v1.7.0

Urgent Upgrade Notes

(No, really, you MUST read this before you upgrade)

• Replace deprecated ADAL authentication with MSAL.

  For users relying on certificate authentication, the environment variables used by the libraries changed from AZURE_CERTIFICATE_ to AZURE_CLIENT_CERTIFICATE_ (#2748, @r4f4)

• Don’t default to AKS networkPolicy=calico (#2999, @jackfrancis)

  This change removes a default configuration for AKS NetworkPolicy=calico. Going forward, CAPZ will not express a default opinion. Users will declare NetworkPolicy=calico or NetworkPolicy=azure in the AzureManagedControlPlane's Spec.NetworkPolicy configuration.

Changes by Kind

API Change

• Add AdditionalTags property to AzureManagedMachinePool (#2745, @zioproto)
• Prefer CAPI replicas-managed-by annotation for AKS autoscaler (#2996, @jackfrancis)

Feature

• AKS resource health added to AzureManagedControlPlane status (#2738, @nojnhuh)
• Add "VMIdentitiesReadyCondition" AzureMachine condition (#2743, @willie-yao)
• Add support for configurable VM Diagnostics (#2528, @damdo)
• Add support for kubeletDiskType (#2938, @willie-yao)
• Adds additional fields for AzureMachine, AzureMachineTemplate, and AzureMachinePool to configure multiple NetworkInterfaces. An example configuration:

  networkInterfaces:
    - subnetName: control-plane-subnet
       acceleratedNetworking: false
    - subnetName: node-subnet
       acceleratedNetworking: true
       privateIPConfigs: 2
       publicIPConfigs: 1

will create two interfaces, with the node-subnet interface having two additional private IP addresses, and one additional public IP address (#2411, @brianlieberman)

• Adds the ability to annotate a MachinePool with cluster.x-k8s.io/replicas-managed-by-autoscaler to synchronize VMSS capacity with MachinePool replicas automatically. (#2588, @mweibel)

• Allow setting custom backend pool names for load balancers (#2714, @Fedosin)

• AzureManagedCluster: Full support for AKS Cluster Autoscaler (#2838, @mtougeron)

• Default Ubuntu to 22.04 for new k8s versions (#2807, @mboersma)

• Enable AKS node pool KubeletConfig (#2781, @jackfrancis)

• Feat : dependabot workflow automation for updating dependency (#2752, @Rajpratik71)

• Make resourceID required for AzureClusterIdentity when using UserAssignedMSI (#2862, @willie-yao)

• The age of all Azure resources is now printed by running kubectl get (e.g. kubectl get azurecluster) and kubectl get azureclusteridentity now prints the type of the Azure Identity. (#2960, @bavarianbidi)

• Update node pool names in AKS flavor templates to include the cluster's name

  Update AzureManagedMachinePool reconciler to use spec.name to find the matching node pool VMSS (#2846, @AAkindele)

• VMSS Flex support for MachinePools (#2813, @mboersma)

Documentation

• Add documentation on how to specify managed cluster addons (#2964, @dtzar)

Bug or Regression

• Add tolerations to aad pod identity (#2816, @sonasingh46)

• AzureManagedCluster spec.controlPlaneEndpoint is immutable (#2711, @jackfrancis)

• AzureManagedMachinePool spec.name is now immutable (#2990, @nojnhuh)

• Cleanup remote peerings when resource group is deleted (#2767, @willie-yao)

• Ensure AKS immutable configuration has webhook enforcement (#2795, @jackfrancis)

• Fix machinepool reconciliation by converting the resourceGroup name in the AzureMachinePoolMachine object providerID to lowercase to match the providerID defined in the kubernetes Node Object on the workload cluster.

  This fix only apply to new azuremachinepoolmachine objects so if any existing machine pool with resource group name with a capital letter already exist , the controller with this patch will not manage to fix the azuremachinepoolmachines in it and it will still fail to reconcile the pool until the pool is deleted. (#2894, @primeroz)

• Fixed a bug preventing spec.additionalTags from being deleted entirely on AzureManagedControlPlane (#2916, @nojnhuh)

• Fixed tags converters function MapToTags and TagsToMap to return nil on nil input. Added unit tests for tag converters. (#2802, @zioproto)

Other (Cleanup or Flake)

• Bump CAPI to v1.2.6 (#2844, @rajaskakodkar)
• Bump CAPI to v1.3.1 (#2940, @sonasingh46)
• Bump aad-pod-identity to v1.8.14 (#2955, @sonasingh46)
• Add Log event when RoleAssignmentName for a SystemAssigned Identity AzureMachine is empty (#2910, @primeroz)
• Switch to Standard_B2s VM SKU by default (#2750, @mboersma)
• [cloud-provider-azure] Support specifying CCM cluster CIDR (#2837, @lzhecheng)
• Fix CI lint job (#2983, @sonasingh46)
• Use Helm to install Calico CNI (#2495, @CecileRobertMichon)

Dependencies

Added

• github.com/Azure/azure-sdk-for-go/sdk/azcore: v1.2.0
• github.com/Azure/azure-sdk-for-go/sdk/azidentity: v1.2.0
• github.com/Azure/azure-sdk-for-go/sdk/internal: v1.0.0
• github.com/AzureAD/microsoft-authentication-library-for-go: v0.7.0
• github.com/buger/jsonparser: v1.1.1
• github.com/dnaeon/go-vcr: v1.1.0
• github.com/emicklei/go-restful/v3: v3.9.0
• github.com/flowstack/go-jsonschema: v0.1.1
• github.com/golang-jwt/jwt: v3.2.1+incompatible
• github.com/google/safetext: b49f7bc
• github.com/joho/godotenv: v1.3.0
• github.com/jongio/azidext/go/azidext: v0.4.0
• github.com/kylelemons/godebug: v1.1.0
• github.com/montanaflynn/stats: v0.6.6
• github.com/pkg/browser: ce105d0
• k8s.io/cloud-provider: v0.25.1-rc.0
• k8s.io/controller-manager: v0.25.1-rc.0
• k8s.io/kubelet: v0.25.1-rc.0
• sigs.k8s.io/cloud-provider-azure: v1.25.5

Changed

• cloud.google.com/go/compute: v1.6.1 → v1.7.0
• github.com/Azure/aad-pod-identity: v1.8.9 → v1.8.14
• github.com/Azure/azure-sdk-for-go: v63.4.0+incompatible → v67.1.0+incompatible
• github.com/Azure/go-autorest/autorest/adal: v0.9.18 → v0.9.21
• github.com/Azure/go-autorest/autorest/mocks: v0.4.1 → v0.4.2
• github.com/Azure/go-autorest/autorest: v0.11.23 → v0.11.28
• github.com/Masterminds/semver/v3: v3.1.1 → v3.2.0
• github.com/Masterminds/sprig/v3: v3.2.2 → v3.2.3
• github.com/antlr/antlr4/runtime/Go/antlr: b48c857 → f25a4f6
• github.com/chai2010/gettext-go: c6fed77 → v1.0.2
• github.com/coredns/corefile-migration: v1.0.17 → v1.0.18
• github.com/daviddengcn/go-colortext: 511bcaf → v1.0.0
• github.com/docker/docker: v20.10.17+incompatible → v20.10.21+incompatible
• github.com/emicklei/go-restful: v2.16.0+incompatible → v2.9.5+incompatible
• github.com/evanphx/json-patch: v4.12.0+incompatible → v5.6.0+incompatible
• github.com/fsnotify/fsnotify: v1.5.4 → v1.6.0
• github.com/go-kit/log: v0.1.0 → v0.2.0
• github.com/go-logfmt/logfmt: v0.5.0 → v0.5.1
• github.com/go-logr/logr: v1.2.2 → v1.2.3
• github.com/go-logr/zapr: v1.2.0 → v1.2.3
• github.com/go-openapi/jsonreference: v0.19.5 → v0.20.0
• github.com/go-openapi/swag: v0.19.14 → v0.22.3
• github.com/gobuffalo/flect: v0.2.5 → v0.3.0
• github.com/golang-jwt/jwt/v4: v4.0.0 → v4.4.2
• github.com/google/cel-go: v0.10.1 → v0.12.4
• github.com/google/gnostic: v0.5.7-v3refs → v0.6.9
• github.com/google/go-cmp: v0.5.8 → v0.5.9
• github.com/huandu/xstrings: v1.3.2 → v1.3.3
• github.com/imdario/mergo: v0.3.12 → v0.3.13
• github.com/inconshreveable/mousetrap: v1.0.0 → v1.0.1
• github.com/mailru/easyjson: v0.7.6 → v0.7.7
• github.com/mattn/go-colorable: v0.1.12 → v0.1.13
• github.com/mattn/go-isatty: v0.0.14 → v0.0.16
• github.com/mattn/go-runewidth: v0.0.13 → v0.0.14
• github.com/onsi/ginkgo/v2: v2.0.0 → v2.6.0
• github.com/onsi/gomega: v1.18.1 → v1.24.1
• github.com/pelletier/go-toml/v2: v2.0.1 → v2.0.5
• github.com/pquerna/cachecontrol: 0dec1b3 → v0.1.0
• github.com/prometheus/client_golang: v1.12.1 → v1.13.0
• github.com/prometheus/common: v0.32.1 → v0.37.0
• github.com/prometheus/procfs: v0.7.3 → v0.8.0
• github.com/rivo/uniseg: v0.2.0 → v0.4.2
• github.com/shopspring/decimal: v1.2.0 → v1.3.1
• github.com/spf13/afero: v1.8.2 → v1.9.2
• github.com/spf13/cobra: v1.5.0 → v1.6.1
• github.com/spf13/viper: v1.12.0 → v1.13.0
• github.com/stretchr/objx: v0.2.0 → v0.4.0
• github.com/stretchr/testify: v1.7.1 → v1.8.1
• github.com/subosito/gotenv: v1.3.0 → v1.4.1
• github.com/xlab/treeprint: a009c39 → v1.1.0
• github.com/yuin/goldmark: v1.4.1 → v1.4.13
• go.etcd.io/etcd/pkg/v3: v3.5.0 → v3.5.4
• go.etcd.io/etcd/raft/v3: v3.5.0 → v3.5.4
• go.etcd.io/etcd/server/v3: v3.5.0 → v3.5.4
• go.uber.org/zap: v1.19.1 → v1.21.0
• golang.org/x/crypto: 7b82a4e → v0.3.0
• golang.org/x/oauth2: d0670ef → f213421
• golang.org/x/sync: 0976fa6 → 886fb93
• golang.org/x/time: 90d013b → e5dcc9c
• golang.org/x/tools: v0.1.12 → v0.2.0
• google.golang.org/genproto: 3a47de7 → 88e70c0
• google.golang.org/protobuf: v1.28.0 → v1.28.1
• gopkg.in/ini.v1: v1.66.4 → v1.67.0
• k8s.io/api: v0.24.2 → v0.25.4
• k8s.io/apiextensions-apiserver: v0.24.2 → v0.25.0
• k8s.io/apimachinery: v0.24.2 → v0.25.4
• k8s.io/apiserver: v0.24.2 → v0.25.1-rc.0
• k8s.io/cli-runtime: v0.24.0 → v0.25.0
• k8s.io/client-go: v0.24.2 → v0.25.4
• k8s.io/cluster-bootstrap: v0.24.0 → v0.25.0
• k8s.io/code-generator: v0.24.2 → v0.25.0
• k8s.io/component-base: v0.24.2 → v0.25.1-rc.0
• k8s.io/component-helpers: v0.24.0 → v0.25.1-rc.0
• k8s.io/klog/v2: v2.60.1 → v2.80.1
• k8s.io/kube-openapi: 3ee0da9 → a70c9af
• k8s.io/kubectl: v0.24.0 → v0.25.0
• k8s.io/metrics: v0.24.0 → v0.25.0
• k8s.io/utils: 3a6ce19 → e9cbc92
• sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.30 → v0.0.32
• sigs.k8s.io/cluster-api/test: v1.2.6 → v1.3.1
• sigs.k8s.io/cluster-api: v1.2.6 → v1.3.1
• sigs.k8s.io/controller-runtime: v0.12.3 → v0.13.1
• sigs.k8s.io/json: 9f7c6b3 → f223a00
• sigs.k8s.io/kind: v0.14.0 → v0.17.0
• sigs.k8s.io/kustomize/api: v0.11.4 → v0.12.1
• sigs.k8s.io/kustomize/kustomize/v4: v4.5.4 → v4.5.7
• sigs.k8s.io/kustomize/kyaml: v0.13.6 → v0.13.9
• sigs.k8s.io/structured-merge-diff/v4: v4.2.1 → v4.2.3

Removed

• github.com/certifi/gocertifi: 2c3bb06
• github.com/cockroachdb/datadriven: bf6692d
• github.com/cockroachdb/errors: v1.2.4
• github.com/cockroachdb/logtags: eb05cc2
• github.com/getsentry/raven-go: v0.2.0
• github.com/golangplus/testing: af21d9c
• github.com/google/cel-spec: v0.6.0
• github.com/hpcloud/tail: v1.0.0
• github.com/opentracing/opentracing-go: v1.1.0
• go.opentelemetry.io/otel/oteltest: v0.20.0
• go4.org/intern: ae77deb
• go4.org/unsafe/assume-no-moving-gc: 928513b
• gopkg.in/fsnotify.v1: v1.4.7
• inet.af/netaddr: 0970063
• sigs.k8s.io/kustomize/cmd/config: v0.10.6