Azure Kubernetes Service Changelog
Release 2023-02-05
Monitor the release status by regions at AKS-Release-Tracker.
Announcements
- AKS introduces a new Standard tier which includes the previous standalone uptime SLA in addition to improved capabilities over the Free tier. Read the blog to learn more about the launch of the Standard tier. Azure API is updated to include the new “Standard” tier, as a result, "Basic" and "Paid" will be removed in the 2023-07-01 API version, and this will be a breaking change in API version 2023-07-01 or newer. If you use automated scripts, CD pipelines, ARM templates, Terraform, or other third-party toolings that rely on the above parameters, please be sure to make the necessary changes before upgrading to the 2023-07-01 or newer API version. From API version 2023-01-01 and newer, you can start transitioning to the new API parameters "Base" and "Standard".
- Starting with Kubernetes 1.26:
- HostProcess Containers will be GA
- Some AKS labels will be deprecated. Update your AKS labels to the recommended substitutions. See more information on label deprecations and how to update your labels in the Use labels in an AKS cluster documentation.
- Starting with Kubernetes 1.27:
- The Max Surge default value will change on newly created nodepools from 1 to 10%.
- AKS began pod security policy deprecation on 2022-11-01 API. The pod security policy will be removed completely on 2023-06-01 API with AKS 1.25 version or higher. You can migrate pod security policy to pod security admission controller before the deprecation deadline.
- Azure Policy will be updated to GateKeeper 3.11 on Feb 20th for AKS 1.24 and up.
- Workload Identity: Application pods using workload identity will need the following label added
azure.workload.identity/use
starting with the 2023-01-29 release. Add the label to your running pods/deployments to avoid pods from failing at restart. See more here. - The aks swagger api specs now moved under a subfolder per the issue.
Release notes
- Bug Fix
- HTTP Proxy Fixed an issue on the "No Proxy" update - where the cluster FQDN would be removed from noProxy on updates.
- Component Updates
- Add support for defender agent to run on FIPS machines.
- Managed Prometheus addon image release. See release notes.
- Clients (e.g. portal / CLI / powershell) can now discover the trusted access role bindings operations on available operations.
- AKS Ubuntu 18.04 image AKSUbuntu-1804-2023.01.26 addresses an issue where fips_enabled would be set to 0 while running on a fips kernel.
- AKS Ubuntu 18.04 image has been updated to AKSUbuntu-2204-2023.02.01.
- AKS Ubuntu 22.04 image has been updated to AKSUbuntu-2204-2023.02.01.
- AKS Mariner image has been updated to AKSMariner-2023.01.25.