Monthly Azure news October 2022

In this issue of Monthly Azure News find out about numerous new features, retirement announcements, and previews from the Azure/Cloud Native universe. ???? Feel free to share the news with your team and community.

Contents

Azure DevOps

There is a new update of the Azure DevOps Boards Hub with several fixed bugs and nice features like maintaining hierarchies with filters or copying the attachment’s URL.

A new feature that enables developers to quickly set up a development environment using infrastructure-as-code templates reached a public preview state. For more information about Microsoft Azure Deployment Environments, please refer to this site.

There is another great announcement from Microsoft – Azure DevOps gets integrated with GitHub Advanced Security and Defender for DevOps. Features like secret scanning (exposed credentials in Azure Repos), dependency scanning (Log4Shell as an example), and code scanning will be already available as a private preview starting in November of this year. Microsoft Defender for DevOps has already reached the public preview state.

General News

Good news for our wallets! Azure savings plan for compute is generally available. This will reduce costs significantly compared to pay-as-you-go prices.

Azure Database for MySQL also offers a new option as a public preview. Auto scale IO lets users pay only for fully used resources and increases cost savings.

With the new release, Azure Monitor Logs provide the ability to reduce costs and improve usage by introducing basic logs, long-term archiving of logs (up to seven years), search jobs for scanning a colossal amount of data and restore option to make some data available in the hot storage for querying.

Another feature for Azure Monitor Logs (public preview) enables RBAC for custom tables and improves the current way of providing either full access or no access at all.

Last but not least there is an announcement about a fully managed Azure Monitor service for Prometheus which finally reached the public preview. Prometheus is the open-source tool to choose from for collecting metrics and monitoring Kubernetes clusters. The new Azure Monitor managed service provides the completely managed collection, storing option, rule evaluating option, and option to query data collected by Prometheus.

Source: Microsoft

In our May Azure news, we introduced the Azure DNS Private Resolver. This feature finally graduated and is now generally available. It offers an easy and secure service for resolving and forwarding DNS queries omitting the need for VM-based DNS servers. For detailed information please refer to the documentation.

A lot of requests reached out to Microsoft to enable static IP configuration of private endpoints. This option is generally available now. Customers are allowed to set static IP addresses for the private endpoints.

SSH File Transfer Protocol for transferring, accessing, and managing your files is now available for Azure Blob Storage (with some restrictions for the West Europe region). For detailed information please refer to this site. In addition, Attribute-based access control (ABAC) is generally available for standard storage accounts. Details about Azure ABAC can be found here.

Azure Cosmos DB for MongoDB now supports Azure RBAC on data plane level.

As every month, Microsoft released a new Azure SDK version. There are some new features for Python like Azure App Configuration Provider, Azure Core Experimental, Azure Maps Geolocation, Azure Maps Render, Azure Maps Route, and so on. For .NET, Java, JavaScript, and Python there are new extensions for Azure Identity, Azure Key Vault, and Schema Registry. For .NET initial Security DevOps beta release and initial release of Data Protection Backup Management are now available.
Those are only a few highlights of the newest release. For the detailed list and release notes please refer to this site.

PostgreSQL

Missing Azure Active Directory integration is often a deal-breaker. Starting this month, Azure AD integration for PostgreSQL – Flexible Server is available in a public preview.

The same preview version enables customers to encrypt data with a customer-managed key. This additionally adds a second layer of protection for data-at-rest.

PostgreSQL – Flexible Server introduced read replicas for improved performance of read intense operations. These replicas can be deployed to different regions to provide disaster recovery.

Another big topic important to mention in October’s news is that Azure Cosmos DB started supporting relational workloads besides NoSQL workloads by releasing Azure Cosmos DB for PostgreSQL.

Azure Container Apps

Microsoft introduces an improved integration between Azure container apps and Azure Monitor. This offers an option to route the logs to Azure Monitor instead of sending them to a Log Analytics Workspace.

Generally available: Dapr now can use the container app’s identity when connecting to Azure Services, if Dapr is enabled for the corresponding container app. This significant improvement omits the need for secret values in Dapr components. In addition to this, Azure Container apps started supporting the Dapr secrets API:

Source: GitHub

Azure Kubernetes Service news

  • AKS Clusters with Version 1.22.x will be retired on December 4th, 2022. An upgrade to 1.23.x is recommended to stay supported.
  • We informed you about ARM64 node pool support as a public preview in our May Azure News. Now we are excited that Microsoft finally released ARM64 support in AKS this month.
  • A new node limit per cluster – 5000 virtual machines – is available. Users need to use Uptime-SLA and Azure CNI network plugin.
  • Premium SSD v2, the new next-generation disk, is now available for the Azure Disk CSI driver on Azure Kubernetes Service.
  • Windows Server 2022 hosts for AKS 1.23 or higher are generally available.
  • Currently in preview and only available in North Central and West Central US – Azure CNI Overlay mode in Azure Kubernetes Service. The overlay mode notably economizes the allocation of VNet IP addresses without losing performance.
  • Kubernetes apps are available on Microsoft Cloud Marketplace as a public preview. Microsoft partners get the option to provide their own commercial solutions and open-source apps for Kubernetes.
  • Azure CNI Powered by Cilium (Public preview) will provide high-performance networking and security. It leverages the Azure CNI control plane and the Cilium data plane.
  • AKS Image Cleaner (Public preview) which is based on Eraser can be leveraged to remove stale images from nodes.
  • Kubernetes 1.25 is now available as a public preview. Following this release, Ubuntu 22.04 will be the default node image for Ubuntu-based node pools.
  • IPVS LoadBalancer (Public preview) can be now enabled via kube-proxy settings.
  • The Kubernetes native Vertical Pod Autoscaler (Public preview) is finally integrated. It will provide AKS users with proper scaling onto nodes while removing the burden of configuring requests & limits. Read more about the VPA here.
  • Best practice Rules for Azure Kubernetes Service can now be activated on an unmonitored AKS via the Portal. This will provide users with a set of recommended alerts.

Last but not least: Azure AD workload identity. With this public preview feature, the AKS cluster can federate an AD access token to access Azure cloud resources using Azure AD applications or managed identities. Workload identity will replace pod-managed identity as announced by Microsoft.

Source: Microsoft

Retirement announcements

Microsoft announced the retirement of API versions prior to 2021-08-01 for API management. From 30 September 2023 on, it will not be possible to call those APIs. There is also a site informing about upcoming breaking changes in API management available here.

Azure Database for MySQL – Single Server should migrate to Flexible Server by 16 September 2024. For further information and migration instructions please refer to this site.

Customer who uses Classic resource providers with a classic deployment model should migrate to Azure Ressource Manager by 31 August 2024. To take a deeper look at the required actions please read the following retirement note.

Next Azure Rosenheim Meetup announcement

Join us on November 23rd at 5:30 pm and learn all things Windows 365 and Microsoft 365 Security for Endpoints. The experts from zbits GmbH will present and guide you through the most important aspects of Windows 365 as well as Microsoft 365 Defender components.