Releases: mspnp/aks-baseline-regulated
Releases · mspnp/aks-baseline-regulated
v1.30.0.0
Implementation updates
- Enable AKS network observability, including Azure Monitor workspace and managed Prometheus resources - #101
- Align resource group and resource locations - #99
- Update AKS to v1.30 - #96
- Update nginx to v1.11.3 - #102
- Mark X.509 certificate Bicep parameter as
@secure
- #95 - Minor Bicep improvements
- Deprecate kured
Walkthrough updates
v1.26.0.0
Implementation updates
- Migrated from Azure AD Pod Identity to Workload Identity - #66
- Replaced OSS implementation of Flux with AKS Flux extension - #71
- Updated AKS to 1.26 - #75 & #82
- Updated kured - #76
- Updated to latest Azure monitoring config - #76
- Updated nginx to 1.6.4 - #77 & #80
- Updated falco to 0.33.1 - #78
- Enabled syslog capture - #84 & #85
Walkthrough updates
- Used role assignments instead of Key Vault policies for out-of-band certificate management - #67
v1.23.12.0
Implementation updates
- Updated resource providers in cluster stamp to latest API versions - #65
- Enabled zone redundancy in Azure Container Registry - #65
- Updated to AKS 1.23.12 - #65
- Fixed a 🐛 introduced in v1.23.3.0 where networking components were misconfigured - #65 (HT: @ferantivero)
- Migrate cluster resources to bicep - #65
Walkthrough updates
None.
v1.23.3.0
Please do not use this version, as a networking bug was introduced. See v1.23.12.0 or newer instead. |
---|
Implementation updates
- Updated nginx ingress controller version - #59
- Updated Open Service Mesh config - #59
- Updated to AKS 1.23.3 - #60
- Updated Application Gateway subnet to align with product recommendations - #60
- Update Kured to 1.9.2 - #60
- Migrate subscription deployment to bicep - #62
- Migrate networking deployments to bicep - #63
Walkthrough updates
v1.22.4.1
v1.22.4.0
v1.21.2.3
Implementation Updates
- Allowed Virtual Network Gateways in the hub resource group - #38
- Use some of the added resource tagging functionality - #39
- Enabled paid SLA by default - #40
- Add SAN and Key Usage extensions to self-signed, browser-facing cert for better support - #40
- Updated
Microsoft.Insights/scheduledQueryRules
API to latest - #47, #51 - Updated
providers/diagnosticSettings
to latest to support log category groups (such as on Azure Firewall) - #48, #49 - Fixed issue where kubectl wasn't installing on the jumpbox due to a recent FQDN change by GitHub which required a firewall rule change - #49
- Updated to latest Open Service Mesh config format and implement new required
IngressBackend
resource for mesh ingress - #52 (HT: @cwash05)
Walkthrough Updates
v1.21.2.2
v1.21.2.1
- Explicitly set public DNS for private cluster to disabled - #31
- Updated all
PodDisruptionBudget
resources to v1 now that it's GA in 1.21 - #32 - Azure Policy for "Require HTTPS ingress" now demands a redirect annotation for nginx, added it. - #32
- Open Service Mesh 0.9.x now uses a different config system than 0.8.x did, updated to the new system. - #33
- Added Prometheus metric scraping to nginx ingress controller and updated saved query to no loner reference Traefik metrics (Fixes #26) - #34
- Updated nginx ingress controller to latest release - #35
- Updated Falco to latest release - #36