Azure/AKS 2023-08-06

Release 2023-08-06

on GitHub

Release 2023-08-06

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• New v1.27+ AKS clusters will have KMS v2 configured by default when KMS is enabled. Customers with clusters on v1.26 and below with KMS enabled will not be able to upgrade to v1.27. To upgrade, follow the steps outlined in this documentation for migrating from KMS v1 to v2, and then proceed with upgrading the cluster to version v1.27.
• The pod security policy feature was deprecated on 1st August 2023 and removed since AKS version 1.25. We recommend you migrate to pod security admission controller or Azure Policy to stay within Azure support.

Release notes

• Preview Features

  • Network Observability add-on plugin is a new public preview feature that will scrape useful metrics from Kubernetes workloads and emit actionable networking observability data into industry standard Prometheus format, which can then be visualized in Grafana.

• Behavioral changes

  • New built-in policy for planned maintenance.
  • Customers will now be able to use node public IP with authorized IP ranges and API Server VNet integration. Previously this functionality was blocked.
  • Customers can now install Azure Service Mesh on AKS clusters with Cilium.
  • Configure exponential backoff in calls from the Cilium daemonset to the Kubernetes apiserver in Azure CNI Powered by Cilium to improve recovery from OOM kills.

• Bug Fixes

  • Fixed a bug where the addon-token-adapter may get a staled long connection to apiserver causing network connection errors.
  • Added validation to check if pobSubnet is associated with NAT Gateway when cluster outbound type is userAssignedNATGateway and pobSubnet in agentpoolProfile is not empty.
  • Azure CNS will write the CNI conflict on the VM only after the networking goal state has been programmed for that VM. This means that Nodes will stay in a NotReady state with status "network plugin not initialized" until after DNC has created the NC and the Azure host has programmed it.

• Component Updates

  • Windows CNS updated to v1.4.44.4
  • Envoy Proxy (part of OSM and Istio) has been updated to 1.26.4 to fix CVE-2023-35941 and CVE-2023-35944.
  • OMSAgent for Azure monitor updated to 3.1.11
  • Cluster Autoscaler images are releasing new versions for 1.25.x, 1.26.x, 1.27.x.
  • Azure File CSI Driver has been updated to v1.28.1 on AKS 1.27.
  • Updated wasm containerd shims to v0.8.0, and added wasm worker server shim.
  • Cloud provider Azure versions are bumped to v1.25.17, v1.26.13, v1.27.7 for the corresponding patch versions with the following changes: Health probe port can be any port assigned by customer, Increase limit for TCP Idle Timeout to 100 minutes, Virtual node will always exists.
  • Azure Monitor Metrics addon image updated in 07-28-2023 release
  • AKS Ubuntu 18.04 image has been updated to AKSUbuntu-1804-202308.01.0.
  • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-2204-202308.01.0.
  • Azure Linux image has been updated to AzureLinux-202308.01.0.