Release notes 20200323

CHANGELOG.md

@@ -1,5 +1,35 @@
 # Azure Kubernetes Service Changelog
 
+## Release 2020-03-23
+
+**This release is rolling out to all regions**
+
+### Important Service Updates
+
+* AKS API version 2020-04-01 will default to VMSS (Virtual Machine Scale Sets), SLB (Standard Load Balancer) and RBAC enabled.
+* AKS has introduced AKS Ubuntu 18.04 in preview. During this time we will provide both OS versions side by side. **After AKS Ubuntu 18.04 is GA**, on the next cluster upgrade, clusters running AKS Ubuntu 16.04 will receive this new image.
+* **Two security issues were discovered in Kubernetes that could lead to a recoverable denial of service.**
+ * CVE-2020-8551 affects the kubelet, and has been rated Medium ([CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)).
+ * CVE-2020-8552 affects the API server, and has also been rated Medium ([CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)).
+ * **Am I vulnerable?** 
+ * Only in cases where the attacker can make authorized resource requests to un-patched API server or kubelets.
+ * Also AKS auto restarts apiserver and kubelet in the event of an OOM error which further limits exposure.
+ * **How can I get the latest patched API and kubelet and fix this vulnerability?**
+ * Upgrade to kubernetes versions v1.16.7 or v1.15.10. Or AKS preview versions v1.17.3
+
+### Release Notes
+
+* Bug fixes
+ * Fixed bug that caused an error while updating existing AAD cluster with the new 2020-03-01 API
+* Preview Features
+ * Updated Azure Policy addon preview to use Gatekeeper v3 on new and updated addons.
+ See more at <https://docs.microsoft.com/en-us/azure/governance/policy/concepts/rego-for-aks>
+* Behavioral changes
+ * All AKS Standard LBs will now have TCP Reset flag set to true.
+* Component Updates
+ * AKS Ubuntu 16.04 image updated to [AKSUbuntu-1604-2020.03.11](vhd-notes/aks-ubuntu/AKSUbuntu-1604-2020.03.11.txt).
+ * AKS Ubuntu 18.04 image release notes: [AKSUbuntu-1804-2020.03.11](vhd-notes/aks-ubuntu/AKSUbuntu-1804-2020.03.11.txt).
+
 ## Release 2020-03-16
 
 **This release is rolling out to all regions**

vhd-notes/aks-ubuntu/AKSUbuntu-1604-2020.03.11.txt

@@ -0,0 +1,181 @@
+Components downloaded in this VHD build (some of the below components might get deleted during cluster provisioning if they are not needed):
+ - apache2-utils
+ - apt-transport-https
+ - auditd
+ - blobfuse
+ - ca-certificates
+ - ceph-common
+ - cgroup-lite
+ - cifs-utils
+ - conntrack
+ - cracklib-runtime
+ - ebtables
+ - ethtool
+ - fuse
+ - git
+ - glusterfs-client
+ - init-system-helpers
+ - iproute2
+ - ipset
+ - iptables
+ - jq
+ - libpam-pwquality
+ - libpwquality-tools
+ - mount
+ - nfs-common
+ - pigz socat
+ - traceroute
+ - util-linux
+ - xz-utils
+ - zip
+ - bpftrace
+ - moby v3.0.10
+ - nvidia-docker2 nvidia-container-runtime
+ - bcc-tools
+ - libbcc-examples
+ - Azure CNI version 1.0.33
+ - Azure CNI version 1.0.29
+ - CNI plugin version 0.7.6
+ - CNI plugin version 0.7.5
+ - CNI plugin version 0.7.1
+ - containerd version 1.2.4
+ - containerd version 1.1.6
+ - containerd version 1.1.5
+ - img
+Docker images pre-pulled:
+ - mcr.microsoft.com/oss/kubernetes/kubernetes-dashboard:v1.10.1
+ - mcr.microsoft.com/oss/kubernetes/dashboard:v2.0.0-beta8
+ - mcr.microsoft.com/oss/kubernetes/metrics-scraper:v1.0.2
+ - mcr.microsoft.com/oss/kubernetes/exechealthz:1.2
+ - mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.5
+ - mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.4
+ - mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.8.1
+ - mcr.microsoft.com/oss/kubernetes/autoscaler/addon-resizer:1.7
+ - mcr.microsoft.com/oss/kubernetes/heapster:v1.5.4
+ - mcr.microsoft.com/oss/kubernetes/heapster:v1.5.3
+ - mcr.microsoft.com/oss/kubernetes/heapster:v1.5.1
+ - mcr.microsoft.com/oss/kubernetes/metrics-server:v0.3.5
+ - mcr.microsoft.com/oss/kubernetes/k8s-dns-kube-dns:1.15.4
+ - mcr.microsoft.com/oss/kubernetes/k8s-dns-kube-dns:1.15.0
+ - mcr.microsoft.com/oss/kubernetes/k8s-dns-kube-dns:1.14.13
+ - mcr.microsoft.com/oss/kubernetes/k8s-dns-kube-dns:1.14.5
+ - mcr.microsoft.com/oss/kubernetes/k8s-dns-dnsmasq-nanny:1.15.4
+ - mcr.microsoft.com/oss/kubernetes/k8s-dns-dnsmasq-nanny:1.15.0
+ - mcr.microsoft.com/oss/kubernetes/k8s-dns-dnsmasq-nanny:1.14.10
+ - mcr.microsoft.com/oss/kubernetes/k8s-dns-dnsmasq-nanny:1.14.8
+ - mcr.microsoft.com/oss/kubernetes/k8s-dns-dnsmasq-nanny:1.14.5
+ - mcr.microsoft.com/k8s/core/pause:1.2.0
+ - mcr.microsoft.com/oss/kubernetes/pause:1.2.0
+ - gcr.io/kubernetes-helm/tiller:v2.13.1
+ - gcr.io/kubernetes-helm/tiller:v2.11.0
+ - gcr.io/kubernetes-helm/tiller:v2.8.1
+ - mcr.microsoft.com/oss/kubernetes/k8s-dns-sidecar:1.14.10
+ - mcr.microsoft.com/oss/kubernetes/k8s-dns-sidecar:1.14.8
+ - mcr.microsoft.com/oss/kubernetes/k8s-dns-sidecar:1.14.7
+ - mcr.microsoft.com/oss/kubernetes/coredns:1.6.6
+ - mcr.microsoft.com/oss/kubernetes/coredns:1.6.5
+ - mcr.microsoft.com/oss/kubernetes/coredns:1.5.0
+ - mcr.microsoft.com/oss/kubernetes/coredns:1.3.1
+ - mcr.microsoft.com/oss/kubernetes/coredns:1.2.6
+ - mcr.microsoft.com/oss/kubernetes/rescheduler:v0.4.0
+ - mcr.microsoft.com/oss/kubernetes/rescheduler:v0.3.1
+ - microsoft/virtual-kubelet:latest
+ - mcr.microsoft.com/containernetworking/networkmonitor:v0.0.7
+ - mcr.microsoft.com/containernetworking/networkmonitor:v0.0.6
+ - mcr.microsoft.com/containernetworking/azure-npm:v1.0.33
+ - mcr.microsoft.com/containernetworking/azure-npm:v1.0.32
+ - mcr.microsoft.com/containernetworking/azure-npm:v1.0.30
+ - mcr.microsoft.com/containernetworking/azure-npm:v1.0.13
+ - mcr.microsoft.com/containernetworking/azure-vnet-telemetry:v1.0.30
+ - nvidia/k8s-device-plugin:1.11
+ - nvidia/k8s-device-plugin:1.10
+ - docker.io/deis/hcp-tunnel-front:v1.9.2-v3.0.11
+ - docker.io/deis/hcp-tunnel-front:v1.9.2-v4.0.11
+ - docker.io/deis/kube-svc-redirect:v1.0.7
+ - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:ciprod01072020
+ - mcr.microsoft.com/azuremonitor/containerinsights/ciprod:ciprod03022020
+ - mcr.microsoft.com/oss/calico/cni:v3.5.0
+ - mcr.microsoft.com/oss/calico/node:v3.5.0
+ - mcr.microsoft.com/oss/calico/typha:v3.5.0
+ - mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:1.3.0
+ - mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-proportional-autoscaler:1.3.0_v0.0.5
+ - mcr.microsoft.com/k8s/flexvolume/keyvault-flexvolume:v0.0.13
+ - mcr.microsoft.com/k8s/flexvolume/blobfuse-flexvolume:1.0.8
+ - mcr.microsoft.com/oss/kubernetes/ip-masq-agent:v2.0.0_v0.0.5
+ - nginx:1.13.12-alpine
+ - mcr.microsoft.com/k8s/kms/keyvault:v0.0.9
+ - busybox
+-r-xr--r-- 1 root root 2237 Mar 11 07:45 /usr/local/bin/health-monitor.sh
+-rwxr-xr-x 1 root root 35384960 Mar 11 07:48 /usr/local/bin/bpftrace
+-rwxr-xr-x 1 root root 25700016 Mar 11 07:50 /usr/local/bin/img
+-rwxr-xr-x 1 root root 150500800 Mar 11 07:56 /usr/local/bin/kubelet-1.17.0
+-rwxr-xr-x 1 root root 59359708 Mar 11 07:56 /usr/local/bin/kubectl-1.17.0
+-rwxr-xr-x 1 root root 203537368 Mar 11 07:57 /usr/local/bin/kubelet-1.16.6
+-rwxr-xr-x 1 root root 203537368 Mar 11 07:57 /usr/local/bin/kubectl-1.16.6
+-rwxr-xr-x 1 root root 264524976 Mar 11 07:57 /usr/local/bin/kubelet-1.16.4
+-rwxr-xr-x 1 root root 264524976 Mar 11 07:57 /usr/local/bin/kubectl-1.16.4
+-rwxr-xr-x 1 root root 212357872 Mar 11 07:58 /usr/local/bin/kubelet-1.16.1
+-rwxr-xr-x 1 root root 212357872 Mar 11 07:58 /usr/local/bin/kubectl-1.16.1
+-rwxr-xr-x 1 root root 248154872 Mar 11 07:59 /usr/local/bin/kubelet-1.12.8
+-rwxr-xr-x 1 root root 248154872 Mar 11 07:59 /usr/local/bin/kubectl-1.12.8
+-rwxr-xr-x 1 root root 178003696 Mar 11 08:00 /usr/local/bin/kubelet-1.13.10
+-rwxr-xr-x 1 root root 178003696 Mar 11 08:00 /usr/local/bin/kubectl-1.13.10
+-rwxr-xr-x 1 root root 178015984 Mar 11 08:00 /usr/local/bin/kubelet-1.13.11
+-rwxr-xr-x 1 root root 178015984 Mar 11 08:00 /usr/local/bin/kubectl-1.13.11
+-rwxr-xr-x 1 root root 177774288 Mar 11 08:01 /usr/local/bin/kubelet-1.13.12
+-rwxr-xr-x 1 root root 177774288 Mar 11 08:01 /usr/local/bin/kubectl-1.13.12
+-rwxr-xr-x 1 root root 211306608 Mar 11 08:02 /usr/local/bin/kubelet-1.14.6
+-rwxr-xr-x 1 root root 211306608 Mar 11 08:02 /usr/local/bin/kubectl-1.14.6
+-rwxr-xr-x 1 root root 211351664 Mar 11 08:02 /usr/local/bin/kubelet-1.14.7
+-rwxr-xr-x 1 root root 211351664 Mar 11 08:02 /usr/local/bin/kubectl-1.14.7
+-rwxr-xr-x 1 root root 211122224 Mar 11 08:03 /usr/local/bin/kubelet-1.14.8
+-rwxr-xr-x 1 root root 211122224 Mar 11 08:03 /usr/local/bin/kubectl-1.14.8
+-rwxr-xr-x 1 root root 200681104 Mar 11 08:03 /usr/local/bin/kubelet-1.15.3
+-rwxr-xr-x 1 root root 200681104 Mar 11 08:03 /usr/local/bin/kubectl-1.15.3
+-rwxr-xr-x 1 root root 200722064 Mar 11 08:04 /usr/local/bin/kubelet-1.15.4
+-rwxr-xr-x 1 root root 200722064 Mar 11 08:04 /usr/local/bin/kubectl-1.15.4
+-rwxr-xr-x 1 root root 250240456 Mar 11 08:05 /usr/local/bin/kubelet-1.15.5
+-rwxr-xr-x 1 root root 250240456 Mar 11 08:05 /usr/local/bin/kubectl-1.15.5
+-rwxr-xr-x 1 root root 250266640 Mar 11 08:05 /usr/local/bin/kubelet-1.15.7
+-rwxr-xr-x 1 root root 250266640 Mar 11 08:05 /usr/local/bin/kubectl-1.15.7
+-rwxr-xr-x 1 root root 250304808 Mar 11 08:06 /usr/local/bin/kubelet-1.15.10
+-rwxr-xr-x 1 root root 250304808 Mar 11 08:06 /usr/local/bin/kubectl-1.15.10
+-rwxr-xr-x 1 root root 212345584 Mar 11 08:06 /usr/local/bin/kubelet-1.16.0
+-rwxr-xr-x 1 root root 212345584 Mar 11 08:06 /usr/local/bin/kubectl-1.16.0
+-rwxr-xr-x 1 root root 203596720 Mar 11 08:07 /usr/local/bin/kubelet-1.16.7
+-rwxr-xr-x 1 root root 203596720 Mar 11 08:07 /usr/local/bin/kubectl-1.16.7
+-rwxr-xr-x 1 root root 150566112 Mar 11 08:08 /usr/local/bin/kubelet-1.17.3
+-rwxr-xr-x 1 root root 59364111 Mar 11 08:08 /usr/local/bin/kubectl-1.17.3
+ - mcr.microsoft.com/oss/kubernetes/hyperkube:v1.12.8_v0.0.5
+ - mcr.microsoft.com/oss/kubernetes/hyperkube:v1.13.10_v0.0.5
+ - mcr.microsoft.com/oss/kubernetes/hyperkube:v1.13.11_v0.0.5
+ - mcr.microsoft.com/oss/kubernetes/hyperkube:v1.13.12_f0.0.2
+ - mcr.microsoft.com/oss/kubernetes/hyperkube:v1.14.6_v0.0.5
+ - mcr.microsoft.com/oss/kubernetes/hyperkube:v1.14.7_v0.0.5
+ - mcr.microsoft.com/oss/kubernetes/hyperkube:v1.14.8_f0.0.4
+ - mcr.microsoft.com/oss/kubernetes/hyperkube:v1.15.3_v0.0.5
+ - mcr.microsoft.com/oss/kubernetes/hyperkube:v1.15.4_v0.0.5
+ - mcr.microsoft.com/oss/kubernetes/hyperkube:v1.15.5_f0.0.2
+ - mcr.microsoft.com/oss/kubernetes/hyperkube:v1.15.7_f0.0.2
+ - mcr.microsoft.com/oss/kubernetes/hyperkube:v1.15.10_f0.0.1
+ - mcr.microsoft.com/oss/kubernetes/hyperkube:v1.16.0_v0.0.5
+ - mcr.microsoft.com/oss/kubernetes/hyperkube:v1.16.7_f0.0.1
+ - mcr.microsoft.com/oss/kubernetes/hyperkube:v1.17.3_f0.0.1
+ - mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v2.0.1
+ - mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.1.0-beta.7
+ - mcr.microsoft.com/oss/kubernetes/external-dns:v0.6.0-hotfix-20200228
+ - mcr.microsoft.com/oss/kubernetes/defaultbackend:1.4
+ - mcr.microsoft.com/oss/kubernetes/ingress/nginx-ingress-controller:0.19.0
+ - mcr.microsoft.com/oss/virtual-kubelet/virtual-kubelet
+ - mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:prod_20200227.1
+ - mcr.microsoft.com/azure-application-gateway/kubernetes-ingress:1.0.1-rc3
+ - mcr.microsoft.com/k8s/csi/azuredisk-csi:v0.4.0
+ - mcr.microsoft.com/k8s/csi/azurefile-csi:v0.3.0
+ - quay.io/k8scsi/csi-attacher:v1.0.1
+ - quay.io/k8scsi/csi-cluster-driver-registrar:v1.0.1
+ - quay.io/k8scsi/csi-node-driver-registrar:v1.1.0
+ - quay.io/k8scsi/csi-provisioner:v1.0.1
+ - quay.io/k8scsi/livenessprobe:v1.1.0
+ - k8s.gcr.io/node-problem-detector:v0.8.0
+Using kernel:
+Linux version 4.15.0-1071-azure (buildd@lgw01-amd64-031) (gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.12)) #76-Ubuntu SMP Wed Feb 12 03:02:44 UTC 2020