Hello everyone,
The June update of AKS on Azure Stack HCI and Windows Server is now available. This is primarily a security and quality update with all of the appropriate documentation for key issues.
As always, you can try AKS on Azure Stack HCI or Windows Server any time by registering here. If you do not have the hardware handy to evaluate AKS on physical hardware you can use an Azure VM: https://aka.ms/aks-hci-evalonazure.
Here are some of the changes you'll see in this update:
Documentation for our internal certificates and recovery flows for renewing certificates
Building on last month's updates to our internal certificate management tools and process, we have documented our internal certificates and provided PowerShell cmdlets to force certificate renewal in our internal systems. If you're running AKS on HCI or Windows Server daily and updating at regular intervals, you will never need these cmdlets. If you haven't updated for more than 60 days (or 90, for the May and later releases), you may need to manually renew certificates.
This document shares our internal components and flows for managing certificates.
Certificates and tokens in Azure Kubernetes Service on
Software Defined Networking public preview
While out of band with the June release, AKS on HCI now has SDN support in public preview. Now you can now use the SDN Software Load Balancers to provide load balancer services for their containerized applications.
Read more here: Public Preview of SDN integration with AKS on Azure Stack HCI
Security and reliability improvements
Updated our Windows and Mariner virtual machines (running under each Kubernetes cluster) with too many CVEs fixed to list. Read more about the June Mariner Update.
Bug fixes:
- Improved reliability when VMs migrate between physical nodes in a cluster.
- Added more checks for infrastructure VMs in deleting state - it used to be possible to run actions against a node pool while it's being deleted
- Fixed a filename manipulation bug that would cause new cluster creation to fail.
- Improved stability through Azure Stack HCI host update
Documentation updates
As usual, we have new docs this month. We have a new conceptual guide for managing internal certs - Certificates and tokens in AKS on HCI and Windows Server
Last but not least, we also published new troubleshooting guides:
- Storage pod crashes and the logs say that the `createSubDir` parameter is invalid
- CAPH pod fails to renew certificate
- Authentication handshake failed: x509: certificate signed by unknown authority
Once you have downloaded and installed the AKS on Azure Stack HCI April Update – you can report any issues you encounter and track future feature work on our GitHub Project at https://github.com/Azure/aks-hci.
We look forward to hearing from you all!
Cheers,
Sarah