Microsoft has fixed a series of bugs in its Azure Kubernetes Service (AKS) in the first major update since the service was launched last year.
Bugs addressed include one that meant that when users exceed quotas during a scale operation, the Azure CLI “will now correctly display ‘quota exceeded’” instead of the, at best cryptic message, deployment not found.
Similarly, AKS CRUD operations now validate and confirm that user subscriptions have the right quota to perform the operation.
The update removes weak cipher support for AKS issued Kubernetes SSL certs. All certificiates should now pass security audits for Beast and other vulnerabilities. Older non TLS 1.2 supporting clients will need to be updated, and the new certs are only supported by Kubernetes 1.20 and later.
Clusters that slip into a failed state due to upgrade issues will now allow users to retry the upgrade or give an error message with instructions, while clusters that are in the process or upgrading or in failed upgrade state will retry the upgrade or give “an obvious error message”.
The Azure Monitor for containers agent has been updated to 3.0.0-4 for new or updated containers. The Azure CLI now properly details to N-1 for Kubernetes, with being the latest release.
The preview feature for Calico/Network Security Policies has been updated to fix a bug which meant IP forwarding was not enable by detail. A bug has been fixed which meant the cachingmode: ReadOnly flag was not always correctly applied to the managed premium storage class.
Full details of the changes are here.
Microsoft first launched its Kubernetes Service into general availability in June last year, a move which meant the earlier Microsoft Container Service has been deprecated, and will be retired permanently in 2020.