Docker Bridge CIDR field is being removed in the April 2023 Microsoft Azure Kubernetes Service API

[teocrispy91]

I recieved an email from microsoft stating the following :

We've detected that one or more of your subscription(s) are using the Docker Bridge CIDR field in the AKS API. This field is currently ignored by default and not validated, as it was made redundant during our change from Docker to containerD in Kubernetes version 1.19. Starting from April 2023 with the release of the 2023-04-01 AKS API version, the Docker Bridge CIDR field functionality will be removed. However, it will still be supported in all preexisting API versions without new updates. The April API will be fully implemented and available by 26 May 2023.
Required action
We recommend transitioning from the Docker Bridge CIDR field as it's no longer being validated. If you continue using this field in an API version after it is removed (2023-04-01 API version or later), your API request may be rejected. Furthermore, if you update to use one of the Azure SDKs released after April 2023, your code may not compile.

Question
What does this actuallly mean ? what are the actions i need to take

[MmAtBosch]

exactly, and what is the exact alternative i have to transition to?

[Baklap4]

Also got the mail. If i look up the network config i see i specified the docker bridge CIDR during installation of AKS. But not sure what i need to do now when my cluster is up and running just fine. Running kubernetes 1.24.x at the moment?

Does this mean when we have code/automation to create a cluster we have to remove this field since it won't work when executed at a later time?

[teocrispy91]

I had a call with ms and what they said is like these api upgrades come with kubernetes version upgrades. currently my cluster is also in1.24.x and it is safe to upgarde till 1.25.x is what they said and they are still dont have a clear picture of what code changes and effects this api brings. anyway it might come up with 1.26.x or 1.26.X version of the cluster so better to follow up with MS

[petrosmelachrinos]

Got the email as well. Just upgraded to version 1.25.x. I'm using terraform for managing the infra. Tried to remove docker_bridge_cidr field and the plan does not show any change. But when trying to create a new cluster in a dev environment i get:
Error: `docker_bridge_cidr`, `dns_service_ip` and `service_cidr` should all be empty or all should be set
So, I guess for now there is not way to set dns_service_ip and service_cidr without having set the docker_bridge_cidr

More context is needed for this release and the steps needed..

[siegenthalerroger]

Based on my understanding this can only really be relevant when creating/updating a cluster using the API (so using automation tools like terraform). I presume terraform will be updated in due course, I do however question MS' communication here.
@teocrispy91 I can promise you, the AKS weekly updates definitely also impact running clusters even with no k8s upgrades being manually applied so that's a bit of a cop-out answer. Maybe they effectively meant that the API endpoints aren't updated, but that would imply, that the API for creating a new cluster (or updating an old one) would be dependent on the k8s version which isn't the case when using terraform... very confusing.

[phealy]

This field used to be required for Docker when AKS used it as our container runtime. It has no bearing or effect on containerd-based clusters (which have been the default in Linux since AKS 1.19 and in Windows since AKS 1.23). It hasn't been validated on the AKS API since the end of 2021. We are removing the field from the 2023-04-01 API version so that you can stop including data that isn't used on our end. There is no action needed other than "when you update your templates or provisioning code (ARM, Bicep, SDK clients, etc.) to use the 2023-04-01 API version, you will need to stop sending this value if you are doing so today."

Terraform will need to make the same change in their code when they update to the Azure Go SDK version that uses the 2023-04-01 API. If you're using Terraform, you'll need to remove the line from your template after you update to the version that includes it.

We'll reach out to Hashicorp again and see if they can remove the validation that @petrosmelachrinos mentioned and I linked above in the next release, before the update - that will give you a window where you can stop sending the value before you are forced to remove it.

Sorry for any confusion in the communication - this was meant to be a simplification of cluster creation, and it's clearly been causing confusion instead.

[qpetraroia]

Hi folks,

Terraform has merged the removal PR.

[ghost]

Thanks for reaching out. I'm closing this issue as it was marked with "Answer Provided" and it hasn't had activity for 2 days.