribe to be notified of new releases from the AKS GitHub page https://github.com/Azure/AKS/
What Do I Need to Do?
- If you are using pod security policies, note that they will be removed completely from AKS as at the 2023-06-01 API with AKS 1.25 version or higher. Migrate to pod security admission controller before that date or better yet, look to migrate to Azure Policy, especially when managing more than one AKS cluster as the pod security admission controller is best used when running only one cluster.
- Docker container runtime will be retired for Windows nodepools on May 1, 2023. After the docker container runtime is retired, you may remain on existing deployed instances but scaling operations will fail, nodepool creation will fail, and you will be out of support. Make sure you have a plan to upgrade to containers
- The KEDA addon currently supports aks versions 1.23, 1.24 and 1.25. the managed KEDA addon will not be supported on 1.26 GA at launch. If you use the KEDA addon, please do not upgrade to 1.26. If you use auto-upgrade with the rapid channel enabled as well as the KEDA addon, please switch off the rapid channel and update manually.
- AKS will deprecate Kubernetes version 1.23 on April 2nd 2023. Please upgrade your AKS clusters to version 1.24 or above.
Summary: NodeOSUpgrade channel is a new channel that runs complementary to the existing AutoUpgrade Channel today. Customers can use this channel to disable unattended upgrades and put a maintenance schedule without worrying about Kured for security patches.
What Do I Need to Do? Test out this new functionality which lets you schedule updates to the node OS which are then handled without having to worry about Kured (which can break in situations where you are using auto-scaling)
Summary: Azure Kubernetes Service (AKS) now allows you, in public preview, to run pod sandboxed containers.
What Do I Need to Do? Test out this new functionality which lets you sandbox individual pods at the kernel layer to avoid “Container Breakout” scenarios. This is an important security feature that everyone running AKS should look at.
Summary: Azure Kubernetes Service (AKS) now allows you, in public preview, to collect syslogs from your Linux nodes.
What Do I Need to Do? If you are running a SIEM then implement this straight away as it will give you insights into any potential security issues on your AKS Linux nodes.
Summary: Azure Backup now supports Backup for AKS, which is available in public preview. This solution simplifies the backup and restore of containerized applications and data.
What Do I Need to Do? Ideal if you are running stateful apps on AKS.
1. General availability: New enhanced connection troubleshoot – https://azure.microsoft.com/en-us/updates/general-availability-new-enhanced-connection-troubleshoot/
Summary: A vastly improved service for troubleshooting connectivity issues.
What Do I Need to Do? Refer to Rob McNaught’s excellent article on this new feature https://arinco.com.au/blog/new-enhanced-connection-troubleshoot-for-azure-networking/
2. Azure Virtual Network Manager Event Logging now in public preview – https://azure.microsoft.com/en-us/updates/azure-virtual-network-manager-event-logging-now-in-public-preview/
Summary: The excellent Azure Virtual Network Manager now has the ability to log when a VNet is added or removed from a network group.
What Do I Need to Do? If you are currently running or evaluating Azure Virtual Network Manager, then definitely put this feature into place. Details on AVNM can be found here https://learn.microsoft.com/en-us/azure/virtual-network-manager/overview
Azure Virtual Machines
1. General availability: More transactions at no additional cost for Azure Standard SSD – https://azure.microsoft.com/en-us/updates/more-transactions-at-no-additional-cost-for-azure-standard-ssd/
Summary: Microsoft has made changes to the billable transaction costs per hour that can result in additional cost savings. Now any transactions that exceed the maximum hourly limit will not incur additional charges.
What Do I Need to Do? FYI
2. Generally available: App Insights Extension for Azure Virtual Machines and VM Scale Sets – https://azure.microsoft.com/en-us/updates/generally-available-app-insights-extension-for-azure-virtual-machines-and-vm-scale-sets/
Summary: Allows monitoring of IIS hosted .NET and .NET Core apps running on IaaS via an extension rather than an Agent of the App Insights SDK.
What Do I Need to Do? If you are running IIS Hosted .NET and/or .NET core apps then this is a much easier way of getting information into Application Insights. Recommend looking at implementing.