Azure Snippets w/c 07/04/2025 - AKS Edition
By Jon Lee
Summary of Azure snippets for the week commencing 7th April 2025. As so many AKS updates have dropped recently, I’ve decided to do a special AKS edition post this week to round them all up.
For all the updates on Azure platform resources and products - Azure updates from Microsoft
GA = Generally Available
Public/Private Preview = as stated
RET = Service retirement
Azure Kubernetes Services
AKS Release 2025-03-16 now available (GA) : Highlights include AKS 1.28 becoming the next LTS version, patch versions 1.29.12, 1.29.13, 1.30.8, 1.30.9, 1.31.4, and 1.31.5 now available, and a quota for AKS clusters in a subscription is being introduced
CNI Overlay for Application Gateway for Containers and AGIC (Public Preview) : App Gateway for Containers and App Gateway Ingress Controller haven’t supported CNI overlay networking to date, so this is welcome.
AKS Communication Manager (GA) : The AKS communication manager streamlines notifications for all your AKS maintenance tasks by using Azure Resource Notification and Azure Resource Graph frameworks. This tool enables you to monitor your upgrades closely by providing timely alerts on event triggers and outcomes. Another preview feature transferring to GA quickly!
Azure CNI Overlay Dual-stack with Cilium Dataplane Support (GA) : Azure CNI overlay now supports dual-stack networking with Azure CNI powered by Cilium, enabling customers to enforce IPv6 network policies and leverage Advanced Container Networking Services (ACNS) in dual-stack environments.
Application Insights auto-instrumentation for AKS (Public Preview) : To provide seamless monitoring for Java and Node deployments, AKS now offers Application Insights integration for Java and Node microservices. This integration, available in public preview, allows customers to easily monitor their deployments without changing any code by leveraging auto-instrumentation that is integrated into the AKS cluster.
Multi-cluster Auto-upgrade in Azure Kubernetes Fleet Manager (GA) : Auto-upgrade support provides an automated trigger for update runs based on new Kubernetes or node image versions being published to Azure. Admins can create multiple auto-upgrade profiles for their fleet to capture combinations of Kubernetes and node image version updates.
Multi-cluster Workload Rollout Strategies and Runs with Azure Kubernetes Fleet Manager (Public Preview) : Operators using Azure Kubernetes Fleet Manager’s Cluster Resource Placement for intelligent execution of multi-cluster workload placement can now define reusable staged rollout strategies using ClusterStagedUpdateStrategy custom resource.
Multi-cluster Eviction and Disruption Budgets with Azure Kubernetes Fleet Manager (Public Preview) : With the introduction of ClusterResourcePlacementEviction objects, Fleet Manager’s workload placement provides operators with a way to forcibly remove placed resources from member clusters. When this happens, it is important for operators to be able to control eviction across their Fleet. For this purpose, a newly available ClusterResourcePlacementDisruptionBudget custom resource can help operators ensure that workload availability is maintained in the event of workload eviction.
Cilium WireGuard Encryption Support in AKS (Public Preview) : AKS supports WireGuard encryption in Advanced Container Networking Services + Cilium data plane clusters. This enables seamless node-to-node encryption for improved security.
AKS Support for Persistent Network Flow Logging for Advanced Container Networking Services (Public Preview) : To enable better security auditing, performance analysis, and troubleshooting of network flows within your AKS clusters, AKS now supports persistent network flow logging with Advanced Container Networking Services’ Container Network Observability feature. This enhancement allows you to capture and retain detailed network traffic logs over time.
Standard Load Balancer (SLB) Health Probe Redesign in AKS (Public Preview) : AKS now offers improved load balancing for services using externalTrafficPolicy: Cluster. This enhancement enables the standard load balancer (SLB) to probe kube-proxy directly instead of backend applications. This new capability enhances reliability, reduces misconfigurations, and improves traffic routing.
maxUnavailable Setting for Upgrades in AKS (Public Preview) : AKS now supports setting a maxUnavailable option for upgrading nodepools to a newer version of both Kubernetes and node images. With maxUnavailable, you no longer need to use surge nodes to begin the upgrade process. AKS will instead simply cordon and drain existing nodes on the nodepool.
Azure CNI Node Subnet + Cilium Support (GA) : AKS now supports the Cilium dataplane with Azure CNI Node Subnet. This enhancement allows you to leverage Cilium’s advanced networking capabilities while using Node Subnet IP allocation, maintaining your existing IP allocation strategies.
Advanced Container Networking Services Cilium L7 Policies Support in AKS (Public Preview) : AKS now supports Layer 7 (L7) network policies in Advanced Container Networking Services + Cilium clusters, enabling fine-grained control over application traffic. With L7 policies, customers can define security rules based on application-layer attributes, improving zero-trust security models within AKS.
Cilium Endpoint Slices in AKS (GA) : AKS now supports Cilium endpoint slices, improving scalability and efficiency of network endpoint management. By reducing API server load and optimizing service discovery, endpoint slices enhance networking performance for AKS clusters using the Cilium dataplane.
Service Allowed IP Ranges in AKS (Public Preview) : AKS now allows you to define both IP ranges and service tags for Service LoadBalancers (via annotations), providing more flexible traffic control than loadBalancerSourceRanges. This eliminates the need for manual service tag updates and ensures seamless traffic management across on-premises and Azure services.
Multiple Load Balancers for AKS (Public Preview) : To address existing SLB rule limits and private link constraints, AKS now supports multiple standard load balancers (SLB) per cluster. This enhancement allows for better scalability, workload distribution, and flexibility in managing network traffic across large deployments.
AKS Cost Recommendations in Azure Advisor (GA) : Azure Advisor now offers AKS cost recommendations. These advisors are designed to identify cost savings opportunities and provide actionable insights to enforce AKS cost best practices. The recommendations are tailored to your cluster configuration and target rightsizing, autoscaling, visibility, and SKU selection scenarios.