Azure/AKS 2024-05-13

Release 2024-05-13

on GitHub

Release 2024-05-13

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• Starting 1.30 Kubernetes version and 1.27 LTS versions, beta apis will be disabled by default, when you upgrade to them. There will be an option provided to explicitly enable beta apis closer to the 1.30 release.
• Introducing the AKS blog and the AKS Youtube community
• In 2020 Docker enacted a Rate Limiting policy for all users. In-order to assist customers with the change, Microsoft worked directly with Docker to prevent users of Microsoft Azure from being impacted. However, beginning on June 30th, 2024, Azure customers will begin to be impacted by this limit. In-order for customers to mitigate the potential effects of this limit. We recommend customers begin to use the Artifact Cache feature within Azure Container Registry or sign up for a Docker Subscription. More information is available here.
• GetOSOptions will no longer be included in new AKS API versions starting with 2024-05-02. This API was used to get OS options that support Federal Information Process Standard (FIPS) in the specified subscription. If you're calling this API via the CLI, it will no longer be available in newer az aks extension versions. You can use an older version of the az aks extension, however this is not recommended. The CLI preview version supporting the 2024-05-02 preview API can be found here. Check the link for the release version.
  For details on what AKS supported operating systems support Federal Information Process Standard (FIPS), see aka.ms/aks/GetFIPSOSOptions.

Release Notes

• Features:

  • Generally Available - AKS supports disabling Windows OutboundNAT.
  • Generally Available - Automated Deployments.
  • Generally Available - Security patch channel for VHD updates.
  • Generally Available - Azure Kubernetes Fleet Manager workload orchestration
  • AKS Patch version 1.28.9 is now available. It fixes Bug - OpenAPI handler fails on duplicated path.

• Preview Features

  • Deployment Safeguards now supports mutations in Enforcement mode.
  • Enable Native sidecars mode for Istio-based service mesh addon in AKS.
  • AKS Automatic. Visit the AKS engineering blog post.
  • Node Initialization Taints.
  • Advanced Container Networking Services can be enabled on Cilium-enabled clusters with Kubernetes v1.29.0 or greater, and on Retina-enabled clusters with Kubernetes v1.21.0 or greater for Advanced Network Observability.
  • Allow disabling NPM for existing clusters with "networkPolicy=none" for stable api version 2024-05-01.
  • Property-based scheduling in Azure Kubernetes Fleet Manager.
  • Cluster resource overrides in Azure Kubernetes Fleet Manager.
  • Service Connector on AKS cluster. It simplifies the connection configuration experience for AKS workloads and Azure backing services such as Azure Key Vault, Storage account and Azure OpenAI.

• Behavioral Changes:

  • Node upgrade (reimage) will wait for disk detach to complete (to prevent very slow disk detach).
  • Default network policy is "networkPolicy=none" when network policy is not set on new clusters starting from API version 2024-05-01.
  • Customized apiserver subnet must be empty when migrating a cluster to enable apiserver-vnet-integration. If the subnet has resources in it, the migration won't be allowed.

• Bug Fixes:

  • Metrics Server v0.6.3 will be used to prevent frequent OOMKills, reverting from v0.7.1.
  • Allowing zonal NodeClaims to facilitate NodeClaims and node creation on Node Auto Provisioning for workloads with zone affinity constraints.
  • Fixed a bug where the SSHAccess property of a node pool would be reset to LocalUser(SSHAccess:LocalUser) on a partial put. Henceforth, SSHAccess property will retain the current value (SSHAccess:current value).
  • Fixed bug where the eTag property in 2024-02-02 preview, 2024-03-02 preview, and 2024-04-02 preview APIs was returned with the wrong case (returned etag, should have been eTag).

• Component Updates:

  • Istio-based service mesh add-on revision asm-1-19 has been upgraded to patch v1.19.10, asm-1-20 has been upgraded to patch v.1.20.6, and asm-1-21 has been upgraded to patch v1.21.2. Users can restart the workload pods to trigger re-injection of the newer patch version of istio-proxy. More information can be found here.
  • Linux and Windows addon-token-adapter image for Azure monitoring metrics is updated to mcr.microsoft.com/aks/msi/addon-token-adapter:master.240510.2. The updated image patches CVE-2023-4911,CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602, CVE-2023-3446, CVE-2023-3817, CVE-2023-3446, CVE-2023-3817.
  • Managed Prometheus image version updated to images:6.8.12-main-05-21-2024.
  • Azure Policy addon has been updated to v1.4.0 for all clusters on Kubernetes version >= v1.25.
  • Updated cloud node manager to v1.30.0 on AKS 1.30+, v1.29.4 on AKS 1.29+, v1.28.9 on AKS 1.28+, v1.27.17 on AKS 1.27+. Refer AKS version matrix for cloud node manager.
  • Updated AKS App Routing operator image to v0.2.3.
  • Updated Azure File CSI driver to v1.28.10 on AKS 1.27, v1.29.5 on AKS 1.28, v1.30.2 on AKS 1.29.
  • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-2204-202405.20.0.
  • Azure Linux image has been updated to AzureLinux-202405.20.0.
  • AKS Windows Server 2019 image has been updated to AKSWindows-2019-17763.5820.240516.
  • AKS Windows Server 2022 image has been updated to AKSWindows-2022-20348.2461.240516.