AKS 2019-03-07 release

The Azure Kubernetes Service (AKS) 2019-03-07 release contains bug fixes and a new version of the Azure Monitor for containers agent:

• The Azure Monitor for containers agent has been updated to 3.0.0-4 for newly built or upgraded clusters.

• The Azure CLI now properly defaults to N-1 for Kubernetes versions. For example, N is the latest (1.12) release; the CLI will correctly pick 1.11.x. When 1.13 is released, the default will move to 1.12.

• Bug fixes:

  • If a user exceeds quota during a scale operation, the Azure CLI will now correctly display "quota exceeded" instead of "deployment not found."
  • All AKS CRUD (put) operations now validate and confirm that user subscriptions have the needed quota to perform the operation. If a user does not, an error is correctly shown and the operation will not take effect.
  • All AKS-issued Kubernetes SSL certificates have had weak cipher support removed. All certificates should now pass security audits for BEAST and other vulnerabilities.
    • If you are using older clients that do not support TLS 1.2, you will need to upgrade those clients and associated SSL libraries to securely connect. Note that only Kubernetes 1.10 and later support the new certificates. Existing certificates will not be updated, because this would revoke all user access. To get the updated certificates, you will need to create a new AKS cluster.
  • Clusters that enter a failed state due to upgrade issues will now allow users to reattempt to upgrade or will throw an error message with instructions.
  • Clusters that are in the process of upgrading or in failed upgrade state will attempt to re-execute the upgrade or throw an obvious error message.

• The preview feature for Calico/Network Security Policies has been updated to repair a bug where IP forwarding was not enabled by default.

• The cachingmode: ReadOnly flag was not always being correctly applied to the managed premium storage class. This has been resolved.