Azure Kubernetes Service Changelog

Release 2023-09-24

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• No new clusters can be created with Azure AD Integration (legacy). Existing AKS clusters with Azure Active Directory integration will keep working. All Azure AD Integration (legacy) AKS clusters will be migrated to AKS-managed Azure AD automatically starting from 1st Dec. 2023. We recommend updating your cluster with AKS-managed Azure AD before 1 Dec 2023. This way you can manage the API server downtime during non-business hours.

Release notes

• Behavioral changes

  • If your VM SKU does not support ephemeral or PremiumSSD OS disks, AKS will now use StandardSSD as the default OS disk type as compared to Standard HDD previously.
  • Azure Kubernetes Clusters should enable node os auto-upgrade - Microsoft Azure (Audit) policy to include the Configure Node OS Auto upgrade on Azure Kubernetes Cluster - Microsoft Azure (DINE) policy to allow customers to enforce that Node OS Auto Upgrade is configured on a cluster, where before they could only Audit that a cluster was configured without Node OS Auto Upgrade.

• Preview Features

  • Image Integrity allows you to sign container images via a process that ensures their authenticity and integrity.

• Bug Fixes

  • Fix for the Private Link Service (PLS) creation failure that can occur if the customer selects a subnet name or PLS name that is too long.

• Component Updates

  • Microsoft Defender Publisher container (part of defender for containers solution) image version has been updated to 1.0.67 from 1.0.64 which improves memory utilizaiton to reduce pod restarts due to OOMKills
  • Cilium version has been updated to 1.13.5 for AKS clusters with kubernetes versions 1.28 or greater
  • Azure File CSI driver updated to version v1.24.9 for clusters with kubernetes version 1.25, v1.26.7 for clusters with kubernetes version 1.26 and v.1.28.4 for clusters with kubernetes version 1.27
  • Hotfix: There were 3 CVE's in the upstream Kubernetes related to insufficient input sanitiztion which leads to privilege escalation. AKS Patched the AKS cluster nodes for clusters version 1.24.9, 1.24.10, 1.24.15, 1.25.5, 1.25.6, 1.25.11, 1.26.0, 1.26.3, 1.26.6, 1.27.3. CVE links - CVE-2023-3676, CVE-2023-3955, and CVE-2023-3893. Update your AKS cluster's node images if the cluster does not have node OS auto-upgrade feature enabled.
  • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-2204-202309.26.0.
  • Azure Linux image has been updated to AzureLinux-202309.26.0.