Release 2024-08-05

Release 2024-08-05

Monitor the release status by regions at AKS-Release-Tracker. This release is titled as v20240805.

Announcements

• AKS will be upgrading the KEDA addon to more recent KEDA versions. The AKS team has added KEDA 2.15 on AKS clusters with K8s versions >=1.31, KEDA 2.14 for Kubernetes v1.30. KEDA 2.15 and KEDA 2.14 will introduce multiple breaking changes which are listed below:
  • KEDA 2.15 for Kubernetes >=1.31: The removal of Pod Identity support. If you use pod identity, we recommend you move over to workload identity for your authentication.
  • KEDA 2.14 for Kubernetes = 1.30: The removal of Azure Data Explorer 'metadata.clientSecret' as it was not safe for managing secrets.
  • KEDA 2.14 for Kubernetes = 1.30: Removal of the deprecated metricName from trigger metadata section. The two impacted Azure Scalers are Azure Blob Scaler and Azure Log Analytics Scaler. If you are using metricName today, please move metricName outside of trigger metadata section totrigger.name in the trigger section to optionally name your trigger. To view an example of what this would look like, please view the open GitHub issue.

Release Notes

• Features:

  • AKS version 1.30 is now available and will be the next LTS version of AKS. You can now upgrade your 1.27 clusters to 1.30 during the LTS period.
  • Updating an existing node pool to enable or disable FIPS is now Generally Available.
  • AKS patch versions 1.30.3, 1.29.7, 1.28.12, 1.27.16 are now available. Refer to version support policy and upgrading a cluster for more information.
  • Istio add-on now only allows EnvoyFilters of the types Lua, local rate limiting, and gzip compression.
  • Telemetry API v1 is now available for the Istio based service mesh add-on.
  • The AKS extension for Visual Studio Code now supports the ability to attach an ACR to your cluster, generate Kubernetes deployment files, generate Dockerfiles, and generate GitHub Actions.
  • The ignore-daemonsets-utilization, daemonset-eviction-for-empty-nodes, and daemonset-eviction-for-occupied-nodes parameters on the cluster autoscaler profile are GA from API version 2024-05-01 onwards. If you are using the CLI to update these flags, please ensure you are using version 2.63 or later.

• Bug fixes:

  • Fixed a bug where sometimes NodePublicIPPrefixID could show unset on a cluster even though it was set.
  • Previously, as part of Istio addon canary upgrade, users had to manually copy their edits to HorizontalPodAutoscaler from old revision to new revision. This has been fixed so that changes done to Horizontal Pod Autoscaler will be automatically copied for the newer revision.
  • Added validation that if a LTS cluster has a node pool on non-LTS version, upgrade to the next LTS version is blocked.

• Behavior change:

  • When Advanced Networking Observability is enabled, increased memory limit of 700Mi (from 400Mi) is used for retina-agent.
  • GOMAXPROCS for coredns has been set to equal CPU limit to avoid throttling.
  • In Azure CNI, init-cni-dropgz initContainer has been renamed to cni-installer.
  • Validation for minimum 5 minutes has been introduced for drain timeout value to prevent drain issues during upgrade.
  • query label removed from dns metrics in Advanced Network Observability.
  • Control plane only AKS upgrades will now reconcile node pools to desired state. For example, previously let's say a user did did a Kubernetes upgrade and network plugin mode transition to overlay where a reimaging of the nodes was required, but it wasn't done as nodes were skipped. Going ahead nodes will be reconciled in these circumstances.

• Component updates:

  • To address scheduler issues fixed in this upstream change, 1.27.15, 1.28.11, 1.29.6 schedulers versions will be used for Kubernetes versions 1.27.14, 1.28.10, 1.29.5 respectively.
  • Updated Azure Blob CSI driver to v1.22.7 on AKS version 1.27.
  • For Node Auto Provisioning, Azure provider of Karpenter is upgraded to v0.5.1.
  • Updated Azure Monitor Container Insights image to v3.1.23.
  • Azure Monitor managed service for Prometheus images updated to 07-19-2024 release.
  • Updated Eraser version to v1.3.1 for Image Cleaner.
  • Updated Azure Disk CSI driver to v1.28.9 on AKS 1.27 and to v1.29.7 on AKS 1.28 and 1.29.
  • Updated Azure File CSI driver to v1.28.11 on AKS 1.27, to v1.29.6 on AKS 1.28, and to v1.30.3 on AKS 1.29.
  • Updated Ratify image used in Image Integrity to v1.2.0.
  • Updated Cilium version has been updated to 1.14.12 for AKS cluster with versions >= 1.29 and Advanced Network Observability enabled.
  • Istio-based service mesh add-on revision asm-1-21 has been upgraded to patch v1.21.4 and revision asm-1-22 has been upgraded to patch v1.22.2. Users can restart the workload pods to trigger re-injection of the newer patch version of istio-proxy. More information can be found here.
  • Updated Windows Kubernetes packages in all AKS versions to address CVE-2024-5321.
  • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-202407.29.0.
  • Azure Linux image has been updated to AzureLinux-202407.29.0.
  • AKS Windows Server 2019 image has been updated to AKSWindows-2019-17763.6054.240716.
  • AKS Windows Server 2022 image has been updated to AKSWindows-2022-20348.2582.240716.