Update CHANGELOG.md#5820
Open
wdarko1 wants to merge 4 commits into
Open
Conversation
Add NAP related updated for Machine API Integration
Clarified Node Auto Provisioning (NAP) changes regarding machine manager role and deletion policies in the changelog.
Contributor
There was a problem hiding this comment.
Pull request overview
Updates the AKS changelog to document new Node Auto Provisioning (NAP) capabilities and behavioral changes related to Machine API integration, so customers can understand new supported scenarios and upcoming cluster behavior changes.
Changes:
- Added NAP feature notes for custom Linux OS settings and AMD GPU SKU support via
AKSNodeClass. - Added NAP behavioral changes covering label restrictions, Machine API representation, subnet/identity constraints, and upcoming node naming changes.
| * AKS now allows migration from the `managedNATGatewayV2` outbound type to the `block` and `none` outbound types, supporting [network-isolated cluster](https://learn.microsoft.com/azure/aks/concepts-network-isolated) scenarios. Migration to other outbound types remains blocked. | ||
| * AKS now validates pod CIDR ranges during cluster create and update for kubenet and [Azure CNI Overlay](https://learn.microsoft.com/azure/aks/azure-cni-overlay) clusters. Clusters can no longer be created or updated with a pod CIDR that overlaps with reserved IP ranges (`172.30.0.0/16`, `172.31.0.0/16`), preventing potential in-cluster networking failures. Existing clusters with an overlapping pod CIDR are unaffected. See [CNI prerequisites](https://learn.microsoft.com/azure/aks/concepts-network-cni-overview#prerequisites). | ||
| * AKS now rejects [Calico NPM and Azure NPM](https://learn.microsoft.com/azure/aks/use-network-policies) install and uninstall operations on clusters running Kubernetes versions earlier than 1.30. Requests are rejected at the API level with a descriptive error directing customers to upgrade to a newer supported Kubernetes version before retrying. Existing clusters already using Calico NPM or Azure NPM are unaffected. | ||
| * Use of specific labels for AKS nodes are prohibited from user-input, including "agentpool", "storageprofile", storagetier", "accelerator", and labels with a prefix of "kubernetes.azure.com". |
| * AKS now validates pod CIDR ranges during cluster create and update for kubenet and [Azure CNI Overlay](https://learn.microsoft.com/azure/aks/azure-cni-overlay) clusters. Clusters can no longer be created or updated with a pod CIDR that overlaps with reserved IP ranges (`172.30.0.0/16`, `172.31.0.0/16`), preventing potential in-cluster networking failures. Existing clusters with an overlapping pod CIDR are unaffected. See [CNI prerequisites](https://learn.microsoft.com/azure/aks/concepts-network-cni-overview#prerequisites). | ||
| * AKS now rejects [Calico NPM and Azure NPM](https://learn.microsoft.com/azure/aks/use-network-policies) install and uninstall operations on clusters running Kubernetes versions earlier than 1.30. Requests are rejected at the API level with a descriptive error directing customers to upgrade to a newer supported Kubernetes version before retrying. Existing clusters already using Calico NPM or Azure NPM are unaffected. | ||
| * Use of specific labels for AKS nodes are prohibited from user-input, including "agentpool", "storageprofile", storagetier", "accelerator", and labels with a prefix of "kubernetes.azure.com". | ||
| * Node Auto Provisioning (NAP) managed clusters will now use the Machine API, where a node pool "aksmanagednap" will exist in your cluster to represent each NAP managed virtual machine instance. |
| * Use of specific labels for AKS nodes are prohibited from user-input, including "agentpool", "storageprofile", storagetier", "accelerator", and labels with a prefix of "kubernetes.azure.com". | ||
| * Node Auto Provisioning (NAP) managed clusters will now use the Machine API, where a node pool "aksmanagednap" will exist in your cluster to represent each NAP managed virtual machine instance. | ||
| * Custom subnets are no longer permitted on Node Auto Provisioning (NAP) managed clusters using system-assigned identities. For custom subnets with NAP managed clusters, use user-assigned identities. To set up a user-assigned identity, see our [documentation](https://learn.microsoft.com/azure/aks/user-assigned-managed-identity). | ||
| * The naming convention for Node Auto-Provisioning (NAP) managed nodes will change from <nodepool-name>-<hash> to aks-aksmanagedap-<nodepool-name>-########-vm. |
xuexu6666
reviewed
Jun 10, 2026
| * AKS now validates pod CIDR ranges during cluster create and update for kubenet and [Azure CNI Overlay](https://learn.microsoft.com/azure/aks/azure-cni-overlay) clusters. Clusters can no longer be created or updated with a pod CIDR that overlaps with reserved IP ranges (`172.30.0.0/16`, `172.31.0.0/16`), preventing potential in-cluster networking failures. Existing clusters with an overlapping pod CIDR are unaffected. See [CNI prerequisites](https://learn.microsoft.com/azure/aks/concepts-network-cni-overview#prerequisites). | ||
| * AKS now rejects [Calico NPM and Azure NPM](https://learn.microsoft.com/azure/aks/use-network-policies) install and uninstall operations on clusters running Kubernetes versions earlier than 1.30. Requests are rejected at the API level with a descriptive error directing customers to upgrade to a newer supported Kubernetes version before retrying. Existing clusters already using Calico NPM or Azure NPM are unaffected. | ||
| * Use of specific labels for AKS nodes are prohibited from user-input, including "agentpool", "storageprofile", storagetier", "accelerator", and labels with a prefix of "kubernetes.azure.com". | ||
| * Node Auto Provisioning (NAP) managed clusters will now use the Machine API, where a node pool "aksmanagednap" will exist in your cluster to represent each NAP managed virtual machine instance. This node pool cannot be user-deleted, and will be deleted during NAP-disable. |
There was a problem hiding this comment.
a managed machines-mode node pool named "aksmanagedap"
Revise details on machine api node pool name in NAP clusters
| * AKS now allows migration from the `managedNATGatewayV2` outbound type to the `block` and `none` outbound types, supporting [network-isolated cluster](https://learn.microsoft.com/azure/aks/concepts-network-isolated) scenarios. Migration to other outbound types remains blocked. | ||
| * AKS now validates pod CIDR ranges during cluster create and update for kubenet and [Azure CNI Overlay](https://learn.microsoft.com/azure/aks/azure-cni-overlay) clusters. Clusters can no longer be created or updated with a pod CIDR that overlaps with reserved IP ranges (`172.30.0.0/16`, `172.31.0.0/16`), preventing potential in-cluster networking failures. Existing clusters with an overlapping pod CIDR are unaffected. See [CNI prerequisites](https://learn.microsoft.com/azure/aks/concepts-network-cni-overview#prerequisites). | ||
| * AKS now rejects [Calico NPM and Azure NPM](https://learn.microsoft.com/azure/aks/use-network-policies) install and uninstall operations on clusters running Kubernetes versions earlier than 1.30. Requests are rejected at the API level with a descriptive error directing customers to upgrade to a newer supported Kubernetes version before retrying. Existing clusters already using Calico NPM or Azure NPM are unaffected. | ||
| * Use of specific labels for AKS nodes are prohibited from user-input, including `agentpool`, `storageprofile`, `storagetier`, `accelerator`, and labels with a prefix of `kubernetes.azure.com`. |
| * AKS now validates pod CIDR ranges during cluster create and update for kubenet and [Azure CNI Overlay](https://learn.microsoft.com/azure/aks/azure-cni-overlay) clusters. Clusters can no longer be created or updated with a pod CIDR that overlaps with reserved IP ranges (`172.30.0.0/16`, `172.31.0.0/16`), preventing potential in-cluster networking failures. Existing clusters with an overlapping pod CIDR are unaffected. See [CNI prerequisites](https://learn.microsoft.com/azure/aks/concepts-network-cni-overview#prerequisites). | ||
| * AKS now rejects [Calico NPM and Azure NPM](https://learn.microsoft.com/azure/aks/use-network-policies) install and uninstall operations on clusters running Kubernetes versions earlier than 1.30. Requests are rejected at the API level with a descriptive error directing customers to upgrade to a newer supported Kubernetes version before retrying. Existing clusters already using Calico NPM or Azure NPM are unaffected. | ||
| * Use of specific labels for AKS nodes are prohibited from user-input, including `agentpool`, `storageprofile`, `storagetier`, `accelerator`, and labels with a prefix of `kubernetes.azure.com`. | ||
| * Node Auto Provisioning (NAP) managed clusters will now use the Machine API, where a managed machines-mode node pool named `aksmanagedap` will exist in your cluster to represent each NAP managed virtual machine instance. This node pool cannot be user-deleted, and will be deleted during NAP-disable. |
| * AKS now rejects [Calico NPM and Azure NPM](https://learn.microsoft.com/azure/aks/use-network-policies) install and uninstall operations on clusters running Kubernetes versions earlier than 1.30. Requests are rejected at the API level with a descriptive error directing customers to upgrade to a newer supported Kubernetes version before retrying. Existing clusters already using Calico NPM or Azure NPM are unaffected. | ||
| * Use of specific labels for AKS nodes are prohibited from user-input, including `agentpool`, `storageprofile`, `storagetier`, `accelerator`, and labels with a prefix of `kubernetes.azure.com`. | ||
| * Node Auto Provisioning (NAP) managed clusters will now use the Machine API, where a managed machines-mode node pool named `aksmanagedap` will exist in your cluster to represent each NAP managed virtual machine instance. This node pool cannot be user-deleted, and will be deleted during NAP-disable. | ||
| * New and existing clusters with Node Auto Provisioning (NAP) enabled will now have machine manager role granted on the cluster identity. |
| * [Azure Container Linux](https://learn.microsoft.com/azure/azure-linux/azure-container-linux-overview) is generally available (GA) as an OS option on AKS starting AKS v1.34. You can deploy ACL node pools in a new AKS cluster or add ACL node pools to your existing clusters. AKS also supports migrating existing node pools to ACL using in-place OS SKU migration or by creating new ACL node pools. For detailed migration steps, considerations, and rollback instructions, see [Migrate existing nodes to ACL](https://learn.microsoft.com/azure/azure-linux/tutorial-migrate-azure-container-linux-aks). | ||
| * [Azure Policy add-on](https://learn.microsoft.com/azure/governance/policy/concepts/policy-for-kubernetes) now generates ValidatingAdmissionPolicies (VAP) for all customers. This enforces CEL-based policies inside the API server process for minimal latency and enables fail-closed enforcement. | ||
| * Node Auto Provisioning (NAP) managed clusters can now enable custom OS settings for Linux. See our [AKSNodeClass documentation](https://learn.microsoft.com/azure/aks/node-auto-provisioning-aksnodeclass) for more information. | ||
| * Node Auto Provisioning (NAP) managed clusters can now support AMD GPU SKUs, and custom driver installation via the AKSNodeClass. See our [AKSNodeClass documentation](https://learn.microsoft.com/azure/aks/node-auto-provisioning-aksnodeclass) for more information. |
Added information about mixed SKU autoscaling in Virtual Machine node pools to the changelog.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add NAP related updated for Machine API Integration