What's Changed
Breaking changes
- Removed AKS preview version v1api20240402preview (#5261). Update your resources to use a newer version and apply them with
kubectl applyor equivalent. - Updated
network.azure.com/VirtualNetworkGatewayfieldradiusServerSecretto be a secret (#5295)spec.vpnClientConfiguration.radiusServerSecretis now a secret reference instead of a string.spec.vpnClientConfiguration.radiusServers[].radiusServerSecretis now a secret instead of a string.status.vpnClientConfiguration.radiusServerSecretwas removed.status.vpnClientConfiguration.radiusServers[].radiusServerSecretwas removed.
- Removed
insights.azure.com/AutoscaleSettingfieldstatus.notifications[].webhooks[].serviceUri, as it may contain secrets (#5308). - Removed
insights.azure.com/ActionGroupfieldstatus.automationRunbookReceivers[].serviceUriandstatus.webhookReceivers[].serviceUrias it may contain secrets (#5308).
Versioning migration (#4831)
We strongly recommend you start using the new version format for resources where it is available. This is because:
- It is ordered correctly for
kubectl get, unlike the legacyv1apiversions (see #4147) - At some future date, the old-formatted versions beginning with
v1api...will be removed. There will be a number of releases of notice before this happens, but best to start now.
All that is required to use the new version format is to update the API version used for your resource YAML and re-apply the YAML w/ kubectl apply or similar.
You can check the tracking issue (#4831), or the resource documentation to determine which resources support which versions.
Example:
| Old Version | New Version |
|---|---|
v1api20250701
| v120250701
|
v1api20250201preview
| v20250201preview
|
- Migrate alertsmanagement to hybrid versioning (#5221)
- Migrate appconfiguration to hybrid versioning (#5199)
- Migrate apimanagement to hybrid versioning (#5305)
- Migrate dbformysql to hybrid versioning (#5278)
- Migrate synapse to hybrid versioning (#5286)
- Migrate web to hybrid versioning (#5272)
New resources
- Add support for new communication CommunicationService resource (#5263)
- Add support for new dbformysql API versions v20241230 and v20250601preview (#5173)
- Add support for new documentdb CassandraCluster and CassandraDataCenter resources (#5175)
- Note that currently ASO has no way to automatically obtain the ObjectId to match PrincipalId
a232010e-820c-4083-83bb-3ace5fc29d0b, so you must runaz ad sp show --id a232010e-820c-4083-83bb-3ace5fc29d0b --query id -o tsvto obtain that value for your subscription. See the sample for more details.
- Note that currently ASO has no way to automatically obtain the ObjectId to match PrincipalId
- Add support for new cache RedisEnterpriseDatabaseAccessPolicyAssignment resource (#5290)
- Add support for new apimanagement resources: Gateway, Certificate, Logger, User, Group, ApiPolicy, ApiDiagnostic, and gateway sub-resources (#5301)
- Add support for new network API version v20250301 (#5295)
Features
- Add support for insights.actionGroup automationRunbookReciever and webhookReceiver to populate serviceUri from a secret (allowing safer use of URIs with embeded api-keys,
passwords, or other secrets). (#5308) - Update default max reconciliation parallelism to 4 for improved performance (#4822)
- Split webhooks into multiple to avoid hitting max CRD size limits (#5218)
- Improve CRD management performance (#5304)
- Enable smart deletion semantics for the authorization group (#5289)
- Add alias support for Private Link Service Connections on PrivateEndpoints (#5288)
- asoctl: Improve handling of well-known names for Azure built-in role definitions (#5228)
Bug fixes
- Fix bug where reconciliation could block under certain conditions (#5224)
- Fix property conversion bugs (#5256)