Release 2023-03-26

Release 2023-03-26

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• Starting on March 21, 2023, traffic to k8s.gcr.io will be redirected to registry.k8s.io, following the community announcement.
• Docker container runtime will be retired for Windows nodepools on May 1, 2023. After docker container runtime is retired, you may remain on existing deployed instances but scaling operations will fail, nodepool creation will fail, and you will be out of support. Follow the detailed steps in our documentation to upgrade to containerd.
• AKS will deprecate Kubernetes version 1.23 on April 2, 2023. Please upgrade your AKS clusters to version 1.24 or above.
• Starting with Kubernetes 1.26:
  • HostProcess Containers will be GA
  • Some AKS labels will be deprecated. Update your AKS labels to the recommended substitutions. See more information on label deprecations and how to update your labels in the Use labels in an AKS cluster documentation.
  • Two in-tree driver persistent volumes won't be supported in AKS: kubernetes.io/azure-disk, kubernetes.io/azure-file.
  • All AKS clusters on version 1.26+ will use the latest coreDNS version v1.10.1..
    • For all AKS clusters on version 1.26+, coreDNS health plugin will use lameduck 5s to minimizes DNS resolution failures during coreDNS pod restart or deployment rollout.
    • For all AKS clusters on version 1.26+, coreDNS will use ttl 30 as default TTL for DNS records.
• Starting with Kubernetes 1.27:
  • The Max Surge default value will change on newly created nodepools from 1 node to 10% of the node pool size.

Release notes

• Features
  • New k8s patch versions
    • Removed 1.24.6, added 1.24.10.
    • Removed 1.25.4, added 1.25.6.
• Preview Features
  • Custom kubelet configuration for Windows is now in preview.
• Bug Fixes
  • Fixed a bug where clusters with multiple node pools using the same pod subnet could get stuck during deletion.
• Component Updates
  • AKS v1.26 clusters have been reverted to CoreDNS v1.9.4 to fix a regression in v1.10.1.
  • Azure CNI has been updated to version v1.4.44.
  • Azure Monitor Agent Windows logs pod has been updated to v3.1.5.
  • AKS Ubuntu 18.04 image has been updated to AKSUbuntu-1804-202303.22.0.
  • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-2204-202303.22.0.
  • AKS Windows 2019 image has been updated to 17763.4131.230315.
  • AKS Windows 2022 image has been updated to 20348.1607.230315.

Release 2023-03-19

Release 2023-03-19

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• Starting on March 21, 2023, traffic to k8s.gcr.io will be redirected to registry.k8s.io, following the community announcement.
• Docker container runtime will be retired for Windows nodepools on May 1, 2023. After docker container runtime is retired, you may remain on existing deployed instances but scaling operations will fail, nodepool creation will fail, and you will be out of support. Follow the detailed steps in our documentation to upgrade to containerd.
• AKS will deprecate Kubernetes version 1.23 on April 2, 2023. Please upgrade your AKS clusters to version 1.24 or above.
• Starting with Kubernetes 1.26:
  • HostProcess Containers will be GA
  • Some AKS labels will be deprecated. Update your AKS labels to the recommended substitutions. See more information on label deprecations and how to update your labels in the Use labels in an AKS cluster documentation.
  • Two in-tree driver persistent volumes won't be supported in AKS: kubernetes.io/azure-disk, kubernetes.io/azure-file.
  • All AKS clusters on version 1.26+ will use the latest coreDNS version v1.10.1..
    • For all AKS clusters on version 1.26+, coreDNS health plugin will use lameduck 5s to minimizes DNS resolution failures during coreDNS pod restart or deployment rollout.
    • For all AKS clusters on version 1.26+, coreDNS will use ttl 30 as default TTL for DNS records.
• Starting with Kubernetes 1.27:
  • The Max Surge default value will change on newly created nodepools from 1 to 10%.

Release notes

• Bug Fix

  • Fixed an issue where default Linux sysctls were not applied if users specified any Linux OS custom configuration. If the following sysctls were not specified, the defaults may previously have changed unintentionally: net.core.somaxconn, net.ipv4.tcp_max_syn_backlog, net.ipv4.neigh.default.gc_thresh1, net.ipv4.neigh.default.gc_thresh2, and net.ipv4.neigh.default.gc_thresh3. A node image upgrade is recommended to restore the previous behavior.
  • Fixed an issue where CAs passed during provisioning would not be added to trust store correctly. This fix is already applied and should be reflected in all new create operations. New scale operations will require a node image upgrade.
  • Fixed an issue that when client installed oss version of Image Cleaner or Workload Identity, AKS addon manager deleted their roles, service accounts, etc. which blocked its running.

• Behavior Changes

  • Default memory for Windows pods increased from 600mi to 700mi.

• Component Updates

  • Container Insights has been updated to 3.1.4.
  • AKS Ubuntu 18.04 image has been updated to AKSUbuntu-1804-202303.13.0.
  • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-2204-202303.13.0.
  • AKS Mariner image has been updated to AKSMariner-202303.13.0.

Release 2023-03-05

Release 2023-03-05

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• Windows Server 2019 will be retired with Kubernetes version 1.32 EOL on March 1, 2026. Follow the detailed steps
  in our documentation to transition to Windows Server 2022.
• Docker container runtime will be retired for Windows nodepools on May 1, 2023. After docker container runtime is retired,you may remain on existing deployed instances but scaling operations will fail, nodepool creation will fail, and you will be out of support. Follow the detailed steps in our documentation to upgrade to containerd.
• The Docker Bridge CIDR field in the AKS API was made redundant during our change from Docker to containerD in Kubernetes version 1.19. Starting in April 2023 with the 2023-04-01 AKS API version, the Docker Bridge CIDR field will be removed. It will continue to be supported (but ignored) in all preexisting API versions.
• The KEDA addon currently supports aks versions 1.23, 1.24 and 1.25. the managed KEDA addon will not be supported on 1.26 GA at launch. If you use the KEDA addon, please do not upgrade to 1.26. If you use auto-upgrade with the rapid channel enabled as well as the KEDA addon, please switch off the rapid channel and update manually.
• AKS will deprecate Kubernetes version 1.23 on April 2nd 2023. Please upgrade your AKS clusters to version 1.24 or above.
• Java/JDK support for cgroups v2 is available in JDK 11 (patch 11.0.16 and later) or JDK 15 and above. AKS Kubernetes 1.25+ uses cgroups v2. Please migrate your workloads to the new JDK.
• Starting with Kubernetes 1.26:
  • HostProcess Containers will be GA
  • Some AKS labels will be deprecated. Update your AKS labels to the recommended substitutions. See more information on label deprecations and how to update your labels in the Use labels in an AKS cluster documentation.
  • Two in-tree driver persistent volumes won't be supported in AKS : kubernetes.io/azure-disk, kubernetes.io/azure-file.
• Starting with Kubernetes 1.27:
  • The Max Surge default value will change on newly created nodepools from 1 to 10%.
• AKS began pod security policy deprecation on 2022-11-01 API. The pod security policy will be removed completely on 2023-06-01 API with AKS 1.25 version or higher. You can migrate pod security policy to pod security admission controller before the deprecation deadline.

Release notes

• Preview Features
  • Azure Backup for AKS Public Preview is now available.
  • Azure CNI Overlay Public Preview is now available in ALL Azure Public Cloud Regions.
  • Trusted Access is now in Public Preview.
• Bug Fix
  • Fixed issue with Linux node outbound connectivity failing due to HTTP_PROXY/HTTPS_PROXY not fully respected.
• Behavior Changes
  • Increased qps limits and worker threads for CSI driver on azuredisk v2.
  • For customers using the Web App Routing add-on (Preview), we added an "identity" field in the API response exposing the managed service identity creates by the add-on. You can grant that identity permissions to manage other Azure resources used by the add-on, such as Azure DNS and Azure Key Vault.
  • Bumped the memory limit for the Container Insights Add-on for Windows to 1Gb.
• Component Updates
  • AKS Ubuntu 18.04 image has been updated to AKSUbuntu-1804-202303.06.0.
  • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-2204-202303.06.0.
  • AKS Mariner image has been updated to AKSMariner-2023.03.06.

Release 2023-02-26

Release 2023-02-26

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• AKS will deprecate Kubernetes version 1.23 on April 2nd 2023. Please upgrade your AKS clusters to version 1.24 or above.
• Java/JDK support for cgroups v2 is available in JDK 15 and above. Kubernetes 1.25+ and on AKS uses cgroups. Please migrate your workloads to the new JDK.
• Starting with Kubernetes 1.26:
  • HostProcess Containers will be GA
  • Some AKS labels will be deprecated. Update your AKS labels to the recommended substitutions. See more information on label deprecations and how to update your labels in the Use labels in an AKS cluster documentation.
• Starting with Kubernetes 1.27:
  • The Max Surge default value will change on newly created nodepools from 1 to 10%.
• AKS began pod security policy deprecation on 2022-11-01 API. The pod security policy will be removed completely on 2023-06-01 API with AKS 1.25 version or higher. You can migrate pod security policy to pod security admission controller before the deprecation deadline.

Release notes

• Preview Features

  • Support for Pod Sandboxing workloads
  • Enable windows metrics collection from the Azure Monitor Metrics
  • Node OS auto-upgrade channel for automatically applying OS security patches promptly

• Bug Fix

  • In 2023-01-01 Azure API, a hot fix is released to fix this (bug)[https://github.com//issues/3481] and returns 400 error on PUT requests to "Base" or "Standard" parameters, allowing customers to still use "Basic" parameter in ManagedClusterSKUName with "Free" or "Paid" parameters in ManagedClusterSKUTier.
  • Fix Agent Pool stop issue when powerstate reporting is inconsistent
  • Fix blobfuse2 backward compatibility issue on AKS 1.25
  • Fix cluster autoscaler scheduler bug which is causing CA to crash
  • Update node label with Security Patch versions from VHD

• Behavior Changes

  • Removed 5 minute back off when attemptng to delete a node pool with an existing operation taking place

• Component Updates

  • Azure Blob CSI driver updated to version v1.19.1
  • Update Prometheus Add-on to 02-22-2023
  • AKS Windows 2019 image has been updated to 17763.4010.230223.
  • AKS Windows 2022 image has been updated to 20348.1547.230223.

Release 2023-02-19

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• AKS will deprecate Kubernetes version 1.23 on April 2nd 2023. Please upgrade your AKS clusters to version 1.24 or above.
• Starting with Kubernetes 1.26:
  • HostProcess Containers will be GA
  • Some AKS labels will be deprecated. Update your AKS labels to the recommended substitutions. See more information on label deprecations and how to update your labels in the Use labels in an AKS cluster documentation.
• Starting with Kubernetes 1.27:
  • The Max Surge default value will change on newly created nodepools from 1 to 10%.
• AKS began pod security policy deprecation on 2022-11-01 API. The pod security policy will be removed completely on 2023-06-01 API with AKS 1.25 version or higher. You can migrate pod security policy to pod security admission controller before the deprecation deadline.
• Azure Policy will be updated to GateKeeper 3.11 on Feb 20th for AKS 1.24 and up.

Release notes

• Bug Fix
  • In 2023-01-01 Azure API, a hot fix is released and currently rolling out to fix this (bug)[https://github.com//issues/3481] and returns 400 error on PUT requests to "Base" or "Standard" parameters, allowing customers to still use "Basic" parameter in ManagedClusterSKUName with "Free" or "Paid" parameters in ManagedClusterSKUTier.
• Behavior Changes
  • Clusters on upgrade-channel nodeimage or nodeos-channel will no longer pull security updates through unattended upgrade. They will now get security updates through the weekly node image upgrade.
  • Clusters with automatic node image upgrades (node-image auto-upgrade channel) will have nightly in-place patches turned off. You can set your own schedule (via upgrade schedules).
• Component Updates
  • Azure Disk CSI driver has been upgraded to v1.26.2.
  • AKS Ubuntu 18.04 image has been updated to AKSUbuntu-1804-2023.02.15.
  • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-2204-2023.02.15.
  • AKS Windows 2019 image has been updated to 17763.4010.230216.
  • AKS Windows 2022 image has been updated to 20348.1547.230216.
  • AKS Mariner image has been updated to AKSMariner-2023.02.15.

Release 2023-02-12

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• Starting with Kubernetes 1.26:
  • HostProcess Containers will be GA
  • Some AKS labels will be deprecated. Update your AKS labels to the recommended substitutions. See more information on label deprecations and how to update your labels in the Use labels in an AKS cluster documentation.
• Starting with Kubernetes 1.27:
  • The Max Surge default value will change on newly created nodepools from 1 to 10%.
• AKS began pod security policy deprecation on 2022-11-01 API. The pod security policy will be removed completely on 2023-06-01 API with AKS 1.25 version or higher. You can migrate pod security policy to pod security admission controller before the deprecation deadline.
• Azure Policy will be updated to GateKeeper 3.11 on Feb 20th for AKS 1.24 and up.
• Starting from the release of 2023-02-19, clusters with automatic node image upgrades (node-image auto-upgrade channel) will have nightly in-place patches turned off. Node image auto upgrade offers a better idempotent way to receive these fixes on a schedule (via upgrade schedules). Clusters not using the node-image auto-upgrade channel remain unchanged in preparation for the release of the OS Upgrade Channel functionality.

Release notes

• Preview Features
  • Kubernetes 1.26.0 is now in Public Preview.
• Behavior Changes
  • Auto-upgrade Patch channel can now be set in any patch version of a supported Kubernetes minor version and it will bring the cluster to the latest supported patch.
• Component Updates
  • Azure CNI for Windows has been updated to version 1.4.41.
  • Windows Calico updated to v3.24.0 for Kubernetes v1.24+.
  • AKS Ubuntu 18.04 image has been updated to AKSUbuntu-1804-2023.02.09.
  • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-2204-2023.02.09.
  • AKS Mariner image has been updated to AKSMariner-2023.02.09.

Release 2023-02-05

Azure Kubernetes Service Changelog

Release 2023-02-05

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• AKS introduces a new Standard tier which includes the previous standalone uptime SLA in addition to improved capabilities over the Free tier. Read the blog to learn more about the launch of the Standard tier. Azure API is updated to include the new “Standard” tier, as a result, "Basic" and "Paid" will be removed in the 2023-07-01 API version, and this will be a breaking change in API version 2023-07-01 or newer. If you use automated scripts, CD pipelines, ARM templates, Terraform, or other third-party toolings that rely on the above parameters, please be sure to make the necessary changes before upgrading to the 2023-07-01 or newer API version. From API version 2023-01-01 and newer, you can start transitioning to the new API parameters "Base" and "Standard".
• Starting with Kubernetes 1.26:
  • HostProcess Containers will be GA
  • Some AKS labels will be deprecated. Update your AKS labels to the recommended substitutions. See more information on label deprecations and how to update your labels in the Use labels in an AKS cluster documentation.
• Starting with Kubernetes 1.27:
  • The Max Surge default value will change on newly created nodepools from 1 to 10%.
• AKS began pod security policy deprecation on 2022-11-01 API. The pod security policy will be removed completely on 2023-06-01 API with AKS 1.25 version or higher. You can migrate pod security policy to pod security admission controller before the deprecation deadline.
• Azure Policy will be updated to GateKeeper 3.11 on Feb 20th for AKS 1.24 and up.
• Workload Identity: Application pods using workload identity will need the following label added azure.workload.identity/use starting with the 2023-01-29 release. Add the label to your running pods/deployments to avoid pods from failing at restart. See more here.
• The aks swagger api specs now moved under a subfolder per the issue.

Release notes

• Bug Fix
  • HTTP Proxy Fixed an issue on the "No Proxy" update - where the cluster FQDN would be removed from noProxy on updates.
• Component Updates
  • Add support for defender agent to run on FIPS machines.
  • Managed Prometheus addon image release. See release notes.
  • Clients (e.g. portal / CLI / powershell) can now discover the trusted access role bindings operations on available operations.
  • AKS Ubuntu 18.04 image AKSUbuntu-1804-2023.01.26 addresses an issue where fips_enabled would be set to 0 while running on a fips kernel.
  • AKS Ubuntu 18.04 image has been updated to AKSUbuntu-1804-2023.02.01.
  • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-2204-2023.02.01.
  • AKS Mariner image has been updated to AKSMariner-2023.02.01.

Release 2023-01-29

Azure Kubernetes Service Changelog

Release 2023-01-29

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• Starting with Kubernetes 1.26:
  • HostProcess Containers will be GA
  • Some AKS labels will be deprecated. Update your AKS labels to the recommended substitutions. See more information on label deprecations and how to update your labels in the Use labels in an AKS cluster documentation.
• AKS began pod security policy deprecation on 2022-11-01 API. The pod security policy will be removed completely on 2023-06-01 API with AKS 1.25 version or higher. You can migrate pod security policy to pod security admission controller before the deprecation deadline.
• Azure Policy will be updated to GateKeeper 3.11 on Feb 20th for AKS 1.24 and up.
• Workload Identity: Application pods using workload identity will need the following label added azure.workload.identity/use starting with the 2023-01-29 release. Add the label to your running pods/deployments to avoid pods from failing at restart. See more here.

Release notes

• Features
  • New k8s patch versions for 1.23: Added 1.23.15, removed 1.23.8
  • HTTP Proxy now allows updating the "No Proxy" configuration after cluster deployment using aks update.
• Preview Feature
  • Azure CNI Overlay now available in uksouth, australiaeast
• Component Updates
• Container Insights addon upgraded to ciprod01182023.
• Azure NPM addon upgraded to v1.4.32 in SOV Clouds.
• AKS Ubuntu 18.04 image has been updated to AKSUbuntu-1804-2023.01.25.
• AKS Ubuntu 22.04 image has been updated to AKSUbuntu-2204-2023.01.25.
• AKS Mariner image has been updated to AKSMariner-2023.01.25.

Release 2023-01-22

Azure Kubernetes Service Changelog

Release 2023-01-22

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• Starting with Kubernetes 1.26:
  • HostProcess Containers will be GA
  • Some AKS labels will be deprecated. Update your AKS labels to the recommended substitutions. See more information on label deprecations and how to update your labels in the Use labels in an AKS cluster documentation.
• AKS began pod security policy deprecation on 2022-11-01 API. The pod security policy will be removed completely on 2023-06-01 API with AKS 1.25 version or higher. You can migrate pod security policy to pod security admission controller before the deprecation deadline.
• Azure Policy will be updated to GateKeeper 3.11 on Feb 20th for AKS 1.24 and up.

Release notes

• Features
  • New k8s patch versions for 1.24 and 1.25: Added 1.24.9, removed 1.24.3; added 1.25.5, removed 1.25.2
• Preview Feature
  • New AKS Auto Upgrade Schedule "aksmanagedAutoUPgradeSchedule" that offers better controls, flexibility like quarterly , biweekly, bimonthly etc. Read more
• Bug Fix
  • Add multiple replicas for the OSM injector for clusters versioned lower than 1.24. Initially AKS added an HPA and removed the explicit replicas count, but the HPA was conditionally added only for clusters >= 1.24. The fix ensures that the replica count will continue to exist for lower version clusters.
• Component Updates
  • The Managed Prometheus addon now supports ARM64 nodepools.
  • Workload Identity addon upgraded to 0.15.0
  • CSI Secret Store addon upgraded to v1.4
  • Cilium AKS addon upgraded to 1.12.5
  • CSI-proxy upgraded to v1.0.2 on Windows node
  • AKS Ubuntu 18.04 image has been updated to AKSUbuntu-1804-2023.01.19.
  • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-2204-2023.01.19.
  • AKS Mariner image has been updated to AKSMariner-2023.01.19.

Release 2023-01-15

Release 2023-01-15

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• Starting with Kubernetes 1.26:
  • HostProcess Containers will be GA
  • Some AKS labels will be deprecated. Update your AKS labels to the recommended substitutions. See more information on label deprecations and how to update your labels in the Use labels in an AKS cluster documentation.
• AKS began pod security policy deprecation on 2022-11-01 API. The pod security policy will be removed completely on 2023-06-01 API with AKS 1.25 version or higher. You can migrate pod security policy to pod security admission controller before the deprecation deadline.

Release notes

• Behavior Changes
  • AKS clusters deployed in dual-stack (IPv4/IPv6) mode and utilizing instance-level public IP addresses will now receive both IPv4 and IPv6 public IP addresses. This enables the instance-level public IP feature for IPv6, whereas previously IPv6 traffic would still egress the cluster via the standard outbound configuration.
  • The nosharesock option has been added to the default Azure Files dynamic storage class to address this GitHub issue.
• Component Updates
  • Azure Monitor Managed Prometheus has been updated to release 01-11-2023.
  • AKS Ubuntu 18.04 image has been updated to AKSUbuntu-1804-2023.01.10.
  • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-2204-2023.01.10.
  • AKS Mariner image has been updated to AKSMariner-2023.01.10.
  • AKS Windows 2022 image has been updated to 20348.1487.230111.
  • AKS Windows 2019 image has been updated to 17763.3887.230111.
  • Azure Policy will be updated to GateKeeper 3.11 on Feb 20th for AKS 1.24+.
  • Containerd on Windows has been updated to v1.6.14.
  • Open Service Mesh Addon has been updated to v1.2.3 for clusters running AKS 1.24+.