Azure/AKS 2022-12-04

Release 2022-12-04

on GitHub

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• AKS is retiring v1.22.x on this (December 4th) release. Please upgrade your clusters to v1.23 or (preferably) above.
• On this release (December 4th 2022), AKS is updating all patches on supported Kubernetes versions. This means that the oldest patch version on a supported minor version will be deprecated. Read more about AKS versioning and our policy here.
• Some AKS labels are being deprecated with the Kubernetes 1.26 release in January. Update your AKS labels to the recommended substitutions. See more information on label deprecations and how to update your labels in the Use labels in an AKS cluster documentation.
• AKS begins pod security policy deprecation on 2022-11-01 API. The pod security policy will be removed completely on 2023-06-01 API with AKS 1.25 version or higher. You can migrate pod security policy to pod security admission controller before the deprecation deadline.
• Azure NAT gateways do not support IPv6 and therefore cannot be used with dual-stack clusters as the cluster would not have a valid IPv6 outbound connection.
• AKS clusters with Calico enabled should not upgrade to Kubernetes v1.25.
• Starting Kubernetes v1.25 two in-tree driver persistent volumes types kubernetes.io/azure-disk, kubernetes.io/azure-file are deprecated and will no longer be supported. Removal of these drivers following its deprecation is not currently planned but all users should migrate as soon as possible to the corresponding persistent volume types, disk.csi.azure.com and file.csi.azure.com respectively. See how here.
• Workload Identity: Application pods using workload identity will need the following label added azure.workload.identity/use starting with the 2023-01-15 release. Add the label to your running pods/deployments to avoid pods from failing at restart. See more here.
• Starting Jan 3, 2023 AKS will expand the policy of 0 node clusters, that are automatically stopped after 30d to include clusters with 0 "Ready" nodes (or all "Not Ready") and 0 Running VMs. Clusters with all nodes manually stopped (unsupported) and in "Not Ready" state after 30 days will be stopped accordingly. To re-start your cluster, run a cluster start command. See the complete Support Policy for more information.

Release notes

• Features
  • Kubernetes 1.25 is now Generally available. 1.25.4 patch version was added
    • Ubuntu 22.04 for AMD and ARM64 architectures will be the default host.
    • Windows Server 2022 will be the default Windows host. Important, old windows 2019 containers will not work on windows server 2022 hosts.
• Preview Features
  • In Azure CNI powered by Cilium clusters, AKS now sets prometheus.io/port and prometheus.io/scrape annotations on the cilium-operator deployment as well as the prometheus container ports on the cilium and cilium operator manifests.
• Behavior Changes
  • AKS now provides a kubernetes.azure.com/dedicated-host-group=<HOST GROUP ID> label for nodes in an Azure Dedicated Host Group.
  • App Gateway Ingress Controller (AGIC) addon memory limit increased to 600 Mi to address to adjust for resourcing in clusters with large pod/secret counts.
  • The only allowed operation that can be performed on a stopped cluster is starting the cluster.
• Bug Fixes
  • Fixed an issue with cluster updates after a failed cluster start getting stuck.
  • AKS will have Accelerated Networking turned off in Azure Dedicated Host nodepools as Azure Dedicated Host placement currently doesn't correctly account for Accelerated Networking capable SKUs at the moment.
  • Fixed IPv6 casing mismatch between azure network provider and AKS.
• Component Updates
  • Azure Monitor Container Insights updated to version ciprod12032022-c9f3dc30
  • AKS Ubuntu 18.04 image has been updated to AKSUbuntu-1804-2022.12.19.
  • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-2204-2022.12.19.
  • AKS Mariner image has been updated to AKSMariner-2022.12.19.