Azure/AKS 2024-09-18

Release 2024-09-18

on GitHub

Release 2024-09-18

Monitor the release status by regions at AKS-Release-Tracker. This release is titled as v20240918.

Announcements

• AKS version 1.30 is now available as a Long term support version and AKS version 1.28 End of Life is Jan, 15 2025.
• AKS will be upgrading the KEDA addon to more recent KEDA versions. The AKS team has added KEDA 2.15 on AKS clusters with K8s versions >=1.31, KEDA 2.14 for Kubernetes v1.30. KEDA 2.15 and KEDA 2.14 will introduce multiple breaking changes which are listed below:
  • KEDA 2.15 for Kubernetes >=1.31: The removal of Pod Identity support. If you use pod identity, we recommend you move over to workload identity for your authentication.
  • KEDA 2.14 for Kubernetes = 1.30: The removal of Azure Data Explorer 'metadata.clientSecret' as it was not safe for managing secrets.
  • KEDA 2.14 for Kubernetes = 1.30: Removal of the deprecated metricName from trigger metadata section. The two impacted Azure Scalers are Azure Blob Scaler and Azure Log Analytics Scaler. If you are using metricName today, please move metricName outside of trigger metadata section totrigger.name in the trigger section to optionally name your trigger. To view an example of what this would look like, please view the open GitHub issue.
• AKS will no longer support the GPU image (preview) to provision GPU-enabled AKS nodes. Starting on Jan 10, 2025 you will no longer be able to create new GPU-enabled node pools with the GPU image. Alternative options that are supported today and recommended by AKS include the default experience with manual NVIDIA device plugin installation or the NVIDIA GPU Operator, detailed in AKS GPU node pool documentation.
• Starting on January 1, 2025, invalid values sent to the Azure AKS API for the properties.mode field of AKS AgentPools will be rejected. Prior to this change, unknown modes were assumed to be User. The only valid values for this field are the (case-sensitive) strings:"User", "System", or "Gateway".

Release Notes

• Features:

  • AKS patch versions 1.28.13, 1.29.8, 1.30.4 are now available. Refer to version support policy and upgrading a cluster for more information.

• Bug fixes:

  • Bug fix to address the issue where the OSDiskSize validator throws an error if the existing agent pool does not have a default value set
  • Bug fix causing cluster creation to fail when creating a new cluster with multiple agent pools using the Dynamic Pod IP Allocation feature (podsubnet)
  • Resolved a race condition that could occur when deleting a CNI Overlay cluster with auto-scaler enabled, ensuring smoother cluster deletion.

• Behavior change:

  • Abandoned cluster will be deallocated with status Failed(Deallocated) instead of Succeeded (Stopped).
  • PDB drain errors will now include additional PDB debug message and appropriate original error instead of generic "API call to Kubernetes API Server failed" error message. Example - "PDB debug info: myNode/myPod1 blocked by pdb myPDB (MaxUnavailable: 1) with 1 unready pods: myNode/myPod2".
  • Updated Azure NPM version to v1.5.36 to address race condition in Azure NPM Linux which can occur when editing/deleting a NetworkPolicy with "enough" rules. The race can result in unexpected connectivity for traffic to/from Pods on the impacted Node. NPM will now auto-restart to mitigate the issue ~15 seconds after if it enters a broken state caused by the race.
  • Lowering Linux Azure NPM's CPU request from 250m to 50m. This addresses [Github Issue 2792](#2792.
    *Clusters using the Key Management Service (KMS) plugin based on Azure Key Vault with a private endpoint and konnectivity tunnel may run into a deadlock issue resulting in apiserver becoming unreachable. Clusters using this configuration will not be allowed starting Kubernetes version >= 1.31.
  • Allow Istio add-on users to add the customizations to the Ingress gateway.
  • Busybox will be removed from kube-proxy init container. This will eliminate the need for security updates on busybox.

• Component updates:

  • Release notes 08-27-2024 mentions Calico v3.28.1 being supported for AKS cluster with K8s versions 1.30. This change was reverted from the 08-27-2024 release but will go out in this release.
  • All revisions of Azure Service Mesh use zipkin as the default tracer config.
  • Cost-analysis-agent image upgraded from v0.0.16 to v0.0.17.
  • Updated retina linux to v0.0.15.
  • Updated ip-masq-agent to v0.1.13 to address CVE-2024-24790, CVE-2023-45288, CVE-2023-45289, CVE-2023-45290, CVE-2024-24783, CVE-2024-24784, CVE-2024-24785, CVE-2024-24789, CVE-2024-24791, CVE-2024-5321.
  • Updated CNI versions to v1.5.35 and v1.6.5. Updated CNS versions to v1.5.35 and v1.6.5.
  • Updated Azure Container Instances (ACI) connector addon to v1.6.2 and init-validation to v0.3.0.
  • Azure Monitor managed service for Prometheus images updated to 09-16-2024 release.
  • Updated Azure Disk CSI driver version to v1.29.9 on AKS 1.28, 1.29, and to v1.30.4 on AKS 1.30.
  • Updated Azure File CSI driver to v1.29.8 on AKS 1.28.
  • Updated tigera operator to v1.30.11 and calico to v3.26.5 for versions running on k8s 1.29 and 1.30 to address CVE patches.
  • Updated the Advanced Container Networking Services Image tag for fixing the bug that causes cilium pods to crash in Advanced Container Networking Service enabled AKS clusters.
  • Retina Enterprise and Operator image update [v0.1.0].
  • Updated the Windows containerd version from v1.6.21 to v1.6.35 for Kubernetes version < 1.28.
  • AKS Windows Server 2022 image has been updated to AKSWindows-2022-20348.2700.240911.
  • AKS Windows Server 2019 image has been updated to AKSWindows-2019-17763.6293.240911.
  • Azure Linux image has been updated to Azure Linux-202409.09.0.
  • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-202409.09.0.