Azure Kubernetes 服务 (AKS) 中支持的 Kubernetes 版本Supported Kubernetes versions in Azure Kubernetes Service (AKS)

Kubernetes 社区大约会每隔三个月发布次要版本。The Kubernetes community releases minor versions roughly every three months. 最近,Kubernetes 社区将每个版本的支持时间从 9 个月增加到了 12 个月,从版本 1.19 开始。Recently the Kubernetes community has increased the window of support for each version from 9 months to 12 months, starting with version 1.19. 这些版本包括新增功能和改进。These releases include new features and improvements. 补丁发布更为频繁(有时每周都会发布),适用于次要版本中的关键 Bug 修复。Patch releases are more frequent (sometimes weekly) and are intended for critical bug fixes within a minor version. 这些修补程序版本包括针对安全漏洞或主要 bug 的修复。These patch releases include fixes for security vulnerabilities or major bugs.

Kubernetes 版本Kubernetes versions

Kubernetes 使用标准语义化版本控制版本控制方案,这意味着每个版本的 Kubernetes 都遵循此编号方案:Kubernetes uses the standard Semantic Versioning versioning scheme, which means that each version of Kubernetes follows this numbering scheme:

[major].[minor].[patch]

Example:
  1.17.7
  1.17.8

版本中的每个编写表示与前一版本的一般兼容性:Each number in the version indicates general compatibility with the previous version:

  • 如果发生不兼容的 API 更改或者后向兼容性受到破坏,主要版本将会更改。Major versions change when incompatible API changes or backwards compatibility may be broken.
  • 如果所做的功能更改与其他次要版本后向兼容,则次要版本将会更改。Minor versions change when functionality changes are made that are backwards compatible to the other minor releases.
  • 做出后向兼容的 Bug 修复时,修补程序版本将会更改。Patch versions change when backwards-compatible bug fixes are made.

用户应尽量运行次要版本的最新修补程序版本,例如,如果你的生产群集使用 1.17.7,而 1.17 系列可用的最新修补程序版本为 1.17.8,则你应尽快升级到 1.17.8,以确保群集得到全面的修补并受支持 。Users should aim to run the latest patch release of the minor version they're running, for example if your production cluster is on 1.17.7 and 1.17.8 is the latest available patch version available for the 1.17 series, you should upgrade to 1.17.8 as soon as you're able, to ensure your cluster is fully patched and supported.

Kubernetes 版本支持策略Kubernetes version support policy

AKS 定义了一个正式发布版,所有 SLO 或 SLA 衡量方案都采用此版本,并且在所有区域提供。AKS defines a generally available version, as a version enabled in all SLO or SLA measurements and when available in all regions. AKS 支持三个 Kubernetes GA 次要版本:AKS supports three GA minor versions of Kubernetes:

  • AKS 中发布的最新 GA 次要版本(我们将其称为 N)。The latest GA minor version that is released in AKS (which we'll refer to as N).
  • 以前的两个次要版本。Two previous minor versions.
  • 每个受支持的次要版本还支持最多两 (2) 个稳定的修补程序。Each supported minor version also supports a maximum of two (2) stable patches.
  • AKS 可能还支持预览版本,这些版本带有明确的标签,使用时需遵守预览版条款和条件AKS may also support preview versions, which are explicitly labeled and subject to Preview terms and conditions.

备注

AKS 使用涉及逐步区域部署的安全部署做法。AKS uses safe deployment practices which involve gradual region deployment. 这意味着,可能需要最长 10 个工作日才能使新发布或新版本在所有区域中均可用。This means it may take up to 10 business days for a new release or a new version to be available in all regions.

AKS 上的 Kubernetes 版本的受支持窗口称为“N-2”:(N (最新版本) -2 (次要版本))。The supported window of Kubernetes versions on AKS is known as "N-2": (N (Latest release) - 2 (minor versions)).

例如,如果 AKS 当前引入了 1.17.a,则提供以下版本的支持:For example, if AKS introduces 1.17.a today, support is provided for the following versions:

新的次要版本New minor version 支持的版本列表Supported Version List
1.17.a1.17.a 1.17.a、1.17.b、1.16.c、1.16.d、1.15.e、1.15.f1.17.a, 1.17.b, 1.16.c, 1.16.d, 1.15.e, 1.15.f

其中,“.字母”代表修补程序版本。Where ".letter" is representative of patch versions.

引入新的次要版本后,支持的最早次要版本和修补程序版本将被弃用并删除。When a new minor version is introduced, the oldest minor version and patch releases supported are deprecated and removed. 例如,如果当前支持的版本列表为:For example, if the current supported version list is:

1.17.a
1.17.b
1.16.c
1.16.d
1.15.e
1.15.f

并且 AKS 发布了 1.18.*,这意味着所有 1.15.* 版本将在 30 天内被删除且不再受支持。And AKS releases 1.18.*, it means that all the 1.15.* versions will be removed and will be out of support in 30 days.

备注

请注意,如果客户运行不受支持的 Kubernetes 版本,则在请求群集支持时,系统将要求他们升级。Please note, that if customers are running an unsupported Kubernetes version, they will be asked to upgrade when requesting support for the cluster. 运行不受支持 Kubernetes 版本的群集未涵盖在 AKS 支持策略中。Clusters running unsupported Kubernetes releases are not covered by the AKS support policies.

除上述内容以外,AKS 还支持最多两个给定次要版本的修补程序版本。In addition to the above, AKS supports a maximum of two patch releases of a given minor version. 因此,假设支持的版本如下:So given the following supported versions:

Current Supported Version List
------------------------------
1.17.8, 1.17.7, 1.16.10, 1.16.9

如果 AKS 发布了 1.17.91.16.11,则最早的修补程序版本将被弃用并删除,支持的版本列表现为:If AKS releases 1.17.9 and 1.16.11, the oldest patch versions are deprecated and removed, and the supported version list becomes:

New Supported Version List
----------------------
1.17.*9*, 1.17.*8*, 1.16.*11*, 1.16.*10*

支持的 kubectl 版本Supported kubectl versions

你可以使用一个相对于 kube-apiserver 版本 kubectl 较旧或较新的次要版本,这与 kubectl 的 Kubernetes 支持策略一致。You can use one minor version older or newer of kubectl relative to your kube-apiserver version, which is consistent with the Kubernetes support policy for kubectl.

例如,如果你的 kube-apiserver 处于 1.17,则可以将版本 1.16 到 1.18 的 kubectl 与该 kube-apiserver 结合使用 。For example, if your kube-apiserver is at 1.17, then you can use versions 1.16 to 1.18 of kubectl with that kube-apiserver.

若要安装或更新你版本的 kubectl,请运行 az aks install-cliTo install or update your version of kubectl, run az aks install-cli.

发布和弃用流程Release and deprecation process

你可以在 AKS Kubernetes 发布日历上参考即将推出的版本发布和弃用。You can reference upcoming version releases and deprecations on the AKS Kubernetes Release Calendar.

对于 Kubernetes 的新 次要 版本For new minor versions of Kubernetes

  1. AKS 至少在删除前 30 天在 AKS 发行说明中发布预告,其中包含新版本发布的计划日期以及相应的旧版本弃用。AKS publishes a pre-announcement with the planned date of a new version release and respective old version deprecation on the AKS Release notes at least 30 days prior to removal.

  2. AKS 会向具有 AKS 和门户访问权限的所有用户发布一个服务运行状况通知,并向订阅管理员发送一封电子邮件,其中包含计划的版本删除日期。AKS publishes a service health notification available to all users with AKS and portal access, and sends an email to the subscription administrators with the planned version removal dates.

  3. 自版本删除起,用户有 30 天的时间升级到受支持的次要版本发布,以继续获得支持。Users have 30 days from version removal to upgrade to a supported minor version release to continue receiving support.

对于 Kubernetes 的新 修补程序 版本For new patch versions of Kubernetes

  • 由于修补程序版本的紧急性质,可以在修补程序变为可用时将其引入到服务中。Because of the urgent nature of patch versions, these can be introduced into the service as they become available.
  • 通常情况下,对于新修补程序版本的发布,AKS 不会进行广泛的通信。In general, AKS does not do broad communications for the release of new patch versions. 但是,AKS 会持续监视和验证可用的 CVE 修补程序,以便及时在 AKS 中支持它们。However, AKS constantly monitors and validates available CVE patches to support them in AKS in a timely manner. 如果发现修补程序或需要用户进行操作,AKS 将通知用户升级到新发布的修补程序。If a critical patch is found or user action is required, AKS will notify users to upgrade to the newly available patch.
  • 自从 AKS 中删除修补程序版本之时起,用户有 30 天的时间升级到受支持的修补程序并继续获取支持。Users have 30 days from the time a patch release is removed from AKS to upgrade into a supported patch and continue receiving support.

支持的版本策略例外情况Supported versions policy exceptions

AKS 有权在不事先发出通行的情况下添加新的版本,或者删除已确定存在一个或多个影响生产的严重 Bug 或安全问题的现有版本。AKS reserves the right to add or remove new/existing versions that have been identified to have one or more critical production impacting bugs or security issues without advance notice.

特定的修补程序版本可能会跳过发布或者加速推出,具体取决于 Bug 或安全问题的严重性。Specific patch releases may be skipped, or rollout accelerated depending on the severity of the bug or security issue.

Azure 门户和 CLI 版本Azure portal and CLI versions

在门户中或使用 Azure CLI 部署 AKS 群集时,群集默认为 N-1 次要版本和最新修补程序。When you deploy an AKS cluster in the portal or with the Azure CLI, the cluster is defaulted to the N-1 minor version and latest patch. 例如,如果 AKS 支持 1.17.a、1.17.b、1.16.c、1.16.d、1.15.e 和 1.15.f,则选择的默认版本为 1.16.c 。For example, if AKS supports 1.17.a, 1.17.b, 1.16.c, 1.16.d, 1.15.e, and 1.15.f, the default version selected is 1.16.c.

若要了解你的订阅和区域当前可用的版本,请使用 az aks get-versions 命令。To find out what versions are currently available for your subscription and region, use the az aks get-versions command. 以下示例列出了 ChinaEast2 区域可用的 Kubernetes 版本:The following example lists the available Kubernetes versions for the ChinaEast2 region:

az aks get-versions --location chinaeast2 --output table

AKS Kubernetes 发布日历AKS Kubernetes Release Calendar

对于过去的发布历史记录,请参阅下表。For the past release history, see the following table.

K8s 版本K8s version 上游版本Upstream release AKS 预览版AKS preview AKS GAAKS GA 生命周期结束End of life
1.161.16 2019 年 9 月 19 日Sep-19-19 2019 年 1 月Jan 2019 2020 年 3 月Mar 2020 2021 年 1 月*Jan 2021*
1.171.17 19-12-09Dec-09-19 2019 年 1 月Jan 2019 2020 年 7 月Jul 2020 1.20 GA1.20 GA
1.181.18 20-03-23Mar-23-20 2020 年 5 月May 2020 2020 年 8 月Aug 2020 1.21 GA1.21 GA
1.191.19 20-08-04Aug-04-20 2020 年 9 月Sep 2020 2020 年 11 月Nov 2020 1.22 GA1.22 GA
1.201.20 2020 年 12 月 8 日Dec-08-20 2021 年 1 月Jan 2021 2021 年 3 月Mar 2021 1.23 GA1.23 GA

* 由于假期的原因,AKS 将 1.16 的生命周期从 2020 年 11 月延长至 2021 年 1 月。* Due to the holiday season, AKS is extending the life of 1.16 from November 2020 until January 2021. 了解详细信息Read more.

常见问题解答FAQ

我应该多久升级一次 Kubernetes 版本才能始终获得支持?How often should I expect to upgrade Kubernetes versions to stay in support?

从 Kubernetes 1.19 开始,开源社区已将支持时间延长到 1 年Stating with Kubernetes 1.19, the open source community has expanded support to 1 year. AKS 承诺至少启用补丁并提供与上游承诺使用量匹配的支持。AKS commits to enabling patches and support matching the upstream commitments, at a minimum. 这意味着从 1.19 版的 AKS 群集开始,你将能够每年至少升级一次,这样就能始终使用受支持的版本。This means starting with AKS clusters on 1.19, you will be able to upgrade at a minimum of once a year to stay on a supported version. 对于 1.18 或更低版本,支持时间仍为 9 个月,这要求你每 9 个月升级一次才能始终使用受支持的版本。For versions on 1.18 or below, the window of support remains at 9 months which requires an upgrade once every 9 months to stay on a supported version. 强烈建议你定期测试新版本,并准备升级到更新的版本,以便在 Kubernetes 中捕获最新的稳定增强功能。It is highly recommended to regularly test new versions and be prepared to upgrade to newer versions to capture the latest stable enhancements within Kubernetes.

用户升级的 Kubernetes 群集具有不受支持的次要版本时,会发生什么情况?What happens when a user upgrades a Kubernetes cluster with a minor version that isn't supported?

如果你当前使用的是 n-3 或更低版本,则意味着你已不在支持范围,系统会要求你升级。If you're on the n-3 version or older, it means you're outside of support and will be asked to upgrade. 从版本 n-3 成功升级到 n-2 后,你将重新涵盖在我们的支持策略中。When your upgrade from version n-3 to n-2 succeeds, you're back within our support policies. 例如:For example:

  • 如果支持的最低 AKS 版本为 1.15.a,而你使用的版本是 1.14.b 或更低,则你无法获得支持 。If the oldest supported AKS version is 1.15.a and you are on 1.14.b or older, you're outside of support.
  • 从 1.14.b 成功升级到 1.15.a 或更高版本之后,你将重新涵盖在我们的支持策略中 。When the upgrade from 1.14.b to 1.15.a or higher succeeds, you're back within our support policies.

不支持降级。Downgrades are not supported.

“不在支持范围内”是什么意思What does 'Outside of Support' mean

“停止支持”是指运行的版本不在支持的版本列表内,当你请求支持时,系统会要求你将群集升级到支持的版本,除非你正处于版本弃用后的 30 天宽限期内。'Outside of Support' means that the version you're running is outside of the supported versions list, and you'll be asked to upgrade the cluster to a supported version when requesting support, unless you're within the 30-day grace period after version deprecation. 此外,对于受支持版本列表以外的群集,AKS 不会在正常运行时间或其他方面做出任何保证。Additionally, AKS doesn't make any runtime or other guarantees for clusters outside of the supported versions list.

用户缩放的 Kubernetes 群集具有不受支持的次要版本时,会发生什么情况?What happens when a user scales a Kubernetes cluster with a minor version that isn't supported?

对于 AKS 不支持的次要版本,横向缩减或扩展可继续进行,但这没有服务质量保证,因此我们强烈建议升级,使群集重新获取支持。For minor versions not supported by AKS, scaling in or out should continue to work, but there are no Quality of Service guarantees, so it's highly recommended to upgrade to bring your cluster back into support.

用户可以永久保留 Kubernetes 版本吗?Can a user stay on a Kubernetes version forever?

如果群集有三 (3) 个以上的次要版本不受支持,并被发现存在安全风险,则 Azure 会联系你主动升级群集。If a cluster has been out of support for more than three (3) minor versions and has been found to carry security risks, Azure contacts you to proactively upgrade your cluster. 如果你不采取进一步的措施,Azure 将保留代表你自动升级群集的权利。If you do not take further action, Azure reserves the right to automatically upgrade your cluster on your behalf.

如果节点池不在某个受支持的 AKS 版本中,控制平面支持哪个版本?What version does the control plane support if the node pool is not in one of the supported AKS versions?

控制平面必须位于所有节点池的版本窗口中。The control plane must be within a window of versions from all node pools. 有关升级控制平面或节点池的详细信息,请访问有关升级节点池的文档。For details on upgrading the control plane or node pools, visit documentation on upgrading node pools.

在群集升级期间,是否可以跳过多个 AKS 版本?Can I skip multiple AKS versions during cluster upgrade?

升级受支持的 AKS 群集时,不能跳过 Kubernetes 次要版本。When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. 例如,允许从 1.12.x 升级到 1.13.x,或者从 1.13.x 升级到 1.14.x,但不允许从 1.12.x 升级到 1.14.x。For example, upgrades between 1.12.x -> 1.13.x or 1.13.x -> 1.14.x are allowed, however 1.12.x -> 1.14.x is not.

若要从 1.12.x 升级到 1.14.x,请先从 1.12.x 升级到 1.13.x,然后再从 1.13.x 升级到 1.14.x。To upgrade, from 1.12.x -> 1.14.x, first upgrade from 1.12.x -> 1.13.x, then upgrade from 1.13.x -> 1.14.x.

仅当从不受支持的版本升级回受支持的版本时,才可以跳过多个版本。Skipping multiple versions can only be done when upgrading from an unsupported version back into a supported version. 例如,可以完成从不受支持的 1.10.x 升级到受支持的 1.15.x 。For example, upgrade from an unsupported 1.10.x --> a supported 1.15.x can be completed.

后续步骤Next steps

有关如何升级群集的信息,请参阅升级 Azure Kubernetes 服务 (AKS) 群集For information on how to upgrade your cluster, see Upgrade an Azure Kubernetes Service (AKS) cluster.