AKS cluster autoscaling is now available in preview. This service enables you to scale more efficiently and run your applications without downtime. Based on the Kubernetes cluster autoscaler, AKS autoscaling automatically adds new instances to the Azure virtual machine scale set when more capacity is required and removes them when no longer needed. Combine it with the horizontal pod autoscaler to precisely tune the scaling behavior of your environment to match your workloads.
Azure Kubernetes Service (AKS) is now generally available in France Central. It's the 18th Azure region to offer the service. In the list of regions, you can see where AKS is available and where it's coming next.
A security vulnerability was announced recently in runC, the low-level container runtime that supports Docker and associated container engines, which affects Azure Kubernetes Service (AKS). As a best practice, we'll apply the Open Container Initiative (OCI) update to applicable services that we maintain.
Microsoft has built a new version of the Moby container runtime that includes the OCI update to address this vulnerability. To consume that new container runtime release, you'll need to upgrade your Kubernetes cluster. Any upgrade will suffice, because it will ensure that all existing nodes are removed and replaced with new nodes that include the patched runtime.
Azure Kubernetes Service (AKS) is now generally available in Australia Southeast. It's the seventeenth Azure region to offer the service. In the list of regions, you can see where AKS is available and where it's coming next.
Azure Kubernetes Service (AKS) is now generally available in East Asia (Hong Kong). It's the sixteenth Azure region to offer the service. In the list of regions, you can see where AKS is available and where it's coming next.
Powered by the open source Virtual Kubelet technology, Azure Kubernetes Service (AKS) virtual node allows you to elastically provision additional pods inside Container Instances that start in seconds. With a few clicks in the Azure portal, turn on the virtual node feature and get the flexibility and portability of a container-focused experience in your AKS environment without needing to manage the additional compute resources. And since your Azure Container Instances containers can join the same virtual network as the rest of your cluster, you can build Kubernetes services that seamlessly span pods running on virtual machines (VMs) and Azure Container Instances.
Today, the Kubernetes community announced a serious security vulnerability that affects some recent Kubernetes releases available in Azure Kubernetes Service (AKS).
The vulnerability allows unauthenticated external users to access the metrics data provided by the Kubernetes metrics server API by passing in a specially crafted payload. It affects all patch releases of Kubernetes 1.10 to 1.10.10 and all patch releases of 1.11 to 1.11.5. Earlier minor releases in AKS are not affected because they don't include the metrics server.
In preparation for this announcement, Azure Kubernetes Service has patched all affected clusters by overriding the default Kubernetes configuration to remove unauthenticated access to the entrypoints that exposed the vulnerability. The entrypoints were everything under https://myapiserver/apis/. If you were relying on this unauthenticated access to these endpoints from outside the cluster, you will need to switch to an authenticated path.
If you want to upgrade to a Kubernetes release that contains the underlying fix, we have now made version 1.11.5 available. Upgrading is as simple as:
az aks upgrade -n mycluster -g myresourcegroup -k 1.11.5