github Azure/AKS 2024-08-27
Release 2024-08-27

latest releases: 2024-10-06, 2024-09-18
one month ago

Release 2024-08-27

Monitor the release status by regions at AKS-Release-Tracker. This release is titled as v20240827.

Announcements

Release Notes

  • Features:

    • Existing Linux node pools can now be updated to enable or disable Federal Information Process Standard (FIPS). See documentation for more information.
  • Bug fixes:

    • Fix an Azure NPM issue that user could meet unexpected connectivity for Pods on the Node when editing a NetworkPolicy with a CIDR "except" field.
    • Fix bug to block non-VMSS (VirtualMachineScaleSets) agent pools in the Automatic SKU validation process.
    • Fix bug to ensure correct default network plugin settings for Kubernetes clusters using VMAS.
    • Fix bug for intermittent precondition failures when applying an AKS Bicep deployment on the pod subnet delegation.
    • Fix bug of public IP on VMSS dropped after upgrade node image or reset service principal operation.
    • Fix bug #4282 to remove duplicated toleration from Calico components.
    • Fix bug to ensure AnnotationControlled is correctly populated by default when creating AKS clusters with app routing enabled, and to ensure AnnotationControlled is an accepted value for the default nginx ingress controller config for AKS clusters with K8s versions <1.30.
    • Fix bug for Cluster Autoscaler that requires an implementation of the HasInstance method on AKS. This implementation prevents the Cluster Autoscaler from stalling during scale-up due to node scale-down issues.
    • Fix bug Azure/azure-service-operator#3220 to allow creation of AgentPools without Count field specified if autoscaler enabled.
    • Fix bug to accept user to set the PowerState field for API versions that do not support the filed. Impacted API versions are 2020-09-01, 2020-11-01, 2020-12-01, 2021-02-01 and 2021-03-01.
  • Behavior change:

    • For non-host network pods running on AKS nodes, they cannot access wireserver(168.63.129.16) port 32526. Before this change user cannot access wireserver port 80, but port 32526 is accessible.
    • When deploying an AKS Automatic (preview) cluster, user do not need to register extra feature flags for related preview features, such as APIServerVnetIntegration, NRGLockdown, NodeAutoProvisioning, and Safeguards.
    • CBL-Mariner 1.0 is end of life, creation of new nodepools with OSSKU cblmariner is disabled.
    • Application Gateway Ingress Controller addon has been assigned the network contributor role.
  • Component updates:

    • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-202408.27.0.
    • Azure Linux image has been updated to AzureLinux-202408.27.0.
    • Azure Disk CSI driver has been upgraded to v1.30.3 on AKS 1.30, V1.29.8 on AKS 1.28, 1.28.1 on AKS 1.27.
    • Azure Blob Disk CSI driver has been upgraded to v1.24.3 on AKS 1.30, v1.23.7 on AKS 1.29 and 1.28.
    • Azure File CSI driver has been upgraded to v1.30.5 on AKS 1.30 and 1.29, v1.29.7 on AKS 1.28.
    • AKS Windows Server 2019 image has been updated to AKSWindows-2019-17763.6189.240814.
    • AKS Windows Server 2022 image has been updated to AKSWindows-2022-20348.2655.240814.
    • AKS App Routing operator image has been updated to v0.2.3-patch-2 for AKS cluster with K8s versions >=1.30, v0.2.1-patch-4 for AKS cluster with K8s versions <1.30 to address CVEs.
    • Windows containerd has been updated to v1.7.20 in AKS cluster with K8s versions >= v1.28.
    • Kubernetes Secrets Store CSI Driver has been updated to v1.4.4 and Azure Key Vault Provider for Secrets Store CSI Driver to v1.5.3
    • Application Gateway Ingress Controller add-on image has been updated to v1.7.5.
    • Retina Enterprise and Operator image has been updated to v0.0.9.
    • azure-cloud-controller-manager has been updated to version v1.30.5, v1.29.9, v1.28.11, v1.27.19.
    • KEDA addon has been updated to v2.14.1 for Kubernetes = 1.30.
    • Azure Policy addon has been updated to v1.7.0.
    • Istio-based service mesh add-on revision asm-1-20 has been upgraded to patch v1.20.8, revision asm-1-21 has been upgraded to patch v1.21.5, and revision asm-1-22 has been upgraded to patch v1.22.3. Users can restart the workload pods to trigger re-injection of the newer patch version of istio-proxy. More information can be found here.
    • Calico v3.28.1 is supported for AKS cluster with K8s versions 1.30.

Don't miss a new AKS release

NewReleases is sending notifications on new releases.