ASO v2.20 Release Notes

We’re excited to announce the release of Azure Service Operator v2.20.0! This release extends simplified versioning to four more resource groups, rolls smart deletion prechecks out across more than twenty groups, adds a way to resolve Azure resource names from ConfigMaps at reconciliation time, and introduces support for Microsoft Foundry projects.

🎇 Headline Features

Four more resource groups now support simplified API versioning: compute, app, eventgrid, and datafactory (#5348, #5342, #5344, #5343). You can now use resources in these groups with the new v prefix (e.g. v20250701 instead of v1api20250701), while the legacy v1api versions remain available for backward compatibility. We strongly recommend using the new version format wherever it’s available, as it sorts correctly for kubectl get (see #4147) and the v1api versions will eventually be removed after a deprecation period.

Smart deletion prechecks are now enabled for a large set of groups: alertsmanagement, apimanagement, app, appconfiguration, cache, cdn, cognitiveservices, containerregistry, dataprotection, dbformariadb, eventgrid, eventhub, kusto, managedidentity, monitor, notificationhubs, operationalinsights, quota, search, signalrservice, sql, synapse, and web. Before issuing a DELETE to Azure, ASO checks whether the resource or its parent has already been removed, avoiding unnecessary calls and reducing log error churn during cleanup of large resource graphs.

ASO can now resolve Azure resource names from a ConfigMap at reconciliation time via the new AzureNameFromConfig field. This allows the Azure name of a resource to be supplied dynamically (for example, by another controller or pipeline) rather than baked into the resource YAML.

Operator-managed Secrets and ConfigMaps can now carry custom annotations and labels, making it easier to integrate ASO-exported credentials with tools that rely on metadata (such as service meshes, secret synchronisation tooling, or GitOps controllers).

🎉 New and improved resource support

A new Project resource has been added to the cognitiveservices group, providing support for Microsoft Foundry (formerly Azure AI Studio) projects under existing AIServices accounts.

The apimanagement group gains a new ProductGroup resource for associating groups with API Management products.

✨ Other improvements

• Enum validation on insights dataflow and datasource streams has been relaxed, allowing new stream types to be used without waiting for an ASO release.

🐛 Bug fixes

• Fixed a bug where a generated password or password snippet for SQL or PostgreSQL could contain invalid characters.
• Fixed a bug where the wrong certificate was used for the metrics endpoint.
• Fixed a bug where the subscription check for skipped resources was incorrect.
• Fixed a bug where the Helm PodDisruptionBudget template file name was incorrect.

asoctl

• Fixed a bug where import failed when looking for Quota resources.
• Fixed a bug where ManagedIdentityCredential was attempted when IMDS was not available.

📚 Documentation

• Added new versioning documentation explaining the migration from v1api to the new version format.
• Added a warning about subscription ID configuration.
• Improved the security documentation.
• Added a new ADR documenting decisions on templating.
• Updated cache samples and added an advanced Entra example.

🙏 Thank You

Thank you to all our contributors for making this release possible!

See the Full Release notes on GitHub.

• ←Previous
• Next→