Curated documentation updates, feature announcements, community blogs, release highlights, and more.
Welcome to the June 2026 edition of the AKS Newsletter.
This month brings 7 features reaching General Availability and 2 new Preview announcements. Here are some of the highlights:
Let's dive in.
Generally available: Generally available: Managed system node pools in AKS Automatic: Provisioning and maintaining system node pools in AKS requires ongoing work to handle scaling, patching, and availability.
Application Gateway for Containers – now generally available: Managed add-on is now generally available.
Ubuntu 22.04 node pools with FIPS 140-3 compliance – now generally available: In the 2026-05-29 release.
Confidential VMs (CVM) – now generally available: With Azure Linux is now generally available.
Azure Container Linux – now generally available: Is generally available (GA) as an OS option on AKS starting AKS v1.34.
Public Preview: Application Gateway for Containers – Inference gateway: Application Gateway for Containers is extending its ingress gateway feature set with new AI gateway capabilities.
AKS Automatic: Clusters running Kubernetes 1.36 or later, you can now disable the default application routing add-on with Gateway API to use the Istio-based service mesh add-on with Istio CNI, either at cluster create time or afterward.
Deployment Safeguards: In Enforce mode now apply default resource requests to DaemonSets and Jobs when those requests are missing, in addition to Deployments and StatefulSets.
custom Prometheus metric scraping: And log collection on AKS Automatic clusters that use a managed system node pool.
Azure CNI static block allocation: (VnetScale) cluster, so you no longer need to pass the pod CIDR explicitly.
Windows gMSA: Now validates for CoreDNS conflicts.
Pod Sandboxing (Kata): Workload runtime node pools.
Pod Sandboxing (Kata): Node pools on Standard_DadsV7-series VM sizes, which were previously rejected by nested-virtualization validation.
AKS Automatic: Cluster that uses a managed system node pool to the AKS Base SKU.
Windows Server 2022: Retirement has been extended.
Istio-based service mesh add-on: Has been deprecated.
Managed system node pools: Are now generally available for AKS Automatic.
LocalDNS: Mode to Required by default, including new node pools added to existing Automatic clusters.
edit the excludedNamespaces field for deployment safeguards: On Automatic clusters, controlling which policies apply to specific namespaces.
Deployment safeguards: In Enforce mode and Pod Security Standards set to Baseline now allow pods on Automatic clusters to read the /var/log and /hostfs hostPath volumes (read-only), supporting log exporter scenarios.
Use Confidential Virtual Machines (CVMs) in Azure Kubernetes Service (AKS): Learn how to create Confidential Virtual Machine (CVM) node pools with Azure Kubernetes Service (AKS)
Enable Istio CNI for Istio-based service mesh add-on for Azure Kubernetes Service: Enable Istio CNI for enhanced security in Istio-based service mesh add-on for Azure Kubernetes Service
GPU Best Practices for Azure Kubernetes Service (AKS): Learn best practices for managing GPU-enabled node pools on AKS, including placement, lifecycle management, isolation, and how to use AKS Automatic as the recommended production-ready default for most workloads.
Concepts - Access and Identity in Azure Kubernetes Service (AKS): Learn the five identity scenarios in Azure Kubernetes Service (AKS), how they map to AKS Automatic and AKS Standard, and where to find the right deep-dive documentation.
Overview of Node Auto-Provisioning (NAP) in Azure Kubernetes Service (AKS): Learn about node auto-provisioning in AKS, including how it works, upgrade behavior, prerequisites, limitations, and when to use AKS Automatic as the recommended production-ready default.
Concepts - Small and Large Language Models: Learn about small and large language models, when to use each model type, and how to run AI and machine learning workflows on Azure Kubernetes Service (AKS), with AKS Automatic as the recommended production default for most workloads.
Blue-Green Node Pool Upgrades in Azure Kubernetes Service (AKS) (preview): Perform upgrades of AKS node pools using a blue-green deployment strategy to ensure workload availability during updates.
Configure AKSNodeClass Resources for Node Auto-Provisioning (NAP) in Azure Kubernetes Service (AKS): Learn how to configure Azure-specific settings for AKS node auto-provisioning using AKSNodeClass resources.
Configure Scheduler Profiles on Azure Kubernetes Service (AKS) (preview): Learn how to set scheduler profiles to achieve advanced scheduling behaviors on Azure Kubernetes Service (AKS).
Kubernetes on Azure tutorial - Deploy an application to Azure Kubernetes Service (AKS): In this Azure Kubernetes Service (AKS) tutorial, you deploy a multi-container application to your cluster using images stored in Azure Container Registry.
Introduction to Azure Kubernetes Service (AKS) Automatic: Simplify deployment and management of container-based applications in Azure by learning about the features and benefits of Azure Kubernetes Service Automatic.
Configure Azure CNI Powered by Cilium in Azure Kubernetes Service (AKS): Learn how to create an Azure Kubernetes Service (AKS) cluster with Azure CNI Powered by Cilium.
Deploy an AI model on Azure Kubernetes Service (AKS) with the AI toolchain operator add-on: Learn how to enable the AI toolchain operator add-on on Azure Kubernetes Service (AKS) to simplify OSS AI model management and deployment.
Zone Resiliency Recommendations for Azure Kubernetes Service (AKS): Learn recommendations for designing and validating zone resiliency in Azure Kubernetes Service (AKS), including guidance for AKS Automatic and AKS Standard.
Vulnerability Management for Azure Kubernetes Service (AKS): Learn how Microsoft manages security vulnerabilities for Azure Kubernetes Service (AKS) clusters, including the production-ready default experience with AKS Automatic.
Use instance-level public IPs in Azure Kubernetes Service (AKS): Learn how to manage instance-level public IPs Azure Kubernetes Service (AKS)
Configure Azure DNS and TLS with the Application Routing Gateway API Implementation: Use the Application Routing add-on to automatically manage Azure DNS records and Azure Key Vault TLS certificates for ingress traffic on Azure Kubernetes Service (AKS) with the Kubernetes Gateway API.
Outbound Network and FQDN Rules for Azure Kubernetes Service (AKS) Clusters: Learn what ports and addresses are required to control egress traffic in Azure Kubernetes Service (AKS)
Create a managed or user-assigned NAT gateway for your Azure Kubernetes Service (AKS) cluster: Learn how to create an AKS cluster with managed NAT integration and user-assigned NAT gateway.
Long-Term Support for Azure Kubernetes Service (AKS) Versions: Learn about Azure Kubernetes Service (AKS) long-term support for Kubernetes
Configure LocalDNS in Azure Kubernetes Service (AKS): Learn how to improve your Domain Name System (DNS) resolution performance and resiliency in AKS using localDNS.
Quickstart: Deploy an Azure Kubernetes Service (AKS) cluster using Azure PowerShell: Learn how to quickly deploy a Kubernetes cluster and deploy an application in Azure Kubernetes Service (AKS) using PowerShell.
Set up Container Network Observability for Azure Kubernetes Service (AKS) - Azure managed Prometheus and Grafana: Get started with Container Network Observability for your AKS cluster using Azure managed Prometheus and Grafana.
Assign Capacity Reservation Groups to Node Pools in Azure Kubernetes Service (AKS): Learn how to use capacity reservation groups with node pools in Azure Kubernetes Service (AKS) to guarantee allocated capacity for your node pools.
Automatic Pod Disruption Budget management in AKS (preview): Learn how to use automatic Pod Disruption Budget management (preview) to manage Pod Disruption Budgets and unblock node drain operations in AKS clusters.
Supported Kubernetes Versions in Azure Kubernetes Service (AKS): Learn the Kubernetes version support policy and lifecycle of clusters in Azure Kubernetes Service (AKS).
Kubernetes Gateway API Ingress for Istio Service Mesh Add-on for Azure Kubernetes Service (AKS): Configure ingresses for the Istio service mesh add-on for AKS using the Kubernetes Gateway API.
Azure Kubernetes Service (AKS) application routing add-on with the Kubernetes Gateway API: Use the application routing add-on to manage ingress traffic on Azure Kubernetes Service (AKS) using the Kubernetes Gateway API.
AKS end of support notifications: Learn how to receive and set up alerts for Kubernetes version end of support notifications in Azure Kubernetes Service.
Create Node Pools in Azure Kubernetes Service (AKS): Learn how to create multiple node pools for a cluster in Azure Kubernetes Service (AKS).
Custom Certificate Authority (CA) in Azure Kubernetes Service (AKS): Learn how to use a custom certificate authority (CA) to add certificates to your nodes in an Azure Kubernetes Service (AKS) cluster.
Migrate Azure Kubernetes Service (AKS) Pods to Microsoft Entra Workload ID: Migrate AKS pods from pod-managed identities to Microsoft Entra Workload ID using Azure Identity SDK versions or migration sidecar approaches.
Azure Kubernetes Service (AKS) for Extended Zones: Learn how to deploy an Azure Kubernetes Service (AKS) for Azure Extended Zones.
Monitor the ingress-nginx controller metrics in the application routing add-on with Prometheus: Configure Prometheus to scrape the ingress-nginx controller metrics.
Deploy Anyscale on Azure with Terraform: a step-by-step guide: A few weeks ago at Microsoft Build, the public preview of Anyscale on Azure was announced. If you're not familiar, Anyscale on Azure is a managed platform for running distributed AI/ML workloads with Ray on AKS. It's an Azure Native integration, a co-engineered effort between Anyscale and Microsoft, that deploys an operator onto your AKS cluster and integrates with Microsoft Entra ID for single sign-on (SSO).
App Routing Gateway API is GA: Here's a Demo: The AKS App Routing add-on's Kubernetes Gateway API implementation — approuting-istio — is generally available. Together with that, the Managed Gateway API installation for AKS is also GA, so the CRDs, the controller stack, and the gateway data plane you need to run Gateway API on AKS are all now first-class, supported features.
Announcing the public preview of AKS on bare metal: AKS runs everywhere — now on bare metal at the edge
Scaling multi-node LLM inference with NVIDIA Dynamo-Grove on AKS (Part 4): This blog post is co-authored with Nikhar Maheshwari, Anish Maddipoti, Rohan Varma, Clement Pakkam Isaac, and Stephen Mccoulough from NVIDIA.
Accelerating AKS troubleshooting with the Azure Copilot Observability Agent
Closing the loop on container security: From code to runtime in the AI era: ...atters more in 2026: containers are increasingly where AI runs. Many AI workloads — from model-serving APIs to retrieval systems and intelligent agents — now live as pods on AKS, EKS, and GKE (the m...
Getting Secrets Out of YAML: Implementing Azure Key Vault CSI Driver on AKS with Workload Identity
Token economics–driven architecture: hybrid models, AI Runway, AKS Kata MicroVM, MCP
Anyscale on Azure: Powering Enterprise AI at Massive Scale on Azure Kubernetes Service: ...anaged cluster operations, enterprise-grade support, and the operational reliability needed to run AI and data workloads at scale. On Azure, that runtime executes on your Azure Kubernetes Service (AKS...
Announcing Anyscale on Azure public preview: Powered by Ray on AKS
What's new in Azure Kubernetes Service at Microsoft Build 2026: ...s operational: how to run training and inference at scale when cost, latency, and reliability are constantly in tension. The AKS announcements at Microsoft Build focus on that tension directly. T...
Kubernetes Center: Security & LTS/Out-of-Support Version Insights Now Available: ...ubernetes Center aggregates data across all AKS clusters you have access to. Make sure you have the appropriate RBAC permissions across the subscriptions you want visibility into. What is LTS and should I e...
Release - 2026-06-19: This release includes 5 component updates, 2 CVE remediations.
Release 2026-05-29: This release includes 14 CVE remediations.
How we solved AKS cluster sprawl - Kube & Tell - June 2026 - Azure Kubernetes Service: What do you do when hundreds of Kubernetes clusters are spreading across your org, each team running its own version of "what good looks like," with no consistent way to stay on top of security, versions, or cost?
eBPF Host Routing in AKS: Faster, Low-Latency Networking with Azure CNI & ACNS: eBPF Host Routing in Advanced Container Networking Services (ACNS) introduces a high-performance data path for networking in Azure Kubernetes Service (AKS). By moving routing logic into eBPF programs, ACNS enables packet processing directly in...
AKS Community Call - US & Europe (May 2026) - Azure Kubernetes Service: Welcome to the AKS Community Calls! These sessions foster direct interaction between our product teams and the AKS community.
June 2026 showed continued investment across key areas of the AKS platform:
These updates reflect the platform's ongoing focus on production readiness, operational simplicity, and support for modern cloud-native workloads.
Stay tuned for next month's edition, and feel free to share feedback or suggestions for future coverage.