Release 2023-04-16

Release 2023-04-16

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• Starting on March 21, 2023, traffic to k8s.gcr.io will be redirected to registry.k8s.io, following the community announcement.
• Docker container runtime will be retired for Windows nodepools on May 1, 2023. After docker container runtime is retired, you may remain on existing deployed instances but scaling operations will fail, nodepool creation will fail, and you will be out of support. Follow the detailed steps in our documentation to upgrade to containerd.
• Each Kubernetes version is supported for 12 months. After 12 months, the minor version will shift to platform support only. Our new platform support policy provides customers with Azure infrastructure support while the cluster is in an n-3 version (where n is the latest supported AKS GA minor version). Platform support does not include anything related to Kubernetes functionality and components, but provides customers with additional support beyond what was previously provided for unsupported versions.

Release notes

• Features

  • Dual-stack networking (IPv4/IPv6) on kubenet is now generally available.

• Preview Features

  • Istio-based service mesh add-on for Azure Kubernetes Service is now available in preview.

• Bug Fix

  • Fixed an issue that prevented the user-assigned managed identity of the AKS cluster from being updated from identity to another user-assigned managed identity.
  • Disabled kubelet-registration-probe on Windows nodes of AKS version 1.26 to reduce CPU consumption.
  • For clusters using Image Cleaner preview feature, the unused role eraser-leader-election-role and rolebinding eraser-leader-election-rolebinding have been deleted.
  • Reduced Azure Blob CSI driver memory limit on agent node from 2100Mi to 400Mi.
  • For dual-stack networking (IPv4/IPv6) clusters, fixed an issue where the Standard Load Balancer couldn't have IPv6 public prefixes.

• Behavior Changes

  • For AKS clusters of version >= 1.23, RuntimeDefault is set as the default seccomp profile for all workloads.

• Component Updates

  • Azure cloud controller manager image updated to v1.23.30, v1.24.17, v1.25.11 and v1.26.7.
  • Updated Azure Disk CSI driver to 1.26.3 on AKS clusters of versions >= 1.24.
  • Azure Monitor Container Insights image has been updated to 3.1.6
  • AKS Ubuntu 18.04 image has been updated to AKSUbuntu-1804-202304.10.0.
  • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-2204-202304.10.0.
  • AKS Mariner image has been updated to AKSMariner-202304.10.0.
  • AKS Windows 2019 image has been updated to 17763.4252.230412.
  • AKS Windows 2022 image has been updated to 20348.1668.230412.

Release 2023-04-09

Release 2023-04-09

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• Starting on March 21, 2023, traffic to k8s.gcr.io will be redirected to registry.k8s.io, following the community announcement.
• Docker container runtime will be retired for Windows nodepools on May 1, 2023. After docker container runtime is retired, you may remain on existing deployed instances but scaling operations will fail, nodepool creation will fail, and you will be out of support. Follow the detailed steps in our documentation to upgrade to containerd.
• Kubernetes version 1.26 is now Generally Available with AKS. AKS has deprecated Kubernetes version 1.23 on April 2, 2023. Please upgrade your AKS clusters to version 1.24 or above.

Release notes

• Features

  • AAD workload identity is now Generally Available.

• Preview Features

  • Stop cluster minor version upgrades on API breaking changes is now available in preview. AKS will fail fast on minor version manual upgrades if it detects usages of deprecated APIs in the target version of the upgrade. This is available when target cluster for upgrade is >= 1.26.0, when the API request for cluster is using API version >= 2023-01-02-preview, and when usage of API breaking changes has been detected in the 12 hours prior to the upgrade.

• Bug Fix

  • Fixed an issue where kube-scheduler would crash on AKS clusters of version 1.25+ when there are inline volumes in the cluster.
  • Fixed an issue where it was not possible to rotate certificates for stopped AKS clusters.
  • When installing Cilium Enterprise through Azure Marketplace, AKS validates that if the extension is from an Isovalent offer, then the extension name must be "cilium". The extension name error message has been clarified to reflect this requirement.

• Component Updates

  • Azure Monitor managed service for Prometheus addon's kube-state-metrics image has been updated from 2.6.0 to 2.8.1.
  • Kubernetes Event-driven Autoscaling (KEDA) add-on has been updated to version 2.10.0 and is now available on AKS version 1.26.
  • AKS Ubuntu 18.04 image has been updated to AKSUbuntu-1804-202304.05.0.
  • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-2204-202304.05.0.
  • AKS Mariner image has been updated to AKSMariner-202304.05.0.

Release 2023-04-02

Release 2023-04-02

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• Starting on March 21, 2023, traffic to k8s.gcr.io will be redirected to registry.k8s.io, following the community announcement.
• Docker container runtime will be retired for Windows nodepools on May 1, 2023. After docker container runtime is retired, you may remain on existing deployed instances but scaling operations will fail, nodepool creation will fail, and you will be out of support. Follow the detailed steps in our documentation to upgrade to containerd.
• AKS has deprecated Kubernetes version 1.23 on April 2, 2023. Please upgrade your AKS clusters to version 1.24 or above.

Release notes

• Feature

  • Terminating a long running operation on an AKS cluster is now Generally available.

• Bug Fix

  • Fixed an issue that network connectivity lost on systemd-networkd restart.

• Behavior Changes

  • L7 proxy for Azure CNI powered by Cilium is disabled and not supported for GA

• Component Updates

  • Workload Identity has been updated to version v1.0.0.
  • Azure File CSI driver has been updated to version v1.26.1 on AKS 1.26 which has CVE fixes
  • Add action to clean up orphaned disks in node management group. These disks were created by VMAS node and will not be used after VMs are deleted.
  • AKS Ubuntu 18.04 image has been updated to AKSUbuntu-1804-202303.28.0.
  • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-2204-202303.28.0.
  • AKS Mariner image has been updated to AKSMariner-202303.28.0.

Release 2023-03-26

Release 2023-03-26

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• Starting on March 21, 2023, traffic to k8s.gcr.io will be redirected to registry.k8s.io, following the community announcement.
• Docker container runtime will be retired for Windows nodepools on May 1, 2023. After docker container runtime is retired, you may remain on existing deployed instances but scaling operations will fail, nodepool creation will fail, and you will be out of support. Follow the detailed steps in our documentation to upgrade to containerd.
• AKS will deprecate Kubernetes version 1.23 on April 2, 2023. Please upgrade your AKS clusters to version 1.24 or above.
• Starting with Kubernetes 1.26:
  • HostProcess Containers will be GA
  • Some AKS labels will be deprecated. Update your AKS labels to the recommended substitutions. See more information on label deprecations and how to update your labels in the Use labels in an AKS cluster documentation.
  • Two in-tree driver persistent volumes won't be supported in AKS: kubernetes.io/azure-disk, kubernetes.io/azure-file.
  • All AKS clusters on version 1.26+ will use the latest coreDNS version v1.10.1..
    • For all AKS clusters on version 1.26+, coreDNS health plugin will use lameduck 5s to minimizes DNS resolution failures during coreDNS pod restart or deployment rollout.
    • For all AKS clusters on version 1.26+, coreDNS will use ttl 30 as default TTL for DNS records.
• Starting with Kubernetes 1.27:
  • The Max Surge default value will change on newly created nodepools from 1 node to 10% of the node pool size.

Release notes

• Features
  • New k8s patch versions
    • Removed 1.24.6, added 1.24.10.
    • Removed 1.25.4, added 1.25.6.
• Preview Features
  • Custom kubelet configuration for Windows is now in preview.
• Bug Fixes
  • Fixed a bug where clusters with multiple node pools using the same pod subnet could get stuck during deletion.
• Component Updates
  • AKS v1.26 clusters have been reverted to CoreDNS v1.9.4 to fix a regression in v1.10.1.
  • Azure CNI has been updated to version v1.4.44.
  • Azure Monitor Agent Windows logs pod has been updated to v3.1.5.
  • AKS Ubuntu 18.04 image has been updated to AKSUbuntu-1804-202303.22.0.
  • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-2204-202303.22.0.
  • AKS Windows 2019 image has been updated to 17763.4131.230315.
  • AKS Windows 2022 image has been updated to 20348.1607.230315.

Release 2023-03-19

Release 2023-03-19

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• Starting on March 21, 2023, traffic to k8s.gcr.io will be redirected to registry.k8s.io, following the community announcement.
• Docker container runtime will be retired for Windows nodepools on May 1, 2023. After docker container runtime is retired, you may remain on existing deployed instances but scaling operations will fail, nodepool creation will fail, and you will be out of support. Follow the detailed steps in our documentation to upgrade to containerd.
• AKS will deprecate Kubernetes version 1.23 on April 2, 2023. Please upgrade your AKS clusters to version 1.24 or above.
• Starting with Kubernetes 1.26:
  • HostProcess Containers will be GA
  • Some AKS labels will be deprecated. Update your AKS labels to the recommended substitutions. See more information on label deprecations and how to update your labels in the Use labels in an AKS cluster documentation.
  • Two in-tree driver persistent volumes won't be supported in AKS: kubernetes.io/azure-disk, kubernetes.io/azure-file.
  • All AKS clusters on version 1.26+ will use the latest coreDNS version v1.10.1..
    • For all AKS clusters on version 1.26+, coreDNS health plugin will use lameduck 5s to minimizes DNS resolution failures during coreDNS pod restart or deployment rollout.
    • For all AKS clusters on version 1.26+, coreDNS will use ttl 30 as default TTL for DNS records.
• Starting with Kubernetes 1.27:
  • The Max Surge default value will change on newly created nodepools from 1 to 10%.

Release notes

• Bug Fix

  • Fixed an issue where default Linux sysctls were not applied if users specified any Linux OS custom configuration. If the following sysctls were not specified, the defaults may previously have changed unintentionally: net.core.somaxconn, net.ipv4.tcp_max_syn_backlog, net.ipv4.neigh.default.gc_thresh1, net.ipv4.neigh.default.gc_thresh2, and net.ipv4.neigh.default.gc_thresh3. A node image upgrade is recommended to restore the previous behavior.
  • Fixed an issue where CAs passed during provisioning would not be added to trust store correctly. This fix is already applied and should be reflected in all new create operations. New scale operations will require a node image upgrade.
  • Fixed an issue that when client installed oss version of Image Cleaner or Workload Identity, AKS addon manager deleted their roles, service accounts, etc. which blocked its running.

• Behavior Changes

  • Default memory for Windows pods increased from 600mi to 700mi.

• Component Updates

  • Container Insights has been updated to 3.1.4.
  • AKS Ubuntu 18.04 image has been updated to AKSUbuntu-1804-202303.13.0.
  • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-2204-202303.13.0.
  • AKS Mariner image has been updated to AKSMariner-202303.13.0.

Release 2023-03-05

Release 2023-03-05

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• Windows Server 2019 will be retired with Kubernetes version 1.32 EOL on March 1, 2026. Follow the detailed steps
  in our documentation to transition to Windows Server 2022.
• Docker container runtime will be retired for Windows nodepools on May 1, 2023. After docker container runtime is retired,you may remain on existing deployed instances but scaling operations will fail, nodepool creation will fail, and you will be out of support. Follow the detailed steps in our documentation to upgrade to containerd.
• The Docker Bridge CIDR field in the AKS API was made redundant during our change from Docker to containerD in Kubernetes version 1.19. Starting in April 2023 with the 2023-04-01 AKS API version, the Docker Bridge CIDR field will be removed. It will continue to be supported (but ignored) in all preexisting API versions.
• The KEDA addon currently supports aks versions 1.23, 1.24 and 1.25. the managed KEDA addon will not be supported on 1.26 GA at launch. If you use the KEDA addon, please do not upgrade to 1.26. If you use auto-upgrade with the rapid channel enabled as well as the KEDA addon, please switch off the rapid channel and update manually.
• AKS will deprecate Kubernetes version 1.23 on April 2nd 2023. Please upgrade your AKS clusters to version 1.24 or above.
• Java/JDK support for cgroups v2 is available in JDK 11 (patch 11.0.16 and later) or JDK 15 and above. AKS Kubernetes 1.25+ uses cgroups v2. Please migrate your workloads to the new JDK.
• Starting with Kubernetes 1.26:
  • HostProcess Containers will be GA
  • Some AKS labels will be deprecated. Update your AKS labels to the recommended substitutions. See more information on label deprecations and how to update your labels in the Use labels in an AKS cluster documentation.
  • Two in-tree driver persistent volumes won't be supported in AKS : kubernetes.io/azure-disk, kubernetes.io/azure-file.
• Starting with Kubernetes 1.27:
  • The Max Surge default value will change on newly created nodepools from 1 to 10%.
• AKS began pod security policy deprecation on 2022-11-01 API. The pod security policy will be removed completely on 2023-06-01 API with AKS 1.25 version or higher. You can migrate pod security policy to pod security admission controller before the deprecation deadline.

Release notes

• Preview Features
  • Azure Backup for AKS Public Preview is now available.
  • Azure CNI Overlay Public Preview is now available in ALL Azure Public Cloud Regions.
  • Trusted Access is now in Public Preview.
• Bug Fix
  • Fixed issue with Linux node outbound connectivity failing due to HTTP_PROXY/HTTPS_PROXY not fully respected.
• Behavior Changes
  • Increased qps limits and worker threads for CSI driver on azuredisk v2.
  • For customers using the Web App Routing add-on (Preview), we added an "identity" field in the API response exposing the managed service identity creates by the add-on. You can grant that identity permissions to manage other Azure resources used by the add-on, such as Azure DNS and Azure Key Vault.
  • Bumped the memory limit for the Container Insights Add-on for Windows to 1Gb.
• Component Updates
  • AKS Ubuntu 18.04 image has been updated to AKSUbuntu-1804-202303.06.0.
  • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-2204-202303.06.0.
  • AKS Mariner image has been updated to AKSMariner-2023.03.06.

Release 2023-02-26

Release 2023-02-26

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• AKS will deprecate Kubernetes version 1.23 on April 2nd 2023. Please upgrade your AKS clusters to version 1.24 or above.
• Java/JDK support for cgroups v2 is available in JDK 15 and above. Kubernetes 1.25+ and on AKS uses cgroups. Please migrate your workloads to the new JDK.
• Starting with Kubernetes 1.26:
  • HostProcess Containers will be GA
  • Some AKS labels will be deprecated. Update your AKS labels to the recommended substitutions. See more information on label deprecations and how to update your labels in the Use labels in an AKS cluster documentation.
• Starting with Kubernetes 1.27:
  • The Max Surge default value will change on newly created nodepools from 1 to 10%.
• AKS began pod security policy deprecation on 2022-11-01 API. The pod security policy will be removed completely on 2023-06-01 API with AKS 1.25 version or higher. You can migrate pod security policy to pod security admission controller before the deprecation deadline.

Release notes

• Preview Features

  • Support for Pod Sandboxing workloads
  • Enable windows metrics collection from the Azure Monitor Metrics
  • Node OS auto-upgrade channel for automatically applying OS security patches promptly

• Bug Fix

  • In 2023-01-01 Azure API, a hot fix is released to fix this (bug)[https://github.com//issues/3481] and returns 400 error on PUT requests to "Base" or "Standard" parameters, allowing customers to still use "Basic" parameter in ManagedClusterSKUName with "Free" or "Paid" parameters in ManagedClusterSKUTier.
  • Fix Agent Pool stop issue when powerstate reporting is inconsistent
  • Fix blobfuse2 backward compatibility issue on AKS 1.25
  • Fix cluster autoscaler scheduler bug which is causing CA to crash
  • Update node label with Security Patch versions from VHD

• Behavior Changes

  • Removed 5 minute back off when attemptng to delete a node pool with an existing operation taking place

• Component Updates

  • Azure Blob CSI driver updated to version v1.19.1
  • Update Prometheus Add-on to 02-22-2023
  • AKS Windows 2019 image has been updated to 17763.4010.230223.
  • AKS Windows 2022 image has been updated to 20348.1547.230223.

Release 2023-02-19

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• AKS will deprecate Kubernetes version 1.23 on April 2nd 2023. Please upgrade your AKS clusters to version 1.24 or above.
• Starting with Kubernetes 1.26:
  • HostProcess Containers will be GA
  • Some AKS labels will be deprecated. Update your AKS labels to the recommended substitutions. See more information on label deprecations and how to update your labels in the Use labels in an AKS cluster documentation.
• Starting with Kubernetes 1.27:
  • The Max Surge default value will change on newly created nodepools from 1 to 10%.
• AKS began pod security policy deprecation on 2022-11-01 API. The pod security policy will be removed completely on 2023-06-01 API with AKS 1.25 version or higher. You can migrate pod security policy to pod security admission controller before the deprecation deadline.
• Azure Policy will be updated to GateKeeper 3.11 on Feb 20th for AKS 1.24 and up.

Release notes

• Bug Fix
  • In 2023-01-01 Azure API, a hot fix is released and currently rolling out to fix this (bug)[https://github.com//issues/3481] and returns 400 error on PUT requests to "Base" or "Standard" parameters, allowing customers to still use "Basic" parameter in ManagedClusterSKUName with "Free" or "Paid" parameters in ManagedClusterSKUTier.
• Behavior Changes
  • Clusters on upgrade-channel nodeimage or nodeos-channel will no longer pull security updates through unattended upgrade. They will now get security updates through the weekly node image upgrade.
  • Clusters with automatic node image upgrades (node-image auto-upgrade channel) will have nightly in-place patches turned off. You can set your own schedule (via upgrade schedules).
• Component Updates
  • Azure Disk CSI driver has been upgraded to v1.26.2.
  • AKS Ubuntu 18.04 image has been updated to AKSUbuntu-1804-2023.02.15.
  • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-2204-2023.02.15.
  • AKS Windows 2019 image has been updated to 17763.4010.230216.
  • AKS Windows 2022 image has been updated to 20348.1547.230216.
  • AKS Mariner image has been updated to AKSMariner-2023.02.15.

Release 2023-02-12

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• Starting with Kubernetes 1.26:
  • HostProcess Containers will be GA
  • Some AKS labels will be deprecated. Update your AKS labels to the recommended substitutions. See more information on label deprecations and how to update your labels in the Use labels in an AKS cluster documentation.
• Starting with Kubernetes 1.27:
  • The Max Surge default value will change on newly created nodepools from 1 to 10%.
• AKS began pod security policy deprecation on 2022-11-01 API. The pod security policy will be removed completely on 2023-06-01 API with AKS 1.25 version or higher. You can migrate pod security policy to pod security admission controller before the deprecation deadline.
• Azure Policy will be updated to GateKeeper 3.11 on Feb 20th for AKS 1.24 and up.
• Starting from the release of 2023-02-19, clusters with automatic node image upgrades (node-image auto-upgrade channel) will have nightly in-place patches turned off. Node image auto upgrade offers a better idempotent way to receive these fixes on a schedule (via upgrade schedules). Clusters not using the node-image auto-upgrade channel remain unchanged in preparation for the release of the OS Upgrade Channel functionality.

Release notes

• Preview Features
  • Kubernetes 1.26.0 is now in Public Preview.
• Behavior Changes
  • Auto-upgrade Patch channel can now be set in any patch version of a supported Kubernetes minor version and it will bring the cluster to the latest supported patch.
• Component Updates
  • Azure CNI for Windows has been updated to version 1.4.41.
  • Windows Calico updated to v3.24.0 for Kubernetes v1.24+.
  • AKS Ubuntu 18.04 image has been updated to AKSUbuntu-1804-2023.02.09.
  • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-2204-2023.02.09.
  • AKS Mariner image has been updated to AKSMariner-2023.02.09.

Release 2023-02-05

Azure Kubernetes Service Changelog

Release 2023-02-05

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• AKS introduces a new Standard tier which includes the previous standalone uptime SLA in addition to improved capabilities over the Free tier. Read the blog to learn more about the launch of the Standard tier. Azure API is updated to include the new “Standard” tier, as a result, "Basic" and "Paid" will be removed in the 2023-07-01 API version, and this will be a breaking change in API version 2023-07-01 or newer. If you use automated scripts, CD pipelines, ARM templates, Terraform, or other third-party toolings that rely on the above parameters, please be sure to make the necessary changes before upgrading to the 2023-07-01 or newer API version. From API version 2023-01-01 and newer, you can start transitioning to the new API parameters "Base" and "Standard".
• Starting with Kubernetes 1.26:
  • HostProcess Containers will be GA
  • Some AKS labels will be deprecated. Update your AKS labels to the recommended substitutions. See more information on label deprecations and how to update your labels in the Use labels in an AKS cluster documentation.
• Starting with Kubernetes 1.27:
  • The Max Surge default value will change on newly created nodepools from 1 to 10%.
• AKS began pod security policy deprecation on 2022-11-01 API. The pod security policy will be removed completely on 2023-06-01 API with AKS 1.25 version or higher. You can migrate pod security policy to pod security admission controller before the deprecation deadline.
• Azure Policy will be updated to GateKeeper 3.11 on Feb 20th for AKS 1.24 and up.
• Workload Identity: Application pods using workload identity will need the following label added azure.workload.identity/use starting with the 2023-01-29 release. Add the label to your running pods/deployments to avoid pods from failing at restart. See more here.
• The aks swagger api specs now moved under a subfolder per the issue.

Release notes

• Bug Fix
  • HTTP Proxy Fixed an issue on the "No Proxy" update - where the cluster FQDN would be removed from noProxy on updates.
• Component Updates
  • Add support for defender agent to run on FIPS machines.
  • Managed Prometheus addon image release. See release notes.
  • Clients (e.g. portal / CLI / powershell) can now discover the trusted access role bindings operations on available operations.
  • AKS Ubuntu 18.04 image AKSUbuntu-1804-2023.01.26 addresses an issue where fips_enabled would be set to 0 while running on a fips kernel.
  • AKS Ubuntu 18.04 image has been updated to AKSUbuntu-1804-2023.02.01.
  • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-2204-2023.02.01.
  • AKS Mariner image has been updated to AKSMariner-2023.02.01.