Hi!

Azure Kubernetes Service (AKS) clusters, regardless of whether they’re deployed in a managed or custom virtual network, require specific outbound dependencies to operate effectively. Previously, in environments where internet access had to be routed through HTTP proxies, this presented a challenge. Nodes lacked the means to bootstrap the essential configuration, environment variables, and certificates needed to connect to internet services.

With this newly introduced feature, AKS clusters now support HTTP proxies. This provides a user-friendly interface for cluster operators to manage network traffic required by AKS in environments dependent on proxies, ensuring a secure and smooth operation.

Example of Json HTTP Proxy Config File:

{
  "httpProxy": "string",
  "httpsProxy": "string",
  "noProxy": [
    "string"
  ],
  "trustedCa": "string"
}

Create a new AKS cluster with HTTP proxy configured on the nodes:

az aks create -n $clusterName -g $resourceGroup --http-proxy-config aks-proxy-config.json

Update an existing HTTP proxy:

az aks update -n $clusterName -g $resourceGroup --http-proxy-config aks-proxy-config-2.json

Note: ods must be rotated for the apps to pick it up. For components under kubernetes, like containerd and the node itself, this won’t take effect until a node image upgrade is performed.

The following scenarios are not supported:

1. Varied proxy configurations for each node pool
2. User/password authentication
3. Custom Certificate Authorities (CAs) for API server communication
4. Windows-based clusters
5. Node pools utilizing Virtual Machine Availability Sets (VMAS)
6. Employing ‘*’ as a wildcard appended to a domain suffix for noProxy

Additionally, it’s important to note that by default, both httpProxy and httpsProxy, as well as trustedCa, are unset.

Resource: https://learn.microsoft.com/en-us/azure/aks/http-proxy#updating-proxy-configurations

Maxime.

Hi!

AKS releases weekly updates, including fixes, features, and component enhancements, affecting all clusters and customers. However, due to Azure Safe Deployment Practices (SDP), it may take up to two weeks for these updates to be fully deployed across all regions from the initial shipping date.

It is imperative for customers to stay informed about when a particular AKS release will reach their region, and the AKS release tracker provides real-time information sorted by versions and regions. This tool empowers customers to monitor specific component updates included in an AKS version release, such as fixes applied to a core add-on.

https://releases.aks.azure.com/

Maxime.

Hi!

Exciting news! Microsoft is thrilled to announce that the Image Cleaner feature is now officially available for general use. In the realm of optimizing image creation and deployment within Azure Kubernetes Service (AKS) clusters, pipelines take center stage. However, amid their prowess in image generation, a common oversight comes to light: the gradual accumulation of outdated images. This seemingly minor misstep often leads to unwelcome image bloat within cluster nodes, a situation that cannot be underestimated due to potential vulnerabilities stemming from these lingering images.

To fortify the security stance of your clusters, it’s imperative to adopt proactive measures for purging these unreferenced images. The conventional manual approach to image cleanup, while well-intentioned, proves both labor-intensive and prone to human error. Enter the game-changing Image Cleaner—an innovative solution meticulously crafted to tackle this very challenge.

By automating the identification and removal of redundant images, Image Cleaner emerges as a pivotal instrument in mitigating the risks posed by outdated images. Its role transcends mere security enhancement, as it also significantly streamlines the image maintenance process, thereby conserving precious time and resources.

If you’re curious to delve deeper into this subject, I penned an article in September 2022. Feel free to explore it by following this link: https://zigmax.net/aks-image-cleaner/

Maxime.