Skip to content

Release 2024-06-09
Compare
Choose a tag to compare
@kaarthis kaarthis released this 17 Jun 19:54
· 186 commits to master since this release
2024-06-09
993cc4f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Monitor the release status by regions at AKS-Release-Tracker. This release is titled as v20240609.

Announcements

  • Starting 1.30 Kubernetes version and 1.27 LTS versions, beta apis will be disabled by default, when you upgrade to them. There will be an option provided to explicitly enable beta apis closer to the 1.30 release.
  • Starting 1.30 Kubernetes version, apiserver will have --service-account-extend-token-expiration set to false on OIDC issuer enabled clusters. In versions prior to 1.30, service account tokens injected into pods were given an extended lifetime so they remain valid even after a new refreshed token is provided. Prior to upgrading to 1.30, the metric serviceaccount_stale_tokens_total and the audit annotation authentication.k8s.io/stale-token can be used to monitor for workloads that depend on the extended lifetime and are continuing to use tokens even after a refreshed token is provided to the container. If no action is taken, workloads depending on the extended lifetime will break once the cluster is upgraded to 1.30. See reference for details.
  • Istio service mesh addon revision asm-1-19 is no longer supported. If you are still using this revision on your cluster, please upgrade for continued support. More information about mesh upgrades and version support can be found here.
  • Container Insights has automatically migrated from legacy authentication to managed authentication on AKS clusters where the Container Insights addon was enabled with legacy authentication. This migration occurs when any feature, such as the cost-analysis addon or authorized IP ranges, is enabled using the preview API version 2023-07-02-preview or later. This unintended migration has caused monitoring to break, this issue has been fixed for new clusters. To mitigate this issue on existing clusters, re-onboarding or re-configuring of Container Insights is required.

Release Notes

  • Features:

  • Preview Features:

    • AKS version 1.30 is available in preview.

  • Bug Fixes:

    • CoreDNS has been updated to use image v1.9.4-hotfix.20240520 on all AKS clusters above version 1.24. This updated image addresses CVE vulnerabilities.
    • Updated cilium to version 1.14.10 for K8s version 1.29+, to fix the issue where the host network is broken and remains broken even if the underlying interface goes up again.
    • Removes the post-upgrade annotation on hubble-generate-cert Job. On each aks cluster reconcile, the helm chart revision is incremented which counts as an upgrade. Each time the helm chart is upgraded or installed this job will restart. This change fixes that to not restart on helm chart upgrades and successfully clean up.
    • Windows containerd has been upgraded from v1.7.14 to v1.7.17 in K8s v1.28+. This upgrade fixes two bugs resulting in a wrong default path and a deadlock issue.
    • Fixed the following issues for AKS Edge zone support -
      • Fixed bug where clusters with ExtendedLocation set would accept create node pool with availability zones even though availability zones aren't supported in ExtendedLocation mode.
      • Fixed bug where edgezone was previously being wrongly accepted in small case. Only EdgeZone is accepted.

  • Component Updates:

    • Changing cilium operator tolerations to match cilium-agent. Adding tolerations for NoExecute and NoSchedule. This should fix a race condition in upgrades, where cilium-operator cannot schedule due to node taint.
    • Retina Enterprise and Operator image update v0.0.8.
    • Updated linux cni versions to v1.4.54 and v1.5.28.
    • Gatekeeper is updated to 3.16 for kubernetes versions 1.27+.
    • Updated Cilium to v1.13.13 for Kubernetes v1.28.0+.
    • Upgrade azure disk csi-drivers to 1.29.6 on AKS 1.28 and 1.29.
    • Updated the aks app routing operator nginx version from 1.9 to 1.10.
    • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-202406.07.0.
    • Azure Linux image has been updated to AzureLinux-202406.07.0.
    • AKS Windows Server 2019 image has been updated to AKSWindows-2019-17763.5936.240612.
    • AKS Windows Server 2022 image has been updated to AKSWindows-2022-20348.2527.240612.
Assets 2
Loading