Azure/AKS 2023-05-21

Release 2023-05-21

on GitHub

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• Docker container runtime for Windows nodepools has been retired as of May 1, 2023. You may remain on existing deployed instances but scaling operations will fail, nodepool creation will fail, and you will be out of support. Follow the detailed steps in our documentation to upgrade to containerd. In alignment with this retirement, AKS has deleted all published windows 2019 docker images.  
• After May 31, 2023, Ubuntu 18.04 will reach end of life. AKS will continue to update the host OS from Canonical into the Kubernetes 1.24 VHD images. Customers will not receive daily security updates from Canonical past the end of May, but will be able to consume those through a node image update only.
• Each Kubernetes version is supported for 12 months. After 12 months, the minor version will shift to platform support only. Our new platform support policy provides customers with Azure infrastructure support while the cluster is in an n-3 version (where n is the latest supported AKS GA minor version). Platform support does not include anything related to Kubernetes functionality and components, but provides customers with additional support beyond what was previously provided for unsupported versions.
• Unattended Upgrades are disabled on Mariner when running on a NVIDIA GPU enabled VM sizes.
• SecurityPatch OS Servicing channel is not supported on Mariner when running on NVIDIA GPU enabled VM sizes.

Release notes

• Behavior Changes

  • Added get permissions for ciliumnetworkpolicy, ciliumclusterwidenetworkpolicy,ciliumendpoint ciliumidentity, and ciliumnode api-resources to the aks-service ClusterRole to enable support workflows.
  • After a cluster has been stopped for 30 days, etcd backup storage is no longer deleted. Deletion of etcd backup now only happens when the cluster is deleted.
  • For arm clients that use the location header instead of the async-operation header, return bad request 400 if the async operation failed for a client error rather than 500 according to this spec.
  • Enable the toggle to use ForcePodDrain option in Stop MC operation to give some grace period for the pod to stop before deleting the node.

• Bug Fixes

  • Fixed bug that will recreate IPv6 SLB backend pools if missing on dual-stack clusters.
  • Fixed bug to prevent customers from listing secrets in agent nodes.
  • Fixed a bug where disabling the Open Service Mesh add-on was leaving behind the HorizontalPodAutoscaler resources osm-controller-hpa and osm-injector-hpa

• Component Updates

  • Decrease default CPU request of Image Cleaner's vulnerability scanner from 1 core to half core which may cause client's scanning take longer time.
  • Updated azure-cns image to v1.4.44_hotfix
  • Update container insights addon to version 3.1.8.
  • Upgrade Azure Disk CSI driver to v1.26.4 to fix CVE.
  • AKS Mariner image has been updated to AKSMariner-202305.15.0.
  • AKS Ubuntu 18.04 image has been updated to AKSUbuntu-1804-202305.15.0.
  • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-2204-202305.15.0.