AKS

Azure Kubernetes Service

Stars
2K
Committers
76
View Code on GitHub Visit Website View on X
Ecosystems: Azure

Bot releases are hidden (Show)

AKS - Release 2024-08-27 Latest Release

Published by dyu1208 about 1 month ago

Release 2024-08-27

Monitor the release status by regions at AKS-Release-Tracker. This release is titled as v20240827.

Announcements

Release Notes

  • Features:

    • Existing Linux node pools can now be updated to enable or disable Federal Information Process Standard (FIPS). See documentation for more information.

  • Bug fixes:

    • Fix an Azure NPM issue that user could meet unexpected connectivity for Pods on the Node when editing a NetworkPolicy with a CIDR "except" field.
    • Fix bug to block non-VMSS (VirtualMachineScaleSets) agent pools in the Automatic SKU validation process.
    • Fix bug to ensure correct default network plugin settings for Kubernetes clusters using VMAS.
    • Fix bug for intermittent precondition failures when applying an AKS Bicep deployment on the pod subnet delegation.
    • Fix bug of public IP on VMSS dropped after upgrade node image or reset service principal operation.
    • Fix bug https://github.com/Azure/AKS/issues/4282 to remove duplicated toleration from Calico components.
    • Fix bug to ensure AnnotationControlled is correctly populated by default when creating AKS clusters with app routing enabled, and to ensure AnnotationControlled is an accepted value for the default nginx ingress controller config for AKS clusters with K8s versions <1.30.
    • Fix bug for Cluster Autoscaler that requires an implementation of the HasInstance method on AKS. This implementation prevents the Cluster Autoscaler from stalling during scale-up due to node scale-down issues.
    • Fix bug https://github.com/Azure/azure-service-operator/issues/3220 to allow creation of AgentPools without Count field specified if autoscaler enabled.
    • Fix bug to accept user to set the PowerState field for API versions that do not support the filed. Impacted API versions are 2020-09-01, 2020-11-01, 2020-12-01, 2021-02-01 and 2021-03-01.

  • Behavior change:

    • For non-host network pods running on AKS nodes, they cannot access wireserver(168.63.129.16) port 32526. Before this change user cannot access wireserver port 80, but port 32526 is accessible.
    • When deploying an AKS Automatic (preview) cluster, user do not need to register extra feature flags for related preview features, such as APIServerVnetIntegration, NRGLockdown, NodeAutoProvisioning, and Safeguards.
    • CBL-Mariner 1.0 is end of life, creation of new nodepools with OSSKU cblmariner is disabled.
    • Application Gateway Ingress Controller addon has been assigned the network contributor role.

  • Component updates:

    • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-202408.27.0.
    • Azure Linux image has been updated to AzureLinux-202408.27.0.
    • Azure Disk CSI driver has been upgraded to v1.30.3 on AKS 1.30, V1.29.8 on AKS 1.28, 1.28.1 on AKS 1.27.
    • Azure Blob Disk CSI driver has been upgraded to v1.24.3 on AKS 1.30, v1.23.7 on AKS 1.29 and 1.28.
    • Azure File CSI driver has been upgraded to v1.30.5 on AKS 1.30 and 1.29, v1.29.7 on AKS 1.28.
    • AKS Windows Server 2019 image has been updated to AKSWindows-2019-17763.6189.240814.
    • AKS Windows Server 2022 image has been updated to AKSWindows-2022-20348.2655.240814.
    • AKS App Routing operator image has been updated to v0.2.3-patch-2 for AKS cluster with K8s versions >=1.30, v0.2.1-patch-4 for AKS cluster with K8s versions <1.30 to address CVEs.
    • Windows containerd has been updated to v1.7.20 in AKS cluster with K8s versions >= v1.28.
    • Kubernetes Secrets Store CSI Driver has been updated to v1.4.4 and Azure Key Vault Provider for Secrets Store CSI Driver to v1.5.3
    • Application Gateway Ingress Controller add-on image has been updated to v1.7.5.
    • Retina Enterprise and Operator image has been updated to v0.0.9.
    • azure-cloud-controller-manager has been updated to version v1.30.5, v1.29.9, v1.28.11, v1.27.19.
    • KEDA addon has been updated to v2.14.1 for Kubernetes = 1.30.
    • Azure Policy addon has been updated to v1.7.0.
    • Istio-based service mesh add-on revision asm-1-20 has been upgraded to patch v1.20.8, revision asm-1-21 has been upgraded to patch v1.21.5, and revision asm-1-22 has been upgraded to patch v1.22.3. Users can restart the workload pods to trigger re-injection of the newer patch version of istio-proxy. More information can be found here.
    • Calico v3.28.1 is supported for AKS cluster with K8s versions 1.30.
AKS - Release 2024-08-05

Published by shashankbarsin 2 months ago

Release 2024-08-05

Monitor the release status by regions at AKS-Release-Tracker. This release is titled as v20240805.

Announcements

Release Notes

  • Features:

  • Bug fixes:

    • Fixed a bug where sometimes NodePublicIPPrefixID could show unset on a cluster even though it was set.
    • Previously, as part of Istio addon canary upgrade, users had to manually copy their edits to HorizontalPodAutoscaler from old revision to new revision. This has been fixed so that changes done to Horizontal Pod Autoscaler will be automatically copied for the newer revision.
    • Added validation that if a LTS cluster has a node pool on non-LTS version, upgrade to the next LTS version is blocked.

  • Behavior change:

    • When Advanced Networking Observability is enabled, increased memory limit of 700Mi (from 400Mi) is used for retina-agent.
    • GOMAXPROCS for coredns has been set to equal CPU limit to avoid throttling.
    • In Azure CNI, init-cni-dropgz initContainer has been renamed to cni-installer.
    • Validation for minimum 5 minutes has been introduced for drain timeout value to prevent drain issues during upgrade.
    • query label removed from dns metrics in Advanced Network Observability.
    • Control plane only AKS upgrades will now reconcile node pools to desired state. For example, previously let's say a user did did a Kubernetes upgrade and network plugin mode transition to overlay where a reimaging of the nodes was required, but it wasn't done as nodes were skipped. Going ahead nodes will be reconciled in these circumstances.

  • Component updates:

    • To address scheduler issues fixed in this upstream change, 1.27.15, 1.28.11, 1.29.6 schedulers versions will be used for Kubernetes versions 1.27.14, 1.28.10, 1.29.5 respectively.
    • Updated Azure Blob CSI driver to v1.22.7 on AKS version 1.27.
    • For Node Auto Provisioning, Azure provider of Karpenter is upgraded to v0.5.1.
    • Updated Azure Monitor Container Insights image to v3.1.23.
    • Azure Monitor managed service for Prometheus images updated to 07-19-2024 release.
    • Updated Eraser version to v1.3.1 for Image Cleaner.
    • Updated Azure Disk CSI driver to v1.28.9 on AKS 1.27 and to v1.29.7 on AKS 1.28 and 1.29.
    • Updated Azure File CSI driver to v1.28.11 on AKS 1.27, to v1.29.6 on AKS 1.28, and to v1.30.3 on AKS 1.29.
    • Updated Ratify image used in Image Integrity to v1.2.0.
    • Updated Cilium version has been updated to 1.14.12 for AKS cluster with versions >= 1.29 and Advanced Network Observability enabled.
    • Istio-based service mesh add-on revision asm-1-21 has been upgraded to patch v1.21.4 and revision asm-1-22 has been upgraded to patch v1.22.2. Users can restart the workload pods to trigger re-injection of the newer patch version of istio-proxy. More information can be found here.
    • Updated Windows Kubernetes packages in all AKS versions to address CVE-2024-5321.
    • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-202407.29.0.
    • Azure Linux image has been updated to AzureLinux-202407.29.0.
    • AKS Windows Server 2019 image has been updated to AKSWindows-2019-17763.6054.240716.
    • AKS Windows Server 2022 image has been updated to AKSWindows-2022-20348.2582.240716.
AKS - Release 2024-07-16

Published by qpetraroia 3 months ago

Release 2024-07-16

Monitor the release status by regions at AKS-Release-Tracker. This release is titled as v20240716.

Announcements

Release Notes

  • Features:

    • AKS version 1.30 is now GA.
    • AKS patch versions 1.30.2, 1.30.1, 1.29.6, 1.28.11, 1.27.15, are now available. Refer to version support policy and upgrading a cluster for more information.
    • Istio add-on for AKS now supports EnvoyFilter of the type Lua (type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua). While this EnvoyFilter is allowed, any issue arising from the Lua script itself is not supported. Other EnvoyFilter types currently remain blocked.
    • The ability to migrate your existing Ubuntu node pools to Azure Linux by changing the OS SKU of the node pool is now GA.

  • Preview features:

    • CNI Overlay dual-stack (IPv4/IPv6) is now available on Windows Agent Pools.
    • Existing node pools can now be updated to enable or disable Federal Information Process Standard (FIPS). See aka.ms/aks/updatefips for more information.

  • Bug Fixes:

    • Updated iptables rules in clusters with Azure Network Policy Manager to block pod access to wireserver.
    • A bug regarding App Routing's placeholderPod not properly cleaning up has been fixed.

  • Behavior Change:

    • AKS Automatic clusters now use Azure Linux for Node Auto Provision dynamic nodes.

  • Component Updates:

AKS - Release 2024-06-27

Published by shashankbarsin 3 months ago

Release 2024-06-27

Monitor the release status by regions at AKS-Release-Tracker. This release is titled as v20240627.

Announcements

  • Starting 1.30 Kubernetes version and 1.27 LTS versions, beta APIs will be disabled by default, when you upgrade to them. There will be an option provided to explicitly enable beta APIs closer to the 1.30 release.
  • 1.30 is the next LTS version after 1.27. Upgrade from 1.27 LTS to 1.30 LTS will be possible starting August 2024. More information about AKS LTS is available here.

Release Notes

  • Features:

    • AKS patch versions 1.27.14, 1.28.10, and 1.29.5, are now available. 1.27.9, 1.28.5, and 1.29.2 patch versions are deprecated. Refer to version support policy and upgrading a cluster for more information.
    • Cost Analysis views for AKS are now available under AKS resource blade in Azure portal. More information can be found in this document.

  • Preview feature:

  • Bug Fixes:

    • Fixed a bug that previously didn't allow switching from non-LTS K8s version to LTS K8s version when upgrading the cluster. For example, you can now upgrade from 1.26 to 1.27 while switching to LTS.
    • Related to the above, also fixed a bug where previously it was not possible to upgrade from an LTS K8s version to non-LTS K8s version. For example, you can now upgrade from 1.27 LTS to 1.28.

  • Behavior Change

    • The memory limit for Azure Key Vault provider for Secrets Store CSI Driver has been updated from 300Mi to 500Mi.
    • Base CPU and memory for metrics-server container are updated from 44M to 150M and 51Mi to 100Mi respectively on clusters with K8s version >= 1.30.0. More information on metrics server scaling can be found here.
    • Creation of clusters with konnectivity and private Key Management Service (KMS) plugin based encryption of etcd using Azure Key Vault is no longer supported. Only clusters with API Server VNet Integration (preview) tunnel are allowed to be used along with KMS encrypted etcd clusters based on private Azure Key Vault.

  • Component Updates:

AKS - Release 2024-06-09

Published by kaarthis 4 months ago

Monitor the release status by regions at AKS-Release-Tracker. This release is titled as v20240609.

Announcements

  • Starting 1.30 Kubernetes version and 1.27 LTS versions, beta apis will be disabled by default, when you upgrade to them. There will be an option provided to explicitly enable beta apis closer to the 1.30 release.
  • Istio service mesh addon revision asm-1-19 is no longer supported. If you are still using this revision on your cluster, please upgrade for continued support. More information about mesh upgrades and version support can be found here.

Release Notes

  • Features:

  • Preview Features:

    • AKS version 1.30 is available in preview.

  • Bug Fixes:

    • CoreDNS has been updated to use image v1.9.4-hotfix.20240520 on all AKS clusters above version 1.24. This updated image addresses CVE vulnerabilities.
    • Updated cilium to version 1.14.10 for K8s version 1.29+, to fix the issue where the host network is broken and remains broken even if the underlying interface goes up again.
    • Removes the post-upgrade annotation on hubble-generate-cert Job. On each aks cluster reconcile, the helm chart revision is incremented which counts as an upgrade. Each time the helm chart is upgraded or installed this job will restart. This change fixes that to not restart on helm chart upgrades and successfully clean up.
    • Windows containerd has been upgraded from v1.7.14 to v1.7.17 in K8s v1.28+. This upgrade fixes two bugs resulting in a wrong default path and a deadlock issue.
    • Fixed the following issues for AKS Edge zone support -
      • Fixed bug where clusters with ExtendedLocation set would accept create node pool with availability zones even though availability zones aren't supported in ExtendedLocation mode.
      • Fixed bug where edgezone was previously being wrongly accepted in small case. Only EdgeZone is accepted.

  • Component Updates:

    • Changing cilium operator tolerations to match cilium-agent. Adding tolerations for NoExecute and NoSchedule. This should fix a race condition in upgrades, where cilium-operator cannot schedule due to node taint.
    • Retina Enterprise and Operator image update v0.0.8.
    • Updated linux cni versions to v1.4.54 and v1.5.28.
    • Gatekeeper is updated to 3.16 for kubernetes versions 1.27+.
    • Updated Cilium to v1.13.13 for Kubernetes v1.28.0+.
    • Upgrade azure disk csi-drivers to 1.29.6 on AKS 1.28 and 1.29.
    • Updated the aks app routing operator nginx version from 1.9 to 1.10.
    • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-202406.07.0.
    • Azure Linux image has been updated to AzureLinux-202406.07.0.
    • AKS Windows Server 2019 image has been updated to AKSWindows-2019-17763.5936.240612.
    • AKS Windows Server 2022 image has been updated to AKSWindows-2022-20348.2527.240612.
AKS - Release 2024-05-13

Published by kevinkrp93 5 months ago

Release 2024-05-13

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

  • Starting 1.30 Kubernetes version and 1.27 LTS versions, beta apis will be disabled by default, when you upgrade to them. There will be an option provided to explicitly enable beta apis closer to the 1.30 release.
  • Introducing the AKS blog and the AKS Youtube community
  • In 2020 Docker enacted a Rate Limiting policy for all users. In-order to assist customers with the change, Microsoft worked directly with Docker to prevent users of Microsoft Azure from being impacted. However, beginning on June 30th, 2024, Azure customers will begin to be impacted by this limit. In-order for customers to mitigate the potential effects of this limit. We recommend customers begin to use the Artifact Cache feature within Azure Container Registry or sign up for a Docker Subscription. More information is available here.
  • GetOSOptions will no longer be included in new AKS API versions starting with 2024-05-02. This API was used to get OS options that support Federal Information Process Standard (FIPS) in the specified subscription. If you're calling this API via the CLI, it will no longer be available in newer az aks extension versions. You can use an older version of the az aks extension, however this is not recommended. The CLI preview version supporting the 2024-05-02 preview API can be found here. Check the link for the release version.
    For details on what AKS supported operating systems support Federal Information Process Standard (FIPS), see aka.ms/aks/GetFIPSOSOptions.

Release Notes

AKS - Release 2024-04-28

Published by sabbour 6 months ago

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

  • Starting 1.30 Kubernetes version and 1.27 LTS versions, beta apis will be disabled by default, when you upgrade to them. There will be an option provided to explicitly enable beta apis closer to the 1.30 release.
  • On 15 March 2027, Windows Server 2022 will be retired when Kubernetes 1.34 reaches the end of platform support. You won't be able to create new Windows Server 2022 node pools on Kubernetes 1.35 and above. We encourage you to make the switch before 15 March 2027 to gain the richer benefits of Windows Server 2025 or Windows Server Annual Channel. These new Windows OS versions will be supported on AKS before Windows Server 2022 is retired. For more updates, see our AKS public roadmap.
  • In 2020 Docker enacted a Rate Limiting policy for all users. In-order to assist customers with the change, Microsoft worked directly with Docker to prevent users of Microsoft Azure from being impacted. However, beginning on June 30th, 2024, Azure customers will begin to be impacted by this limit. In-order for customers to mitigate the potential effects of this limit. We recommend customers begin to use the Artifact Cache feature within Azure Container Registry or sign up for a Docker Subscription. More information is available here
  • If you use any programming/scripting logic to list and select a minor version of Kubernetes before creating clusters with the ListKubernetesVersions API, note that starting from Kubernetes v1.27, the API returns SupportPlan as [KubernetesOfficial, AKSLongTermSupport]. Please ensure you update any logic to exclude AKSLongTermSupport versions to avoid any breaks and choose KubernetesOfficial support plan versions. Otherwise, if LTS is indeed your path forward please first opt-into the Premium tier and the AKSLongTermSupport support plan versions from the ListKubernetesVersions API before creating clusters. Refer long term support for more information.
  • AKS patch version 1.29.4 is now available.

Release Notes

  • Features:

    • With this release, Azure Linux 2.0 becomes a supported OS for AKS Long Term Support (LTS) with v1.27. Learn more about Azure Linux and LTS.
    • You can now get insight into the progress of any ongoing operation, such as create, upgrade, and scale, using any preview API version after 2024-01-02-preview using the Get/List operations call. Refer to Long running operations on an Azure Kubernetes Service (AKS) cluster for more information.

  • Behavioral Changes:

    • Manually added Labels, Taints, and Annotations on nodes will no longer be copied to nodes during surged upgrade. To ensure any Label or Taint is present in new nodes please use the Labels and/or Taints functionality provided by AKS.
    • The Istio-based service mesh add-on now skips validation of its compatibility with cluster version unless mesh upgrade or cluster upgrade is attempted.
    • Effective starting with Kubernetes version 1.29, when you deploy Azure Kubernetes Service (AKS) clusters across multiple availability zones, AKS now utilizes zone-redundant storage (ZRS) to create managed disks within built-in storage classes. ZRS ensures synchronous replication of your Azure managed disk across multiple Azure availability zones in your chosen region. This redundancy strategy enhances the resilience of your applications and safeguards your data against datacenter failures. Refer to Storage concept for more information.

  • Bug Fixes:

    • Fixed a bug that incorrectly calculated number of free IPs in a subnet when upgrading an agent pool using Azure CNI with Dynamic IP allocation.
    • Fixed a bug to allow correct IP address calculation for subnets with Private Link Service.
    • Fixed a bug where the ordering of the system environment variables injected into pods could change.
    • Fixed a bug in clusters that use Node Autoprovisioning for stateful workloads deployments that use availability zones.
    • Fixed a bug in clusters that use Node Autoprovisioning and managed identity to authenticate Azure Container Registry.
    • Fixed an issue for clusters older than v1.20.X where Cluster Autoscaler cannot be started or reconciled.
    • Fixed an issue where clusters using Pod Identity would fail to migrate to Azure CNI.
    • The Istio-based service mesh add-on components can now tolerate running on the system node pools with the CriticalAddonsOnly taint.
    • Fixed an issue where ephemeral disk placement was incorrectly updated.

  • Component Updates:

AKS - Release 2024-04-11

Published by aritraghosh 6 months ago

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

  • Support upgrade version skew policy between core node and control plane components from n-2 to n-3 to match related upstream policy change starting Kubernetes version 1.28. AKS docs available here.
  • Starting 1.30 Kubernetes version and 1.27 LTS versions, beta apis will be disabled by default, when you upgrade to them. There will be an option provided to explicitly enable beta apis closer to the 1.30 release.
  • On 15 March 2027, Windows Server 2022 will be retired when Kubernetes 1.34 reaches the end of platform support. You won't be able to create new Windows Server 2022 node pools on Kubernetes 1.35 and above. We encourage you to make the switch before 15 March 2027 to gain the richer benefits of Windows Server 2025 or Windows Server Annual Channel. These new Windows OS versions will be supported on AKS before Windows Server 2022 is retired. For more updates, see our AKS public roadmap.
  • Kubernetes version 1.32 is the next Long Term Support Version after 1.27. Customers will get a minimum 6 months of overlap between 1.27 LTS and 1.32 LTS versions to plan upgrades.
  • Kubernetes version 1.26 is now removed. Refer to for platform support timeline.
  • In 2020 Docker enacted a Rate Limiting policy for all users. In-order to assist customers with the change, Microsoft worked directly with Docker to prevent users of Microsoft Azure from being impacted. However, beginning on June 30th, 2024, Azure customers will begin to be impacted by this limit. In-order for customers to mitigate the potential effects of this limit. We recommend customers begin to use the Artifact Cache feature within Azure Container Registry or sign up for a Docker Subscription. More information is available here

Release Notes

  • Features:

  • Behavioral Changes:

    • This introduces the constraint template validation behavior change called out in November's release notes
      2023-11-28 . It also improves cleanup of the addon, as called out in Issue #3541 , and patches CVE-2024-24786 in the addon.
    • Added resource nodes/proxy to microsoft-defender-operator role
    • AKS will be fixing a behavior where manually added Labels, Taints and Annotations are incorrectly copied to surged upgrade nodes. To ensure any Label or Taint is present in new nodes please use the Labels and/or Taints functionality provided by AKS.

  • Bug Fixes:

    • Fixes a bug where a PUT operation(Update) on nodepool without a specified version in LTS clusters would have an internal error.
    • Error message improved to specify that it is only allowed to update public SSH key in preview API versions.
    • Clusters running Kubernetes 1.29 or later will have kubernetes.azure.com/managedby=aks label to tigera-operator deployment in Calico clusters

  • Component Updates:

AKS - Release 2024-03-31

Published by abubinski 6 months ago

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

  • Support upgrade version skew policy between core node and control plane components from n-2 to n-3 to match related upstream policy change starting Kubernetes version 1.28 AKS docs available here.
  • Starting 1.30 Kubernetes version and 1.27 LTS versions, beta apis will be disabled by default, when you upgrade to them. There will be an option provided to explicitly enable beta apis closer to the 1.30 release.
  • On 15 March 2027, Windows Server 2022 will be retired when Kubernetes 1.34 reaches the end of platform support. You won't be able to create new Windows Server 2022 node pools on Kubernetes 1.35 and above. We encourage you to make the switch before 15 March 2027 to gain the richer benefits of Windows Server 2025 or Windows Server Annual Channel. These new Windows OS versions will be supported on AKS before Windows Server 2022 is retired. For more updates, see our AKS public roadmap.

Release Notes

  • Features:

    • AKS Cost Analysis is now generally available. View the aggregated costs for all your AKS clusters and namespaces in a subscription and drill into infrastructure and namespaces costs of a cluster directly in Azure Portal.
    • Trusted Access on AKS cluster is generally available now.

  • Preview Features:

    • Disable SSH is in preview now. Users can disable/enable the SSH access on nodepool level.
    • Calico can now be disabled for an AKS cluster through the update operation. More info here.

  • Behavioral Changes:

    • Customizations to HorizontalPodAutoscaler (HPA) for istiod and Istio ingress gateways are now allowed. User can directly edit the HPAs in aks-istio-system and aks-istio-ingress namespaces to customize the HPA. Note that HPA changes that violate minReplicas specified in the existing PDB will be rejected/reset.

  • Bug Fixes:

    • Fixed missing CalicoBlockSize when uninstalling Calico. This fixes a bug that can cause the disablement of Calico Network Policies to fail.
    • Fixed an issue where node image upgrade or nodepool deletion might result in node auto provisioning to stop provisioning new nodes.
    • Fixed bug where the RP would sometimes normalize the case of networkProfile.loadBalancerSku from the case the user input, such as 'standard' to 'Standard', which may have caused diffs in Terraform state files or other client tools that perform diffs.

  • Component Updates:

AKS - Release 2024-03-17

Published by alvinli222 7 months ago

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

  • Starting in March, due to Gatekeeper Upstream removing validation for constraint template contents at create/update time, the Azure Policy addon will now no longer support the validation for constraint template. The Azure Policy Add-On will report ‘InvalidConstraint/Template’ compliance reason code for detected errors after constraint template admission. This change does not impact other compliance reason codes. Customers are encouraged to continue to follow best practices when updating Azure Policy for Kubernetes definitions (i.e. Gator CLI).
  • Starting with Kubernetes 1.29, the default cgroups implementation on Azure Linux AKS nodes is cgroupsv2. Older versions of Java, .NET and NodeJS do not support memory querying v2 memory constraints and this will lead to out of memory (OOM) issues for workloads. Please test your applications for cgroupsv2 compliance, and read the FAQ for cgroupsv2.
  • The ContainerService's ListOrchestratorProfiles API has been deprecated. Please use the ManagedCluster's ListKubernetesVersion API.
  • Changes to kube-reserved memory reservations are now in effect in AKS 1.29. The optimized reservation logic reduces kube-reserved memory by up to 20% depending on the node configuration. For existing 1.29 node pools created prior to 2/26, please perform a node pool update or recreate to see these changes. Learn more.
  • On 15 March 2027, Windows Server 2022 will be retired when Kubernetes 1.34 reaches the end of platform support. You won't be able to create new Windows Server 2022 node pools on Kubernetes 1.35 and above. We encourage you to make the switch before 15 March 2027 to gain the richer benefits of Windows Server 2025 or Windows Server Annual Channel. These new Windows OS versions will be supported on AKS before Windows Server 2022 is retired. For more updates, see our AKS public roadmap.

Release notes

  • Features

    • Kubernetes 1.29 is GA.
    • 5,000 Node Limit by Default is generally available in AKS. This limit is available for Standard tier and Premium tier clusters. The rollout for this feature will be separate from the 3/17 release. Please follow this GitHub issue for the most up to date regions where this feature has been rolled out.
    • Gen 2 VMs are now generally available for Windows on AKS. Azure Generation 2 (Gen2) virtual machines (VMs) support key features not supported in generation 1 VMs (Gen1).
    • Custom kubelet configuration is now generally available for Windows on AKS. To request additional kubelet parameters supported by Windows, create a feature request on AKS Github Issues.
    • Outbound type migration is now generally available on AKS. You can migrate egress outbound types on existing clusters without having to recreate a cluster.

  • Preview features

  • Behavioral change

    • Workload Identity is now supported as a setting for static PVs on Managed Blob/File CSI drivers in 1.29.
    • Starting with the 2024-03-01 api, OSType will reject unknown inputs.

  • Bug fixes

    • Fixed a bug where clusters with legacy hard taints on system pools could not run any operations.
    • Fixed a bug where node taints may be overwritten on certain PUT requests.
    • Fixed a bug where clusters running LTS could get a list of non-LTS versions to upgrade to.
    • Fixed a bug with Application Gateway Ingress Controller where it is unable to fetch secret objects during cluster upgrade.

  • Component updates

AKS - Release 2024-02-26

Published by shashankbarsin 8 months ago

Release 2024-02-26

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

  • Starting in March, due to Gatekeeper Upstream removing validation for constraint template contents at create/update time, the Azure Policy addon will now no longer support the validation for constraint template. The Azure Policy Add-On will report ‘InvalidConstraint/Template’ compliance reason code for detected errors after constraint template admission. This change does not impact other compliance reason codes. Customers are encouraged to continue to follow best practices when updating Azure Policy for Kubernetes definitions (i.e. Gator CLI).
  • Starting with Kubernetes 1.29, the default cgroups implementation on Azure Linux AKS nodes is cgroupsv2. Older versions of Java, .NET and NodeJS do not support memory querying v2 memory constraints and this will lead to out of memory (OOM) issues for workloads. Please test your applications for cgroupsv2 compliance, and read the FAQ for cgroupsv2.
  • AKS patch versions 1.27.9 and 1.28.5 are now available with 1.27.9 used as the default version for new clusters.

Release notes

  • Features

  • Preview features

  • Behavioral change

    • ignoreUnfixed is now set to false in scanner options for Image Cleaner so that images with vulnerabilities are deleted even if there is no fix/patch available for it yet.
    • Label kubernetes.azure.com/managedby: aks has been introduced to all managed addon components on cluster. Related issue can be found here

  • Bug fixes

    • Pod overhead of memory 2Gi added to kata-cc-isolation RuntimeClass to address issue where too many pods being created to use too much of the node's memory was resulting in random processes being OOM killed.
    • Fixed issue that was causing PUT operations on AKS clusters that were using Bring your own Container Network Interface (CNI) plugin to fail when the request didn't contain the networkProfile.podCIDR property.
    • In AKS clusters of version >= 1.27.0, fixed a race condition in the iptables mode of kube-proxy that could result in some updates getting lost (for example, when a service gets a new endpoint).
    • Fixed a race condition that could cause upgrade from kubenet to Azure CNI Overlay to fail.

  • Component updates

    • Istio revision asm-1-20 is now available with Istio-based service mesh add-on. More information on performing canary upgrade for the new minor revision of Istio can be found here. Istio revision asm-1-18 is no longer supported.
    • Open Service Mesh upgraded to v1.2.8 with Envoy upgraded to v1.26.7 to address vulnerabilities CVE-2024-23324, CVE-2024-23325, CVE-2024-23322, CVE-2024-23323, and CVE-2024-23327.
    • For Node Auto Provisioning, Karpenter is upgraded to v0.33.0 and its Azure provider is upgraded to v0.3.0.
    • Upgraded Azure Disk CSI driver version to v1.26.9 on AKS 1.26, v1.28.6 on AKS 1.27, v1.29.3 on AKS 1.28.
    • Upgraded Azure File CSI driver version to v1.26.11 on AKS 1.26, v1.28.8 on AKS 1.27, v1.29.3 on AKS 1.28.
    • Upgraded Azure Blob CSI driver version to v1.21.7 on AKS 1.26, v1.22.5 on AKS 1.27, v1.23.3 on AKS 1.28.
    • Upgraded kappie-agent Linux and Windows images used in AKS Network Observability to v0.1.4 and v0.1.3 respectively.
    • Upgraded ACI provider for the Virtual Kubelet to v1.6.1
    • Cilium version has been updated to 1.14.4 for AKS clusters with kubernetes versions >= 1.29.0.
    • Azure Linux image has been updated to Azure Linux - 202402.12.0.
    • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-2204-202402.12.0.
    • Windows Server 2019 Image has been updated to Windows Server 2019 - 17763.5458.240218.
    • Windows Server 2022 Image has been updated to Windows Server 2022 - 20348.2322.240218.
AKS - Release 2024-02-07

Published by wangyira 8 months ago

Release 2024-02-07

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

  • Starting in March, due to Gatekeeper Upstream removing validation for constraint template contents at create/update time, the Azure Policy addon will now no longer support the validation for constraint template. The Azure Policy Add-On will report ‘InvalidConstraint/Template’ compliance reason code for detected errors after constraint template admission. This change does not impact other compliance reason codes. Customers are encouraged to continue to follow best practices when updating Azure Policy for Kubernetes definitions (i.e. Gator CLI).
  • Starting with Kubernetes 1.29, the default cgroups implementation on Azure Linux AKS nodes will be cgroupsv2. Older versions of Java, .NET and NodeJS do not support memory querying v2 memory constraints and this will lead to out of memory (OOM) issues for workloads. Please test your applications for cgroupsv2 compliance, and read the FAQ for cgroupsv2.
  • All current AKS API versions silently ignore unknown fields. An unknown field is a field that isn't part of the AKS API. AKS API version 2024-01-01, 2024-01-02-preview and all subsequent API versions will change this behavior. Unknown fields in a request will result in the request being rejected with an error stating that the unknown field is not understood. This change only impacts new API versions and won't impact you unless you update to use an API version 2024-01-01 or later. Existing API calls (via Azure Resource Manager templates or otherwise) will continue to function as-is.

Release notes

  • Features

  • Preview features

  • Bug Fixes

    • Enable HonorPVReclaimPolicy for CSI drivers on AKS 1.27+ to align with upstream behavior.
    • Node Auto Provision can now be enabled when aadProfiles, including ServerAppID, ClientAppID, ServerAppSecret, are being set.

  • Behavioral Change

    • Update the Agentpool Profile protocol to include the new PodIPAllocationMode property.

  • Component Updates

    • Istio-based service mesh add-on's istiod and ingress images updated to 1.18.7-hotfix.20240210 and 1.19.7 for asm-1-18 and asm-1-19 respectively. User needs to restart the workload pods to trigger re-injection of the newer patch version of istio-proxy. Vulnerabilities CVE-2024-23322, CVE-2024-23323, CVE-2024-23324, CVE-2024-23325, and CVE-2024-23327 have been addressed in these patch versions. More information can be found here.
    • For the cloud-provider-node-manager-windows component, the following versions have been updated:
      • v1.29.0 for >=1.29.0 version
      • v1.28.5 for >=1.28.0 version
      • v1.27.13 for >=1.27.0 version
      • v1.26.19 for >=1.26.0 version
      • v1.25.24 for >=1.25.0 version
    • Upgraded konnectivity-agent image version from v0.0.33-hotfix.20221110 to to v0.1.6-hotfix.20240116.
    • Upgraded Cilium to v1.13.10 for kubernetes v1.28.0+.
    • Upgraded Tigera Operator to v1.30.7, azurefile-csi-driver to v1.29.3, and Microsoft Defender for Cloud Low Level Collector to v.2.0.0 starting with Kubernetes v1.29 preview.
      • Calico v3.26.3 is installed when using Tigera Operator v1.30.7.
      • Microsoft Defender for Cloud Low Level Collector v.2.0.0 includes a new process collection engine, optimized and reduced CPU & Memory usage.
    • Upgraded Network Observability (Retina) to v0.1.3 with minor bug fixes.
    • Upgraded gatekeeper to v3.14.0 and policy addon v1.3.0
      • Azure Policy Changes
        • Introduces error state for policies in error, enabling them to be distinguished from policies in noncompliant states.
        • Adds support for v1 constraint templates and use of the excludedNamespaces parameter in mutation policies.
        • Adds an error status check on constraint templates post-installation.
    • Upgraded container insights agent to v3.1.17.
    • Upgraded Microsoft Defender for Cloud Security Publisher to 1.0.78 with improved logging, fixed a small bug related to cgroupv2.
    • Azure Linux image has been updated to Azure Linux - 202402.07.0.
    • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-2204-202402.07.0.
    • Azure Windows 2019 Image has been updated to Azure Windows 2019 - 17763.5329.240202.
    • Azure Windows 2022 Image has been updated to Azure Windows 2022 - 20348.2227.240202.
AKS - Release 2024-01-23

Published by shashankbarsin 9 months ago

Release 2024-01-23

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

  • Kubernetes 1.25 was deprecated on January 14, 2024 and support transitions to platform support policy. Please upgrade to Kubernetes version 1.26 or above.
  • Starting with Kubernetes 1.29, the default cgroups implementation on Azure Linux AKS nodes will be cgroupsv2. Older versions of Java, .NET and NodeJS do not support memory querying v2 memory constraints and this will lead to out of memory (OOM) issues for workloads. Please test your applications for cgroupsv2 compliance, and read the FAQ for cgroupsv2.
  • All current AKS API versions silently ignore unknown fields. An unknown field is a field that isn't part of the AKS API. AKS API version 2024-01-01, 2024-01-02-preview and all subsequent API versions will change this behavior. Unknown fields in a request will result in the request being rejected with an error stating that the unknown field is not understood. This change only impacts new API versions and won't impact you unless you update to use an API version 2024-01-01 or later. Existing API calls (via Azure Resource Manager templates or otherwise) will continue to function as-is.

Release notes

  • Features

  • Preview features

    • Istio revision 1.19 is now available with Istio-based service mesh add-on. More information on performing canary upgrade for the new minor revision of Istio can be found here. Default revision of the Istio service mesh add-on for new clusters has been updated to 1.18. Istio 1.17 version is no longer supported.
    • Istio based service mesh addon now supports plugin CA to allow users to provide their own certificates and keys for signing workload certificates. More information can be found here.
    • When troubleshooting AKS nodes, for developers not having access to Kubernetes API but having access to node ARM API, node IP and node name information are now made available in this API. More information on accessing the nodes using the private IPs can be found here.
    • The application routing add-on can now manage multiple public and internal NGINX ingress controllers. Advanced ingress controller configuration is possible via a Custom Resource Definition (CRD).
    • AKS extension in VS Code has been updated to 1.4.1.

  • Bug Fixes

    • Fixed an issue that was previously preventing AKS Infiniband support for Standard_HB120-16rs_v3 SKU.
    • Fixed nodeAffinity in calico-node DaemonSet to prevent scheduling on virtual kubelet nodes.
    • Added appgw.ingress.azure.io api-group to ingress-appgw-cr ClusterRole to address missing api-group permissions error in Application Gateway Ingress Controller addon container.

  • Behavioral Change

    • Network observability addon updated with following:
      • increased limits for CPU (500m) and Memory (300Mi).
      • Fixed issue of networking observability agent crashing issue on Windows node pool of AKS clusters version >= 1.28.
      • Introduced a new init-kappie init container as part of kappie-agent DaemonSet.
      • api-resources nodes and namespaces added to kappie-cluster-reader ClusterRole.
    • Starting this month, due to Gatekeeper Upstream removing validation for constraint template contents at create/update time, the Azure Policy addon will now no longer support the validation for constraint template. The Azure Policy Add-On will report ‘InvalidConstraint/Template’ compliance reason code for detected errors after constraint template admission. This change does not impact other compliance reason codes. Customers are encouraged to continue to follow best practices when updating Azure Policy for Kubernetes definitions (i.e. Gator CLI.

  • Component Updates

AKS - Release 2024-01-08

Published by charleswool 9 months ago

Release 2024-01-08

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

  • CIS Kubernetes V1.27 Benchmark is published which covers AKS 1.21.x through AKS 1.27.x.
  • Kubernetes 1.25 is being deprecated on January 14, 2024 and support will transition to our platform support policy. Please upgrade to Kubernetes version 1.26 or above.
  • Starting January 2024, due to Gatekeeper Upstream removing validation for constraint template contents at create/update time, the Azure Policy Add-On will now no longer support the validation for constraint template. The Azure Policy Add-On will report ‘InvalidConstraint/Template’ compliance reason code for detected errors after constraint template admission. This change does not impact other compliance reason codes. Customers are encouraged to continue to follow best practices when updating Azure Policy for Kubernetes definitions (i.e. Gator CLI.
  • Starting with Kubernetes 1.29, the default cgroups implementation on Azure Linux AKS nodes will be cgroupsv2. Older versions of Java, .NET and NodeJS do not support memory querying v2 memory constraints and this will lead to out of memory (OOM) issues for workloads. Please test your applications for cgroupsv2 compliance, and read the FAQ for cgroupsv2.
  • Changes to reduce the kube-reserved memory reservation and eviction threshold will not be available in 1.28 as previously shared due to a release issue. These optimizations will be releasing with AKS Kubernetes minor version 1.29, which previews in January 2024. See release calendar.

Release notes

  • Bug Fixes

    • PUT managedCluster operations on API versions that didn't support serviceMeshProfile resulted in "invalid mode" error response to the API requests. This issue has now been fixed.
    • A wrong MCR URL for KEDA image in Air Gapped Cloud was previously used resulting in potential failures in enabling the KEDA addon. This issue has now been fixed.

  • Behavioral Change

  • Component Updates

AKS - Release 2023-11-28

Published by kevinkrp93 11 months ago

Release 2023-11-28

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

  • Kubernetes 1.25 is being deprecated on January 14, 2024 and support will transition to our platform support policy. Please upgrade to Kubernetes version 1.26 or above.
  • No new clusters can be created with Azure AD Integration (legacy). Existing AKS clusters with Azure Active Directory integration will keep working. All Azure AD Integration (legacy) AKS clusters will be migrated to AKS-managed Azure AD automatically starting from December 1st, 2023. We recommend updating your cluster with AKS-managed Azure AD before December 1st, 2023. This way you can manage the API server downtime during non-business hours.
  • Starting January 2024, due to Gatekeeper Upstream removing validation for constraint template contents at create/update time, the Azure Policy Add-On will now no longer support this. The Azure Policy Add-On will report ‘InvalidConstraint/Template’ compliance reason code for detected errors after constraint template admission. This change does not impact other compliance reason codes. Customers are encouraged to continue to follow best practices when updating Azure Policy for Kubernetes definitions (i.e. Gator CLI.
  • Starting Kubernetes 1.29, the default cgroups implementation on Azure Linux AKS nodes will be cgroupsv2. Older versions of Java, .NET and NodeJS do not support memory querying v2 memory constraints and this will lead to out of memory (OOM) issues for workloads. Please test your applications for cgroupsv2 compliance, and read the FAQ for cgroupsv2.
  • Staring with the 2024-01-01 and 2024-01-02-preview APIs, we will begin to reject unknown fields in the request payloads.
  • Changes to reduce the kube-reserved memory reservation and eviction threshold will not be available in 1.28 as previously shared due to a release issue. These optimizations will be releasing with AKS Kubernetes minor version 1.29, which previews in January 2024.

Release notes

AKS - Release 2023-11-05

Published by bmoore-msft 11 months ago

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

  • Kubernetes 1.25 is being deprecated on January 14, 2024 and support will transition to our platform support policy.
  • No new clusters can be created with Azure AD Integration (legacy). Existing AKS clusters with Azure Active Directory integration will keep working. All Azure AD Integration (legacy) AKS clusters will be migrated to AKS-managed Azure AD automatically starting from December 1st, 2023. We recommend updating your cluster with AKS-managed Azure AD before December 1st, 2023. This way you can manage the API server downtime during non-business hours.
  • Starting January 2024, due to Gatekeeper Upstream removing validation for constraint template contents at create/update time, the Azure Policy Add-On will now no longer support this. The Azure Policy Add-On will report ‘InvalidConstraint/Template’ compliance reason code for detected errors after constraint template admission. This change does not impact other compliance reason codes. Customers are encouraged to continue to follow best practices when updating Azure Policy for Kubernetes definitions (i.e. Gator CLI.
  • Windows containerd v1.7 will be the default container runtime for k8s v1.28+ on AKS Windows nodes. Windows Host Process (HPC) containers is GA in Windows containerd v1.7 and it has some breaking changes.
  • Starting Kubernetes 1.29, the default cgroups implementation on Azure Linux AKS nodes will be cgroupsv2. Older versions of Java, .NET and NodeJS do not support memory querying v2 memory constraints and this will lead to out of memory (OOM) issues for workloads. Please test your applications for cgroupsv2 compliance, and read the FAQ for cgroupsv2.

Release notes

  • Features
    • Kubernetes 1.28 is GA
    • Added kubernetes patch versions 1.25.15, 1.26.10, 1.27.7a
    • KEDA addon is GA
  • Preview Features
    • Cluster network settings can be updated to enable Kubenet -> CNI Overlay migration - available in the CLI
  • Bug Fixes
    • Incorporated fix for irqbalance #275 a node image upgrade from 202310.4.0 will resolve the unbalanced IRQs
    • Under some conditions it was possible to set max_surge=0 which may interfere with upgrades. Now max_surge must be > 0. See Customize node surge upgrade for more information about the setting.
    • Fixed an issue where PUT operations on managedClusters or agentPools see long latency in the overall operation due to an internal network issue.
    • PATCH operations were allowed on managedClusters in a non-terminal provisioningState. This could cause an eTag mismatch and inconsistent results or failures. PATCH operations will now be block for managedClusters in a non-terminal provisioningState.
  • Behavioral Change
    • Updates to optimize the kube-reserved eviction thresholds (available in 1.28)[https://learn.microsoft.com/en-us/azure/aks/concepts-clusters-workloads#memory]
  • Component Updates
    • Update the aks-app-routing-operator to version 0.0.7 which includes notable changes in version 0.0.6.
      • This update has 3 CVE fixes for the nginx ingress controller.
      • The following changes are also included:
        • The AJP protocol is no longer supported.
        • The whitelist-source-range annotation has been renamed to allowlist-source-range. Both are currently supported but it is recommended to move to the new annotation allowlist-source-range.
      • The custom-http-errors annotation now only supports errors between 400 and 599.
    • Azure Monitor Metrics November release to v.6.8.1
    • Update gatekeeper to v3.13.3 and policy addon 1.2.1
      • Azure Policy Changes
        • Introduce warn for policies, available in select upcoming built-in policy experiences
        • Show an exempt ComplianceReasonCode in the portal for exempt policies.
    • Update Azure Disk CSI driver version to v1.29.1 on AKS 1.28, to v1.28.4 on AKS 1.27, to v1.26.7 on AKS 1.26 and 1.25
    • Update Azure File CSI driver version to v1.29.1 on AKS 1.28, to v1.28.6 on AKS 1.27, to v1.26.9 on AKS 1.26 and 1.25
    • Update Azure Blob CSI driver version to v1.23.1 on AKS 1.28, to v1.22.3 on AKS 1.27, to v1.21.5 on AKS 1.26 and 1.25
    • Update cloud-controller-manager image to v1.27.11, v1.26.17, v1.25.22 (release notes)
    • Update to dropgz v0.0.15 to include azure-ipam v0.0.6
    • Azure Linux image has been updated to Azure Linux - 202311.07.0.
    • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-2204-202311.07.0.
AKS - Release 2023-10-29

Published by kaysieyu 12 months ago

Release 2023-10-29

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

  • Kubernetes 1.25 is being deprecated at the end of January 2024 and support will transition to our platform support policy.
  • No new clusters can be created with Azure AD Integration (legacy). Existing AKS clusters with Azure Active Directory integration will keep working. All Azure AD Integration (legacy) AKS clusters will be migrated to AKS-managed Azure AD automatically starting from December 1st, 2023. We recommend updating your cluster with AKS-managed Azure AD before December 1st, 2023. This way you can manage the API server downtime during non-business hours.
  • Starting January 2024, due to Gatekeeper Upstream removing validation for constraint template contents at create/update time, the Azure Policy Add-On will now no longer support this. The Azure Policy Add-On will report ‘InvalidConstraint/Template’ compliance reason code for detected errors after constraint template admission. This change does not impact other compliance reason codes. Customers are encouraged to continue to follow best practices when updating Azure Policy for Kubernetes definitions (i.e. Gator CLI).
  • Windows containerd v1.7 will be the default container runtime for k8s v1.28+ on AKS Windows nodes. Windows Host Process (HPC) containers is GA in Windows containerd v1.7 and it has some breaking changes.
  • Starting Kubernetes 1.29, the default cgroups implementation on Azure Linux AKS nodes will be cgroupsv2. Older versions of Java, .NET and NodeJS do not support memory querying v2 memory constraints and this will lead to out of memory (OOM) issues for workloads. Please test your applications for cgroupsv2 compliance, and read the FAQ for cgroupsv2.
  • AKS sent out an advisory regarding CVE-2023-29332 on September 13, 2023, which impacts AKS agent nodes. Recommended mitigation is to upgrade AKS cluster and AKS node image. If impacted clusters are not upgraded, AKS will apply mitigation on customer's next cluster update operation including node OS updates and node rolling upgrades, which may cause workload disruption.

Release notes

  • Preview Features
  • Bug Fixes
    • Corrected issue where on tainted/dedicated system pools the Vertical Pod Autoscaler (VPA) deployment could end up on non-system pools.
    • Fix for issue where a Certificate Authority bundle mismatch could produce an update on the image version of the VPA webhook.
    • Fix for possible deadlock scenario between Container Network Service and Azure CNI where pod IPs would not release on pod delete and new pods would not get an IP.
    • Fix for Windows NPM crashes in k8s 1.28 with Containerd 1.7. Bug was a result of Windows NPM DaemonSet referencing a file that did not exist in its current directory.Containerd 1.7.
    • Fix for fleet clusters, so they will now be correctly set to NRG-Lockdown RestrictionLevel Restricted, instead of Unspecified. Additionally, fleet clusters within one of the undesired Unspecified states will be fixed on reconcile.
    • Fix to prevent conflict between Open Service Mesh and AKS Admission Enforcer.
    • Fix to improve response time and reduce long mc and agentpool operation latency.
  • Behavioral Change
  • Component Updates
    • Microsoft Defender for Cloud publisher image has been updated to 1.0.68 (now distroless)
    • Microsoft Defender for Cloud OldFileCleaner image has been updated to 1.4.68
    • Azure Linux image has been updated to Azure Linux - 202310.26.0.
    • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-2204-202310.26.0.
AKS - Release 2023-10-22

Published by abubinski 12 months ago

Release 2023-10-22

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

  • Kubernetes 1.25 is being deprecated at the end of January 2024 and support will transition to our platform support policy.
  • No new clusters can be created with Azure AD Integration (legacy). Existing AKS clusters with Azure Active Directory integration will keep working. All Azure AD Integration (legacy) AKS clusters will be migrated to AKS-managed Azure AD automatically starting from December 1st, 2023. We recommend updating your cluster with AKS-managed Azure AD before December 1st, 2023. This way you can manage the API server downtime during non-business hours.

Release notes

  • Bug Fixes

    • Fix for some abnormal slow put managedClusters/agentPool operations caused by hanging connections.
    • Fix for some throttling issue by increasing secrets store AKV provider cpu limit from 50m to 100m.
    • Fix for CVE by upgrading Azure file driver version to v1.24.11 on AKS 1.25.
    • Fix for Azure CNI Overlay when using Linux Kernel 6.2+ and K8s 1.28+. This fix prevents the CNI from setting up pod networking incorrectly.

  • Behavioral Change

    • Introduced acn-multitenancy-editor ClusterRole to give azure-cns permissions on "multitenantpodnetworkconfigs", "podnetworkinstances", and "podnetworks" resources.

  • Component Updates

AKS - Release 2023-10-15

Published by kevinkrp93 almost 1 year ago

Release 2023-10-15

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

  • No new clusters can be created with Azure AD Integration (legacy). Existing AKS clusters with Azure Active Directory integration will keep working. All Azure AD Integration (legacy) AKS clusters will be migrated to AKS-managed Azure AD automatically starting from 1st Dec. 2023. We recommend updating your cluster with AKS-managed Azure AD before 1 Dec 2023. This way you can manage the API server downtime during non-business hours.
  • CVE-2023-29332 Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain Cluster Administrator privileges. Please update your AKS VHD to at least VHD version 230801 as mentioned in the issue

Release notes

AKS - ## Release 2023-10-08

Published by charleswool about 1 year ago

Release 2023-10-08

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

  • No new clusters can be created with Azure AD Integration (legacy). Existing AKS clusters with Azure Active Directory integration will keep working. All Azure AD Integration (legacy) AKS clusters will be migrated to AKS-managed Azure AD automatically starting from 1st Dec. 2023. We recommend updating your cluster with AKS-managed Azure AD before 1 Dec 2023. This way you can manage the API server downtime during non-business hours.

Release notes

  • Features

  • Bug Fixes

    • Microsoft Defender for Containers has been updated to image version 1.3.81 to support kernel versions 6.2 or higher.

  • Behavioral Changes

    • With the release of Container Insights 3.1.14, default 1-year tokens will be set to 1-hour expiry and refreshed at 10 minutes.
    • A warning has been added for clusters utilizing dual-stack networking and outbound type user-defined routing if the associated route table does not have a default IPv6 route in place. Visit Dual-stack kubenet networking for full details.
    • Customers can now disable Windows GMSA on an existing cluster.
    • Node OS Auto Upgrade now has a built-in Policy Definition that can be used to validate and enforce whether it is enabled on an AKS cluster.

  • Component Updates

    • Windows CNI has been updated to v1.4.39.1 for Azure CNI Overlay and Azure CNI with dynamic allocation.
    • Azure Monitor Metrics for AKS has been updated to image version 6.7.7. Please see their release notes for full details.
    • The AKS vscode extension v1.3.15 has been released
Related Projects
aks-engine-azurestack

AKS Engine: Units of Kubernetes on Azure Stack Hub!

24 Aug 2022 15
application-gateway-kubernetes-ingress

This is an ingress controller that can be run on Azure Kubernetes Service (AKS) to allow an Azure...

29 Aug 2018 677
AzureStackHCI-Supportability

Welcome to the Azure Stack HCI Supportability Forum! This is where the HCI team will track troubl...

27 Mar 2024 17
sg-aks-workshop

Security + Governance Workshop

07 Oct 2019 191
Bridge-To-Kubernetes

Bridge To Kubernetes (B2K) is development tool to debug microservices, pods which redirects traff...

15 Jul 2022 205
k8s-deploy

GitHub Action for deploying to Kubernetes clusters

04 Sep 2019 255
AKS-Performance-and-Scale

02 Nov 2023 5
aksArc

# Welcome to the Azure Kubernetes Service enabled by Azure Arc (AKS Arc) repo This is where the A...

27 Aug 2020 111
private-aks-cluster-terraform-devops

This sample shows how to create a private AKS cluster using Terraform and Azure DevOps

21 Sep 2021 75
AKS-Edge

Welcome to the Azure Kubernetes Service (AKS) Edge repo.

17 Nov 2022 56
azure-migrate-export

Azure Migrate Export

15 Nov 2022 11
azure-functions-core-tools

Command line tools for Azure Functions

04 Jan 2017 1,308
azure-webjobs-sdk

Azure WebJobs SDK

10 Jul 2014 737
AML-Kubernetes

AzureML customer managed k8s compute samples

03 Jun 2020 80
aks-set-context

GitHub Action for setting context (retrieving Kubeconfig) before interacting with Kubernetes cluster

04 Sep 2019 47