release-notes-2024-01-14 #4066
Closed
release-notes-2024-01-14 #4066
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
miwithro
approved these changes
Jan 16, 2024
kaarthis
reviewed
Jan 16, 2024
|
|
||
| ### Announcements | ||
|
|
||
| * Kubernetes 1.25 has now deprecated and transitioned to [platform support](https://learn.microsoft.com/azure/aks/supported-kubernetes-versions?tabs=azure-cli#platform-support-policy). Please upgrade to Kubernetes version 1.26 or above. |
| ### Release notes | ||
|
|
||
| * Bug Fixes | ||
| * Updated Retina Windows crash for k8s 1.28 with containerd 1.7. Containerd 1.7 causes Retina Windows to error with "setkubeconfigpath.ps1 and controller.exe not found on k8s version 1.28". This fix applies to k8s 1.28 and above only. |
There was a problem hiding this comment.
We start with the error first like Containerd caused Retina windows to error with .... This has now been fixed by updating the containerD 1.7 and applies to 1.28 version and above.
|
|
||
| * Bug Fixes | ||
| * Updated Retina Windows crash for k8s 1.28 with containerd 1.7. Containerd 1.7 causes Retina Windows to error with "setkubeconfigpath.ps1 and controller.exe not found on k8s version 1.28". This fix applies to k8s 1.28 and above only. | ||
| * Fixed missing api-group causing error in the rbac role for AGIC add-on: failed to list *v1beta1.AzureApplicationGatewayRewrite: azureapplicationgatewayrewrites.appgw.ingress.azure.io is forbidden. See [github issue](https://github.com/Azure/application-gateway-kubernetes-ingress/issues/1582). |
There was a problem hiding this comment.
causing the following error
| * Fixed bug where tigera-operator default behavior for virtual kubelet anti-affinity was not included. This bug caused failures on startup if a calico-node was scheduled on a virtual node. calico-node daemonset will now be prevented from scheduling on virtual-kubelet nodes in alignment with the default behavior for the [tigera-operator](https://github.com/tigera/operator/blob/c2b027c0a2f9b1f42fba1cb5f31d667530069e0d/pkg/render/node.go#L723-L736). See [github issue](https://github.com/Azure/AKS/issues/3995). | ||
|
|
||
| * Behavioral Change | ||
| * AKS will no longer allow put/delete for privateEndpointConnection when the cluster is being updated. |
|
|
||
| * Behavioral Change | ||
| * AKS will no longer allow put/delete for privateEndpointConnection when the cluster is being updated. | ||
| * AKS will begin rejecting unknown fields starting in the 2024-01-01 API. Previously, unknown fields would have been ignored. |
wangyira
requested changes
Jan 16, 2024
| ### Announcements | ||
|
|
||
| * Kubernetes 1.25 has now deprecated and transitioned to [platform support](https://learn.microsoft.com/azure/aks/supported-kubernetes-versions?tabs=azure-cli#platform-support-policy). Please upgrade to Kubernetes version 1.26 or above. | ||
| * Due to Gatekeeper Upstream removing validation for constraint template contents at create/update time, [the Azure Policy Add-On](https://learn.microsoft.com/azure/governance/policy/concepts/policy-for-kubernetes#install-azure-policy-add-on-for-aks:~:text=exception%20YAML.-,Install%20Azure%20Policy%20Add%2Don%20for%20AKS,-Before%20you%20install) no longer supports the validation for constraint template. The Azure Policy Add-On will report [‘InvalidConstraint/Template’ compliance reason code](https://learn.microsoft.com/azure/governance/policy/how-to/determine-non-compliance#aks-resource-provider-mode-compliance-reasons) for detected errors after constraint template admission. This change does not impact [other compliance reason codes](https://learn.microsoft.com/azure/governance/policy/how-to/determine-non-compliance#aks-resource-provider-mode-compliance-reasons). Customers are encouraged to continue to follow best practices when updating Azure Policy for Kubernetes definitions (i.e. [Gator CLI](https://open-policy-agent.github.io/gatekeeper/website/docs/gator/)). |
There was a problem hiding this comment.
| * AKS will no longer allow put/delete for privateEndpointConnection when the cluster is being updated. | ||
| * AKS will begin rejecting unknown fields starting in the 2024-01-01 API. Previously, unknown fields would have been ignored. | ||
| * Changes to reduce the kube-reserved memory reservation and eviction threshold are now release with kubernetes v1.29. See changes to the kubelet daemon and memory reservations [here](https://learn.microsoft.com/azure/aks/concepts-clusters-workloads#:~:text=740-,Memory,-Memory%20utilized%20by). | ||
| * Updated minimum static [cpu limit](https://learn.microsoft.com/azure/aks/developer-best-practices-resource-management#:~:text=Pod%20CPU/Memory%20limits). Previously the minimum limit was set to the max. |
There was a problem hiding this comment.
what is the minimum CPU limit set to now instead?
stl327
reviewed
Jan 16, 2024
| * Behavioral Change | ||
| * AKS will no longer allow put/delete for privateEndpointConnection when the cluster is being updated. | ||
| * AKS will begin rejecting unknown fields starting in the 2024-01-01 API. Previously, unknown fields would have been ignored. | ||
| * Changes to reduce the kube-reserved memory reservation and eviction threshold are now release with kubernetes v1.29. See changes to the kubelet daemon and memory reservations [here](https://learn.microsoft.com/azure/aks/concepts-clusters-workloads#:~:text=740-,Memory,-Memory%20utilized%20by). |
stl327
reviewed
Jan 16, 2024
| * Updated max api server cpu limit to 15. | ||
|
|
||
| * Component Updates | ||
| * Upgrade vpa recommender to v0.12.0 [v0.12.0](https://github.com/kubernetes/autoscaler/releases/tag/vertical-pod-autoscaler-0.12.0) and enable memory saver on production. |
There was a problem hiding this comment.
Upgraded vpa recommender
enabled memory saver
charleswool
reviewed
Jan 17, 2024
| * AKS will begin rejecting unknown fields starting in the 2024-01-01 API. Previously, unknown fields would have been ignored. | ||
| * Changes to reduce the kube-reserved memory reservation and eviction threshold are now release with kubernetes v1.29. See changes to the kubelet daemon and memory reservations [here](https://learn.microsoft.com/azure/aks/concepts-clusters-workloads#:~:text=740-,Memory,-Memory%20utilized%20by). | ||
| * Updated minimum static [cpu limit](https://learn.microsoft.com/azure/aks/developer-best-practices-resource-management#:~:text=Pod%20CPU/Memory%20limits). Previously the minimum limit was set to the max. | ||
| * Updated max api server cpu limit to 15. |
There was a problem hiding this comment.
Is there a doc for the api server cpu limit for reference here similar to the above+What's the previous limit?
sabbour
reviewed
Jan 17, 2024
| * nmi image version has been updated to v1.8.18 to fix [golang.org/x/net](https://pkg.go.dev/golang.org/x/net) CVEs: CVE-2023-39325,CVE-2023-3978, and CVE-2023-44487 | ||
| * ip-masq-agent-v2 has been updated to [v0.1.9](https://github.com/Azure/ip-masq-agent-v2/releases/tag/v0.1.9). This includes updates to Go dependencies and the distroless-ip tables and base image to resolve some CVEs detected by trivy. | ||
| * Azure Monitor Metrics Add-on has been updated. See [01-09-2024 release](https://github.com/Azure/prometheus-collector/blob/main/RELEASENOTES.md#release-01-09-2024:~:text=for%20AKS%20clusters-,Release%2001%2D09%2D2024,-Linux%20image%20%2D). This includes image updates, build and release improvements, bug fixes, etc. | ||
| * App Routing version bump to [0.2.0](https://github.com/Azure/aks-app-routing-operator/blob/main/CHANGELOG.md). This includes a number of improvements including better logging, improvements to managed NGINX resources, and a CRD for advanced customer customization. Existing customers are seamlessly upgraded. |
There was a problem hiding this comment.
Link to doc (will be public when this is released): https://learn.microsoft.com/en-us/azure/aks/app-routing-nginx-configuration
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.