v1.36.0
Full Changelog: v1.35.0..v1.36.0
Changes by Kind
Feature
- ACR credential provider now supports KSA-based authentication with identity bindings. Configure via: –ib-sni-name, –ib-apiserver-ip, –ib-default-client-id, –ib-default-tenant-id. (#9907, @qweeah)
- Feat: support AllowCrossTenantReplication in AccountOptions (#10148, @andyzhangx)
- Support config-gated in-place mutation of FirstPartyUsage IP tags on existing public IPs via
enableIPTagMutationForExistingPublicIPconfig flag, avoiding unnecessary IP address changes and service disruption when theservice.beta.kubernetes.io/azure-pip-ip-tagsannotation changes. (#10133, @nilo19) - The build system now auto-detects and supports podman as the container CLI. When podman is available it is used for image build, push, and manifest operations. Set CONTAINER_CLI=docker to force docker usage. (#10108, @nilo19)
Bug or Regression
Chore: bump acr refresh token cache TTL to avoid acr throttling issue (#9974, @mainred)
Fix(multi-slb): support IP sharing across multiple services
When a service specifies an IP address that already exists on a load balancer, the service is now placed on that load balancer instead of picking one with the fewest rules, provided the service is eligible for that load balancer. The load balancer configuration annotation cannot be combined with an IP specification. Migration to a different load balancer is blocked if the frontend IP is still referenced by other resources.
Switching internal/external issues (10050 and 10117) will be fixed in another change. (#9937, @Liunardy)
Fix(multi-slb): support switching internal/external when IP sharing across multiple services
Correctly clean up stale rules and probes when services sharing a frontend IP switch between external and internal in multi-SLB mode. (#10211, @Liunardy)
Fix: PrivateEndpointNetworkPolicies setting issue (#9980, @andyzhangx)
Fix: network isolated clusters should always use managed identity credential (#9841, @norshtein)
Fix: route standalone VM providerID/ipConfigID to availability set handler instead of unconditionally assuming VMSS when DisableAvailabilitySetNodes is true (#10194, @andyzhangx)
Dependencies
Added
- buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go: 8976f5b
- buf.build/go/protovalidate: v0.12.0
- github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v7: v7.3.0
- github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v9: v9.0.0
- k8s.io/streaming: v0.36.0
Changed
- cel.dev/expr: v0.24.0 → v0.25.1
- cloud.google.com/go/compute/metadata: v0.7.0 → v0.9.0
- github.com/Azure/azure-sdk-for-go/sdk/azcore: v1.20.0 → v1.21.1
- github.com/Azure/azure-sdk-for-go/sdk/internal: v1.11.2 → v1.12.0
- github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp: v1.29.0 → v1.30.0
- github.com/cncf/xds/go: 2ac532f → ee656c7
- github.com/coreos/go-oidc: v2.3.0 → v2.5.0
- github.com/coreos/go-systemd/v22: v22.6.0 → v22.7.0
- github.com/envoyproxy/go-control-plane: v0.13.4 → v0.14.0
- github.com/envoyproxy/go-control-plane/envoy: v1.32.4 → v1.36.0
- github.com/envoyproxy/protoc-gen-validate: v1.2.1 → v1.3.0
- github.com/go-jose/go-jose/v4: v4.1.1 → v4.1.3
- github.com/google/pprof: f64d9cf → 294ebfa
- github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus: v1.0.1 → v1.1.0
- github.com/grpc-ecosystem/go-grpc-middleware/v2: v2.3.0 → v2.3.3
- github.com/grpc-ecosystem/grpc-gateway/v2: v2.27.2 → v2.27.7
- github.com/moby/spdystream: v0.5.0 → v0.5.1
- github.com/onsi/ginkgo/v2: v2.27.3 → v2.28.1
- github.com/onsi/gomega: v1.38.3 → v1.39.1
- github.com/prometheus/common: v0.67.4 → v0.67.5
- github.com/spiffe/go-spiffe/v2: v2.5.0 → v2.6.0
- go.etcd.io/etcd/api/v3: v3.6.5 → v3.6.8
- go.etcd.io/etcd/client/pkg/v3: v3.6.5 → v3.6.8
- go.etcd.io/etcd/client/v3: v3.6.5 → v3.6.8
- go.etcd.io/etcd/pkg/v3: v3.6.5 → v3.6.8
- go.etcd.io/etcd/server/v3: v3.6.5 → v3.6.8
- go.opentelemetry.io/contrib/detectors/gcp: v1.36.0 → v1.39.0
- go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc: v0.62.0 → v0.65.0
- go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp: v0.62.0 → v0.65.0
- go.opentelemetry.io/otel: v1.39.0 → v1.43.0
- go.opentelemetry.io/otel/exporters/otlp/otlptrace: v1.37.0 → v1.40.0
- go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc: v1.37.0 → v1.40.0
- go.opentelemetry.io/otel/metric: v1.39.0 → v1.43.0
- go.opentelemetry.io/otel/sdk: v1.39.0 → v1.43.0
- go.opentelemetry.io/otel/sdk/metric: v1.39.0 → v1.43.0
- go.opentelemetry.io/otel/trace: v1.39.0 → v1.43.0
- go.opentelemetry.io/proto/otlp: v1.7.1 → v1.9.0
- go.uber.org/zap: v1.27.0 → v1.27.1
- golang.org/x/crypto: v0.46.0 → v0.50.0
- golang.org/x/exp: df92998 → 944ab1f
- golang.org/x/mod: v0.30.0 → v0.34.0
- golang.org/x/net: v0.48.0 → v0.53.0
- golang.org/x/oauth2: v0.32.0 → v0.34.0
- golang.org/x/sync: v0.19.0 → v0.20.0
- golang.org/x/sys: v0.39.0 → v0.43.0
- golang.org/x/term: v0.38.0 → v0.42.0
- golang.org/x/text: v0.32.0 → v0.36.0
- golang.org/x/time: v0.14.0 → v0.15.0
- golang.org/x/tools: v0.39.0 → v0.43.0
- google.golang.org/genproto/googleapis/api: ef028d9 → 8636f87
- google.golang.org/genproto/googleapis/rpc: ef028d9 → 8636f87
- google.golang.org/grpc: v1.75.0 → v1.79.3
- google.golang.org/protobuf: v1.36.10 → f2248ac
- k8s.io/api: v0.35.0 → v0.36.0
- k8s.io/apimachinery: v0.35.0 → v0.36.0
- k8s.io/apiserver: v0.35.0 → v0.36.0
- k8s.io/client-go: v0.35.0 → v0.36.0
- k8s.io/cloud-provider: v0.35.0 → v0.36.0
- k8s.io/component-base: v0.35.0 → v0.36.0
- k8s.io/component-helpers: v0.35.0 → v0.36.0
- k8s.io/controller-manager: v0.35.0 → v0.36.0
- k8s.io/klog/v2: v2.130.1 → v2.140.0
- k8s.io/kms: v0.35.0 → v0.36.0
- k8s.io/kube-openapi: 589584f → 43fb72c
- k8s.io/kubelet: v0.35.0 → v0.36.0
- k8s.io/utils: bc988d5 → b8788ab
- sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.33.0 → v0.34.0
- sigs.k8s.io/cloud-provider-azure/pkg/azclient: v0.13.0 → v0.18.0
- sigs.k8s.io/structured-merge-diff/v6: v6.3.0 → v6.3.2