This release is rolling out to all regions - ETA for conclusion 2020-09-18
- AKS will default to containerd as the default runtime in kubernetes v1.19. During preview we encourage to create nodepools with the new container runtime to validate workloads still work as expected. And do check the containerd differences and limitations. After GA of kubernetes v1.19, containerd will be served by default for all new clusters or cluster that upgrade to v1.19. If you are doing container builds in cluster please use the recommended docker buildx.
- [New Date] We heard your feedback and as such, the Azure Kubernetes Service pod security policy (preview) feature will be retired on February 1st 2021.
- Once GA AKS will default to its new GPU specialized image as the supported option for GPU-capable agent nodes.
Release Notes
- Features
- Kubernetes version 1.18 is now Generally Available (GA) on AKS. (1.15 is being retired as this release progressively reaches all regions, as previously communicated). Check the release calendar for future version release and GA date.
- New Kubernetes patch versions available, v1.18.8.
- The AKS Kubernetes Audit logs are now split in 2 categories to allow you granularly subscribe and save costs.
kube-audit-admin
: This category contains only audit events that include write verbs (create
,update
,delete
,patch
,post
)kube-audit
: This category contains all remaining audit events.
- AKS Ubuntu 18.04 is now Generally Available and will be the default agent node base image on k8s v1.18 and onward.
- Preview Features
- AKS now supports Azure disk and Azure files CSI storage drivers in Public preview.
- Bug Fix
- Fixed an issue where non-AKS managed identities (eg. from Pod Identity) would be lost after an AKS upgrade.
- Fixed bug where the VMSS backend pool was removed after a Service Principal reset operation.
- Behavior Changes
- Ensure all components use only strong ciphers (matching the AKS API server). Metrics server now only allows the following cipher suites:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- Ensure all components use only strong ciphers (matching the AKS API server). Metrics server now only allows the following cipher suites:
- Component Updates
- Azure Policy Addon updated to Gatekeeper beta12 and Policy 0804 versions.
- AKS Windows image has been updated to 2019-datacenter-core-smalldisk-17763.1397.200820
- Azure Monitor for Containers versions updated: https://github.com/microsoft/Docker-Provider/blob/ci_prod/ReleaseNotes.md#08072020--
- Linux version mcr.microsoft.com/azuremonitor/containerinsights/ciprod:ciprod08072020
- Windows version mcr.microsoft.com/azuremonitor/containerinsights/ciprod:win-ciprod08072020
- Add LivenessProbe and ReadinessProbe for Metrics Server.
- Updated AKS Moby version to 19.03.12 (from now on AKS Moby versions will follow docker versioning to assist scanning tools false positives).
- Updated NVIDIA GPU drivers to v450.51.06.
- AKS Ubuntu 16.04 image updated to AKSUbuntu-1604-2020.08.28.
- AKS Ubuntu 18.04 image release notes: AKSUbuntu-1804-2020.08.28.