radix-platform icon indicating copy to clipboard operation
radix-platform copied to clipboard

Published 20 hours ago verified publisher icon equinor

Upgrade AKS to 1.29

Open sveinpj opened this issue 9 months ago • 1 comments

Changelog since v1.28.0

Urgent Upgrade Notes

(No, really, you MUST read this before you upgrade)

  • Stopped accepting component configuration for kube-proxy and kubelet during kubeadm upgrade plan --config. This was a legacy behavior that was not well supported for upgrades and could be used only at the plan stage to determine if the configuration for these components stored in the cluster needs manual version migration. In the future, kubeadm will attempt alternative component config migration approaches. (#120788, @chendave)
  • kubeadm: a separate "super-admin.conf" file is now deployed. The User in admin.conf is now bound to a new RBAC Group kubeadm:cluster-admins that has cluster-admin ClusterRole access. The User in super-admin.conf is now bound to the system:masters built-in super-powers / break-glass Group that can bypass RBAC. Before this change, the default admin.conf was bound to system:masters Group, which was undesired. Executing kubeadm init phase kubeconfig all or just kubeadm init will now generate the new super-admin.conf file. The cluster admin can then decide to keep the file present on a node host or move it to a safe location. kubadm certs renew will renew the certificate in super-admin.conf to one year if the file exists; if it does not exist a "MISSING" note will be printed. kubeadm upgrade apply for this release will migrate this particular node to the two file setup. Subsequent kubeadm releases will continue to optionally renew the certificate in super-admin.conf if the file exists on disk and if renew on upgrade is not disabled. kubeadm join --control-plane will now generate only an admin.conf file that has the less privileged User. (#121305, @neolit123)

Changes by Kind

Deprecation

  • Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

    ([#119495](https://github.com/kubernetes/kubernetes/pull/119495), [@bzsuni](https://github.com/bzsuni)) [SIG API Machinery]
  • Creation of new CronJob objects containing TZ or CRON_TZ in .spec.schedule, accidentally enabled in v1.22, is now disallowed. Use the .spec.timeZone field instead, supported in v1.25+ clusters in default configurations. See https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#unsupported-timezone-specification for more information. (#116252, @soltysh)
  • Removed the networking alpha API ClusterCIDR. (#121229, @aojea)

Clusters/zones

  • [x] dev/weekly - Bootstrap
  • [x] Playground - Upgrade in place
  • [ ] ext-mon - Upgrade in place
  • [ ] platform - Upgrade in place
  • [ ] c2 - Upgrade in place

sveinpj avatar Apr 26 '24 11:04 sveinpj