v1.30.0
Full Changelog: v1.29.0..v1.30.0
Changes by Kind
Feature
- Add support of service principal with cert auth for multi tenant scenario (#5594, @bowen5)
- Feat: Add a cloud-node-manager sidecar container called health-probe-proxy to transfer the traffic from port 10356 to the kube-proxy health check server port 10256. This sidecar will parse the proxy protocol packet data unit when the user uses private link service integrated with the service annotation and set the proxy protocol annotation. In this case the kube-proxy health probe server will not read the health probe request from the SLB and fails the health check. (#5180, @nilo19)
- Feat: add forceDetach parameter in DetachDisk function (#5559, @andyzhangx)
- Feat: support workload identity setting in static PV mount on AKS (#4996, @cvvz)
- Refine consolidating security-rules for LoadBalancer service.
Deprecate service annotation
service.beta.kubernetes.io/azure-shared-securityrule
. (#5164, @zarvd) - When user-provided
LoadBalancerSourceRanges
orazure-allowed-ip-ranges
are not valid network prefixes, cloud-controller-manager skips these invalid ranges, emits a warning event, and adds a deny-All rule in nsg. (#5650, @jwtty)
Bug or Regression
Allow space-separated load balancer source ranges in service annotation. Allow
service.beta.kubernetes.io/load-balancer-source-ranges
to be used together withservice.beta.kubernetes.io/azure-allowed-service-tags
. (#5885, @jwtty)Fix cleaning legacy security rules while upgrading from versions that are 1.28 or older. (#5886, @zarvd)
Fix: Skip attaching/detaching vmss vm to lb backend pool if the vm is not active.
We should not update the VM instance if its provisioning state or power state is not good. This will save a lot of api calls and reduce throttling issues. (#5356, @nilo19)
Fix: The case of load balancer name should be ignored when determining if it is an internal load balancer. (#5225, @nilo19)
Fix: [multi-slb] Put the service in the load balancer that has no label/namespace selector only if there is no other choice for the service. (#5281, @nilo19)
Fix: azure_loadbalancer.go: don’t use service.Name, when service is nil (#5266, @damdo)
Fix: fileshare snapshot does not require setting RequestGiB (#5438, @andyzhangx)
Fix: get zone panic (#5821, @andyzhangx)
Fix: match tags issue in account search (#5465, @andyzhangx)
Fix: move lockMap initialization into InitializeCloudFromConfig func to fix panic (#5466, @andyzhangx)
Fix: nfs file share created in storage account that has smb file share (#5619, @andyzhangx)
Fix: shared probe should not be removed if there are other services using it when deleting a service (#5042, @nilo19)
For dual-stack Windows case, both ipv4 and ipv6 ip address are provided and separated by comma in a string. This change is to split the ipv4 and ipv6 addresses and check whether all these provided IPs exist in the cloud provider. (#5747, @mainred)
Force cache refresh for getVMManagementTypeByIPConfigurationID(). The reason is that when a new standalone VM is included in the cluster, CCM cannot tell its VM type with stale cache. (#5948, @lzhecheng)
Truncate lengthy PIP name. If PIP prefix is lengthy, the PIP name may be longer than 80. If so, the PIP name needs truncation. (#5219, @lzhecheng)
Other (Cleanup or Flake)
- Chore: AddStorageAccountTags refine (#5535, @andyzhangx)
- Kubernetes dependencies are updated to v1.29.0 (#5199, @feiskyer)
Dependencies
Added
- github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets: v0.12.0
- github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal: v0.7.1
- github.com/fxamacker/cbor/v2: v2.6.0
- github.com/golang-jwt/jwt: v3.2.1+incompatible
- github.com/modocache/gover: b58185e
- github.com/x448/float16: v0.8.4
- go.uber.org/mock: v0.4.0
- golang.org/x/telemetry: b75ee88
- k8s.io/gengo/v2: 51d4e06
Changed
- github.com/Azure/azure-kusto-go: v0.15.0 → v0.15.2
- github.com/Azure/azure-sdk-for-go/sdk/azcore: v1.9.0 → v1.11.1
- github.com/Azure/azure-sdk-for-go/sdk/azidentity: v1.4.0 → v1.5.2
- github.com/Azure/azure-sdk-for-go/sdk/internal: v1.5.0 → v1.5.2
- github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5: v5.3.0 → v5.6.0
- github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4: v4.6.0 → v4.8.0
- github.com/AzureAD/microsoft-authentication-library-for-go: v1.2.0 → v1.2.2
- github.com/emicklei/go-restful/v3: v3.10.2 → v3.11.0
- github.com/evanphx/json-patch: v5.7.0+incompatible → v5.9.0+incompatible
- github.com/go-logr/logr: v1.3.0 → v1.4.1
- github.com/go-logr/zapr: v1.2.3 → v1.3.0
- github.com/golang-jwt/jwt/v5: v5.0.0 → v5.2.1
- github.com/golang/protobuf: v1.5.3 → v1.5.4
- github.com/google/cel-go: v0.16.1 → v0.17.8
- github.com/google/uuid: v1.4.0 → v1.6.0
- github.com/gorilla/websocket: v1.4.2 → v1.5.0
- github.com/onsi/ginkgo/v2: v2.13.2 → v2.17.1
- github.com/onsi/gomega: v1.30.0 → v1.33.0
- github.com/pkg/browser: 681adbf → 5ac0b6a
- github.com/stretchr/objx: v0.5.0 → v0.5.2
- github.com/stretchr/testify: v1.8.4 → v1.9.0
- go.etcd.io/bbolt: v1.3.7 → v1.3.8
- go.etcd.io/etcd/api/v3: v3.5.9 → v3.5.10
- go.etcd.io/etcd/client/pkg/v3: v3.5.9 → v3.5.10
- go.etcd.io/etcd/client/v2: v2.305.9 → v2.305.10
- go.etcd.io/etcd/client/v3: v3.5.9 → v3.5.10
- go.etcd.io/etcd/pkg/v3: v3.5.9 → v3.5.10
- go.etcd.io/etcd/raft/v3: v3.5.9 → v3.5.10
- go.etcd.io/etcd/server/v3: v3.5.9 → v3.5.10
- go.uber.org/atomic: v1.10.0 → v1.7.0
- go.uber.org/zap: v1.19.0 → v1.26.0
- golang.org/x/crypto: v0.16.0 → v0.22.0
- golang.org/x/mod: v0.13.0 → v0.15.0
- golang.org/x/net: v0.17.0 → v0.23.0
- golang.org/x/sync: v0.5.0 → v0.7.0
- golang.org/x/sys: v0.15.0 → v0.19.0
- golang.org/x/term: v0.15.0 → v0.19.0
- golang.org/x/tools: v0.14.0 → v0.18.0
- google.golang.org/protobuf: v1.31.0 → v1.33.0
- gopkg.in/dnaeon/go-vcr.v3: v3.1.2 → v3.2.0
- k8s.io/api: v0.28.4 → v0.30.0
- k8s.io/apimachinery: v0.28.4 → v0.30.0
- k8s.io/apiserver: v0.28.4 → v0.30.0
- k8s.io/client-go: v0.28.4 → v0.30.0
- k8s.io/cloud-provider: v0.28.4 → v0.30.0
- k8s.io/component-base: v0.28.4 → v0.30.0
- k8s.io/component-helpers: v0.28.4 → v0.30.0
- k8s.io/controller-manager: v0.28.4 → v0.30.0
- k8s.io/cri-api: v0.28.4 → v0.30.0
- k8s.io/klog/v2: v2.110.1 → v2.120.1
- k8s.io/kms: v0.28.4 → v0.30.0
- k8s.io/kube-openapi: 2695361 → 70dd376
- k8s.io/kubelet: v0.28.4 → v0.30.0
- sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.1.2 → v0.29.0
- sigs.k8s.io/cloud-provider-azure/pkg/azclient/configloader: 1ba5a22 → v0.0.7
- sigs.k8s.io/cloud-provider-azure/pkg/azclient: 1ba5a22 → v0.0.13
- sigs.k8s.io/structured-merge-diff/v4: v4.2.3 → v4.4.1