v1.12.0

Urgent Upgrade Notes

(No, really, you MUST read this before you upgrade)

• AAD Pod Identity is deprecated. As mentioned in the announcement, AAD Pod Identity has been replaced with Azure Workload Identity. All of the methods which utilize AAD Pod Identity will no longer function starting in the 1.13 release of CAPZ. See documentation for more details.

• The NodeDrainTimeout field is now removed from AzureMachinePools. The equivalent field can be set on the MachinePool spec. (#3998, @Jont828)

Changes by Kind

Deprecation

• Docs: add pod identity deprecation (#4273, @dtzar)
• Removed deprecated kubectl --short flag (#4166, @Dhairya-Arora01)

API Change

• Added AzureCluster.spec.failureDomain label, that can be used to prevent control plane node deployment to specified failure domains (#4145, @handsomejack-42)

Feature

• Add ClusterClass support for managed clusters (#4155, @willie-yao)
• Install azure disk CSI driver Helm chart with CAAPH (#4109, @Jont828)
• Install calico Helm chart using CAAPH (#3971, @Jont828)
• Support disabling of local accounts for AKS clusters with Azure Active Directory enabled. Disables the back door to get admin kubeconfig for AAD based clusters. The user must ensure to add the service principle to admin groups in azure AAD for capz to be able to deploy the target cluster.. (#4008, @LochanRn)
• Support for custom dns prefix for aks clusters (#4009, @LochanRn)
• Implements MachinePool Machines according to CAPI contract (#3998, @Jont828)
• Allow joining AzureMachinePools to AKS clusters (#4052, @CecileRobertMichon)
• Add EnableEncryptionAtHost in ManagedMachinePool (#4181, @mihaiandreiratoiu)

Bug or Regression

• Add proper validation for nodepool name (#3974, @tapojit047)
• Ensure kubeadm runs after containerd on Flatcar (#4049, @johananl)
• Fix API server access profile diff (#4095, @maciaszczykm)
• Fix NodeTaints and NodeLabels return type for AzureManagedMachinePools (#4122, @nawazkh)
• Fix panic when reconciling private endpoints resources (#4014, @nojnhuh)
• Fix: Set correct host on private cluster with public fqdn disabled (#4225, @mihaiandreiratoiu)
• Fixed a bug causing ASO resources to potentially get stuck in a failed state (#4148, @nojnhuh)
• Fixed a bug causing some tags on ASO resources not to be deleted (#4149, @nojnhuh)
• Fixed a bug causing some updates to take effect significantly later than before (#4158, @nojnhuh)
• Fixed a bug causing transient errors in AzureManagedMachinePool reconciliation to requeue too aggressively (#4039, @nojnhuh)
• Fixed a bug disallowing certain valid updates to AzureManagedControlPlane with Azure CNI overlay enabled (#4097, @nojnhuh)
• Fixed a bug potentially causing finalizers not to be applied in some cases (#4211, @nojnhuh)
• Fixed a bug that caused AzureManagedMachinePools to endlessly reconcile Spot node pools when no spec.spotMaxPrice is set (#4126, @nojnhuh)
• Fixed a bug where AzureCluster's spec.networkSpec.vnet.resourceGroup was not always properly honored (#4191, @nojnhuh)
• IdentityRef is required on AzureManagedControlPlane Spec (#4201, @CecileRobertMichon)
• Replace Paid SKU tier with Standard (#4045, @maciaszczykm)
• Restore ClientID lookup for user-assigned IDs (#4064, @mboersma)
• Upload e2e.test in ci-build-kubernetes.sh (#4173, @marosset)
• Fix arm64 extension selection (#4018, @CecileRobertMichon)
• Fix containerd and systemd-resolved race condition in ipv6 templates (#4209, @CecileRobertMichon)

Other (Cleanup or Flake)

• ASO now manages managed clusters and agent pools. Custom headers no longer have any effect. (#4069, @nojnhuh)
• NAT Gateway service will use the ASO framework (#4059, @nawazkh)
• CAPZ now depends on ASO v2.4.0 (#4248, @nojnhuh)
• Update CAPI to v1.5.2 (#4041, @mboersma)
• Update CAPI to v1.5.3 (#4170, @mboersma)
• Use pkgs.k8s.io (#4090, @willie-yao)
• Webhook test for Azure Machine Defaulter webhook (#4096, @aniruddha2000)

Dependencies

Added

• github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/apimanagement/armapimanagement: v1.1.1
• github.com/antlr/antlr4/runtime/Go/antlr/v4: 8188dc5
• github.com/godbus/dbus/v5: v5.0.4
• github.com/google/gnostic-models: v0.6.8
• github.com/jackc/puddle/v2: v2.2.1
• github.com/matttproud/golang_protobuf_extensions/v2: v2.0.0

Changed

• cloud.google.com/go/firestore: v1.11.0 → v1.12.0
• cloud.google.com/go: v0.110.6 → v0.110.7
• github.com/Azure/azure-sdk-for-go/sdk/azcore: v1.7.2 → v1.9.0
• github.com/Azure/azure-sdk-for-go/sdk/azidentity: v1.3.1 → v1.4.0
• github.com/Azure/azure-sdk-for-go/sdk/internal: v1.3.0 → v1.5.0
• github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/appconfiguration/armappconfiguration: v1.0.0 → v1.1.1
• github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5: v5.1.0 → v5.2.0
• github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4: v4.3.0 → v4.4.0
• github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/iothub/armiothub: v1.1.1 → v1.2.0
• github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/keyvault/armkeyvault: v1.2.0 → v1.3.0
• github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v4: v4.1.0 → v4.2.0
• github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/search/armsearch: v1.1.0 → v1.2.0
• github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage: v1.0.0 → v1.4.0
• github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/subscription/armsubscription: v1.0.0 → v1.1.0
• github.com/Azure/azure-service-operator/v2: v2.3.0 → v2.4.0
• github.com/AzureAD/microsoft-authentication-library-for-go: v1.1.1 → v1.2.0
• github.com/benbjohnson/clock: v1.1.0 → v1.3.5
• github.com/coreos/go-semver: v0.3.0 → v0.3.1
• github.com/coreos/go-systemd/v22: v22.4.0 → v22.5.0
• github.com/cpuguy83/go-md2man/v2: v2.0.2 → v2.0.3
• github.com/creack/pty: v1.1.18 → v1.1.9
• github.com/docker/docker: v24.0.5+incompatible → v24.0.7+incompatible
• github.com/emicklei/go-restful/v3: v3.10.2 → v3.11.0
• github.com/evanphx/json-patch/v5: v5.6.0 → v5.7.0
• github.com/evanphx/json-patch: v5.6.0+incompatible → v5.7.0+incompatible
• github.com/fsnotify/fsnotify: v1.6.0 → v1.7.0
• github.com/go-logr/logr: v1.2.4 → v1.3.0
• github.com/go-openapi/jsonpointer: v0.19.6 → v0.20.0
• github.com/go-openapi/jsonreference: v0.20.1 → v0.20.2
• github.com/go-openapi/swag: v0.22.3 → v0.22.4
• github.com/go-sql-driver/mysql: v1.6.0 → v1.7.1
• github.com/golang/glog: v1.1.0 → v1.1.2
• github.com/google/cel-go: v0.12.6 → v0.16.1
• github.com/google/go-cmp: v0.5.9 → v0.6.0
• github.com/google/uuid: v1.3.1 → v1.4.0
• github.com/hashicorp/go-retryablehttp: v0.7.4 → v0.7.5
• github.com/imdario/mergo: v0.3.13 → v0.3.16
• github.com/jackc/pgx/v5: v5.3.1 → v5.5.0
• github.com/leanovate/gopter: v0.2.8 → v0.2.9
• github.com/onsi/ginkgo/v2: v2.12.0 → v2.13.1
• github.com/onsi/gomega: v1.27.10 → v1.30.0
• github.com/prometheus/client_golang: v1.16.0 → v1.17.0
• github.com/prometheus/client_model: v0.4.0 → v0.5.0
• github.com/prometheus/common: v0.44.0 → v0.45.0
• github.com/prometheus/procfs: v0.11.1 → v0.12.0
• github.com/spf13/cobra: v1.7.0 → v1.8.0
• go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc: v0.35.0 → v0.46.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc: v1.19.0 → v1.20.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace: v1.19.0 → v1.20.0
• go.opentelemetry.io/otel/exporters/prometheus: v0.40.0 → v0.43.0
• go.opentelemetry.io/otel/metric: v1.19.0 → v1.20.0
• go.opentelemetry.io/otel/sdk/metric: v0.40.0 → v1.20.0
• go.opentelemetry.io/otel/sdk: v1.19.0 → v1.20.0
• go.opentelemetry.io/otel/trace: v1.19.0 → v1.20.0
• go.opentelemetry.io/otel: v1.19.0 → v1.20.0
• go.uber.org/atomic: v1.9.0 → v1.10.0
• go.uber.org/goleak: v1.2.1 → v1.3.0
• go.uber.org/mock: v0.2.0 → v0.3.0
• go.uber.org/multierr: v1.8.0 → v1.11.0
• go.uber.org/zap: v1.24.0 → v1.25.0
• golang.org/x/crypto: v0.14.0 → v0.15.0
• golang.org/x/exp: bcd2187 → 7918f67
• golang.org/x/mod: v0.12.0 → v0.14.0
• golang.org/x/oauth2: v0.10.0 → v0.13.0
• golang.org/x/sync: v0.3.0 → v0.4.0
• golang.org/x/sys: v0.13.0 → v0.14.0
• golang.org/x/term: v0.13.0 → v0.14.0
• golang.org/x/text: v0.13.0 → v0.14.0
• golang.org/x/time: v0.3.0 → v0.4.0
• golang.org/x/tools: v0.12.0 → v0.14.0
• gomodules.xyz/jsonpatch/v2: v2.3.0 → v2.4.0
• google.golang.org/appengine: v1.6.7 → v1.6.8
• google.golang.org/genproto/googleapis/api: f966b18 → b8732ec
• google.golang.org/genproto/googleapis/rpc: f966b18 → b8732ec
• google.golang.org/genproto: f966b18 → b8732ec
• google.golang.org/grpc: v1.58.3 → v1.59.0
• gopkg.in/natefinch/lumberjack.v2: v2.0.0 → v2.2.1
• k8s.io/apimachinery: v0.27.2 → v0.28.3
• k8s.io/component-base: v0.27.2 → v0.28.3
• k8s.io/klog/v2: v2.90.1 → v2.110.1
• k8s.io/kms: v0.27.2 → v0.28.3
• sigs.k8s.io/controller-runtime: v0.15.1 → v0.16.3
• sigs.k8s.io/structured-merge-diff/v4: v4.2.3 → v4.3.0
• sigs.k8s.io/yaml: v1.3.0 → v1.4.0

Removed

Nothing has changed.