Release 2023-10-15

Release 2023-10-15

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• No new clusters can be created with Azure AD Integration (legacy). Existing AKS clusters with Azure Active Directory integration will keep working. All Azure AD Integration (legacy) AKS clusters will be migrated to AKS-managed Azure AD automatically starting from 1st Dec. 2023. We recommend updating your cluster with AKS-managed Azure AD before 1 Dec 2023. This way you can manage the API server downtime during non-business hours.
• CVE-2023-29332 Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain Cluster Administrator privileges. Please update your AKS VHD to at least VHD version 230801 as mentioned in the issue
• CVE-2023-44487 - The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly

Release notes

• Feature

  • AKS supports to use annotations to configure the load balancer health probe for different service ports

• Bug Fixes

  • Fix for preventing cilium-operator from restarting unmanaged coredns pods
  • Fix for AKS Not Honoring/ Returning PrivateEndpointConnection description field
  • Fix for PUT on ManagedCluster allowing more than the maximum tag limit of 50 in some rare cases
  • Fix for Failure to create multiple agent pools concurrently when using the same PodSubnetID- Dynamic IP Allocation mode

• Behavioral Changes

  • Change in Key Vault error codes - KeyVaultEncryptKeyFailed will now be KeyVaultEncryptFailed and KeyVaultDecryptKeyFailed will now be KeyVaultDecryptFailed

• Component Updates

  • Updates ama-logs addon to version 3.1.15 10/13/2023
  • Azure Linux image has been updated to Azure Linux - 202310.09.0
  • Azure Windows 2019 Image has been updated to Azure Windows - 17763.4974.231011
  • Azure Windows 2022 Image has been updated to Azure Windows - 20348.2031.231011
  • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-2204-202310.09.0

Release 2023-10-08

Release 2023-10-08

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• No new clusters can be created with Azure AD Integration (legacy). Existing AKS clusters with Azure Active Directory integration will keep working. All Azure AD Integration (legacy) AKS clusters will be migrated to AKS-managed Azure AD automatically starting from 1st Dec. 2023. We recommend updating your cluster with AKS-managed Azure AD before 1 Dec 2023. This way you can manage the API server downtime during non-business hours.

Release notes

• Features

  • Stop cluster upgrades automatically on API breaking changes is now generally available.
  • The AKS vscode extension has released four new features: A brand new user experience for cluster create and visual kubectl commands as well as several internal enhancements. To read more and engage with the team directly, visit the GitHub repository

• Bug Fixes

  • Microsoft Defender for Containers has been updated to image version 1.3.81 to support kernel versions 6.2 or higher.

• Behavioral Changes

  • With the release of Container Insights 3.1.14, default 1-year tokens will be set to 1-hour expiry and refreshed at 10 minutes.
  • A warning has been added for clusters utilizing dual-stack networking and outbound type user-defined routing if the associated route table does not have a default IPv6 route in place. Visit Dual-stack kubenet networking for full details.
  • Customers can now disable Windows GMSA on an existing cluster.
  • Node OS Auto Upgrade now has a built-in Policy Definition that can be used to validate and enforce whether it is enabled on an AKS cluster.

• Component Updates

  • Windows CNI has been updated to v1.4.39.1 for Azure CNI Overlay and Azure CNI with dynamic allocation.
  • Azure Monitor Metrics for AKS has been updated to image version 6.7.7. Please see their release notes for full details.
  • The AKS vscode extension v1.3.15 has been released

Release 2023-10-01

Release 2023-10-01

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• No new clusters can be created with Azure AD Integration (legacy). Existing AKS clusters with Azure Active Directory integration will keep working. All Azure AD Integration (legacy) AKS clusters will be migrated to AKS-managed Azure AD automatically starting from 1st Dec. 2023. We recommend updating your cluster with AKS-managed Azure AD before 1 Dec 2023. This way you can manage the API server downtime during non-business hours.

Release notes

• Features

  • Support for IP address changes for Azure Blob NFS mounts on AKS 1.27+.
  • Configurable resource group for the Private Link Service (PLS) creation using the "ServiceAnnotationPLSResourceGroup = "service.beta.kubernetes.io/azure-pls-resource-group" annotation.
  • The vertical pod autoscaling (VPA) add-on for AKS is now generally available.
  • Bring your own keys (BYOK) support to encrypt Azure Ephemeral disks is now generally available in AKS.

• Bug Fixes

  • Fix for some events during an upgrade such as "Deleting node" not appearing in kubectl get events.
  • Fix for metricDefinitions operation not exposed in Azure China.
  • Fix for Cluster Autoscaler condition where nodes that VPA pods are scheduled to could not be evicted.

• Behavioral Changes

  • The pod CPU request from ama-metrics daemonsets will be reduced in Windows from 500m to 150m and in Linux from 75m to 50m.
  • AKS will now validate, and block if necessary, service CIDRs placed in public and multicast IP address ranges.
  • If the ama-logs add-on is enabled, host port 28330 will be mounted to the ama-logs daemonset in order to facilitate syslog collection.
  • To reduce vertical pod autoscaling (VPA) out of memory (OOM) errors, the vpa-recommender CPU limit will increase to 1000m, memory limit to 2000Mi, and memory request to 800Mi from 200m, 1000m, and 500Mi respectively.
  • The default max surge value during upgrades will be changed from 1 to 10% for AKS 1.28+ on new clusters to improve upgrade latency.

• Component Updates

  • Linux Network Policy Manager (NPM) version has been rebuilt to v1.4.45.2, containing patches for Ubuntu CVEs.
  • ip-masq-agent-v2 onboarded to semantic versioning and has been updated to v0.1.8.
  • Upgraded Azure File CSI driver to v1.24.10 on AKS 1.25, v1.26.8 on AKS 1.26, and v1.28.5 on AKS 1.27.
  • Blob CSI driver upgraded to v1.22.2 on AKS 1.27+ to support AZNFS mount helper.

Release 2023-09-24

Azure Kubernetes Service Changelog

Release 2023-09-24

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• No new clusters can be created with Azure AD Integration (legacy). Existing AKS clusters with Azure Active Directory integration will keep working. All Azure AD Integration (legacy) AKS clusters will be migrated to AKS-managed Azure AD automatically starting from 1st Dec. 2023. We recommend updating your cluster with AKS-managed Azure AD before 1 Dec 2023. This way you can manage the API server downtime during non-business hours.

Release notes

• Behavioral changes

  • If your VM SKU does not support ephemeral or PremiumSSD OS disks, AKS will now use StandardSSD as the default OS disk type as compared to Standard HDD previously.
  • Azure Kubernetes Clusters should enable node os auto-upgrade - Microsoft Azure (Audit) policy to include the Configure Node OS Auto upgrade on Azure Kubernetes Cluster - Microsoft Azure (DINE) policy to allow customers to enforce that Node OS Auto Upgrade is configured on a cluster, where before they could only Audit that a cluster was configured without Node OS Auto Upgrade.

• Preview Features

  • Image Integrity allows you to sign container images via a process that ensures their authenticity and integrity.

• Bug Fixes

  • Fix for the Private Link Service (PLS) creation failure that can occur if the customer selects a subnet name or PLS name that is too long.

• Component Updates

  • Microsoft Defender Publisher container (part of defender for containers solution) image version has been updated to 1.0.67 from 1.0.64 which improves memory utilizaiton to reduce pod restarts due to OOMKills
  • Cilium version has been updated to 1.13.5 for AKS clusters with kubernetes versions 1.28 or greater
  • Azure File CSI driver updated to version v1.24.9 for clusters with kubernetes version 1.25, v1.26.7 for clusters with kubernetes version 1.26 and v.1.28.4 for clusters with kubernetes version 1.27
  • Hotfix: There were 3 CVE's in the upstream Kubernetes related to insufficient input sanitiztion which leads to privilege escalation. AKS Patched the AKS cluster nodes for clusters version 1.24.9, 1.24.10, 1.24.15, 1.25.5, 1.25.6, 1.25.11, 1.26.0, 1.26.3, 1.26.6, 1.27.3. CVE links - CVE-2023-3676, CVE-2023-3955, and CVE-2023-3893. Update your AKS cluster's node images if the cluster does not have node OS auto-upgrade feature enabled.

Release 2023-09-17

Release 2023-09-17

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• No new clusters can be created with Azure AD Integration (legacy). Existing AKS clusters with Azure Active Directory integration will keep working. All Azure AD Integration (legacy) AKS clusters will be migrated to AKS-managed Azure AD automatically starting from 1st Dec. 2023. We recommend updating your cluster with AKS-managed Azure AD before 1 Dec 2023. This way you can manage the API server downtime during non-business hours.

Release notes

• Behavioral changes

  • After you set the node OS auto-upgrade channel to "None", AKS doesn't automatically reimage nodes in your node pools. But when you set the node OS auto-upgrade channel to "Unmanaged", AKS will reimage all nodes in your node pools.

• Features

  • HTTP Proxy can now be updated post clusters creation.

• Component Updates

  • Azure Monitor container insights addon updated to 09/15/2023 release.
  • Updated Azure Monitor metrics addon image to 09/11/2023 release.
  • AKS Windows 2019 image has been updated to 17763.4851.230914.
  • AKS Windows 2022 image has been updated to 20348.1970.230914.
  • Updated Windows Azure CNI to v1.5.6.1.

Release 2023-09-10

Release 2023-09-10

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• No new clusters can be created with Azure AD Integration (legacy). Existing AKS clusters with Azure Active Directory integration will keep working. All Azure AD Integration (legacy) AKS clusters will be migrated to AKS-managed Azure AD automatically starting from 1st Dec. 2023. We recommend updating your cluster with AKS-managed Azure AD before 1 Dec 2023. This way you can manage the API server downtime during non-business hours.

Release notes

• Behavioral changes

  • Update admissions enforcer to ignore "kubernetes.azure.com/managedby" and "control-plane" namespaces to fix this issue.
  • "kubernetes.azure.com/managedby" label added to aks managed namespaces (kube-system, gatekeeper-system, tigera-system, calico-system)
  • Stopped nodepools will be upgraded during an Auto Upgrade operation. The upgrade will apply to nodes when the nodepool is started.
  • Added priorityClassName system-node-critical property to all KEDA add-on pods to fix this issue.
  • We will now check that your cluster has less than 400 nodes when an upgrade operation is requested and using Kubenet (400 being the node limit for Kubenet).

• Bug Fixes

  • Enable HonorPVReclaimPolicy for Azure Disk CSI driver 1.28, fixing an issue where in some Bound Persistent Volume (PV) – Persistent Volume Claim (PVC) pairs, the ordering of PV-PVC deletion determines whether the PV delete reclaim policy is honored.

• Component Updates

  • Updated Azure Disk CSI version to v1.28.3 on K8S 1.27.
  • Updated Azure File CSI version to v1.28.3 on K8S 1.27, v1.26.6 on K8S 1.26, v1.24.7 on K8S 1.25.
  • AKS Ubuntu 18.04 image has been updated to AKSUbuntu-1804-202309.06.0.
  • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-2204-202309.06.0.
  • Azure Linux image has been updated to AzureLinux-202309.06.0.

Release 2023-09-03

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• Asia East has now been changed to the 2nd release region. New release changes will reach to Asia East after US West Central, and before UK South. Follow this via AKS-Release-Tracker.
• No new clusters can be created with Azure AD Integration (legacy). Existing AKS clusters with Azure Active Directory integration will keep working. All Azure AD Integration (legacy) AKS clusters will be migrated to AKS-managed Azure AD automatically starting from 1st Dec. 2023. We recommend updating your cluster with AKS-managed Azure AD before 1 Dec 2023. This way you can manage the API server downtime during non-business hours.
• To avoid disruptions stemming from unmanaged Canonical nightly security updates, AKS will disable unmanaged Canonical nightly updates by 2 September 2023, on clusters that haven’t specified an update option explicitly, mapping to the option None in the node OS upgrade channel feature. AKS strongly recommends proactively moving to auto-upgrade node-image or node OS upgrade channel - SecurityPatch or NodeImage options; you can set maintenance windows for these channels.

Release notes

• Preview Features
  • AKS 1.28 version is now available in preview.
  • Now customers can disable OutboundNAT for Windows nodes as long as the cluster's outbound type is not Load Balancer. This change enables customers to disable OutboundNAT in conjunction with User Defined Routes (UDR) and Azure firewall. Before the modification, customers could only disable OutboundNAT for Windows nodes when the cluster's outbound type was NAT Gateway.
• Features
  • Node OS Upgrade Channel - NodeImage is now generally available.
  • Outbound IP can now be a combination of ip/ipprefix and managed ones.
• Behavioral changes
  • The taint added by AKS node auto repair will change from remediator.aks.microsoft.com/unschedulable to remediator.kubernetes.azure.com/unschedulable.
  • After you update SSH key, AKS doesn't automatically reimage your node pool, you can choose anytime to perform the reimage operation . Only after reimage is complete, does the update SSH key operation take effect.
• Component Updates
  • Image Cleaner now has eraser version bumped to v1.2.1.
  • Updated Windows gmsa webhook to v0.7.1 which supports multi-arch (amd64 and arm64).
  • Bumped version of Azure Workload Identity to 1.1.0.
  • AKS Ubuntu 18.04 image has been updated to AKSUbuntu-1804-202308.28.0.
  • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-2204-202308.28.0.
  • Azure Linux image has been updated to AzureLinux-202308.28.0.

Release 2023-08-27

Release 2023-08-27

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• No new clusters can be created with Azure AD Integration (legacy). Existing AKS clusters with Azure Active Directory integration will keep working. All Azure AD Integration (legacy) AKS clusters will be migrated to AKS-managed Azure AD automatically starting from 1st Dec. 2023. We recommend updating your cluster with AKS-managed Azure AD before 1 Dec 2023. This way you can manage the API server downtime during non-business hours.
• Please review the following CVEs that impact all Windows node pools in AKS clusters - CVE-2023-3676, CVE-2023-3955, and CVE-2023-3893. Please update your Windows nodes to the VHD version 230809 as mentioned in these issues.
• To avoid disruptions stemming from unmanaged Canonical nightly security updates, AKS will disable unmanaged Canonical nightly updates by 2 September 2023
  on clusters that haven’t specified an update option explicitly, mapping to the option None in the node OS upgrade channel feature. AKS strongly recommends proactively moving to auto-upgrade node-image or node OS upgrade channel - Security Patch; you can set maintenance windows for these channels.

Release notes

• Behavioral changes

  • Previously AKS returned only 1 random node's failure even if multiple nodes had drain failures, in the error response. Now all the node drain failures are appended to the error response and returned for easier troubleshooting.

• Bug Fixes

  • Customers using Azure Monitor Managed Prometheus Service for AKS Clusters may have experienced issues with metrics add-on being disabled, missing metrics and alerts, in case both Container Insights log and Managed Prometheus are enabled on the clusters. These hotfixes fix that issue.
  • A bug was fixed that prevented clusters using Azure CNI Powered by Cilium from starting after being stopped.

• Component Updates

  • Updated Azure File CSI driver to v1.24.5 on AKS versions >= 1.24.0 and < 1.26.
  • Bump cloud-controller-manager image v1.25.18, v1.26.14, v1.27.8 and v1.28.0.
  • AKS Ubuntu 18.04 image has been updated to AKSUbuntu-1804-202308.22.0.
  • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-2204-202308.22.0.
  • Azure Linux image has been updated to AzureLinux-202308.22.0.
  • AKS Windows 2019 image has been updated to 17763.4737.230809.
  • AKS Windows 2022 image has been updated to 20348.1906.230809.

Release 2023-08-20

Release 2023-08-20

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• No new clusters can be created with Azure AD Integration (legacy). Existing AKS clusters with Azure Active Directory integration will keep working. All Azure AD Integration (legacy) AKS clusters will be migrated to AKS-managed Azure AD automatically starting from 1st Dec. 2023. We recommend updating your cluster with AKS-managed Azure AD before 1 Dec 2023. This way you can manage the API server downtime during non-business hours.
• Please review the following CVEs that impact all Windows node pools in AKS clusters - CVE-2023-3676, CVE-2023-3955, and CVE-2023-3893. Please update your Windows nodes to the VHD version 230809 as mentioned in these issues.
• To avoid disruptions stemming from unmanaged Canonical nightly security updates, AKS will disable unmanaged Canonical nightly updates by 2 September 2023
  on clusters that haven’t specified an update option explicitly, mapping to the option None in the node OS upgrade channel feature. AKS strongly recommends proactively moving to auto-upgrade node-image or node OS upgrade channel - SecurityPatch; you can set maintenance windows for these channels.

Release notes

• Features

  • Image Cleaner is now generally available.
  • Planned maintenance is now generally available.
  • Azure AD workload identity with AKS has been made available in the following regions - eastus, australiacentral, australiaeast, brazilsouth, canadacentral, centralindia, eastasia, eastus2, francecentral, germanywestcentral, japaneast, jioindiawest, koreacentral, northcentralus, northeurope, norwayeast, qatarcentral, southafricanorth, swedencentral, switzerlandnorth, uaenorth, ukwest, westus2.
  • networkPolicy to 'none' (no network policy engine is installed) as a default value if unspecified when creating a cluster. Setting networkPolicy to 'none' is blocked for API versions prior to 2023-09-02-preview.

• Behavioral changes

  • Microsoft.ContainerService/locations/{location}/kubernetesVersions operation will now return isDefault: true on default version.

• Component Updates

  • Azure Monitor container insights addon updated to 08/17/2023 release.
  • Updated Azure Monitor metrics addon image to 08/11/2023 release.
  • Updated Azure Disk CSI driver to v1.26.6 on AKS versions >= 1.24.0 and < 1.27. Updated Azure Disk CSI driver to v1.28.2 on AKS versions >= 1.27.0.
  • Updated Azure File CSI driver to v1.24.4 on AKS versions >= 1.24.0 and < 1.26. Updated Azure Disk CSI driver to v1.26.4 on AKS versions >= 1.26.0.
  • Updated Azure CNS to v1.4.44.4
  • AKS Ubuntu 18.04 image has been updated to AKSUbuntu-1804-202308.16.0.
  • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-2204-202308.16.0.
  • Azure Linux image has been updated to AzureLinux-202308.16.0.

Release 2023-08-13

Release 2023-08-13

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• No new clusters can be created with Azure AD Integration (legacy). Existing AKS clusters with Azure Active Directory integration will keep working. All Azure AD Integration (legacy) AKS clusters will be migrated to AKS-managed Azure AD automatically starting from 1st Dec. 2023. We recommend updating your cluster with AKS-managed Azure AD before 1 Dec 2023. This way you can manage the API server downtime during non-business hours.

Release notes

• Features

  • Azure Container Networking Interface (CNI) Overlay now fully supports Windows Server 2019 and 2022.

• Behavioral changes

  • Azure monitor metrics addon image is reverted from 07-28-2023 release back to the 06-26-2023 release because 07-28-2023 release contains an issue that configmap processing is broken for $ in regex fields.
  • Automate the creation and connection of a Private Link Service to an Azure LoadBalancer, only requiring users to create Private Endpoint connections for private connectivity.

• Component Updates

  • AKS Image cleaner eraser image bumped to v1.2.0.
  • Linux Network Policy Manager （NPM） version bumped to v1.4.45.1 for nftables performance improvements and security patches.
  • ACI connector addon (virtual node) bumped to v1.6.0.
  • AKS Ubuntu 18.04 image has been updated to AKSUbuntu-1804-202308.10.0.
  • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-2204-202308.10.0.
  • Azure Linux image has been updated to AzureLinux-202308.10.0.
  • AKS Windows 2019 image has been updated to 17763.4737.230808.
  • AKS Windows 2022 image has been updated to 20348.1906.230808.