Azure/AKS 2024-08-05

Release 2024-08-05

on GitHub

Release 2024-08-05

Monitor the release status by regions at AKS-Release-Tracker. This release is titled as v20240805.

Announcements

• AKS will be upgrading the KEDA addon to KEDA 2.15 on AKS clusters with K8s versions >=1.31. KEDA 2.15 brings multiple breaking changes. The breaking changes are listed below:
  • The removal of Pod Identity support. If you use pod identity, we recommend you move over to workload identity for your authentication.
  • The removal of Azure Data Explorer 'metadata.clientSecret' as it was not safe for managing secrets.
  • Removal of the deprecated metricName from trigger metadata section. If you are using metricName today, Please use trigger.name to optionally name your trigger.

Release Notes

• Features:

  • AKS version 1.30 is now available and will be the next LTS version of AKS. You can now upgrade your 1.27 clusters to 1.30 during the LTS period.
  • Updating an existing node pool to enable or disable FIPS is now Generally Available.
  • AKS patch versions 1.30.3, 1.29.7, 1.28.12, 1.27.16 are now available. Refer to version support policy and upgrading a cluster for more information.
  • Istio add-on now only allows EnvoyFilters of the types Lua, local rate limiting, and gzip compression.
  • Telemetry API v1 is now available for the Istio based service mesh add-on.
  • The AKS extension for Visual Studio Code now supports the ability to attach an ACR to your cluster, generate Kubernetes deployment files, generate Dockerfiles, and generate GitHub Actions.

• Bug fixes:

  • Fixed a bug where sometimes NodePublicIPPrefixID could show unset on a cluster even though it was set.
  • Previously, as part of Istio addon canary upgrade, users had to manually copy their edits to HorizontalPodAutoscaler from old revision to new revision. This has been fixed so that changes done to Horizontal Pod Autoscaler will be automatically copied for the newer revision.
  • Added validation that if a LTS cluster has a node pool on non-LTS version, upgrade to the next LTS version is blocked.

• Behavior change:

  • When Advanced Networking Observability is enabled, increased memory limit of 700Mi (from 400Mi) is used for retina-agent.
  • GOMAXPROCS for coredns has been set to equal CPU limit to avoid throttling.
  • In Azure CNI, init-cni-dropgz initContainer has been renamed to cni-installer.
  • Validation for minimum 5 minutes has been introduced for drain timeout value to prevent drain issues during upgrade.
  • query label removed from dns metrics in Advanced Network Observability.
  • Control plane only AKS upgrades will now reconcile node pools to desired state. For example, previously let's say a user did did a Kubernetes upgrade and network plugin mode transition to overlay where a reimaging of the nodes was required, but it wasn't done as nodes were skipped. Going ahead nodes will be reconciled in these circumstances.

• Component updates:

  • To address scheduler issues fixed in this upstream change, 1.27.15, 1.28.11, 1.29.6 schedulers versions will be used for Kubernetes versions 1.27.14, 1.28.10, 1.29.5 respectively.
  • Updated Azure Blob CSI driver to v1.22.7 on AKS version 1.27.
  • For Node Auto Provisioning, Azure provider of Karpenter is upgraded to v0.5.1.
  • Updated Azure Monitor Container Insights image to v3.1.23.
  • Azure Monitor managed service for Prometheus images updated to 07-19-2024 release.
  • Updated Eraser version to v1.3.1 for Image Cleaner.
  • Updated Azure Disk CSI driver to v1.28.9 on AKS 1.27 and to v1.29.7 on AKS 1.28 and 1.29.
  • Updated Azure File CSI driver to v1.28.11 on AKS 1.27, to v1.29.6 on AKS 1.28, and to v1.30.3 on AKS 1.29.
  • Updated Ratify image used in Image Integrity to v1.2.0.
  • Updated Cilium version has been updated to 1.14.12 for AKS cluster with versions >= 1.29 and Advanced Network Observability enabled.
  • Istio-based service mesh add-on revision asm-1-21 has been upgraded to patch v1.21.4 and revision asm-1-22 has been upgraded to patch v1.22.2. Users can restart the workload pods to trigger re-injection of the newer patch version of istio-proxy. More information can be found here.
  • Updated Windows Kubernetes packages in all AKS versions to address CVE-2024-5321.
  • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-202407.29.0.
  • Azure Linux image has been updated to AzureLinux-202407.29.0.
  • AKS Windows Server 2019 image has been updated to AKSWindows-2019-17763.6054.240716.
  • AKS Windows Server 2022 image has been updated to AKSWindows-2022-20348.2582.240716.