Release 2022-07-10

Release 2022-07-10

This release is rolling out to all regions - estimated time for completed roll out is 2022-07-22 for public cloud and 2022-07-25 for sovereign clouds.
Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• Starting with Kubernetes 1.24, the following changes will be made default:
  • The default format of clusterUser credential for AAD enabled clusters will be ‘exec’, which requires kubelogin binary in the execution PATH. If you are using Azure CLI, it will prompt users to download kubelogin. There will be no behavior change for non-AAD clusters, or AAD clusters whose version is older than 1.24. Existing downloaded kubeconfig will still work. We provide an optional query parameter ‘format’ when getting clusterUser credential to overwrite the default behavior change, you can explicitly specify format to ‘azure’ to get old format kubeconfig.
  • The NodeRestriction Admission Controller will be enabled. This will allow users to enable/disable node restriction.
  • CoreDNS version 1.9.2 will be default version. With this new version of CoreDNS wildcard queries are no longer allowed.
  • metrics-server version 0.6.1 will be the default version.
  • metrics-server vertical pod autoscaler will be enabled.
• Kubernetes 1.21 version deprecation will start taking effect from July 31st, 2022.
• Update your AKS labels to the recommended substitutions before deprecation after the Kubernetes v1.24 release. See more information on label deprecations and how to update your labels in the Use labels in an AKS cluster documentation.
• Konnectivity rollout is finished in global and started in Sovereign (China, USGov).

Release notes

• Features
  • Microsoft Defender cloud-native security agent for AKS clusters is now generally available.
• Bug Fixes
  • The nodepools will not inherit node resource group tags in az aks create --tags and az aks update --tags scenarios. Because nodepools have az aks nodepool add --tags and az aks nodepool update --tags.
• Component Updates
  • AKS Ubuntu 18.04 image updated to AKSUbuntu-1804-2022.07.04.
  • omsagent update ciprod06272022.

Release 2022-07-03

Release 2022-07-03

This release is rolling out to all regions - estimated time for completed roll out is 2022-07-15 for public cloud and 2022-07-18 for sovereign clouds.
Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• Starting with this release, the pod memory limit for Azure NPM has been increased from 300 MB to 1 GB for clusters with the uptime SLA enabled. Requests will stay at 300 MB.
• Starting with Kubernetes 1.24, the following changes will be made default:
  • The default format of clusterUser credential for AAD enabled clusters will be ‘exec’, which requires kubelogin binary in the execution PATH. If you are using Azure CLI, it will prompt users to download kubelogin. There will be no behavior change for non-AAD clusters, or AAD clusters whose version is older than 1.24. Existing downloaded kubeconfig will still work. We provide an optional query parameter ‘format’ when getting clusterUser credential to overwrite the default behavior change, you can explicitly specify format to ‘azure’ to get old format kubeconfig.
  • The NodeRestriction Admission Controller will be enabled. This will allow users to enable/disable node restriction.
  • CoreDNS version 1.9.2 will be default version. With this new version of CoreDNS wildcard queries are no longer allowed.
  • metrics-server version 0.6.1 will be the default version.
  • metrics-server vertical pod autoscaler will be enabled.
• Kubernetes 1.21 version deprecation will start taking effect from July 31st, 2022.
• Update your AKS labels to the recommended substitutions before deprecation after the Kubernetes v1.24 release. See more information on label deprecations and how to update your labels in the Use labels in an AKS cluster documentation.
• Kubernetes patch versions 1.21.14, 1.22.11, and 1.23.8 are now available; Kubernetes patch versions 1.21.7, 1.22.4, and 1.23.3 are deprecated and removed. Learn more about Kubernetes version support policy followed by AKS here.
• Konnectivity rollout is done for most regions. Targeting end of this week for completion of rollout to the remaining regions - centralus, westus, germanynorth, westeurope, australiacentral2, australiasoutheast, brazilsoutheast, canadaeast, francesouth, japanwest, jioindiacentral, koreasouth, norwaywest, southafricawest, southcentralus, southeastasia, southindia, swedensouth, switzerlandwest, uaecentral, westus3.

Release notes

• Features
  • Node pool start/stop is now generally available.
• Bug Fixes
• Fixed issue on 1.24+ clusters with Windows node pools and Calico as network policy to automatically create the service account required for installing Calico.
• Set priorityClassName to system-node-critical for Azure Key Vault Provider for Secrets Store CSI Driver addon to prevent scheduling issues arising from saturation by non-critical workloads.
• Component Updates
  • AKS Ubuntu 18.04 image updated to AKSUbuntu-1804-2022.06.29.

Release 2022-06-26

Release 2022-06-26

This release is rolling out to all regions - estimated time for completed roll out is 2022-07-08 for public cloud and 2022-07-11 for sovereign clouds.
Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• Starting with the July 3rd, 2022 AKS release, Azure NPM will increase its pod memory limit from 300 MB to 1 GB for clusters with the uptime SLA enabled. Requests will stay at 300 MB.
• Starting with Kubernetes 1.24, the following changes will be made default:
  • The default format of clusterUser credential for AAD enabled clusters will be ‘exec’, which requires kubelogin binary in the execution PATH. If you are using Azure CLI, it will prompt users to download kubelogin. There will be no behavior change for non-AAD clusters, or AAD clusters whose version is older than 1.24. Existing downloaded kubeconfig will still work. We provide an optional query parameter ‘format’ when getting clusterUser credential to overwrite the default behavior change, you can explicitly specify format to ‘azure’ to get old format kubeconfig.
  • The NodeRestriction Admission Controller will be enabled. This will allow users to enable/disable node restriction.
  • CoreDNS version 1.9.2 will be default version. With this new version of CoreDNS wildcard queries are no longer allowed.
  • metrics-server version 0.6.1 will be the default version.
  • metrics-server vertical pod autoscaler will be enabled.
• Kubernetes 1.21 version deprecation will start taking effect from July 31st, 2022.
• Konnectivity rollout will continue in May 2022 and is expected to complete by end of June.
• Update your AKS labels to the recommended substitutions before deprecation after the Kubernetes v1.24 release. See more information on label deprecations and how to update your labels in the Use labels in an AKS cluster documentation.

Release notes

• Features
  • Calico Network Policy is now generally available for Windows Server 2019 and 2022. This new feature allows customers to use network policies with Windows Server on AKS. Customers can also enable and use both Linux and Windows network policies in a single cluster. This feature will be available from Kubernetes 1.20. Please take note of common issues related to this change in our troubleshooting documentation.
• Preview Features
  • API Server VNet Integration is available in preview.
• Component Updates
  • AKS Ubuntu 18.04 image updated to AKSUbuntu-1804-2022.06.22.
  • AKS Windows 2019 image has been updated to 17763.3046.220624.
  • AKS Windows 2022 image has been added with version 20348.768.220624.
  • Application Gateway Ingress Controller add-on has been updated to version 1.5.2.
  • The Open Service Mesh addon image has been updated from version 1.0.0 to version 1.1.1 for AKS clusters running 1.23.5+. Please note the breaking change mentioned in the version 1.1.0 release notes.

Release 2022-06-19

Release 2022-06-19

This release is rolling out to all regions - estimated time for completed roll out is 2022-07-01 for public cloud and 2022-07-04 for sovereign clouds.
Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• Starting with the June 26th, 2022 AKS release, Azure NPM will increase its pod memory limit from 300 MB to 1 GB for clusters with the uptime SLA enabled. Requests will stay at 300 MB.
• Starting with Kubernetes 1.24, the following changes will be made default:
  • The default format of clusterUser credential for AAD enabled clusters will be ‘exec’, which requires kubelogin binary in the execution PATH. If you are using Azure CLI, it will prompt users to download kubelogin. There will be no behavior change for non-AAD clusters, or AAD clusters whose version is older than 1.24. Existing downloaded kubeconfig will still work. We provide an optional query parameter ‘format’ when getting clusterUser credential to overwrite the default behavior change, you can explicitly specify format to ‘azure’ to get old format kubeconfig.
  • The NodeRestriction Admission Controller will be enabled. This will allow users to enable/disable node restriction.
  • CoreDNS version 1.9.2 will be default version. With this new version of CoreDNS wildcard queries are no longer allowed.
  • metrics-server version 0.6.1 will be the default version.
• Kubernetes 1.21 version deprecation will start taking effect from July 31st, 2022.
• Konnectivity rollout will continue in May 2022 and is expected to complete by end of June.
• Update your AKS labels to the recommended substitutions before deprecation after the Kubernetes v1.24 release. See more information on label deprecations and how to update your labels in the Use labels in an AKS cluster documentation.

Release notes

• Preview Features
  • Disable CSI Storage Drivers available in Preview.
• Behavioral Changes
  • Nodepool snapshots will only allow taking snapshots from Nodepools with provisioning status as Succeeded.
• Bug Fixes
  • Fixed issue that prevented KEDA from scaling workloads. This could be observed previously as following status condition when describing the HorizontalPodAutoscaler for the KEDA scaled object: Cannot list resource "<external-metric-name>" in API group "external.metrics.k8s.io " in the namespace "<namespace-name>": RBAC: clusterrole.rbac.authorization.k8s.io "keda-operator-external-metrics-reader" not found
  • Update cloud-controller-manager versions to v1.24.2, v1.23.14, v1.1.17, v1.0.21 for Kubernetes 1.24, 1.23, 1.22, and 1.21 -
    • A new annotation is added in order to specify the PublicIP Prefix for creating IP of LB-service.beta. kubernetes.io/azure-pip-prefix-id: "/subscriptions/8ecadfc9-ffff-4ea4-ffff-0d9f87e4d7c8/resourceGroups/lodrem/providers/Microsoft.Network/publicIPPrefixes/bb" #1848.
    • Fix unexpected managed PLS deletion issue when ILB subnet is specified. #1835
    • Fix: avoid unnessary NSG updating on service reconciling #1850
    • Fix: panic when create private endpoint using azurefile NFS [#1816] (kubernetes-sigs/cloud-provider-azure#1816)
    • Remove redundant restriction on pls autoApproval and visibility.User can specify a list of subscriptions for visibility (e.g. "sub1 sub2") and a subset of this list for autoApproval (e.g. "sub1"). #1867
• Component Updates
  • AKS Ubuntu 18.04 image updated to AKSUbuntu-1804-2022.06.13.
  • AKS Windows 2019 image has been updated to 17763.2928.220615.
  • AKS Windows 2022 image has been added with version 20348.707.220525.
  • Updated Windows containerd package to v1.6.6.

Release 2022-06-12

Release 2022-06-12

This release is rolling out to all regions - estimated time for completed roll out is 2022-06-24 for public cloud and 2022-06-27 for sovereign clouds.

Announcements

• Starting with the June 26th, 2022 AKS release, Azure NPM will increase its pod memory limit from 300 MB to 1 GB for clusters with the uptime SLA enabled. Requests will stay at 300 MB.
• Starting with Kubernetes 1.24, the following changes will be made:
  • The default format of clusterUser credential for AAD enabled clusters will be ‘exec’, which requires kubelogin binary in the execution PATH. If you are using Azure CLI, it will prompt users to download kubelogin. There will be no behavior change for non-AAD clusters, or AAD clusters whose version is older than 1.24. Existing downloaded kubeconfig will still work. We provide an optional query parameter ‘format’ when getting clusterUser credential to overwrite the default behavior change, you can explicitly specify format to ‘azure’ to get old format kubeconfig.
  • The NodeRestriction Admission Controller will be enabled
  • CoreDNS version 1.9.2 will be default version. With this new version of CoreDNS wildcard queries are no longer allowed.
  • metrics-server version 0.6.1 will be the default version.
• Konnectivity rollout will continue in May 2022 and is expected to complete by end of June.
• Update your AKS labels to the recommended substitutions before deprecation after the Kubernetes v1.24 release. See more information on label deprecations and how to update your labels in the Use labels in an AKS cluster documentation.

Release notes

• Behavioral Changes
  • Upgrades for Spot Nodepools is now available starting this week : This will involve a cordon and an eviction notice. There is no Drain or Surge nodes available for the Spot nodepool upgrades.
• Component Updates
  • AKS Ubuntu 18.04 image updated to AKSUbuntu-1804-2022.06.08.
  • Upgrade Azure File CSI driver to v1.19.0
  • Upgrade Azure Disk CSI driver to v1.19.0
  • Cloud-controller-manager, azure SDK, & API version has been updated for v1.21.7 and v1.21.9 (see the version matrix to see which CCM version maps to which AKS version.

Release 2022-06-05

Release 2022-06-05

This release is rolling out to all regions - estimated time for completed roll out is 2022-06-17 for public cloud and 2022-06-20 for sovereign clouds.

Announcements

• Starting with the June 26th, 2022 AKS release, Azure NPM will increase its pod memory limit from 300 MB to 1 GB for clusters with the uptime SLA enabled. Requests will stay at 300 MB.
• Starting with Kubernetes 1.24, the following changes will be made:
  • The default format of clusterUser credential for AAD enabled clusters will be ‘exec’, which requires kubelogin binary in the execution PATH. If you are using Azure CLI, it will prompt users to download kubelogin. There will be no behavior change for non-AAD clusters, or AAD clusters whose version is older than 1.24. Existing downloaded kubeconfig will still work. We provide an optional query parameter ‘format’ when getting clusterUser credential to overwrite the default behavior change, you can explicitly specify format to ‘azure’ to get old format kubeconfig.
  • The NodeRestriction Admission Controller will be enabled
  • CoreDNS version 1.9.2 will be default version. With this new version of CoreDNS wildcard queries are no longer allowed.
  • metrics-server version 0.6.1 will be the default version.
• Konnectivity rollout will continue in May 2022 and is expected to complete by end of June.
• Update your AKS labels to the recommended substitutions before deprecation after the Kubernetes v1.24 release. See more information on label deprecations and how to update your labels in the Use labels in an AKS cluster documentation.

Release notes

• Features
  • AKS Release Tracker is now generally available.
• Behavioral Changes
  • Set agentPoolProfile default maxPods for new agentpools to align with the expected default maxPods based on the cluster's network configuration.
  • Reverted the changes of request values to api server to reduce churn on Uptime SLA enabled AKS clusters.
  • Konnectivity agent now uses a new Service Account konnectivity-agent, instead of the default Service Account.
• Bug fixes
  • CSI Secret Store removed limit of node-driver-registrar to address #2972
• Component Updates
  • AKS Ubuntu 18.04 image updated to AKSUbuntu-1804-2022.05.31.

Release 2022-05-29

Release 2022-05-29

This release is rolling out to all regions - estimated time for completed roll out is 2022-06-10 for public cloud and 2022-06-13 for sovereign clouds.

Announcements

• Starting with Kubernetes 1.24, the following changes will be made:
  • The default format of clusterUser credential for AAD enabled clusters will be ‘exec’, which requires kubelogin binary in the execution PATH. If you are using Azure CLI, it will prompt users to download kubelogin. There will be no behavior change for non-AAD clusters, or AAD clusters whose version is older than 1.24. Existing downloaded kubeconfig will still work. We provide an optional query parameter ‘format’ when getting clusterUser credential to overwrite the default behavior change, you can explicitly specify format to ‘azure’ to get old format kubeconfig.
  • The NodeRestriction Admission Controller will be enabled
• Konnectivity rollout will continue in May 2022 and is expected to complete by end of June.
• Update your AKS labels to the recommended substitutions before deprecation after the Kubernetes v1.24 release. See more information on label deprecations and how to update your labels in the Use labels in an AKS cluster documentation.

Release notes

• Features
  • Azure Key Vault with Private Link with KMS is now supported
  • Preview of Kubernetes 1.24
• Bug fixes
  • Add extra information in error messages when a subnet is full or drain issues are found
• Component Updates
  • Upgrade Azure File CSI driver to v1.18.0
  • AKS Ubuntu 18.04 image updated to AKSUbuntu-1804-2022.05.24.
  • AKS Windows 2019 image has been updated to 17763.2928.220525.
  • AKS Windows 2022 image has been added with version 20348.707.220525.

Release 2022-05-22

Release 2022-05-22

This release is rolling out to all regions - estimated time for completed roll out is 2022-06-03 for public cloud and 2022-06-06 for sovereign clouds.

Announcements

• From Kubernetes 1.23, containerd will be the default container runtime for Windows node pools. Docker support will be deprecated in Kubernetes 1.24. You are advised to test your workloads before Docker deprecation happens by following the documentation here.
• Starting with Kubernetes 1.24, the following changes will be made:
  • The default format of clusterUser credential for AAD enabled clusters will be ‘exec’, which requires kubelogin binary in the execution PATH. If you are using Azure CLI, it will prompt users to download kubelogin. There will be no behavior change for non-AAD clusters, or AAD clusters whose version is older than 1.24. Existing downloaded kubeconfig will still work. We provide an optional query parameter ‘format’ when getting clusterUser credential to overwrite the default behavior change, you can explicitly specify format to ‘azure’ to get old format kubeconfig.
  • The NodeRestriction Admission Controller will be enabled
• Konnectivity rollout will continue in May 2022 and is expected to complete by end of May.
• Update your AKS labels to the recommended substitutions before deprecation after the Kubernetes v1.24 release. See more information on label deprecations and how to update your labels in the Use labels in an AKS cluster documentation.

Release notes

• Features
  • AKS Cluster Extensions is now generally available.
  • Azure CNI dynamic IP allocation and enhanced subnet support is now generally available.
  • Alias minor version is now generally available.
  • Custom node configuration is now generally available.
  • Subnet per node pool is now generally available.
• Preview features
  • ARM64 agent pools is now in public preview.
  • Azure Disk CSI driver v2 is now in private preview.
  • Draft extension for Azure Kubernetes Service (AKS) is now in public preview.
  • KEDA add-on is now in public preview.
  • Web application routing add-on is now in public preview.
  • Windows Server 2022 host support is now in public preview.
• Bug fixes
  • BYOCNI nodes will no longer be provisioned with additional secondary IPs
  • Calls to admission webhooks in Konnectivity clusters will properly use the Konnectivity tunnel to reach the webhook URL
• Component Updates
  • Azure Disk CSI driver has been updated to v1.18.0
  • AKS Ubuntu 18.04 image updated to AKSUbuntu-1804-2022.05.10.
  • AKS Windows 2019 image has been updated to 17763.2928.220511.
  • AKS Windows 2022 image has been added with version 20348.707.220511.
  • Cloud controller manager has been updated to versions v1.23.12/v1.1.15/v1.0.19 (see the version matrix to see which CCM version maps to which AKS version)
  • CoreDNS has been updated to v1.8.7 for AKS clusters >=1.20.0. Clusters before 1.20.0 remain on 1.6.6.
  • external-dns has been updated to v0.10.2

Release 2022-05-08

Release 2022-05-08

This release is rolling out to all regions - estimated time for completed roll out is 2022-05-21 for public cloud and 2022-05-24 for sovereign clouds.

Announcements

• From Kubernetes 1.23, containerd will be the default container runtime for Windows node pools. Docker support will be deprecated in Kubernetes 1.24. You are advised to test your workloads before Docker deprecation happens by following the documentation here.
• Starting with 1.24 the default format of clusterUser credential for AAD enabled clusters will be ‘exec’, which requires kubelogin binary in the execution PATH. If you are using Azure CLI, it will prompt users to download kubelogin. There will be no behavior change for non-AAD clusters, or AAD clusters whose version is older than 1.24. Existing downloaded kubeconfig will still work. We provide an optional query parameter ‘format’ when getting clusterUser credential to overwrite the default behavior change, you can explicitly specify format to ‘azure’ to get old format kubeconfig.
• Konnectivity rollout will continue in May 2022 and is expected to complete by end of May.
• Update your AKS labels to the recommended substitutions before deprecation after the Kubernetes v1.24 release. See more information on label deprecations and how to update your labels in the Use labels in an AKS cluster documentation.

Release notes

• Public preview
  • AKS now supports updating kubelet on node pools to use a new or changed user-assigned managed identity.
• Bug Fixes
  • Fixes a bug with the AKS-EnableDualStack preview feature that would delete managed outbound IPv6 IPs if updating the cluster with a version of the API before the dual-stack parameters were added.
  • A validation to prevent adding clusters to a subnet with a NAT Gateway without setting the appropriate outboundType was applied to updates as well as creates, preventing changes to clusters in this situation. The validation has been removed from update calls.
• Component Updates
  • Azure File CSI driver has been updated to v1.6.
  • AKS Ubuntu 18.04 image updated to AKSUbuntu-1804-2022.05.04.

Release 2022-05-01

Release 2022-05-01

This release is rolling out to all regions - estimated time for completed roll out is 2022-05-13 for public cloud and 2022-05-16 for sovereign clouds.

Announcements

• From Kubernetes 1.23, containerd will be the default container runtime for Windows node pools. Docker support will be deprecated in Kubernetes 1.24. You are advised to test your workloads before Docker deprecation happens by following the documentation here.
• Starting with 1.24 the default format of clusterUser credential for AAD enabled clusters will be ‘exec’, which requires kubelogin binary in the execution PATH. If you are using Azure CLI, it will prompt users to download kubelogin. There will be no behavior change for non-AAD clusters, or AAD clusters whose version is older than 1.24. Existing downloaded kubeconfig will still work. We provide an optional query parameter ‘format’ when getting clusterUser credential to overwrite the default behavior change, you can explicitly specify format to ‘azure’ to get old format kubeconfig.
• Konnectivity rollout will continue in May 2022 and is expected to complete by end of May.
• Update your AKS labels to the recommended substitutions before deprecation after the Kubernetes v1.24 release. See more information on label deprecations and how to update your labels in the Use labels in an AKS cluster documentation.

Release notes

• Public preview
  • The aks-preview Azure CLI extension (version 0.5.66+) now supports running az aks update -g <resourceGroup> -n <clusterName> without any optional arguments. This will perform an update operation without performing any changes, which can recover a cluster stuck in a failure state.
  • AKS now supports updating kubelet on node pools to use a new or changed user-assigned managed identity.
• Behavioral changes
  • Kube-proxy now detects local traffic using the local interface subnet instead of cluster CIDR when using Azure CNI. For clusters that have agent pools in separate subnets, this ensures that kube-proxy NAT rules do not interfere with network policies enforced by Azure NPM. The configuration change applies to clusters running Azure CNI and Kubernetes version 1.23.3 or later.
  • Clusters deployed with outboundType loadBalancer but deployed in a subnet with an attached NAT gateway will be updatable. Deployment of clusters into a bring-your-own-vnet subnet with a NAT Gateway already attached will be blocked unless outboundType userAssignedNATGateway is passed. See NAT Gateway in the AKS Documentation for more details.
• Component Updates
  • Azure CNI has been updated to v1.4.22.
  • Cloud Provider Azure is being upgraded to v1.23.11/v1.1.14/v1.0.18/v0.7.21 (depending on AKS cluster version).