Azure
diff --git a/‎CHANGELOG.md
+50 b/‎CHANGELOG.md
+50
diff --git a/‎README.md
-19 b/‎README.md
-19
@@ -1,5 +1,55 @@
 # Azure Kubernetes Service Changelog
 
+## Release 2025-01-06
+
+Monitor the release status by regions at [AKS-Release-Tracker](https://releases.aks.azure.com/). This release is titled as `v20250106`.
+
+### Announcements
+* AKS Kubernetes version 1.28 is deprecated by Jan 30, 2025. Kindly upgrade your clusters to 1.29 version or above. Refer to [version support policy](https://learn.microsoft.com/azure/aks/supported-kubernetes-versions?tabs=azure-cli#kubernetes-version-support-policy) and [upgrading a cluster](https://learn.microsoft.com/azure/aks/upgrade-aks-cluster?tabs=azure-cli) for more information.
+
+### Release Notes
+* Features:
+  * AKS Kubernetes version 1.31 is now in GA.
+  * AKS Kubernetes patch versions 1.29.11, 1.30.7, 1.31.2, and 1.31.3 are now available.
+  * AKS LTS version 1.27.101 available in all regions since December 2024. This patches the kubelet [CVE-2024-10220](https://nvd.nist.gov/vuln/detail/CVE-2024-10220)
+  * [Advanced Container Networking Service](https://learn.microsoft.com/azure/aks/advanced-container-networking-services-overview?tabs=cilium) (ACNS) is Generally Available.
+   
+* Preview features:
+  * SeccompDefault is now an available parameter in custom node configuration. For more information on enabling seccomp profiles, see [Secure container access to resources](https://learn.microsoft.com/azure/aks/secure-container-access).
+
+* Behavior change:
+  * [Invalid values sent to the Azure AKS API for the properties.mode field of AKS AgentPools will now be rejected](https://github.com/Azure/AKS/issues/4468). Prior to this change, unknown modes were assumed to be User. The only valid values for this field are the (case-sensitive) strings: "User", "System", or "Gateway".
+  * AKS no longer supports the [GPU image (preview)](https://github.com/Azure/AKS/issues/4472) to provision GPU-enabled AKS nodes. Alternative options that are supported today and recommended by AKS include the default experience with manual NVIDIA device plugin installation or the NVIDIA GPU Operator, detailed in [AKS GPU node pool documentation](https://learn.microsoft.com/azure/aks/gpu-cluster?tabs=add-ubuntu-gpu-node-pool#confirm-that-gpus-are-schedulable).
+  * [Kubernetes version 1.32 is the last version that supports Windows Server 2019](https://github.com/Azure/AKS/issues/4268). You will not be able to create new or upgrade existing Windows Server 2019 node pools in AKS versions 1.33+. Follow the detailed steps [in AKS documentation](https://aka.ms/aks/ws2019-migration) to transition to Windows Server 2022 or any newly supported Windows Server version by that date. After 1 March 2026, Windows Server 2019 won't be supported.
+  * New API throttling limit has been added to [PutManagedCluster](https://learn.microsoft.com/rest/api/aks/managed-clusters?view=rest-aks-2024-09-01) API for AKS. Please see [AKS resource provider throttling limits](aka.ms/aks/throttling) for more details.
+ 
+* Bug Fix: 
+  * GPU bootstrapping issue impacting GPU provisioning with Node Auto Provision has been fixed. Refer [Github issue](https://github.com/Azure/karpenter-provider-azure/pull/587) for more details.
+  * Fixed an issue in v1.31 where Cluster Autoscaler did not respond to external changes in Spot VMSS based nodepool's node count (e.g., evictions), leading to scale-up failures. Refer [Github Issue 7373](https://github.com/kubernetes/autoscaler/issues/7373) for more details.
+  * Resolved an issue [(NotFound error message)](https://learn.microsoft.com/en-us/azure/azure-resource-manager/troubleshooting/error-not-found?tabs=bicep#symptoms) when querying a VM which has been deleted, which results in the NodeClaim being stuck in notReady state resulting in the NodeClaim not being deleted.
+  * Fixed the windows nodes CNS pods restarting [Github issue](https://github.com/Azure/AKS/issues/4679) observed in clusters running on AKS +v1.27 Kubernetes version.
+    
+* Component updates:
+  * Tigera operator image version has been bumped to [v1.34.7](https://github.com/tigera/operator/releases/tag/v1.34.7) with this release, for clusters running Kubernetes version (and including) v1.30.0. This patches the following CVEs detected in the tigera operator - [CVE-2021-3999](https://nvd.nist.gov/vuln/detail/CVE-2021-3999), [CVE-2020-1751](https://nvd.nist.gov/vuln/detail/CVE-2020-1751), [CVE-2019-19126](https://nvd.nist.gov/vuln/detail/CVE-2019-19126), [CVE-2021-35942](https://nvd.nist.gov/vuln/detail/CVE-2021-35942), [CVE-2020-1752](https://nvd.nist.gov/vuln/detail/CVE-2020-1752), [CVE-2020-10029](https://nvd.nist.gov/vuln/detail/CVE-2020-10029), [CVE-2019-9169](https://nvd.nist.gov/vuln/detail/CVE-2019-9169), [CVE-2020-6096](https://nvd.nist.gov/vuln/detail/CVE-2020-6096), [CVE-2021-38604](https://nvd.nist.gov/vuln/detail/CVE-2021-38604), [CVE-2018-19591](https://nvd.nist.gov/vuln/detail/CVE-2018-19591), [CVE-2018-20796](https://nvd.nist.gov/vuln/detail/CVE-2018-20796), [CVE-2019-9192](https://nvd.nist.gov/vuln/detail/CVE-2019-9192), [CVE-2021-3326](https://nvd.nist.gov/vuln/detail/CVE-2021-3326), [CVE-2019-6488](https://nvd.nist.gov/vuln/detail/CVE-2019-6488), [CVE-2016-10739](https://nvd.nist.gov/vuln/detail/CVE-2016-10739), [CVE-2019-7309](https://nvd.nist.gov/vuln/detail/CVE-2019-7309), [CVE-2022-23219](https://nvd.nist.gov/vuln/detail/CVE-2022-23219), [CVE-2022-23218](https://nvd.nist.gov/vuln/detail/CVE-2022-23218), [CVE-2019-25013](https://nvd.nist.gov/vuln/detail/CVE-2019-25013), [CVE-2020-27618](https://nvd.nist.gov/vuln/detail/CVE-2020-27618).
+  * Azure Disks CSI driver version has been bumped to [v1.30.6](https://github.com/kubernetes-sigs/azuredisk-csi-driver/releases/tag/v1.30.6) for AKS clusters running AKS Kubernetes version +v1.30. This patches the following CVEs - [CVE-2024-51744](https://nvd.nist.gov/vuln/detail/CVE-2024-51744), [CVE-2024-50602](https://nvd.nist.gov/vuln/detail/CVE-2024-50602), [CVE-2024-9143](https://nvd.nist.gov/vuln/detail/CVE-2024-9143), [CVE-2019-11255](https://nvd.nist.gov/vuln/detail/CVE-2019-11255)
+  * Bumping the Azure CNI version from v1.4.56 to v1.4.58. This patches the CVE regarding grpc 1.52.0 dependencies - [CVE-2023-2976](https://nvd.nist.gov/vuln/detail/CVE-2023-2976), [CVE-2020-8908](https://nvd.nist.gov/vuln/detail/CVE-2020-8908)
+  * Cilium container image version bumped to [v1.14.15-241024](https://github.com/cilium/cilium/releases/tag/v1.14.15) for AKS clusters running k8s version greater than v1.29.
+  * AKS Azure Linux v2 image has been updated to [202501.12.0](vhd-notes/AzureLinux/202501.12.0.txt)
+  * AKS Azure Linux v3 image has been updated to [202501.05.0](vhd-notes/Azurelinuxv3/202501.05.0.txt)
+  * AKS Ubuntu 22.04 node image has been updated to [202501.12.0](vhd-notes/aks-ubuntu/AKSUbuntu-2204/202501.12.0.txt)
+  * AKS Windows Server 2022 image has been updated to [v20348.2966.241218](vhd-notes/AKSWindows/2022/20348.2966.241218.txt)
+  * AKS Windows Server 2019 image has been updated to [17763.6659.241226](vhd-notes/AKSWindows/2019/17763.6659.241226.txt)
+  * AKS Windows Server 23H2 image has been updated to [25398.1308.241226](vhd-notes/AKSWindows/23H2/25398.1308.241226.txt)
+  * App routing operator updated to [0.2.1-patch-6 ](https://github.com/Azure/aks-app-routing-operator/releases/tag/v0.2.1-patch-6)for K8s < 1.30 and which upgrades external-dns to version [0.15.0](https://github.com/kubernetes-sigs/external-dns/releases/tag/v0.15.0) fixing a number of CVEs  ([CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325), [GHSA-m425-mq94-257g](https://github.com/advisories/GHSA-m425-mq94-257g), [CVE-2024-24790](https://nvd.nist.gov/vuln/detail/CVE-2024-24790), [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325), [CVE-2023-45283](https://nvd.nist.gov/vuln/detail/CVE-2023-45283), [CVE-2023-45288](https://nvd.nist.gov/vuln/detail/CVE-2023-45288), [CVE-2024-34156](https://nvd.nist.gov/vuln/detail/CVE-2024-34156))
+  * App routing operator updated to [0.2.3-patch-3](https://github.com/Azure/aks-app-routing-operator/releases/tag/v0.2.3-patch-3) for K8s +1.30 which fixes an issue where Open Service Mesh would not reload correctly on Nginx deployment updates. The Prometheus metrics endpoint has now been moved to a separate Service called nginx-metrics behind a ClusterIP. Prometheus scraping will continue to work as expected.
+  * Cost-analysis-agent image upgraded from v0.0.18 to v0.0.19. this upgrades the [golang-jwt](https://pkg.go.dev/github.com/golang-jwt/jwt/v4) dependency in cost-analysis-agent to patch [CVE-2024-51744](https://nvd.nist.gov/vuln/detail/CVE-2024-51744)
+  * [Promtheus collector](https://github.com/Azure/prometheus-collector/blob/main/RELEASENOTES.md) for Azure Monitor managed service for Prometheus addon version bumped from 6.10.1-main-10-04-2024-77dcfe3d to 6.11.0-main-10-21-2024-91ec49e3. This fixes a bug where the minimal ingestion profile keep list was not being honored.
+  * Application Gateway ingress controller addon version bumped from 1.7.4 to 1.7.6 for clusters with AKS Kubernetes version greater than or equal to 1.27. please find more details [here](https://github.com/Azure/application-gateway-kubernetes-ingress/releases/tag/1.7.6)
+  * Retina enterprise and operator image version bumped to [v0.1.3](https://github.com/azure-networking/retina-enterprise/releases/tag/v0.1.3). This resolves the following CVEs - [CVE-2024-37307](https://nvd.nist.gov/vuln/detail/CVE-2024-37307), [CVE-2024-42486](https://nvd.nist.gov/vuln/detail/CVE-2024-42486), [CVE-2024-42487](https://nvd.nist.gov/vuln/detail/CVE-2024-42487), [CVE-2024-42488](https://nvd.nist.gov/vuln/detail/CVE-2024-42488), [CVE-2024-47825](https://nvd.nist.gov/vuln/detail/CVE-2024-47825), and [CVE-2023-45288](https://nvd.nist.gov/vuln/detail/CVE-2023-45288) and changes for high-level filtering of some metric labels. This results in less irrelevant metric collection which can affect clusters at a large scale.
+  * Retina basic image version bumped to [v0.0.17](https://github.com/microsoft/retina/releases/tag/v0.0.17) which patches the following CVEs: [CVE-2024-37307](https://nvd.nist.gov/vuln/detail/CVE-2024-37307), [CVE-2024-42486](https://nvd.nist.gov/vuln/detail/CVE-2024-42486), [CVE-2024-42487](https://nvd.nist.gov/vuln/detail/CVE-2024-42487), [CVE-2024-42488](https://nvd.nist.gov/vuln/detail/CVE-2024-42488), [CVE-2024-47825](https://nvd.nist.gov/vuln/detail/CVE-2024-47825), and [CVE-2023-45288](https://nvd.nist.gov/vuln/detail/CVE-2023-45288). This also changes for high-level filtering of some metric labels. This results in less irrelevant metric collection which can affect clusters at a large scale
+  * NPM image version bumped to [v1.5.39](https://github.com/Azure/azure-container-networking/releases/tag/v1.5.39) to fix potential connectivity issues for clusters with "azure" network policy manager on nodes with high scale of iptables rules and [CVE-2024-34155](https://nvd.nist.gov/vuln/detail/CVE-2024-34155), [CVE-2024-34156](https://nvd.nist.gov/vuln/detail/CVE-2024-34156), and [CVE-2024-34158](https://nvd.nist.gov/vuln/detail/CVE-2024-34158)
+  * Istio-based service mesh add-on revision asm-1-23 has been upgraded to patch [v1.23.4](https://istio.io/latest/news/releases/1.23.x/announcing-1.23.4/), revision asm-1-22 has been upgraded to patch [v1.22.7](https://istio.io/latest/news/releases/1.22.x/announcing-1.22.7/), and revision asm-1-22 has been upgraded to patch [v1.22.3](https://istio.io/latest/news/releases/1.22.x/announcing-1.22.3). Users can restart the workload pods to trigger re-injection of the newer patch version of istio-proxy. More information can be found [here](https://learn.microsoft.com/azure/aks/istio-upgrade#patch-version-upgrade). Vulnerability [CVE-2024-41110](https://nvd.nist.gov/vuln/detail/CVE-2024-41110) and [CVE-2024-53271](https://nvd.nist.gov/vuln/detail/CVE-2024-53271) has been addressed in the patch version 1.23.4 and 1.22.7.
+
 ## Release 2024-10-25
 
 Monitor the release status by regions at [AKS-Release-Tracker](https://releases.aks.azure.com/). This release is titled as `v20241025`.
 
@@ -66,23 +66,4 @@ this repository must:
 [1]: https://azure.microsoft.com/support/options/
 [2]: https://docs.microsoft.com/azure/aks/support-policies
 
-## Hiring
-### PM
-#### Australia/New Zealand
-* [Senior Technical Program Manager - Kubernetes Networking](https://jobs.careers.microsoft.com/global/en/share/1691905/)
-* [Technical Program Manager - Kubernetes Networking](https://jobs.careers.microsoft.com/global/en/share/1691890/)
-
-### Engineering
-#### US
-
-#### Australia/New Zealand
-* [Principal Software Engineer Manager](https://jobs.careers.microsoft.com/global/en/job/1711880/Principal-Software-Engineer-Manager)
-* [Principal Software Engineer](https://jobs.careers.microsoft.com/global/en/job/1712342/Principal-Software-Engineer)
-* [Senior Software Engineer](https://jobs.careers.microsoft.com/global/en/job/1711660/Senior-Software-Engineer)
-* [Software Engineer II](https://jobs.careers.microsoft.com/global/en/job/1711291/Software-Engineer-II)
-
-#### Ireland
-* [Principal Software Engineer](https://jobs.careers.microsoft.com/global/en/share/1685977)
-* [Senior Software Engineer](https://jobs.careers.microsoft.com/global/en/share/1685498)
-* [Software Engineer](https://jobs.careers.microsoft.com/global/en/share/1685937)