Skip to content

Releases: Azure/AKS

Release 2023-06-04

15 Jun 19:18
@phealy phealy
2023-06-04
f1ee688
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release 2023-06-04

Release 2023-06-04

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

  • Docker container runtime for Windows nodepools has been retired as of May 1, 2023. You may remain on existing deployed instances but scaling operations will fail, nodepool creation will fail, and you will be out of support. Follow the detailed steps in our documentation to upgrade to containerd. In alignment with this retirement, AKS has deleted all published windows 2019 docker images.
  • After May 31, 2023, Ubuntu 18.04 will reach end of life. AKS will continue to update the host OS from Canonical into the Kubernetes 1.24 VHD images. Customers will not receive daily security updates from Canonical past the end of May, but will be able to consume those through a node image update only.
  • Each Kubernetes version is supported for 12 months. After 12 months, the minor version will shift to platform support only. Our new platform support policy provides customers with Azure infrastructure support while the cluster is in an n-3 version (where n is the latest supported AKS GA minor version). Platform support does not include anything related to Kubernetes functionality and components, but provides customers with additional support beyond what was previously provided for unsupported versions.
  • Unattended Upgrades are disabled on Azure Linux when running on a NVIDIA GPU enabled VM sizes.
  • SecurityPatch OS Servicing channel is not supported on Azure Linux when running on NVIDIA GPU enabled VM sizes.
  • Windows2019 will be retired in Kubernetes v1.33 and above (ETA March 2026). Customers should upgrade to Windows2022.

Release notes

  • Behavior Changes

    • Automatic upgrades will now be blocked on clusters that have clients using deprecated API versions. This will be logged into the cluster's activity log. Upgrades will be retried during each upgrade interval and will succeed when usage of deprecated APIs has stopped. Clusters can also be upgraded manually with the deprecated API validation bypassed.
    • Konnectivity will now be deployed into clusters using BYOCNI or API Server VNet Integration in combination with Azure CNI Overlay.

  • Component Updates

Assets 2
Loading

Release 2023-05-28

31 May 17:16
@allyford allyford
2023-05-28
b6f219b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release 2023-05-28

Release 2023-05-28

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

  • Docker container runtime for Windows nodepools has been retired as of May 1, 2023. You may remain on existing deployed instances but scaling operations will fail, nodepool creation will fail, and you will be out of support. Follow the detailed steps in our documentation to upgrade to containerd. In alignment with this retirement, AKS has deleted all published windows 2019 docker images.  
  • After May 31, 2023, Ubuntu 18.04 will reach end of life. AKS will continue to update the host OS from Canonical into the Kubernetes 1.24 VHD images. Customers will not receive daily security updates from Canonical past the end of May, but will be able to consume those through a node image update only.
  • Each Kubernetes version is supported for 12 months. After 12 months, the minor version will shift to platform support only. Our new platform support policy provides customers with Azure infrastructure support while the cluster is in an n-3 version (where n is the latest supported AKS GA minor version). Platform support does not include anything related to Kubernetes functionality and components, but provides customers with additional support beyond what was previously provided for unsupported versions.
  • Unattended Upgrades are disabled on Azure Linux when running on a NVIDIA GPU enabled VM sizes.
  • SecurityPatch OS Servicing channel is not supported on Azure Linux when running on NVIDIA GPU enabled VM sizes.
  • Windows2019 will be retired in Kubernetes v1.33 and above (ETA March 2026). Customers should upgrade to Windows2022.

Release notes

  • Features

    • Azure Linux is now generally available as a container host OS on AKS. The Build announcement can be found here and the documentation for deploying Azure Linux can be found here.
    • FIPS image support is now enabled for Azure Linux.
    • The AKS devX extension now supports the creation of GitHub Actions.
    • Managed Prometheus is now Generally available.
    • Kubernetes Apps is now Generally available.

  • Preview Features

  • Behavior Changes

    • PodSecurityPolicy is removed in AKS clusters v1.25 and higher. Customers may not upgrade to v1.25 and above if PSP is enabled, an error will occur if attempted. PSP needs to be disabled before upgrading.
    • Added installhint to help guide users to install kubelogin if not already in their PATH. Users will see this hint when they get the user kubeconfig for their cluster in exec format and when a tool they use in conjunction with that kubeconfig chooses to display that hint.
    • Added configmap hash to cilium agent and operator annotations. The configmap hash will appear in the k8s manifests for cilium-operator and cilium-agent.
    • Improved error messages and public documentation for errors 50, 51, and 52. Now when customers encounter these errors, they should be able to resolve them by accessing the appropriate section in our troubleshooting documentation.
    • Web Application Routing now supports configuration through the Azure portal.
    • During cluster upgrade to v1.26.0 or a later version, disk PV node affinity check will cause the upgrade to fail if there are disk PVs still using deprecated labels: failure-domain.beta.kubernetes.io/zone and failure-domain.beta.kubernetes.io/region

  • Bug Fixes

    • Fixed a bug to resolve an upstream issue where the volume is not detached after the pod and PVC objects are deleted. See resolved issue here.

  • Component Updates

Assets 2
Loading

Release 2023-05-21

28 May 23:25
@olsenme olsenme
2023-05-21
66f727a
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release 2023-05-21

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

  • Docker container runtime for Windows nodepools has been retired as of May 1, 2023. You may remain on existing deployed instances but scaling operations will fail, nodepool creation will fail, and you will be out of support. Follow the detailed steps in our documentation to upgrade to containerd. In alignment with this retirement, AKS has deleted all published windows 2019 docker images.  
  • After May 31, 2023, Ubuntu 18.04 will reach end of life. AKS will continue to update the host OS from Canonical into the Kubernetes 1.24 VHD images. Customers will not receive daily security updates from Canonical past the end of May, but will be able to consume those through a node image update only.
  • Each Kubernetes version is supported for 12 months. After 12 months, the minor version will shift to platform support only. Our new platform support policy provides customers with Azure infrastructure support while the cluster is in an n-3 version (where n is the latest supported AKS GA minor version). Platform support does not include anything related to Kubernetes functionality and components, but provides customers with additional support beyond what was previously provided for unsupported versions.
  • Unattended Upgrades are disabled on Mariner when running on a NVIDIA GPU enabled VM sizes.
  • SecurityPatch OS Servicing channel is not supported on Mariner when running on NVIDIA GPU enabled VM sizes.

Release notes

  • Behavior Changes

    • Added get permissions for ciliumnetworkpolicy, ciliumclusterwidenetworkpolicy,ciliumendpoint ciliumidentity, and ciliumnode api-resources to the aks-service ClusterRole to enable support workflows.
    • After a cluster has been stopped for 30 days, etcd backup storage is no longer deleted. Deletion of etcd backup now only happens when the cluster is deleted.
    • For arm clients that use the location header instead of the async-operation header, return bad request 400 if the async operation failed for a client error rather than 500 according to this spec.
    • Enable the toggle to use ForcePodDrain option in Stop MC operation to give some grace period for the pod to stop before deleting the node.

  • Bug Fixes

    • Fixed bug that will recreate IPv6 SLB backend pools if missing on dual-stack clusters.
    • Fixed bug to prevent customers from listing secrets in agent nodes.
    • Fixed a bug where disabling the Open Service Mesh add-on was leaving behind the HorizontalPodAutoscaler resources osm-controller-hpa and osm-injector-hpa

  • Component Updates

Assets 2
Loading

Release 2023-05-14

16 May 00:34
@miwithro miwithro
2023-05-14
e08cc50
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release 2023-05-14

Release 2023-05-14

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

  • Docker container runtime for Windows nodepools has been retired as of May 1, 2023. After docker container runtime is retired, you may remain on existing deployed instances but scaling operations will fail, nodepool creation will fail, and you will be out of support. Follow the detailed steps in our documentation to upgrade to containerd.
  • Each Kubernetes version is supported for 12 months. After 12 months, the minor version will shift to platform support only. Our new platform support policy provides customers with Azure infrastructure support while the cluster is in an n-3 version (where n is the latest supported AKS GA minor version). Platform support does not include anything related to Kubernetes functionality and components, but provides customers with additional support beyond what was previously provided for unsupported versions.
  • AKS is gradually rolling out a change that will rotate the token in the kubeconfig credentials. It shall not incur any impact since kubeconfig has the client certificate. Should you see any issue, retrieve the kubeconfig again with az aks get-credentials.
  • Unattended Upgrades are disabled on Mariner when running on a NVIDIA GPU enabled VM sizes.
  • SecurityPatch OS Servicing channel is not supported on Mariner when running on NVIDIA GPU enabled VM sizes.

Release notes

  • Behavior Changes

  • Bug Fixes

    • Now returning a clientError "Could not find the Public IP in resource group %s in subscription %s" when creating agent pool with invalid nodePublicIPPrefixID.
    • For Node Restriction enabled clusters running window calico, we added a new role "windows-calico-node-role" to grant windows containers permission to get secret from calico-system only.
    • Now returning a clientError "Could not find any load balancer in resource group %s in subscription %s" when Stop Cluster fails with ScaleVMSSAgentPoolFailed when there is no LB on the cluster.

  • Component Updates

    • Blob CSI driver upgraded to v1.21.2 for AKS 1.26.
    • CSI image liveness-probe upgraded to v2.10.0 and the node-driver-registrar image upgraded to v2.8.0 for CVE fixes.
    • Azure File CSI driver upgraded to v1.24.1 for AKS 1.24, 1.25.
    • CoreDNS upgraded to 1.9.4 for AKS clusters of versions >= 1.24.0.
    • AKS Windows 2019 image has been updated to 17763.4377.230510.
    • AKS Windows 2022 image has been updated to 20348.1726.230510.
Assets 2
Loading

Release 2023-05-07

10 May 16:03
@kaarthis kaarthis
2023-05-07
210c6e5
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release 2023-05-07

Release 2023-05-07

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

  • Docker container runtime for Windows nodepools has been retired as of May 1, 2023. After docker container runtime is retired, you may remain on existing deployed instances but scaling operations will fail, nodepool creation will fail, and you will be out of support. Follow the detailed steps in our documentation to upgrade to containerd.
  • Each Kubernetes version is supported for 12 months. After 12 months, the minor version will shift to platform support only. Our new platform support policy provides customers with Azure infrastructure support while the cluster is in an n-3 version (where n is the latest supported AKS GA minor version). Platform support does not include anything related to Kubernetes functionality and components, but provides customers with additional support beyond what was previously provided for unsupported versions.
  • The Docker Bridge CIDR field in the AKS API was made redundant during our change from Docker to containerD in Kubernetes version 1.19. Starting with the 2023-04-01 AKS API version, the Docker Bridge CIDR field will be removed.
  • AKS is gradually rolling out a change that will rotate the token in the kubeconfig credentials. It shall not incur any impact since kubeconfig has the client certificate. Should you see any issue, retrieve the kubeconfig again with az aks get-credentials.

Release notes

  • Preview Features

  • Bug Fixes

    • Updated 'cilium', 'cilium-operator', 'cilium-pre-flight' ClusterRoles to include 'update' permission for 'ciliumidentities' api-resource. This addresses the issue where cilium-operator and cilium-agent could not garbage collect unused identities. identities.
    • Now returning a clientError, when you do a Stop/RunCommand action on a cluster that was never successfully provisioned and was stuck in failed state. Error message returned is "The cluster is being deleted or hasn't been fully provisioned yet.".
    • The CPU limit of Windows DaemonSet for Azure Monitor Metrics Addon is updated from 200m to 500m to fix throttling issue.
    • In cases where an Azure CNI Overlay cluster's podCIDR becomes exhausted (i.e does not have enough ip addresses for the node count across all nodepools)then based on nodepools.MaxCount value only for those nodepools that have AutoScaling enabled - customer will get an already existing error message 'i18n.InsufficientSubnetSize error Target fieldnames.NetworkProfile_PodCIDR'.
    • In case customer deploys an Azure CNI Overlay cluster into a nodeCIDR, where the nodeCIDR doesn't have enough ip addresses for the number of nodes across the nodepools on the same subnet. Then for nodepools that have autoscaling enabled and based on maxcount, customer will get the same 'i18n.InsufficientSubnetSize error message with an error target fieldnames.AgentPoolProfile_VnetSubnetID'.

  • Component Updates

    • Open Service Mesh add-on images updated from v1.2.3 to v1.2.4 for AKS clusters of versions >= 1.24.0.
    • Istio-based service mesh add-on's istiod and ingress images updated from v1.17.1 to v1.17.2. User needs to restart the workload pods to trigger re-injection of the newer patch version of istio-proxy. More information can be found here.
    • Cilium upgraded to 1.12.8 for AKS clusters with Azure CNI Powered by Cilium.
    • Blob csi driver upgraded to v1.19.5 on AKS 1.24, 1.25 to fix blobfuse install failures.
    • Csi-provisioner version updated to v3.5.0 in order to fix a volume deletion issue, details
    • AKS Ubuntu 18.04 image has been updated to AKSUbuntu-1804-202305.08.0.
    • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-2204-202305.08.0.
    • AKS Mariner image has been updated to AKSMariner-202305.08.0.
Assets 2
Loading

2023-04-30

01 May 21:32
@qpetraroia qpetraroia
2023-04-30
d614d8a
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
2023-04-30

Release 2023-04-30

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

  • Starting on March 21, 2023, traffic to k8s.gcr.io will be redirected to registry.k8s.io, following the community announcement.
  • Docker container runtime will be retired for Windows nodepools on May 1, 2023. After docker container runtime is retired, you may remain on existing deployed instances but scaling operations will fail, nodepool creation will fail, and you will be out of support. Follow the detailed steps in our documentation to upgrade to containerd.
  • Each Kubernetes version is supported for 12 months. After 12 months, the minor version will shift to platform support only. Our new platform support policy provides customers with Azure infrastructure support while the cluster is in an n-3 version (where n is the latest supported AKS GA minor version). Platform support does not include anything related to Kubernetes functionality and components, but provides customers with additional support beyond what was previously provided for unsupported versions.
  • We are no longer offering support for Azure Disk and Azure File in-tree drivers in Kubernetes 1.26. Please migrate to csi.
  • AKS is gradually rolling out a change that will rotate the token in the kubeconfig credentials. It shall not incur any impact since kubeconfig has the client certificate. Should you see any issue, retrieve the kubeconfig again with az aks get-credentials.

Release notes

Assets 2
Loading

Release 2023-04-23

28 Apr 17:11
@miwithro miwithro
2023-04-23
9f2c0e3
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release 2023-04-23

Release 2023-04-23

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

  • Starting on March 21, 2023, traffic to k8s.gcr.io will be redirected to registry.k8s.io, following the community announcement.
  • Docker container runtime will be retired for Windows nodepools on May 1, 2023. After docker container runtime is retired, you may remain on existing deployed instances but scaling operations will fail, nodepool creation will fail, and you will be out of support. Follow the detailed steps in our documentation to upgrade to containerd.
  • Each Kubernetes version is supported for 12 months. After 12 months, the minor version will shift to platform support only. Our new platform support policy provides customers with Azure infrastructure support while the cluster is in an n-3 version (where n is the latest supported AKS GA minor version). Platform support does not include anything related to Kubernetes functionality and components, but provides customers with additional support beyond what was previously provided for unsupported versions.
  • We are no longer offering support for Azure Disk and Azure File in-tree drivers in 1.26. Please migrate to csi.

Release notes

  • Behavior Changes

    • Added certificate validation for the reset service principal operation for cert rotation operations where both certs and service principal are expired.
    • Changed the maxUnavailable pod to 5% from 2% for Large Scale clusters upgrade issues when running Cilium.
    • Mariner is now rebranded to Azure Linux. Customers can deploy with Mariner or Azure Linux, as both point to the same sku.
    • The Azure Kubernetes Service RBAC Admin role definition has been updated to contain explicit references to dataActions instead of the broad "Microsoft.ContainerService/managedClusters/*" dataAction. This role is now equivalent to the permissions specified in the Kubernetes built-in admin role.

  • Component Updates

Assets 2
Loading

Release 2023-04-16

24 Apr 17:02
@shashankbarsin shashankbarsin
2023-04-16
65f0132
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release 2023-04-16

Release 2023-04-16

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

  • Starting on March 21, 2023, traffic to k8s.gcr.io will be redirected to registry.k8s.io, following the community announcement.
  • Docker container runtime will be retired for Windows nodepools on May 1, 2023. After docker container runtime is retired, you may remain on existing deployed instances but scaling operations will fail, nodepool creation will fail, and you will be out of support. Follow the detailed steps in our documentation to upgrade to containerd.
  • Each Kubernetes version is supported for 12 months. After 12 months, the minor version will shift to platform support only. Our new platform support policy provides customers with Azure infrastructure support while the cluster is in an n-3 version (where n is the latest supported AKS GA minor version). Platform support does not include anything related to Kubernetes functionality and components, but provides customers with additional support beyond what was previously provided for unsupported versions.

Release notes

  • Features

  • Preview Features

  • Bug Fix

    • Fixed an issue that prevented the user-assigned managed identity of the AKS cluster from being updated from identity to another user-assigned managed identity.
    • Disabled kubelet-registration-probe on Windows nodes of AKS version 1.26 to reduce CPU consumption.
    • For clusters using Image Cleaner preview feature, the unused role eraser-leader-election-role and rolebinding eraser-leader-election-rolebinding have been deleted.
    • Reduced Azure Blob CSI driver memory limit on agent node from 2100Mi to 400Mi.
    • For dual-stack networking (IPv4/IPv6) clusters, fixed an issue where the Standard Load Balancer couldn't have IPv6 public prefixes.

  • Behavior Changes

    • For AKS clusters of version >= 1.23, RuntimeDefault is set as the default seccomp profile for all workloads.

  • Component Updates

Assets 2
Loading

Release 2023-04-09

20 Apr 21:54
@shashankbarsin shashankbarsin
2023-04-09
2a81c2b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release 2023-04-09

Release 2023-04-09

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

  • Starting on March 21, 2023, traffic to k8s.gcr.io will be redirected to registry.k8s.io, following the community announcement.
  • Docker container runtime will be retired for Windows nodepools on May 1, 2023. After docker container runtime is retired, you may remain on existing deployed instances but scaling operations will fail, nodepool creation will fail, and you will be out of support. Follow the detailed steps in our documentation to upgrade to containerd.
  • Kubernetes version 1.26 is now Generally Available with AKS. AKS has deprecated Kubernetes version 1.23 on April 2, 2023. Please upgrade your AKS clusters to version 1.24 or above.

Release notes

Assets 2
Loading

Release 2023-04-02

12 Apr 16:57
@CocoWang-wql CocoWang-wql
2023-04-02
f98ff9a
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release 2023-04-02

Release 2023-04-02

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

  • Starting on March 21, 2023, traffic to k8s.gcr.io will be redirected to registry.k8s.io, following the community announcement.
  • Docker container runtime will be retired for Windows nodepools on May 1, 2023. After docker container runtime is retired, you may remain on existing deployed instances but scaling operations will fail, nodepool creation will fail, and you will be out of support. Follow the detailed steps in our documentation to upgrade to containerd.
  • AKS has deprecated Kubernetes version 1.23 on April 2, 2023. Please upgrade your AKS clusters to version 1.24 or above.

Release notes

Assets 2
Loading