Skip to content

Commit

Permalink
Release notes for 2025-01-06 release. (#4751)
Browse files Browse the repository at this point in the history 
* Update CHANGELOG.md 01-05-2025 release notes

Adding the release notes for v20250106

* Update CHANGELOG.md

* Update CHANGELOG.md

* Update CHANGELOG.md

* Update CHANGELOG.md

* Update CHANGELOG.md

* Update CHANGELOG.md

* Update CHANGELOG.md

* Update CHANGELOG.md

* Update CHANGELOG.md

* Update CHANGELOG.md

* Update CHANGELOG.md

* Update CHANGELOG.md

* Update CHANGELOG.md

* Update CHANGELOG.md

* Update CHANGELOG.md

* Update CHANGELOG.md

* Update CHANGELOG.md

Co-authored-by: Shashank Barsin <[email protected]>

* Update CHANGELOG.md

Co-authored-by: Shashank Barsin <[email protected]>

* Update CHANGELOG.md

Co-authored-by: Ally Ford <[email protected]>

* Update CHANGELOG.md

Co-authored-by: Shashank Barsin <[email protected]>

* Update CHANGELOG.md

* Update CHANGELOG.md

* Update CHANGELOG.md

* Update CHANGELOG.md

* Create 202501.12.0.txt

* Create 202501.05.0.txt

* Create 20348.2966.241218.txt

* Create 17763.6659.241226.txt

* Create 25398.1308.241226.txt

* Create 202501.12.0.txt

* Update CHANGELOG.md

* Update CHANGELOG.md

* Update CHANGELOG.md

* Update CHANGELOG.md

* Update CHANGELOG.md

* Update README.md to remove hiring seciton

* Update CHANGELOG.md

* Update CHANGELOG.md

* Update CHANGELOG.md

Co-authored-by: Shashank Barsin <[email protected]>

* Update CHANGELOG.md

* Update CHANGELOG.md

* Update CHANGELOG.md

* Update CHANGELOG.md

* Create 202501.05.0.txt

* Update CHANGELOG.md

* Update CHANGELOG.md

---------

Co-authored-by: Shashank Barsin <[email protected]>
Co-authored-by: Ally Ford <[email protected]>
  • Loading branch information
@pavneeta @shashankbarsin @allyford
3 people authored Jan 18, 2025
1 parent dc088d8 commit 1a9732d
Show file tree
Hide file tree
Showing 9 changed files with 3,903 additions and 19 deletions.
50 changes: 50 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,55 @@
# Azure Kubernetes Service Changelog

## Release 2025-01-06

Monitor the release status by regions at [AKS-Release-Tracker](https://releases.aks.azure.com/). This release is titled as `v20250106`.

### Announcements
* AKS Kubernetes version 1.28 is deprecated by Jan 30, 2025. Kindly upgrade your clusters to 1.29 version or above. Refer to [version support policy](https://learn.microsoft.com/azure/aks/supported-kubernetes-versions?tabs=azure-cli#kubernetes-version-support-policy) and [upgrading a cluster](https://learn.microsoft.com/azure/aks/upgrade-aks-cluster?tabs=azure-cli) for more information.

### Release Notes
* Features:
* AKS Kubernetes version 1.31 is now in GA.
* AKS Kubernetes patch versions 1.29.11, 1.30.7, 1.31.2, and 1.31.3 are now available.
* AKS LTS version 1.27.101 available in all regions since December 2024. This patches the kubelet [CVE-2024-10220](https://nvd.nist.gov/vuln/detail/CVE-2024-10220)
* [Advanced Container Networking Service](https://learn.microsoft.com/azure/aks/advanced-container-networking-services-overview?tabs=cilium) (ACNS) is Generally Available.

* Preview features:
* SeccompDefault is now an available parameter in custom node configuration. For more information on enabling seccomp profiles, see [Secure container access to resources](https://learn.microsoft.com/azure/aks/secure-container-access).

* Behavior change:
* [Invalid values sent to the Azure AKS API for the properties.mode field of AKS AgentPools will now be rejected](https://github.com/Azure/AKS/issues/4468). Prior to this change, unknown modes were assumed to be User. The only valid values for this field are the (case-sensitive) strings: "User", "System", or "Gateway".
* AKS no longer supports the [GPU image (preview)](https://github.com/Azure/AKS/issues/4472) to provision GPU-enabled AKS nodes. Alternative options that are supported today and recommended by AKS include the default experience with manual NVIDIA device plugin installation or the NVIDIA GPU Operator, detailed in [AKS GPU node pool documentation](https://learn.microsoft.com/azure/aks/gpu-cluster?tabs=add-ubuntu-gpu-node-pool#confirm-that-gpus-are-schedulable).
* [Kubernetes version 1.32 is the last version that supports Windows Server 2019](https://github.com/Azure/AKS/issues/4268). You will not be able to create new or upgrade existing Windows Server 2019 node pools in AKS versions 1.33+. Follow the detailed steps [in AKS documentation](https://aka.ms/aks/ws2019-migration) to transition to Windows Server 2022 or any newly supported Windows Server version by that date. After 1 March 2026, Windows Server 2019 won't be supported.
* New API throttling limit has been added to [PutManagedCluster](https://learn.microsoft.com/rest/api/aks/managed-clusters?view=rest-aks-2024-09-01) API for AKS. Please see [AKS resource provider throttling limits](aka.ms/aks/throttling) for more details.

* Bug Fix:
* GPU bootstrapping issue impacting GPU provisioning with Node Auto Provision has been fixed. Refer [Github issue](https://github.com/Azure/karpenter-provider-azure/pull/587) for more details.
* Fixed an issue in v1.31 where Cluster Autoscaler did not respond to external changes in Spot VMSS based nodepool's node count (e.g., evictions), leading to scale-up failures. Refer [Github Issue 7373](https://github.com/kubernetes/autoscaler/issues/7373) for more details.
* Resolved an issue [(NotFound error message)](https://learn.microsoft.com/en-us/azure/azure-resource-manager/troubleshooting/error-not-found?tabs=bicep#symptoms) when querying a VM which has been deleted, which results in the NodeClaim being stuck in notReady state resulting in the NodeClaim not being deleted.
* Fixed the windows nodes CNS pods restarting [Github issue](https://github.com/Azure/AKS/issues/4679) observed in clusters running on AKS +v1.27 Kubernetes version.

* Component updates:
* Tigera operator image version has been bumped to [v1.34.7](https://github.com/tigera/operator/releases/tag/v1.34.7) with this release, for clusters running Kubernetes version (and including) v1.30.0. This patches the following CVEs detected in the tigera operator - [CVE-2021-3999](https://nvd.nist.gov/vuln/detail/CVE-2021-3999), [CVE-2020-1751](https://nvd.nist.gov/vuln/detail/CVE-2020-1751), [CVE-2019-19126](https://nvd.nist.gov/vuln/detail/CVE-2019-19126), [CVE-2021-35942](https://nvd.nist.gov/vuln/detail/CVE-2021-35942), [CVE-2020-1752](https://nvd.nist.gov/vuln/detail/CVE-2020-1752), [CVE-2020-10029](https://nvd.nist.gov/vuln/detail/CVE-2020-10029), [CVE-2019-9169](https://nvd.nist.gov/vuln/detail/CVE-2019-9169), [CVE-2020-6096](https://nvd.nist.gov/vuln/detail/CVE-2020-6096), [CVE-2021-38604](https://nvd.nist.gov/vuln/detail/CVE-2021-38604), [CVE-2018-19591](https://nvd.nist.gov/vuln/detail/CVE-2018-19591), [CVE-2018-20796](https://nvd.nist.gov/vuln/detail/CVE-2018-20796), [CVE-2019-9192](https://nvd.nist.gov/vuln/detail/CVE-2019-9192), [CVE-2021-3326](https://nvd.nist.gov/vuln/detail/CVE-2021-3326), [CVE-2019-6488](https://nvd.nist.gov/vuln/detail/CVE-2019-6488), [CVE-2016-10739](https://nvd.nist.gov/vuln/detail/CVE-2016-10739), [CVE-2019-7309](https://nvd.nist.gov/vuln/detail/CVE-2019-7309), [CVE-2022-23219](https://nvd.nist.gov/vuln/detail/CVE-2022-23219), [CVE-2022-23218](https://nvd.nist.gov/vuln/detail/CVE-2022-23218), [CVE-2019-25013](https://nvd.nist.gov/vuln/detail/CVE-2019-25013), [CVE-2020-27618](https://nvd.nist.gov/vuln/detail/CVE-2020-27618).
* Azure Disks CSI driver version has been bumped to [v1.30.6](https://github.com/kubernetes-sigs/azuredisk-csi-driver/releases/tag/v1.30.6) for AKS clusters running AKS Kubernetes version +v1.30. This patches the following CVEs - [CVE-2024-51744](https://nvd.nist.gov/vuln/detail/CVE-2024-51744), [CVE-2024-50602](https://nvd.nist.gov/vuln/detail/CVE-2024-50602), [CVE-2024-9143](https://nvd.nist.gov/vuln/detail/CVE-2024-9143), [CVE-2019-11255](https://nvd.nist.gov/vuln/detail/CVE-2019-11255)
* Bumping the Azure CNI version from v1.4.56 to v1.4.58. This patches the CVE regarding grpc 1.52.0 dependencies - [CVE-2023-2976](https://nvd.nist.gov/vuln/detail/CVE-2023-2976), [CVE-2020-8908](https://nvd.nist.gov/vuln/detail/CVE-2020-8908)
* Cilium container image version bumped to [v1.14.15-241024](https://github.com/cilium/cilium/releases/tag/v1.14.15) for AKS clusters running k8s version greater than v1.29.
* AKS Azure Linux v2 image has been updated to [202501.12.0](vhd-notes/AzureLinux/202501.12.0.txt)
* AKS Azure Linux v3 image has been updated to [202501.05.0](vhd-notes/Azurelinuxv3/202501.05.0.txt)
* AKS Ubuntu 22.04 node image has been updated to [202501.12.0](vhd-notes/aks-ubuntu/AKSUbuntu-2204/202501.12.0.txt)
* AKS Windows Server 2022 image has been updated to [v20348.2966.241218](vhd-notes/AKSWindows/2022/20348.2966.241218.txt)
* AKS Windows Server 2019 image has been updated to [17763.6659.241226](vhd-notes/AKSWindows/2019/17763.6659.241226.txt)
* AKS Windows Server 23H2 image has been updated to [25398.1308.241226](vhd-notes/AKSWindows/23H2/25398.1308.241226.txt)
* App routing operator updated to [0.2.1-patch-6 ](https://github.com/Azure/aks-app-routing-operator/releases/tag/v0.2.1-patch-6)for K8s < 1.30 and which upgrades external-dns to version [0.15.0](https://github.com/kubernetes-sigs/external-dns/releases/tag/v0.15.0) fixing a number of CVEs ([CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325), [GHSA-m425-mq94-257g](https://github.com/advisories/GHSA-m425-mq94-257g), [CVE-2024-24790](https://nvd.nist.gov/vuln/detail/CVE-2024-24790), [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325), [CVE-2023-45283](https://nvd.nist.gov/vuln/detail/CVE-2023-45283), [CVE-2023-45288](https://nvd.nist.gov/vuln/detail/CVE-2023-45288), [CVE-2024-34156](https://nvd.nist.gov/vuln/detail/CVE-2024-34156))
* App routing operator updated to [0.2.3-patch-3](https://github.com/Azure/aks-app-routing-operator/releases/tag/v0.2.3-patch-3) for K8s +1.30 which fixes an issue where Open Service Mesh would not reload correctly on Nginx deployment updates. The Prometheus metrics endpoint has now been moved to a separate Service called nginx-metrics behind a ClusterIP. Prometheus scraping will continue to work as expected.
* Cost-analysis-agent image upgraded from v0.0.18 to v0.0.19. this upgrades the [golang-jwt](https://pkg.go.dev/github.com/golang-jwt/jwt/v4) dependency in cost-analysis-agent to patch [CVE-2024-51744](https://nvd.nist.gov/vuln/detail/CVE-2024-51744)
* [Promtheus collector](https://github.com/Azure/prometheus-collector/blob/main/RELEASENOTES.md) for Azure Monitor managed service for Prometheus addon version bumped from 6.10.1-main-10-04-2024-77dcfe3d to 6.11.0-main-10-21-2024-91ec49e3. This fixes a bug where the minimal ingestion profile keep list was not being honored.
* Application Gateway ingress controller addon version bumped from 1.7.4 to 1.7.6 for clusters with AKS Kubernetes version greater than or equal to 1.27. please find more details [here](https://github.com/Azure/application-gateway-kubernetes-ingress/releases/tag/1.7.6)
* Retina enterprise and operator image version bumped to [v0.1.3](https://github.com/azure-networking/retina-enterprise/releases/tag/v0.1.3). This resolves the following CVEs - [CVE-2024-37307](https://nvd.nist.gov/vuln/detail/CVE-2024-37307), [CVE-2024-42486](https://nvd.nist.gov/vuln/detail/CVE-2024-42486), [CVE-2024-42487](https://nvd.nist.gov/vuln/detail/CVE-2024-42487), [CVE-2024-42488](https://nvd.nist.gov/vuln/detail/CVE-2024-42488), [CVE-2024-47825](https://nvd.nist.gov/vuln/detail/CVE-2024-47825), and [CVE-2023-45288](https://nvd.nist.gov/vuln/detail/CVE-2023-45288) and changes for high-level filtering of some metric labels. This results in less irrelevant metric collection which can affect clusters at a large scale.
* Retina basic image version bumped to [v0.0.17](https://github.com/microsoft/retina/releases/tag/v0.0.17) which patches the following CVEs: [CVE-2024-37307](https://nvd.nist.gov/vuln/detail/CVE-2024-37307), [CVE-2024-42486](https://nvd.nist.gov/vuln/detail/CVE-2024-42486), [CVE-2024-42487](https://nvd.nist.gov/vuln/detail/CVE-2024-42487), [CVE-2024-42488](https://nvd.nist.gov/vuln/detail/CVE-2024-42488), [CVE-2024-47825](https://nvd.nist.gov/vuln/detail/CVE-2024-47825), and [CVE-2023-45288](https://nvd.nist.gov/vuln/detail/CVE-2023-45288). This also changes for high-level filtering of some metric labels. This results in less irrelevant metric collection which can affect clusters at a large scale
* NPM image version bumped to [v1.5.39](https://github.com/Azure/azure-container-networking/releases/tag/v1.5.39) to fix potential connectivity issues for clusters with "azure" network policy manager on nodes with high scale of iptables rules and [CVE-2024-34155](https://nvd.nist.gov/vuln/detail/CVE-2024-34155), [CVE-2024-34156](https://nvd.nist.gov/vuln/detail/CVE-2024-34156), and [CVE-2024-34158](https://nvd.nist.gov/vuln/detail/CVE-2024-34158)
* Istio-based service mesh add-on revision asm-1-23 has been upgraded to patch [v1.23.4](https://istio.io/latest/news/releases/1.23.x/announcing-1.23.4/), revision asm-1-22 has been upgraded to patch [v1.22.7](https://istio.io/latest/news/releases/1.22.x/announcing-1.22.7/), and revision asm-1-22 has been upgraded to patch [v1.22.3](https://istio.io/latest/news/releases/1.22.x/announcing-1.22.3). Users can restart the workload pods to trigger re-injection of the newer patch version of istio-proxy. More information can be found [here](https://learn.microsoft.com/azure/aks/istio-upgrade#patch-version-upgrade). Vulnerability [CVE-2024-41110](https://nvd.nist.gov/vuln/detail/CVE-2024-41110) and [CVE-2024-53271](https://nvd.nist.gov/vuln/detail/CVE-2024-53271) has been addressed in the patch version 1.23.4 and 1.22.7.

## Release 2024-10-25

Monitor the release status by regions at [AKS-Release-Tracker](https://releases.aks.azure.com/). This release is titled as `v20241025`.
Expand Down
19 changes: 0 additions & 19 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,23 +66,4 @@ this repository must:
[1]: https://azure.microsoft.com/support/options/
[2]: https://docs.microsoft.com/azure/aks/support-policies

## Hiring
### PM
#### Australia/New Zealand
* [Senior Technical Program Manager - Kubernetes Networking](https://jobs.careers.microsoft.com/global/en/share/1691905/)
* [Technical Program Manager - Kubernetes Networking](https://jobs.careers.microsoft.com/global/en/share/1691890/)

### Engineering
#### US

#### Australia/New Zealand
* [Principal Software Engineer Manager](https://jobs.careers.microsoft.com/global/en/job/1711880/Principal-Software-Engineer-Manager)
* [Principal Software Engineer](https://jobs.careers.microsoft.com/global/en/job/1712342/Principal-Software-Engineer)
* [Senior Software Engineer](https://jobs.careers.microsoft.com/global/en/job/1711660/Senior-Software-Engineer)
* [Software Engineer II](https://jobs.careers.microsoft.com/global/en/job/1711291/Software-Engineer-II)

#### Ireland
* [Principal Software Engineer](https://jobs.careers.microsoft.com/global/en/share/1685977)
* [Senior Software Engineer](https://jobs.careers.microsoft.com/global/en/share/1685498)
* [Software Engineer](https://jobs.careers.microsoft.com/global/en/share/1685937)

Loading

0 comments on commit 1a9732d

Please sign in to comment.