Available extensions for Azure Arc-enabled Kubernetes clusters
Cluster extensions for Azure Arc-enabled Kubernetes provide an Azure Resource Manager-driven experience for installation and lifecycle management of different Azure capabilities on top of your cluster. These extensions can be deployed to your clusters to enable different scenarios and improve cluster management.
The following extensions are currently available for use with Arc-enabled Kubernetes clusters. All of these extensions are cluster-scoped.
Azure Policy
Azure Policy extends Gatekeeper, an admission controller webhook for Open Policy Agent (OPA), to apply at-scale enforcements and safeguards on your clusters in a centralized, consistent manner.
For more information, see Understand Azure Policy for Kubernetes clusters.
Azure Key Vault Secrets Provider
- Supported distributions: AKS on Azure Stack HCI, AKS enabled by Azure Arc, Cluster API Azure, Google Kubernetes Engine, Canonical Kubernetes Distribution, OpenShift Kubernetes Distribution, Amazon Elastic Kubernetes Service, VMware Tanzu Kubernetes Grid
The Azure Key Vault Provider for Secrets Store CSI Driver allows for the integration of Azure Key Vault as a secrets store with a Kubernetes cluster via a CSI volume. For Azure Arc-enabled Kubernetes clusters, you can install the Azure Key Vault Secrets Provider extension to fetch secrets.
For more information, see Use the Azure Key Vault Secrets Provider extension to fetch secrets into Azure Arc-enabled Kubernetes clusters.
Microsoft Defender for Containers
- Supported distributions: AKS enabled by Azure Arc, Cluster API Azure, Azure Red Hat OpenShift, Red Hat OpenShift (version 4.6 or newer), Google Kubernetes Engine Standard, Amazon Elastic Kubernetes Service, VMware Tanzu Kubernetes Grid, Rancher Kubernetes Engine, Canonical Kubernetes Distribution
Microsoft Defender for Containers is the cloud-native solution that is used to secure your containers so you can improve, monitor, and maintain the security of your clusters, containers, and their applications. It gathers information related to security like audit log data from the Kubernetes cluster, and provides recommendations and threat alerts based on gathered data.
For more information, see Enable Microsoft Defender for Containers.
Important
Defender for Containers support for Arc-enabled Kubernetes clusters is currently in public preview. See the Supplemental Terms of Use for Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
Flux (GitOps)
- Supported distributions: All Cloud Native Computing Foundation (CNCF) certified Kubernetes clusters.
GitOps on AKS and Azure Arc-enabled Kubernetes uses Flux v2, a popular open-source tool set, to help manage cluster configuration and application deployment. GitOps is enabled in the cluster as a Microsoft.KubernetesConfiguration/extensions/microsoft.flux cluster extension resource.
For more information, see Tutorial: Deploy applications using GitOps with Flux v2.
The most recent version of the Flux v2 extension and the two previous versions (N-2) are supported. We generally recommend that you use the most recent version of the extension.
Important
Eventually, a major version update (v2.x.x) for the microsoft.flux extension will be released. When this happens, clusters won't be auto-upgraded to this version, since auto-upgrade is only supported for minor version releases. If you're still using an older API version when the next major version is released, you'll need to update your manifests to the latest API versions, perform any necessary testing, then upgrade your extension manually. For more information about the new API versions (breaking changes) and how to update your manifests, see the Flux v2 release notes.
Note
When a new version of the microsoft.flux extension is released, it may take several days for the new version to become available in all regions.
1.8.3 (March 2024)
Flux version: Release v2.1.2
- source-controller: v1.1.2
- kustomize-controller: v1.1.1
- helm-controller: v0.36.2
- notification-controller: v1.1.0
- image-automation-controller: v0.36.1
- image-reflector-controller: v0.30.0
Changes made for this version:
- The log-level parameters for controllers are now customizable. For more information, see Configurable log-level parameters.
1.8.2 (February 2024)
Flux version: Release v2.1.2
- source-controller: v1.1.2
- kustomize-controller: v1.1.1
- helm-controller: v0.36.2
- notification-controller: v1.1.0
- image-automation-controller: v0.36.1
- image-reflector-controller: v0.30.0
Changes made for this version:
- Improve the identity token generation logic to handle token generation failures
1.8.1 (November 2023)
Flux version: Release v2.1.2
- source-controller: v1.1.2
- kustomize-controller: v1.1.1
- helm-controller: v0.36.2
- notification-controller: v1.1.0
- image-automation-controller: v0.36.1
- image-reflector-controller: v0.30.0
Changes made for this version:
- Upgrades Flux to v2.1.2
- Updates to each
fluxConfigurationstatus are now relayed back to Azure once every minute, provided there are any changes to report
Next steps
- Read more about cluster extensions for Azure Arc-enabled Kubernetes.
- Learn how to deploy extensions to an Arc-enabled Kubernetes cluster.