Friday, October 15, 2021

AzUpdate S03E10: AKS, Azure Static Web Apps and Windows 11 Virtual Desktop.

Hello Folks!


After some well-deserved time off, Jay Gordon (@Jaydestro) and I are back with the news around Microsoft Azure and the IT pro and Operations audiences.


This week we cover some news items that were announced at KubeCon North America 2021.  We will also cover a new way of protecting Azure Static Web Apps and some news arounds Azure Virtual Desktop.



AKS out of tree cloud provider controller manager



The Kubernetes community is now adopting an "out-of-tree" model where the Cloud providers will control their releases independently of the core Kubernetes release schedule through the cloud-provider-azure component.  We have already rolled out the Cloud Storage Interface (CSI) drivers to be the default in Kubernetes version 1.21 and above.


CSI storage driver is a standard for exposing arbitrary block and file storage systems to containerized workloads on Kubernetes. By adopting and using CSI, Azure Kubernetes Service (AKS) can write, deploy, and iterate plug-ins to expose new or improve existing storage systems in Kubernetes without having to touch the core Kubernetes code and wait for its release cycles.


The CSI storage driver support on AKS allows you to natively use:


  1. Azure disks, which can be used to create a Kubernetes DataDisk resource.  Disks can use Azure Premium Storage, backed by high-performance SSDs, or Azure Standard Storage, backed by regular HDDs or Standard SSDs. For most production and development workloads, use Premium Storage. Azure disks are mounted as ReadWriteOnce, so are only available to a single pod. For storage volumes that can be accessed by multiple pods simultaneously, use Azure Files.

  2. Azure Files, which can be used to mount an SMB 3.0 share backed by an Azure Storage account to pods.  With Azure Files, you can share data across multiple nodes and pods.  Azure Files can use Azure Standard Storage backed by regular HDDs or Azure Premium Storage backed by high-performance SSDs.


Azure Monitor container insights for Azure Arc enabled Kubernetes



Azure Monitor container insights for Azure Arc enabled Kubernetes provides a centralized location for viewing infrastructure metrics, container logs, and recommended alerting. You receive the same monitoring feature parity as our native container insights service.


The container insight service is designed to monitor the performance of container workloads deployed to:



From the Operations perspective, it’s critical to be able to get information about performance by collecting memory and processor metrics from controllers, nodes, and containers that are available in Kubernetes.


IP-based website protection for Azure Static Web Apps

IP-based access restriction allows you to control access to your website based on IP address ranges.



When leveraging this new offering, only users who access your website from the defined IP addresses will be allowed to view and access your application and its resources.  You can find info on setting up this service here.  From a security point of vue this provides you with a greater control over who has access to your applications.

Windows Virtual Desktop is now generally available on Azure Virtual Desktop




Azure Virtual Desktop has become a popular cloud VDI platform to run desktops and apps in the cloud and deliver a full Windows experience to users virtually anywhere, and now you can use Windows 11 as your Virtual Desktop.


  • Azure Virtual Desktop still provides exclusive support for multi-session, an important option that helps you optimize costs by running multiple users on a single Azure virtual machine. 
  • Use Trusted Launch (available in preview) to enable TPM 2.0 and secure boot as part of the VM configuration to take full advantage of the security capabilities in Windows 11.  It protects against advanced and persistent attack techniques. Trusted launch is composed of several, coordinated infrastructure technologies that can be enabled independently. Each technology provides another layer of defense against sophisticated threats.


MS Learn Module of the Week


This week Jay suggested that we cover the Azure Static Web Apps Microsoft Learning Path.  The modules included will lead you through how to publish Web Apps to the Azure Static Web App service, how to authenticate users with it and much more.  Go Check it out!


That’s it for this week!  Let us know in the comments below if there are other items you would like to see covered on this blog.




Pierre Roman



Posted at