Release notes for 2025-01-06 release.

CHANGELOG.md

@@ -1,5 +1,51 @@
 # Azure Kubernetes Service Changelog
 
+## Release 2025-01-06
+
+Monitor the release status by regions at [AKS-Release-Tracker](https://releases.aks.azure.com/). This release is titled as `v20250106`.
+
+### Announcements
+* AKS Kubernetes verison 1.28 is deprecated by Jan 30, 2025. Kindly upgrade your clusters to 1.29 version or above. Refer to [version support policy](https://learn.microsoft.com/azure/aks/supported-kubernetes-versions?tabs=azure-cli#kubernetes-version-support-policy) and [upgrading a cluster](https://learn.microsoft.com/azure/aks/upgrade-aks-cluster?tabs=azure-cli) for more information.
+* AKS Kubernetes version 1.31 is now in GA.
+* AKS Kubernetes patch versions 1.29.11, 1.30.7, 1.31.2 amd 1.31.3 are also available with this release.
+* AKS LTS version 1.27.101 available in all regions since December 2024. This patches the kubelet CVE-2024-10220
+* AKS no longer supports the [GPU image (preview)](https://github.com/Azure/AKS/issues/4472) to provision GPU-enabled AKS nodes. Alternative options that are supported today and recommended by AKS include the default experience with manual NVIDIA device plugin installation or the NVIDIA GPU Operator, detailed in [AKS GPU node pool documentation](https://learn.microsoft.com/azure/aks/gpu-cluster?tabs=add-ubuntu-gpu-node-pool#confirm-that-gpus-are-schedulable).
+*  [Kubernetes version 1.32 is the last version that supports Windows Server 2019](https://github.com/Azure/AKS/issues/4268). You will not be able to create new or upgrade existing Windows Server 2019 node pools to kubernetes version 1.33+. Follow the detailed steps [in AKS documentation](https://aka.ms/aks/ws2019-migration) to transition to Windows Server 2022 or any newly supported Windows Server version by that date. After 1 March 2026, Windows Server 2019 won't be supported.
+
+### Release Notes
+* Features:
+  * [Advanced Container Networking Service](https://learn.microsoft.com/en-us/azure/aks/advanced-container-networking-services-overview?tabs=cilium) (ACNS) is Generally Available.
+
+* Preview features:
+  * SeccompDefault is now an available parameter in custom node configuration. For more information on enabling seccomp profiles, see [Secure container access to resources](https://learn.microsoft.com/azure/aks/secure-container-access).
+
+* Behavior change:
+  * [Invalid values sent to the Azure AKS API for the properties.mode field of AKS AgentPools will now be rejected](https://github.com/Azure/AKS/issues/4468). Prior to this change, unknown modes were assumed to be User. The only valid values for this field are the (case-sensitive) strings: "User", "System", or "Gateway".
+
+* Bug Fix: 
+  * GPU bootstrapping issue impacting GPU provisioning with Node Auto Provision has been fixed. Refer [here](https://github.com/Azure/karpenter-provider-azure/pull/587) for details.
+  * Bug pertaining to NVMe SKUs (ex: V6 Azure VMs) which caused provisioning failure with Node Auto Provisioning(NAP) has been fix, currently NVMe VMs are not supported with NAP and will be excluded from karpentar considerations. Please see list of supported VMs [here](https://github.com/Azure/karpenter-provider-azure/blob/main/designs/gpu-selection-and-bootstrap.md#supported-gpu-skus-and-expected-drivers)
+
+* Component updates:
+  * Tigera operator image version has been bumped to v1.34.7 with this release, for clusters running Kubernetes version(and including) v1.30.0. This patches the follwing CVEs detected in the tigera operator - CVE-2021-3999, CVE-2020-1751, CVE-2019-19126, CVE-2021-35942, CVE-2020-1752, CVE-2020-10029, CVE-2019-9169, CVE-2020-6096, CVE-2021-38604, CVE-2018-19591, CVE-2018-20796, CVE-2019-9192, CVE-2021-3326, CVE-2019-6488, CVE-2016-10739, CVE-2019-7309, CVE-2022-23219, CVE-2022-23218, CVE-2019-25013, CVE-2020-27618 . Please find more CVE details in [National Vulnerability Database search](https://nvd.nist.gov/vuln/search)
+  * Azure Disks CSI driver version has been bumped to [v1.30.6](https://github.com/kubernetes-sigs/azuredisk-csi-driver/releases/tag/v1.30.6) for AKS clusters running AKS Kubernetes version +v1.30. This patches the follwoing CVEs - CVE-2024-51744, CVE-2024-50602, CVE-2024-9143, CVE-2019-11255
+  * Bumping the Azure CNI version from v1.4.56 to v1.4.58 for AKS clusters (K8s version) This patches the CVE regarding grpc 1.52.0 (CVE ID)
+  * Reverting CNS version from 1.6.18 to 1.6.13 for Windoows nodepools due to a bug causing intermittetent issues with Azure CNI podsubnet and overlay. .......(Github issue if available)......
+  * Cilium container image verison bumped to v1.14.15-241024 for AKS clusters running k8s version greater than v1.29.
+  * AKS Azure Linux image has been updated to 202501.12.0.
+  * AKS Ubuntu image has been updated to 202501.12.0.
+  *  AKS Windows Server 2022 image has been updated to [v20348.2966.241218](https://github.com/Azure/AgentBaker/blob/master/vhdbuilder/release-notes/AKSWindows/2022-containerd/20348.2966.241218.txt)
+  *  AKS Windows Server 2019 image has been updated to [17763.6659.241218](https://github.com/Azure/AgentBaker/blob/master/vhdbuilder/release-notes/AKSWindows/2019-containerd/17763.6659.241218.txt)
+  *  AKS Windows Server 2022 gen2 image has been updated to [20348.2966.241218](https://github.com/Azure/AgentBaker/blob/master/vhdbuilder/release-notes/AKSWindows/2022-containerd-gen2/20348.2966.241218.txt)
+  *  App routing operator updated to [0.2.1-patch-6 ](https://github.com/Azure/aks-app-routing-operator/releases/tag/v0.2.1-patch-6)for K8s < 1.30 and which upgrades external-dns to version 0.15.0 fixing a number of CVEs  (CVE-2023-39325, GHSA-m425-mq94-257g, CVE-2024-24790, CVE-2023-39325, CVE-2023-45283, CVE-2023-45288, CVE-2024-34156)
+  *  App routing operator updated to [0.2.3-patch-3](https://github.com/Azure/aks-app-routing-operator/releases/tag/v0.2.3-patch-3) for K8s >= 1.30 which fixes an issue where Open Service Mesh would not reload correctly on Nginx deployment updates. The Prometheus metrics endpoint has now been moved to a separate Service called nginx-metrics behind a ClusterIP. Prometheus scraping will continue to work as expected.
+  *  Cost-analysis-agent image upgraded from v0.0.18 to v0.0.19. this upgrades the [golang-jwt](github.com/golang-jwt/jwt/v4) dependency in cost-analysis-agent to patch CVE-2024-51744
+  *  [Promtheus collector](https://github.com/Azure/prometheus-collector/blob/main/RELEASENOTES.md) for Azure monitor managed prometheus addon verison bumped from 6.10.1-main-10-04-2024-77dcfe3d to 6.11.0-main-10-21-2024-91ec49e3. This fixes a bug where the minimal igestion profile keep list was not being honored.
+  *  Application Gateway ingress controller addon version bumped from 1.7.4 to 1.7.6 for clusters with AKS Kuberentes version greater than or equal to 1.27. please find more details [here](https://github.com/Azure/application-gateway-kubernetes-ingress/releases/tag/1.7.6)
+  *  Retina enterprise and operator image verison bumped to 0.1.3, please find more details [here](https://github.com/azure-networking/retina-enterprise/releases/tag/v0.1.3)
+  *  Retine basic image version bumped to [v0.0.17](https://github.com/microsoft/retina/releases/tag/v0.0.17) which patches the following CVEs: CVE-2024-37307, CVE-2024-42486, CVE-2024-42487, CVE-2024-42488, CVE-2024-47825, and CVE-2023-45288
+  *  NPM image version bumped to v1.5.39 to fix potential connectivity issues for clusters with "azure" network policy manager on nodes with high scale of iptables rules and CVE-2024-34155, CVE-2024-34156, and CVE-2024-34158
+  *  Istio proxy v2 version bumped from 1.22.5 to 1.22.6, from 1.23.2 to 1.23.4
 ## Release 2024-10-25
 
 Monitor the release status by regions at [AKS-Release-Tracker](https://releases.aks.azure.com/). This release is titled as `v20241025`.