ASO v2.19 Release Notes

Release notes for Azure Service Operator v2.19.0

Friday, April 24, 2026

We’re excited to announce the release of Azure Service Operator v2.19.0! This release expands simplified versioning to six more resource groups, adds new API Management and Cassandra resources, improves reconciliation performance, and tightens security by converting secret-bearing fields to proper secret references.

🎇 Headline Features

Six more resource groups now support simplified API versioning: alertsmanagement, appconfiguration, apimanagement, dbformysql, synapse, and web. You can use all resources in these groups with the new v prefix (e.g. v20250701 instead of v1api20250701), while the legacy v1api versions remain available for backward compatibility. We recommend you using this new format for groups that support it. We will continue rolling out this version style to all groups over the next release or two.

The default maximum reconciliation parallelism has been increased to 4, improving throughput for clusters managing many Azure resources simultaneously.

ASO now splits webhooks across multiple configurations to avoid hitting Kubernetes CRD size limits, and includes reduced CRD management memory load on startup. Together, these changes make ASO more reliable in large-scale deployments.

⚠️ Breaking changes

This release includes breaking changes. Please review breaking changes in v2.19 before upgrading.

The containerservice version v1api20240402preview has been removed, as previously announced. If you allow the operator to manage its own CRDs, no action is needed.
The network.azure.com/VirtualNetworkGateway field radiusServerSecret is now a secret reference instead of a plain string. Update your resources to use a Kubernetes Secret for this value.

🎉 New and improved resource support

A broad set of new API Management resources are now available: Gateway, Certificate, Logger, User, Group, ApiPolicy, ApiDiagnostic, and gateway sub-resources.

New Cassandra resources are now supported under documentdb: CassandraCluster and CassandraDataCenter. Note that you must run az ad sp show --id a232010e-820c-4083-83bb-3ace5fc29d0b --query id -o tsv to obtain the required ObjectId for your subscription. See the sample for details.

New CommunicationService resource has been added to the communication group.

New dbformysql API versions v20241230 and v20250601preview are available for MySQL Flexible Server.

A new RedisEnterpriseDatabaseAccessPolicyAssignment resource is available under the cache group.

The network group has been updated to API version v20250301.

✨ Other improvements

insights.ActionGroup now supports populating serviceUri from a secret for automationRunbookReceiver and webhookReceiver, allowing safer use of URIs with embedded API keys or passwords. Matching status fields have been removed to prevent accidental exposure of sensitive information.
Private Link Service Connections on PrivateEndpoints now support alias-based connections.

🐛 Bug fixes

Fixed a bug where reconciliation could block under certain conditions.

🙏 Thank You

Thank you to all our contributors for making this release possible!

See the Full Release notes on GitHub.