Update CHANGELOG with kernel lockdown change for Azure Linux#5737
Open
flora-taagen wants to merge 2 commits intoAzure:masterfrom
Open
Update CHANGELOG with kernel lockdown change for Azure Linux#5737flora-taagen wants to merge 2 commits intoAzure:masterfrom
flora-taagen wants to merge 2 commits intoAzure:masterfrom
Conversation
Added a note about disabling kernel lockdown by default for Azure Linux on AKS, allowing installation of custom GPU drivers.
Contributor
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Updates the changelog to document the planned default behavior change for Azure Linux on AKS regarding kernel lockdown, and its impact on custom GPU driver installation.
Changes:
- Added a changelog entry noting Azure Linux on AKS will disable kernel lockdown by default.
- Linked to a tracking issue for additional details.
RishiMody7
reviewed
Apr 27, 2026
| * Starting with Kubernetes 1.34, clusters using [Azure CNI Powered by Cilium](https://learn.microsoft.com/azure/aks/azure-cni-powered-by-cilium) include a new AKS-managed `cilium-fluent-bit` component to improve Cilium supportability. | ||
| * The `noProxy` validation for [HTTP proxy configuration](https://learn.microsoft.com/azure/aks/http-proxy) has been relaxed. The updated validation only runs upon changes to the `noProxy` field and uses a less strict regex, unblocking customers with non-standard `noProxy` entries. | ||
| * When using [HTTP Proxy](https://aka.ms/aks/http-proxy), you can't add more than 20 Trusted CA Certificates. See [HTTP Proxy limitations](https://aka.ms/aks/http-proxy) for more information. | ||
| * Going forward, Azure Linux on AKS will disable kernel lockdown by default. This change enables AKS customers to install custom GPU drivers when using Azure Linux 3.0. See [Disable kernel lockdown mode for Azure Linux](https://github.com/Azure/AKS/issues/5735) for more details. |
There was a problem hiding this comment.
If a customer does want to enable the lockdown, is that process documented?
Contributor
Author
There was a problem hiding this comment.
We will still allow customers to enable lockdown on TL scenarios. For TL, the Azure Linux 3.0 kernel will automatically enable kernel lockdown when Secure Boot is detected via an out-of-tree (OOT) patch.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Added a note about disabling kernel lockdown by default for Azure Linux on AKS, allowing installation of custom GPU drivers.