AKS on Azure Stack HCI and Windows Server 2023-10-30 Update

We are pleased to announce that with this release we update the AKS HCI management cluster to Kubernetes version 1.26.6. This update enables us to set the basis for supporting futures versions of Kubernetes for your workload clusters. See the complete set of versions for each module in the GitHub release page.

Here is a description of what is included in this release:  

Security Updates  

• Kubernetes CVE-2023-2728: Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin.

A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account's secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets annotation are used together with ephemeral containers.

• Gogoprotobuf CVE-2021-3121: An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue.

New Features

• See a list of Kubernetes new features.

Bug Fixes

• Azure Arc onboarding prechecks were improved to handle transitory restricted network bandwidth. When setting up AKS hybrid, the Azure Arc agents are on-boarded so that the deployment is projected to the user subscription in Azure. During this process there are several pre-checks run by the Arc agents, if there are network issues these tests may fail. This fix makes the pre-checks more resilient to network problems.
• See a list of Kubernetes bug fixes.  

As always, you can try AKS on Azure Stack HCI or Windows Server any time even if you do not have the hardware handy using our eval guide to set up AKS on a Windows Server Azure VM. 

Once you have downloaded and installed the AKS on Azure Stack HCI or Windows Server Update – you can report any issues you encounter, follow our plans, and check out recently released updates through the AKS hybrid roadmap in GitHub. 

We look forward to hearing from you all! 

Cheers, 

AKS Hybrid Team