Skip to content

Release 2024-10-25

Latest
Compare
Choose a tag to compare
@phealy phealy released this 05 Nov 21:39
· 35 commits to master since this release
1367a20

Release 2024-10-25

Monitor the release status by regions at AKS-Release-Tracker. This release is titled as v20241025.

Announcements

  • AKS version 1.28 End of Life is Jan, 15 2025.
  • AKS will be upgrading the KEDA addon to more recent KEDA versions. The AKS team has added KEDA 2.15 on AKS clusters with K8s versions >=1.32, KEDA 2.14 for Kubernetes v1.30 and v1.31. KEDA 2.15 and KEDA 2.14 will introduce multiple breaking changes. View the troubleshooting guide to learn how to mitigate these breaking changes.
  • AKS will no longer support the GPU image (preview) to provision GPU-enabled AKS nodes. Starting on Jan 10, 2025 you will no longer be able to create new GPU-enabled node pools with the GPU image. Alternative options that are supported today and recommended by AKS include the default experience with manual NVIDIA device plugin installation or the NVIDIA GPU Operator, detailed in AKS GPU node pool documentation.
  • Starting on January 1, 2025, invalid values sent to the Azure AKS API for the properties.mode field of AKS AgentPools will be rejected. Prior to this change, unknown modes were assumed to be User. The only valid values for this field are the (case-sensitive) strings:"User", "System", or "Gateway".
  • AKS will start to block new cluster creation with basic load balancer in January 2025. Basic Load Balancer will be deprecated September 31 2025 and affected clusters must be migrated to the Standard Load Balancer prior to that date. Refer to BLB deprecation announcement for more information.
  • As of November 30th, 2024, new AKS clusters created with Kubernetes versions 1.28 and 1.29 will no longer enable beta Kubernetes APIs. This matches the behavior of AKS 1.27 LTS and AKS 1.30+ clusters, which no longer enable beta APIs.

Release Notes

  • Features:

    • AKS patch versions 1.28.14, 1.29.9, 1.30.5 are now available. Refer to version support policy and upgrading a cluster for more information.
    • AKS version 1.31 is now generally available. Please check the release tracker for when your region will receive the GA update. Some regions may not receive this update until later in November.
    • The first official patch version of AKS LTS 1.27, 1.27.100, is being released.
    • GitHub Copilot for Azure now supports AKS commands.
    • You can now skip one release while upgrading Azure Service Mesh as long as the destination release is a supported revision - for example, asm-1-21 can upgrade directly to asm-1-23.
    • You can now fine-tune supported models on KAITO version 0.3.1 with the AI toolchain operator add-on on your AKS cluster.
  • Preview features:

    • We've added a new way to optimize your upgrade process drain behavior. By default, a node drain failure causes the upgrade operation to fail, leaving the undrained nodes in a schedulable state, this behavior is called Schedule. Alternatively, you can select the Cordon behavior, which skips nodes that fail to drain by placing them in a quarantined state, labeling them kubernetes.azure.com/upgrade-status:Quarantined and proceeds with upgrading the remaining nodes. This ensures that all nodes are either upgraded or quarantined. This approach allows you to troubleshoot drain failures and gracefully manage the quarantined nodes.
    • You can now block pod access to the Azure Instance Metadata Service (IMDS) endpoint to enhance security.
    • Azure Linux v3 is now in preview for AKS 1.31 clusters. After registering the preview flag AzureLinuxV3Preview newly created AzureLinux node pools will receive the v3 image. Existing Azure Linux v2 node pools will not upgrade to v3 and must be recreated to upgrade.
      • NOTE: Azure Linux v3 changes the cryptographic provider to OpenSSL + SymCrypt. The SymCrypt library will operate in FIPS mode but is still in the final stages of the validation process and thus is not considered to be FIPS-validated at this time. Do not use this preview with FIPS-enabled node pools if you must use a FIPS-validated cryptographic library.
  • Behavior change:

    • Virtual Machine node pools creation will be blocked if the cluster is using system-assigned identity and bring-your-own virtual network, as this combination does not function properly. To utilize virtual machine node pools, migrate the cluster to a user-assigned managed identity with the required permissions on the virtual network. Virtual Machine Scale Set pools are unaffected by this change.
    • Enabling long term support no longer changes the default cluster upgrade channel to patch.
    • AKS CoreDNS configuration will now block all queries ending in reddog.microsoft.com and some queries ending in internal.cloudapp.net from being forwarded to upstream DNS when they are the result of improper search domain completion. See the documentation for more details.
    • Azure NPM's CPU request has been lowered from 250m to 50m.
    • Azure CNI Overlay now checks that the pod CIDR does not conflict with any subnet in the virtual network, rather than checking if it conflicts with the virtual network address space as a whole.
  • Component updates: