Monthly Azure news August 2022
In the latest issue of our Monthly Azure news read about numerous public previews and availabilities that took place in the previous month, such as IoT Edge 1.4, Kubernetes 1.24 support, .NET 7 support in Linux consumption plan and much more. Feel free to share this blog post with your team and communities.
Contents
- General Availabilities
- Completely stop and restart your AKS node pools!
- Audit log for continuous mode with Azure Cosmos DB
- Azure Monitor metric alerts dynamic thresholds outage detection
- Private endpoint network security group support
- Server logs for Azure Database for MySQL – Flexible Server
- Azure Monitor container insights agent renaming
- Kubernetes 1.24 support
- Azure Dedicated Host Support
- Key management system integration with AKS
- Azure API Management – expanded support for Azure Policy definitions
- Azure API Management support for MSAL in developer portal
- Dapr release 1.8 support in Azure Container Apps
- IoT Edge 1.4
- Public Previews
- Policy blocking the deployment of vulnerable images
- .NET 7 support in Linux Consumption Plan
- RedisJSON available in Azure Cache for Redis Enterprise
- Microsoft Dev Box
- Microsoft Azure Load Testing supports private endpoints testing
- Use managed identity-based authentication to enable Azure Monitor container insights
- AKS DevX extension for Visual Studio Code
- Blob CSI support in AKS
- Automated deployments in AKS
- Additional News
General Availabilities
Completely stop and restart your AKS node pools
Previously, only two options were available to save costs on compute resources and to avoid the re-deployment of a user node pool. You either had to turn down the pools workloads to zero or try to minimize the node pools footprint. Now, with the new start/stop feature it is possible to stop user node pools and start them again if needed. You can learn more about this new feature here.
Audit log for continuous mode with Azure Cosmos DB
With Audit log for continuous mode with Azure Cosmos DB you can monitor the restore actions of a Cosmos DB account. When a restore of a database or container is triggered it will show up as a Restore Database Account operation in the Activity Log of both the source and the destination account. If you want more information, you can check out the official documentation.
Azure Monitor metric alerts dynamic thresholds outage detection
Using machine learning and the historical behavior of the recorded metrics from Azure Monitor, the new metric alerts with dynamic thresholds detection feature is able to automatically recognize outages of the Azure Monitor service and remove these datapoints from threshold training. This reduces the effect an Azure Monitor service outage has on the threshold and therefore retain the capability to detect service issues with the same sensitivity as before the outage. You can find out more about Dynamic thresholds in metric alerts in the official Azure Monitor documentation.
Private endpoint network security group support
Private Endpoints are now supported for Network Security Groups in a region restricted public preview. Network Security Groups, short NSG, provide the ability to filter traffic to and from resources in Azure. The possibility of leveraging private endpoints enhance the functionality of this traffic restrictions. Please refer to the announcements for the detailed requirements.
Server logs for Azure Database for MySQL – Flexible Server
After enabling you can now use the Server logs for Azure Database for MySQL – Flexible Server. When the server starts, events are written to the selected log type. The so created logfiles can be downloaded using the Azure Portal or the Azure CLI. Furthermore, the logs can be sent to Log Analytics workspace, Azure Storage, or Event Hub. The logfiles are stored for seven days or until the logfile storage limit of 7GB is reached. Pay attention to this limitation to avoid data loss.
To find out more information about how to monitor your Azure Database for MySQL – Flexible Server, you can check this page with the documentation.
OMS Agent for Container Instances is renamed
Coming early September, the OMSAgent is being renamed into Azure Monitor agent. The Operations Management Suite provides a set of services in Azure including Log Analytics, Application Insights, Update Management and more. All of them providing primarily monitoring and logging as well as security enhancing functionality. In the past (around 2018) there was a separate portal called the OMS portal which provided the functionality. This portal was over time more and more integrated into the Azure Portal, especially the Azure Monitor part of it. So, in this process the OMSAgent for Container Insights is also a legacy name and is now also reprinted under the banner of the Azure Monitor to represent the modern approach. If you want to know which resources face name changes in the future as well, you can check this blogpost.
Kubernetes 1.24 support
The Azure Kubernetes Service now supports Kubernetes version 1.24. The biggest change in this version is the removal of the CRI support for dockershim due to the maintenance issues it faces. If you want to learn more about the other changes or how to migrate from dockershim to another runtime, you can check out this article.
Azure Dedicated Host Support
With Azure Dedicated Host you are now able to provision a physical server. This provides you with the benefit of being completely isolated even down to the hardware level since only your virtual machines will run on this server. You can also reduce the impact maintenance has on your solution by opting-in to a specific maintenance window. Setup your physical server!
Key management system integration with AKS
If you use etcd to store encrypted Kubernetes data, you can now implement encryption at rest with the Azure Key Vault in combination with the Key Management Service (KMS) plugin. This lets you store your own keys for the encrypted data in the Azure Key Vault. For instructions on how to set up KMS check this link.
Azure API Management – expanded support for Azure Policy definitions
You can now use Azure Policy definitions within Azure API Management. There are currently 11 build-in Azure Policy definitions available aiming to improve security. One of them is for instance enforcing that APIs only use encrypted protocols or that an API can only use a newer version then a set minimum. You can check out all build-in policies you can now use here.
Azure API Management support for MSAL in developer portal
To give users access to the developer portal, Azure API Management provides now the functionality to use the Microsoft Authentication Library (MSAL) for user sign-in and sign-up actions with Azure Active Directory and Azure Active Directory B2C. You can check out how to migrate your user sign-in process to MSAL here.
Dapr release 1.8 support in Azure Container Apps
Azure Container Apps (ACA) now uses Dapr version 1.8.3!
IoT Edge 1.4
A new LTS version of IoT Edge is now available. IoT Edge version 1.4 comes with the new Image garbage collection feature which automatically removes unused Docker images after a configurable amount of time. It is also now possible to force the Edge Agent to download all updated modules before replacing the currently running ones. Please keep in mind that version 1.3 now will no longer receive bug fixes. For more information about the new IoT Edge version 1.4, check out the full release notes on GitHub.
Public Previews
Policy blocking the deployment of vulnerable images
With this feature preview you are able to use Azure Policies and Azure Defender to scan your container images for vulnerabilities within their software components. This lets you prohibit the deployment of vulnerable images to your Kubernetes cluster. Learn more!
.NET 7 support in Linux Consumption Plan
The ability to build serverless functions with .NET 7 is now available in the Linux Consumption Plan. With this you can now use the .NET Isolated Worker model to run your Azure Functions out-of-process from the host process basically isolating your function code from the Azure Functions runtime. Since you are no longer restricted by the .Net version of the Azure Functions runtime, you can choose between .NET 6.0, .NET 7.0, and .NET Framework 4.8 (preview support) for your function.
RedisJSON available in Azure Cache for Redis Enterprise
The RedisJSON module which provides JSON support for Redis and lets you store and retrieve JSON values in a Redis database is being added to the list of supported modules in the Enterprise and Enterprise Flash tiers of Azure Cache for Redis. It is currently in the public preview phase. The RedisJSON module lets you store, query, and search JSON formatted data in your Azure Cache. You can check out how to set up your modules for Azure Cache here.
Microsoft Dev Box
If you have a specific project in mind check out the new preview of the Microsoft Dev Box. These are pre-configured, ready-to-code and secure cloud-based workstations. You can customize your Dev Box with everything you need to build and run the project you and your team are working on. A developer can then simply spin up a new Dev Box mitigating the need to get the full development setup running on their machine. Check out how to setup your own Microsoft Dev Box!
Microsoft Azure Load Testing supports private endpoints testing
If your Azure resource is located in one of the following Azure regions: Australia East, East US, East US 2, and North Europe you are able to preview the Azure Load Testing feature for private endpoints within a virtual network. You can also use it to test access restricted public endpoints or private on-premises service connected to Azure via ExpressRoute under load. Try it out!
Use managed identity-based authentication to enable Azure Monitor container insights
You can now use the AKS/Arc-enabled clusters managed identity to send metrics from Container Insights to Azure Monitor instead of setting up a specific Monitoring Metrics Publisher role for the cluster. The Azure Monitor is a containerized Azure Monitor agent for Linux which is automatically deployed and registered with the specified log analytics workspace.
AKS DevX extension for Visual Studio Code
The Azure Kubernetes Service Developer experience (AKS DevX) Extension for Visual Studio Code is an extension aiming to improve the quality of life for the non-cluster AKS developer. It is currently available in public preview with its first feature called Draft. It is able to help you containerize your application by automatically generating Dockerfiles, Kubernetes manifests, Helm charts, etc. for you. Sound interesting to you? Try it out here.
Blob CSI support in AKS
The Azure Blob CSI driver is now available as a preview as managed addon in Azure Kubernetes Service. The Azure Blob CSI driver is used to mount a BlobStorage to your Kubernetes pod / application and had to be installed and maintained manually before. To learn how to setup this preview feature check the official documentation.
Azure Kubernetes Services now uses automatic deployments
If you need to create an automated deployment pipeline and the necessary GitHub actions for your new code releases to your Azure Kubernetes Service cluster, you can try the new preview feature Automated deployments to support you with this process. You can learn how to set up Automated deployments here.
Additional News
Azure SDK Release (August 2022)
The August Azure SDK Release adds two additional features. The first is the Cognitive Service for Language for JavaScript providing cloud-based natural language processing. The second are the Azure Communication Rooms for Python. Communication Rooms offer concepts of creating environments for structured conversations and virtual appointments using voice or video calls. In addition, the Azure Confidential Ledger for .NET, Java, JavaScript, and Python package and the Azure Service Bus for Go package move from a beta release to their first stable release.
A Heavy Lift: Bringing Kestrel + YARP to Azure App Services
In 2021 engineers from multiple teams took on a gigantic challenge. Their goal was to migrate the App Service Frontend fleet to the web server Kestrel + YARP. The App Service Frontend is a critical platform component used to build Web, mobile and API applications. Minimizing this service interruptions was of huge concern. But once done, the benefits outweigh the efforts. During performance tests that were specifically designed to isolate the benefits of this new change, they saw an 80% improvement of throughput leading to a large decrease in CPU usage and therefore power consumption. They have documented the challenges and bugs they faced with this undertaking in a blog which you can read here.