Azure/AKS 2026-03-05 on GitHub

Monitor the release status by regions at AKS-Release-Tracker.

Azure Kubernetes Service support for Flatcar Container Linux for AKS (preview) will be retired on 8 June 2026, transition to a supported alternative by that date. From now to 7 June 2026, you can continue to use Flatcar Container Linux for AKS (preview) on Azure Kubernetes Service without disruption. Starting on 8 June 2026, Azure Kubernetes Service will no longer support Flatcar Container Linux for AKS (preview). You will no longer be able to create new node pools. AKS will not produce new node images and will no longer provide security patches for existing node pools. AKS will remove Flatcar Container Linux for AKS (preview) node images and existing code on 8 September 2026, meaning that scaling and remediation operations will fail.
Azure Linux has expanded GPU support to include NVIDIA A100, H100, and H200 VMs. Find the full list of supported GPUs with Azure Linux on AKS here.

New Kubernetes patch versions are now available: 1.32.11, 1.33.7, 1.34.3.
AKS Kubernetes Long Term Support (LTS) version 1.28 is deprecated. Please upgrade your clusters to a supported version. Refer to AKS Support Calendar for more information.

For deprecation, rollouts and patch timelines by region, please check the AKS-Release-Tracker.

Azure Monitor Profile OTLP gRPC support is now available in public preview, enabling OpenTelemetry Protocol gRPC endpoints for Azure Monitor metrics collection.
ACNS preview feature is now supported on dual-stack clusters.
Node Auto Provisioning has been updated to Karpenter Azure provider v1.7.2. This release adds a new alpha resource NodeOverlay for controlling node priorities and supports two new scheduling labels: kubernetes.azure.com/scalesetpriority and kubernetes.azure.com/os-sku.

Application Monitoring auto-instrumentation is now generally available.
Azure Linux now supports the AI Toolchain Operator (KAITO) add-on for running AI and ML workloads on AKS.

AKS Automatic clusters now enforce multiple layers of defense against remote code execution via nodes/proxy permissions:
- A ValidatingAdmissionPolicy (VAP) restricts creation or updates of ClusterRole and Role objects granting nodes/proxy, except for approved system users and groups.
- An authorization policy denies nodes/proxy by default. Approved system users, groups, and kube-system service accounts are exempt.
On clusters where ACNS performance is used to enable eBPF host routing, nodes will be labeled with kubernetes.azure.com/ebpf-host-routing=true. This is done by a node image upgrade.

Cilium has been updated from v1.18.2 to v1.18.6 to address CVEs: CVE-2025-64715 and CVE-2026-26963.
Retina has been updated to v1.0.3 to address CVE-2013-3900.
Retina Enterprise has been updated to v0.1.16.
Konnectivity has been updated to v0.32.1 with bug fixes and dependency updates.
Microsoft Defender for Containers sensor has been upgraded to v0.9.51 on AKS >= 1.35 and to v0.8.48 on AKS < 1.35. See release notes. The following defender for containers components were updated:
- Inspektor Gadget upgraded from v0.41.1 to v0.41.2.
- Fluent Bit updated from 4.1.1 to 4.2.2.
- Multiple CVEs remediated as part of this change, listed below:
Cluster autoscaler images have been updated with CVE fixes across all supported Kubernetes versions: v1.29.5-aks-5, v1.30.7-aks-5, v1.31.5-aks-7, v1.32.3-aks-7, v1.33.1-aks-7, v1.34.1-aks-4.
Container Insights has been updated to 3.1.35.
AKS Azure Linux images:
- v3.0 - 202603.04.0.
AKS Ubuntu images:
- Ubuntu 22.04 - 202603.04.0.
- Ubuntu 24.04 - 202603.04.0.

Azure/AKS 2026-03-05 Release Notes - 2026-03-05 on GitHub