github Azure/AKS 2025-08-08
Release 2025-08-08

latest release: 2025-08-29
22 days ago

Release 2025-08-08

Monitor the release status by region at AKS-Release-Tracker. This release is titled v20250808.

Announcements

  • Starting in September 2025, AKS will start rolling out a change to enable a managed clusters quota for all current and new AKS customers. This rollout is expected to take place between 1-30 September 2025. AKS quota is the maximum number of managed clusters (AKS clusters) that an Azure subscription can create per region. Once the managed clusters quota is released, customers will need both managed clusters quota and node quota (VM SKUs) to create an AKS cluster. Existing AKS customer subscriptions will be given a default limit at or above their current usage, depending on the available regional capacity. Existing subscriptions using AKS for the first time and new subscriptions will be given a default limit. Customers can view quota limits and usage and request additional quota in the Azure portal Quotas blade or by using the Quotas REST API. Before the rollout is complete, quota limits and usage may be visible in the Azure portal on the Quotas blade, and customers will be able to request quota; however, limits won’t be enforced in every region until 1 October 2025. More information on the default limits for new subscriptions is available in documentation here.
  • AKS Kubernetes patch versions 1.33.2, 1.32.6, 1.31.10, 1.30.13, 1.30.14 include a critical security fix for CVE-2025-4563 where nodes can bypass dynamic resource allocation authorization checks. This vulnerability affects the NodeRestriction admission controller when the DynamicResourceAllocation feature gate is enabled. Upgrade your clusters to these patched versions or above. Refer to version support policy and upgrading a cluster for more information.
  • Kubernetes CIS benchmark results and recommendations have been updated to CIS Kubernetes V1.27 Benchmark v1.11.1. The results are applicable to AKS 1.29.x through AKS 1.32.x.
  • AKS long term support now fully supports KEDA.
  • Kubelet serving certificate rotation is now enabled in all public cloud regions. For more information on kubelet serving certificate rotation and disablement, refer to the documentation. Sovereign cloud rollout will begin on 18 August 2025. For rollout updates and questions, see AKS Github Issues.

Release notes

Features

Preview Features

Bug Fixes

Behavior Changes

  • To allow addons that require Microsoft Entra ID authentication to be able to use workload identity while enabling IMDS restriction, it is now required to enable the OIDC issuer as well.
  • For Istio-based service mesh add-on for AKS, partial updates to serviceMeshProfile in AKS managedClusters API now supports empty revision lists. If no revisions are specified, the system will use existing revision values instead of returning an error.

Component Updates

  • Windows node images
    • Server 2019 Gen1 – 17763.7558.250714.
    • Server 2022 Gen1/Gen2 – 20348.3932.250714.
    • Server 23H2 Gen1/Gen2 – 25398.1732.250714.
  • AKS Azure Linux v2 image has been updated to 202507.21.0 (image list).
  • AKS Azure Linux v3 image has been updated to 202507.21.0 (image list).
  • AKS Ubuntu 22.04 node image has been updated to 202507.21.0 (image list).
  • AKS Ubuntu 24.04 node image has been updated to 202507.21.0 (image list).
  • Container Insights has been upgraded to 3.1.28 which includes performance improvements and bug fixes.
  • Azure Disk CSI driver has been upgraded to v1.32.9, v1.33.3 on AKS 1.32 and 1.33 respectively.
  • Retina Basic agent images have been updated to v1.0.0-rc1, addressing security vulnerability GHSA-fv92-fjc5-jj9h.
  • Node Auto Provisioning (NAP) has been updated to Karpenter release 1.6.1 with improvements and bug fixes.
  • Azure Monitor managed service for Prometheus addon is updated to the latest release 07-24-2025
  • Istio-based service mesh add-on has been updated with patch releases 1.25.3 and 1.26.2 for Istio-based service mesh revisions asm-1-25 and asm-1-26. To adopt patch updates, restart workloads to triggers sidecar re-injection of the new istio-proxy version.
  • Cloud Controller Manager image versions updated to v1.33.2, v1.32.7, v1.31.8, and v1.30.14.
  • kube-egress-gateway has been updated to v0.1.1 for Kubernetes 1.34, adding support for Static Egress Gateway in additional regions and fixing service traffic handling in Cilium clusters.

Don't miss a new AKS release

NewReleases is sending notifications on new releases.