Skip to content

Releases: mspnp/aks-baseline-regulated

v1.30.0.0

22 Nov 20:38
d4e3fc1
Compare
Choose a tag to compare

Implementation updates

  • Enable AKS network observability, including Azure Monitor workspace and managed Prometheus resources - #101
  • Align resource group and resource locations - #99
  • Update AKS to v1.30 - #96
  • Update nginx to v1.11.3 - #102
  • Mark X.509 certificate Bicep parameter as @secure - #95
  • Minor Bicep improvements
  • Deprecate kured

Walkthrough updates

  • Update container image scanning walkthrough steps to align with latest Azure portal updates - #98
  • Remove examples of sensitive strings - #100
  • Update supported Azure CLI version - #86
  • Minor updates for style and branding - #93 and #94
  • Add SECURITY.md file - #97

v1.26.0.0

31 Mar 15:14
1a07b54
Compare
Choose a tag to compare

Implementation updates

  • Migrated from Azure AD Pod Identity to Workload Identity - #66
  • Replaced OSS implementation of Flux with AKS Flux extension - #71
  • Updated AKS to 1.26 - #75 & #82
  • Updated kured - #76
  • Updated to latest Azure monitoring config - #76
  • Updated nginx to 1.6.4 - #77 & #80
  • Updated falco to 0.33.1 - #78
  • Enabled syslog capture - #84 & #85

Walkthrough updates

  • Used role assignments instead of Key Vault policies for out-of-band certificate management - #67

v1.23.12.0

21 Oct 20:46
4680d4a
Compare
Choose a tag to compare

Implementation updates

  • Updated resource providers in cluster stamp to latest API versions - #65
  • Enabled zone redundancy in Azure Container Registry - #65
  • Updated to AKS 1.23.12 - #65
  • Fixed a 🐛 introduced in v1.23.3.0 where networking components were misconfigured - #65 (HT: @ferantivero)
  • Migrate cluster resources to bicep - #65

Walkthrough updates

None.

v1.23.3.0

15 Sep 16:19
1991374
Compare
Choose a tag to compare
⚠️ Please do not use this version, as a networking bug was introduced. See v1.23.12.0 or newer instead.

Implementation updates

  • Updated nginx ingress controller version - #59
  • Updated Open Service Mesh config - #59
  • Updated to AKS 1.23.3 - #60
  • Updated Application Gateway subnet to align with product recommendations - #60
  • Update Kured to 1.9.2 - #60
  • Migrate subscription deployment to bicep - #62
  • Migrate networking deployments to bicep - #63

Walkthrough updates

  • Update to reflect the jumpbox process has been moved to bicep. - #58
  • Pulling kube-webhook-certgen from GCR instead of docker.io - #61
  • Updates for the breaking az ad changes - #64

v1.22.4.1

26 Jan 19:46
8a5978e
Compare
Choose a tag to compare

Implementation Updates

  • Replaced Microsoft Defender for container registries and Microsoft Defender for Kubernetes with Microsoft Defender for Containers - #57

Walkthrough Updates

  • no changes

v1.22.4.0

28 Dec 20:39
4b53bad
Compare
Choose a tag to compare

Implementation Updates

  • Updated to AKS 1.22.4 - #55
  • Updated to nginx 1.1.0 (required for Kubernetes 1.22) - #55
  • Updated the SecretProviderClass for ingress controller cert to GA'd version - #55
  • Update to latest kured - #53

Walkthrough Updates

  • Better handling of common network watcher RG naming patterns - #55
  • Remove preview feature registration instructions for those features that have shipped - #54

v1.21.2.3

14 Dec 21:18
847831f
Compare
Choose a tag to compare

Implementation Updates

  • Allowed Virtual Network Gateways in the hub resource group - #38
  • Use some of the added resource tagging functionality - #39
  • Enabled paid SLA by default - #40
  • Add SAN and Key Usage extensions to self-signed, browser-facing cert for better support - #40
  • Updated Microsoft.Insights/scheduledQueryRules API to latest - #47, #51
  • Updated providers/diagnosticSettings to latest to support log category groups (such as on Azure Firewall) - #48, #49
  • Fixed issue where kubectl wasn't installing on the jumpbox due to a recent FQDN change by GitHub which required a firewall rule change - #49
  • Updated to latest Open Service Mesh config format and implement new required IngressBackend resource for mesh ingress - #52 (HT: @cwash05)

Walkthrough Updates

  • Added some draw.io versions of the diagrams for easy reference - #41 (HT: @dcasati)
  • Minor quality of life improvements throughout - #40, #42 (HT: @thepaulmacca), #45

v1.21.2.2

26 Aug 17:31
2e38a02
Compare
Choose a tag to compare

v1.21.2.1

23 Aug 21:07
66cb028
Compare
Choose a tag to compare
  • Explicitly set public DNS for private cluster to disabled - #31
  • Updated all PodDisruptionBudget resources to v1 now that it's GA in 1.21 - #32
  • Azure Policy for "Require HTTPS ingress" now demands a redirect annotation for nginx, added it. - #32
  • Open Service Mesh 0.9.x now uses a different config system than 0.8.x did, updated to the new system. - #33
  • Added Prometheus metric scraping to nginx ingress controller and updated saved query to no loner reference Traefik metrics (Fixes #26) - #34
  • Updated nginx ingress controller to latest release - #35
  • Updated Falco to latest release - #36

v1.21.2.0

03 Aug 15:28
191ba3d
Compare
Choose a tag to compare
  • Update to AKS 1.21.2 - #28
  • Remove node pools from NTP allowance in the FW as that is no longer required (chronyd sources from host) - #28
  • Restrict jumpbox NTP usage to just ntp.ubuntu.com - #28