Azure/AKS 2024-06-27

Release 2024-06-27

on GitHub

Release 2024-06-27

Monitor the release status by regions at AKS-Release-Tracker. This release is titled as v20240627.

Announcements

• Starting 1.30 Kubernetes version and 1.27 LTS versions, beta APIs will be disabled by default, when you upgrade to them. There will be an option provided to explicitly enable beta APIs closer to the 1.30 release.
• 1.30 is the next LTS version after 1.27. Upgrade from 1.27 LTS to 1.30 LTS will be possible starting August 2024. More information about AKS LTS is available here.

Release Notes

• Features:

  • AKS patch versions 1.27.14, 1.28.10, and 1.29.5, are now available. 1.27.9, 1.28.5, and 1.29.2 patch versions are deprecated. Refer to version support policy and upgrading a cluster for more information.
  • Cost Analysis views for AKS are now available under AKS resource blade in Azure portal. More information can be found in this document.

• Preview feature:

  • Windows Server Annual Channel for Containers is now in public preview on Azure Kubernetes Service (AKS). More information can be found here.

• Bug Fixes:

  • Fixed a bug that previously didn't allow switching from non-LTS K8s version to LTS K8s version when upgrading the cluster. For example, you can now upgrade from 1.26 to 1.27 while switching to LTS.
  • Related to the above, also fixed a bug where previously it was not possible to upgrade from an LTS K8s version to non-LTS K8s version. For example, you can now upgrade from 1.27 LTS to 1.28.

• Behavior Change

  • The memory limit for Azure Key Vault provider for Secrets Store CSI Driver has been updated from 300Mi to 500Mi.
  • Base CPU and memory for metrics-server container are updated from 44M to 150M and 51Mi to 100Mi respectively on clusters with K8s version >= 1.30.0. More information on metrics server scaling can be found here.
  • Creation of clusters with konnectivity and private Key Management Service (KMS) plugin based encryption of etcd using Azure Key Vault is no longer supported. Only clusters with API Server VNet Integration (preview) tunnel are allowed to be used along with KMS encrypted etcd clusters based on private Azure Key Vault.

• Component Updates:

  • Linux Network Policy Manager has been upgraded from v1.5.23 to v.1.5.29 to address CVE-2024-28085.
  • Upgraded Azure workload identity to v1.3.0.
  • Upgraded ip-masq-agent-v2 to v0.1.11 having fixes for CVE-2024-2961 and CVE-2024-33599.
  • Upgraded Azure Monitor Container Insights image to v3.1.22
  • Upgraded Azure CNS to v1.6.0 for 1.30 version clusters.
  • Istio-based service mesh add-on revision asm-1-19 has been upgraded to patch v1.19.10-hotfix.20240528, asm-1-20 has been upgraded to patch v1.20.7, and asm-1-21 has been upgraded to patch v1.21.3. These contain fixes for CVE-2024-34362, CVE-2024-32974, CVE-2024-32975, CVE-2024-34363, CVE-2024-34364, CVE-2024-32976, CVE-2024-23326.
    Users can restart the workload pods to trigger re-injection of the newer patch version of istio-proxy. More information can be found here.
  • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-202406.19.0.
  • Azure Linux image has been updated to AzureLinux-202406.19.0.
  • AKS Windows Server 2022 image has been updated to AKSWindows-2022-20348.2529.240621.