From this month I will keep two different installments. This one for monthly notable Azure updates and the another one enterily dedicated to AI that is now my primary business focus.
This month has definitely been the mponth of Azure Container Applications, the fully managed Kubernetes based containers environment on Azure. Compared to AKS provides an higher level of abstraction on the container clusters and orchestration in spite of less portability between clouds.
So let’s see what’s new for ACA:
Azure Container Applications: Networking with mTLS
- Link: Networking with mTLS
- Product: Azure Container Applications
- Summary: Azure Container Applications now support mutual TLS (mTLS) for enhanced security. mTLS provides two-way authentication, ensuring both client and server verify each other’s identities. This feature is essential for high-security applications, and Azure Container Applications make setting up mTLS straightforward.
- More Information: Azure Container Apps documentation, Azure Container Apps pricing
Azure Container Applications: Ingress Overview and Additional TCP Ports (Preview)
- Link: Ingress Overview and Additional TCP Ports
- Product: Azure Container Applications
- Summary: Azure Container Apps has enhanced ingress capabilities. The platform supports both external and internal ingress, with the external option accepting traffic from the public internet and the internal environment. The internal option restricts access within the container app’s environment. Azure Container Apps now also supports additional TCP ports in preview, allowing exposure of more TCP ports for applications requiring multiple TCP connections.
- More Information: Configure Ingress for your app in Azure Container Apps, Authentication and authorization in Azure Container Apps, Configure CORS in Azure Container Apps
Azure Container Applications: Manage Secrets
- Link: Manage Secrets
- Product: Azure Container Applications
- Summary: Azure Container Apps provides secret management capabilities. Users can securely store sensitive configuration values at the application level. Secrets are scoped to an application, outside of any specific revision. Secrets can also be referenced from Azure Key Vault and environment variables. Additionally, secrets can be mounted in a volume.
- More Information: Azure Container Apps documentation, Deploy Azure Container Apps with the az containerapp up command
Azure Container Applications: Session Affinity
- Link: Session Affinity
- Product: Azure Container Applications
- Summary: Azure Container Apps introduces session affinity, ensuring all client requests are routed to the same replica. This feature is essential for stateful applications requiring a consistent connection. Session stickiness is managed using HTTP cookies and is available in single revision mode when HTTP ingress is enabled.
- More Information: Traffic splitting in Azure Container Apps, Configure Ingress for your app in Azure Container Apps, Monitor Azure Container Apps metrics
Azure Container Applications: Init Containers
- Link: Init Containers
- Product: Azure Container Applications
- Summary: Azure Container Apps supports init containers, which run before the primary app container. These containers are used for initialization tasks like downloading data or setting up the environment. They run in the order they’re defined and must complete successfully before the primary app container starts.
- More Information: Azure Container Apps documentation, Configuration of Azure Container Apps
Azure Container Applications: Additional TCP Ports (Preview)
- Link: Additional TCP Ports in Azure Container Apps
- Product: Azure Container Applications
- Summary: Azure Container Apps introduces the ability to expose additional TCP ports, enabling applications to accept TCP connections on multiple ports. This feature, currently in preview, allows up to 5 additional ports per app. While the main ingress port supports built-in HTTP features like CORS and session affinity, these features aren’t supported when running HTTP on top of the additional TCP ports. External TCP ports are supported only for Container Apps environments using a custom VNET.
- More Information: Additional TCP ports can be set as external if the app is external and uses a custom VNET. Externally exposed ports must be unique across the Container Apps environment. For more details on enabling additional ports, refer to the official documentation
Azure Container Applications: Workload Profiles, Networking Features, and Jobs (GA)
- Product: Azure Container Applications
- Summary: Azure Container Apps has announced the general availability of several features:
- Workload Profiles Environment: Supports apps in both Consumption and Dedicated plans. Allows multiple workload profiles within the same Azure Container Apps environment.
- Dedicated Plan: Offers dedicated compute resources with a range of compute sizes up to 32 vCPUs and 256 GiB of memory.
- Networking Features: Support for user-defined routes (UDR), smaller subnet sizes, and network address translation (NAT) gateway.
- Jobs: Enables containerized jobs to run on-demand, on a schedule, or in response to events.
- These features join other GA features like CORS support, init containers, secrets volume mounts, and session affinity for single-revision HTTP apps. Additionally, features like environment-level network encryption with mTLS and additional TCP ports are now in public preview.
- More Information: For a deeper dive into these updates, refer to the official announcement
Azure Container Applications: Cross Origin Resource Sharing (CORS) Support (GA)
- Link: N/A
- Product: Azure Container Applications
- Summary: Azure Container Apps now supports Cross Origin Resource Sharing (CORS) as a generally available feature. This enhancement addresses the browser’s default behavior of blocking requests to a domain different from the page’s origin. With this update, Azure Container Apps users can conveniently configure CORS settings via the Azure portal or the CLI.
- More Information: N/A
Azure Container Applications: UDR, NAT Gateway, and Subnet Sizes (GA)
- Link: N/A
- Product: Azure Container Applications
- Summary: Azure Container Apps has announced the general availability of User Defined Routes (UDR), NAT Gateway, and smaller required subnet sizes for the new workload profiles environment type. This environment type supports both consumption and dedicated plans. UDRs enable users to dictate how outbound traffic is routed within the container app environment’s subnet, facilitating the integration of network appliances like firewalls. Additionally, a NAT Gateway can be configured to assign a static public IP for all outbound traffic from container apps. The minimum subnet size for this environment is now a /27 CIDR, while a /23 remains for consumption-only environments.
- More Information: N/A
And that’s all for ACA, let’s move to some more news
Azure Monitor: VM insights
- Link: Azure Monitor VM insights Overview now supports Azure Monitor Agent
- Product: Azure Monitor
- Summary: This tool provides an inventory of VMs and a guided experience for monitoring. It supports Windows and Linux OS on Azure VMs, hybrid VMs connected with Azure Arc, on-prem VMs, and VMs in other cloud environments. Predefined workbooks allow users to view performance data trends. While VM insights itself has no direct cost, charges apply for its activity in the Log Analytics workspace.
- More Information: Analyze data with log queries
Azure Firewall: SNAT Private Range and Auto Learn SNAT Routes (Preview)
- Link: SNAT Private Range and Auto Learn SNAT Routes
- Product: Azure Firewall
- Summary: Azure Firewall now allows customization of the Source Network Address Translation (SNAT) private IP address range. This feature is beneficial for enterprises with specific outbound connectivity requirements. Users can define custom private IP ranges for SNAT. Additionally, the “Auto Learn SNAT Routes” feature, currently in preview, automatically configures SNAT based on network routing requirements.
- More Information: Azure Firewall documentation, Azure Firewall pricing
Azure Kubernetes Service: Planned Maintenance
- Link: Azure Kubernetes Service Planned Maintenance
- Product: Azure Kubernetes Service
- Summary: Azure Kubernetes Service (AKS) introduces Planned Maintenance for controlled scheduling of AKS-initiated and user-initiated tasks. This ensures minimal disruption to workloads. Users can manage AKS releases, cluster upgrades, and Node OS security updates.
- More Information: AKS offers three configurations: default (controls AKS releases), aksManagedAutoUpgradeSchedule (manages cluster upgrades), and aksManagedNodeOSUpgradeSchedule (handles node OS security patching). It’s advised to use the latter two for effective maintenance
Azure SQL Database: External REST Endpoint Invocation (GA)
- Link: External REST Endpoint Invocation is now GA!
- Product: Azure SQL Database
- Summary: Azure SQL Database now supports External REST Endpoint Invocation. This feature allows developers to call REST/GraphQL endpoints from other Azure Services directly within the Azure SQL Database. By using the system stored procedure `sp_invoke_external_rest_endpoint`, developers can interact with various Azure services like Azure Functions, PowerBI, and Cognitive Services. The feature supports header and managed identity authentication.
- More Information: External REST Endpoint Invocation provides a range of use cases, including activating workflows, data enrichment, cache invalidation, and integrating with event-based architectures. It’s compatible with numerous Azure services, and getting started is straightforward with a simple stored procedure call.
Azure App Configuration: Snapshots (Preview)
- Link: Snapshots in Azure App Configuration
- Product: Azure App Configuration
- Summary: Azure App Configuration introduces Snapshots, an immutable subset of key-values within an App Configuration store. Snapshots are designed for safe deployment of configuration changes, ensuring configurations remain unchanged during rollout. They support controlled rollout, versioning, auditing, and simplifying client configuration composition. Snapshots can only be created and archived; no editing or deleting is allowed.
- More Information: Snapshots offer various use cases like controlled rollout, maintaining a Last Known Good (LKG) configuration, versioning, and auditing. They can be used in testing and staging environments for consistency. Operations include creating, archiving, and recovering snapshots. The retention period for snapshots is set during creation, with default values being 30 days for Standard stores and 7 days for Free stores.
Azure Backup: Cross Subscription Restore for Azure Virtual Machines (GA)
- Link: N/A
- Product: Azure Backup
- Summary: Azure Backup now supports Cross Subscription Restore for Azure Virtual Machines. This feature allows users to restore Azure VMs to a different subscription within the same tenant, given the necessary permissions for the secondary subscription. By default, the restoration occurs in the subscription of the source VM. To utilize this feature, the Recovery Services vault must have the Cross Subscription Restore property enabled. The restore can be executed by creating a VM or restoring the disks. Additionally, this feature is compatible with Cross Zonal Restore and/or Cross Region Restore. Support Matrix:
- Original Location Recovery (OLR) and Item Level Restore (ILR) are not supported.
- VMs with ADE disks are not supported.
- Cross Subscription Restore from the Snapshots tier is not supported. Only Vault-tier recovery points are eligible.
- Only Managed VMs can utilize this feature.
- More Information: This enhancement provides users with greater flexibility in managing VM backups and restores across different Azure subscriptions. For a comprehensive understanding, it’s recommended to refer to the official Azure Backup documentation or the provided “Learn more” resource.
Quae Nocent Docent 