GKE on AWS release notes

This page documents production updates to GKE on AWS. Check this page for announcements about new or updated features, bug fixes, known issues, and deprecated functionality.

You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or programmatically access release notes in BigQuery.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly: http://cloud.google.com/feeds/gkeonaws-release-notes.xml

January 26, 2023

Anthos clusters on AWS (previous generation) aws-1.14.1-gke.0 is now available.

You can now launch clusters with the following Kubernetes versions:

  • 1.23.15-gke.2000
  • 1.24.9-gke.2100
  • 1.25.5-gke.2100

Upgraded to containerd 1.6.12.

This release fixes the following vulnerabilities:

December 21, 2022

A new vulnerability (CVE-2022-2602) has been discovered in the io_uring subsystem in the Linux kernel that can allow an attacker to potentially execute arbitrary code. For more information, see the GCP-2022-2025 security bulletin.

December 13, 2022

Anthos clusters on AWS (previous generation) aws-1.14.0-gke.2 is now available.

You can now launch clusters with the following Kubernetes versions:

  • 1.23.13-gke.2000
  • 1.24.7-gke.2000
  • 1.25.3-gke.1900

Kubernetes version 1.25 deprecates several APIs. See the Kubernetes Deprecated API Migration Guide for details.

November 10, 2022

Two new vulnerabilities (CVE-2022-2585 and CVE-2022-2588) have been discovered in the Linux kernel that can lead to a full container break out to root on the node.

For more information, see the GCP-2022-024 security bulletin.

October 31, 2022

Anthos clusters on AWS (previous generation) aws-1.13.1-gke.1 is now available.

You can now launch clusters with the following Kubernetes versions:

  • 1.22.15-gke.1400
  • 1.23.12-gke.1400
  • 1.24.6-gke.1300

October 28, 2022

A new vulnerability, CVE-2022-3176, has been discovered in the Linux kernel that can lead to local privilege escalation. This vulnerability allows an unprivileged user to achieve full container breakout to root on the node.

For instructions and more details, see the Anthos clusters on AWS security bulletin.

October 03, 2022

Anthos clusters on AWS (previous generation) aws-1.13.0-gke.5 is now available.

You can now launch clusters with the following Kubernetes versions:

  • 1.22.15-gke.300
  • 1.23.12-gke.300
  • 1.24.6-gke.200

This release fixes the following vulnerabilities:

If you use the deprecated ubuntuRepositoryMirror: 'packages.cloud.google.com' field in the AWSManagementService resource and are upgrading your node pool, you must upgrade only to the 1.22.15-gke.300 or 1.23.12-gke.300 versions included in this release. Upgrading to any other node pool version will cause your upgrade to hang. If your node pool is already hanging in the upgrading state, you need to delete and re-create the node pool. If you aren't using this field, this issue doesn't affect you and you can upgrade to any supported version.

August 25, 2022

Anthos clusters on AWS (previous generation) aws-1.12.2-gke.1 is now available.

You can now launch clusters with the following Kubernetes versions:

  • 1.21.14-gke.2900
  • 1.22.12-gke.1100
  • 1.23.9-gke.800

August 08, 2022

Anthos clusters on AWS (previous generation) aws-1.12.1-gke.0 is now available.

You can now launch clusters with the following Kubernetes versions:

  • 1.23.8-gke.2000
  • 1.22.12-gke.300
  • 1.21.14-gke.2100

August 01, 2022

A new vulnerability (CVE-2022-2327) has been discovered in the Linux kernel that can lead to local privilege escalation. This vulnerability allows an unprivileged user to achieve a full container breakout to root on the node.
For more information, see the GCP-2022-018 security bulletin.

July 07, 2022

Anthos clusters on AWS (previous generation) aws-1.12.0-gke.0 is now available.

This release note has been updated to mark the actual date of release, July 7, 2022. Previously, the release date was mentioned as June 24th.

You can now launch clusters with the following Kubernetes versions:

  • 1.23.7-gke.1500
  • 1.22.10-gke.1500
  • 1.21.13-gke.1600

You can now launch Kubernetes 1.23 clusters.

Kubernetes 1.20 clusters are no longer supported. This version no longer supports creation or maintenance of Kubernetes 1.19 clusters.

This release fixes the following vulnerabilities:

June 23, 2022

Three new memory corruption vulnerabilities (CVE-2022-29581, CVE-2022-29582, CVE-2022-1116) have been discovered in the Linux kernel. These vulnerabilities allow an unprivileged user with local access to the cluster to achieve a full container breakout to root on the node. For more information, refer to the GCP-2022-016 security bulletin.

June 01, 2022

Anthos Clusters on AWS aws-1.11.1-gke.7 (previous generation) is now available. Clusters in this release support the following Kubernetes versions:

  • 1.22.9-gke.800
  • 1.21.12-gke.1000
  • 1.20.15-gke.7500

May 02, 2022

Anthos Clusters on AWS aws-1.11.0-gke.6 (previous generation) is now available. Clusters in this release support the following Kubernetes versions:

  • 1.22.8-gke.1300
  • 1.21.11-gke.1100
  • 1.20.15-gke.5200

The issue announced in the April 19th release note regarding the creation of 1.22 clusters has been resolved. You can now create 1.22 clusters.

This release fixes the following CVEs:

This release removes unneeded permissions from the coredns-autoscaler, calico-typha, and konnectivity-agent-autoscaler components.

April 26, 2022

Two security vulnerabilities, CVE-2022-1055 and CVE-2022-27666 have been discovered in the Linux kernel. Each can lead to a local attacker being able to perform a container breakout, privilege escalation on the host, or both. These vulnerabilities affect all GKE node operating systems (Container-Optimized OS and Ubuntu). For instructions and more details, see the GCP-2022-014 security bulletin.

April 19, 2022

An issue has been discovered in Anthos clusters on AWS (previous generation). Do not launch Kubernetes 1.22 clusters at this time.

The Anthos clusters on AWS (previous generation) release 1.11.0-gke.1 has been removed. We are working on a fix.

April 12, 2022

A security vulnerability, CVE-2022-23648, has been discovered in containerd's handling of path traversal in the OCI image volume specification. Containers launched through containerd's CRI implementation with a specially-crafted image configuration could gain full read access to arbitrary files and directories on the host.

For more information, see the GCP-2022-013 security bulletin.

April 07, 2022

A security vulnerability, CVE-2022-0847, has been discovered in the Linux kernel version 5.8 and later that can potentially escalate container privileges to root. This vulnerability affects Anthos Clusters on AWS (previous generation) running Kubernetes version v1.19, v1.20 or v1.21 on Ubuntu.

For more information, see the GCP-2022-012 security bulletin.

April 05, 2022

Anthos Clusters on AWS aws-1.11.0-gke.1 (previous generation) is now available. Clusters in this release support the following Kubernetes versions:

  • 1.22.8-gke.300
  • 1.21.11-gke.100
  • 1.20.15-gke.2200

This version adds support for Kubernetes 1.22 clusters.

Because Kubernetes 1.22 replaces some v1beta APIs with v1 APIs, your workloads might need to be updated to use 1.22. For more information, see Kubernetes 1.22 Deprecated APIs.

The workload identity webhook is not supported on cluster versions 1.22 and later. Before you upgrade your clusters to version 1.22, you should modify any workloads that depend on the webhook to configure their credentials without it.

To use an Application Load Balancer (ALBs) with version 1.22 clusters, you need to upgrade your ALB controller configuration.

This release includes fixes for the following CVEs:

This version no longer supports creation or maintenance of Kubernetes 1.18 clusters.

February 24, 2022

Anthos Clusters on AWS aws-1.10.2-gke.0 (previous generation) is now available. Clusters in this release support the following Kubernetes versions:

  • 1.21.9-gke.1900
  • 1.20.15-gke.1900
  • 1.19.16-gke.7700

February 04, 2022

A security vulnerability, CVE-2021-4034, has been discovered in pkexec, a part of the Linux policy kit package (polkit), that allows an authenticated user to perform a privilege escalation attack. PolicyKit is generally used only on Linux desktop systems to allow non-root users to perform actions such as rebooting the system, installing packages, restarting services etc, as governed by a policy.

Anthos clusters on AWS is unaffected.

For instructions and more details, see the GCP-2022-004 security bulletin.

January 27, 2022

Anthos Clusters on AWS aws-1.10.1-gke.0 (previous generation) is now available. Clusters in this release support the following Kubernetes versions:

  • 1.21.8-gke.2000
  • 1.20.14-gke.2000
  • 1.19.16-gke.5300

The release note from December 14 has been updated to clarify which service account no longer needs the ServiceUsageViewer role. The ServiceUsageViewer role is now required for the user that runs the anthos-gke command-line tool.

December 14, 2021

Anthos Clusters on AWS aws-1.10.0-gke.5 (previous generation) is now available.

Anthos clusters on AWS aws-1.10.0-gke.5 (previous generation) clusters run the following Kubernetes versions:

  • 1.19.16-gke.1000
  • 1.20.12-gke.1000
  • 1.21.6-gke.1000

This release supports creating instances in the c5a, c5ad, i3en, m5a, m5ad, r5a, r5ad, and t3a families.

Kubernetes 1.18 is no longer supported. You can no longer launch Kubernetes 1.17 clusters. Your existing 1.17 clusters will continue to run.

This release fixes the following security issues:

This release fixes an earlier issue with 1.21 clusters that use both OIDC and an HTTP proxy.

To install Anthos Service Mesh, follow the steps in Connecting to your cluster before starting your Anthos Service Mesh installation.

Updated: The management service account no longer needs the ServiceUsageViewer role to install Anthos clusters on AWS. For more information, see Prerequisites.

December 02, 2021

If your cluster uses both a proxy and OIDC authentication, do not upgrade to version 1.21.4 or 1.21.5. If you encounter an issue during an upgrade, contact support for assistance.

October 29, 2021

Anthos Clusters on AWS aws-1.9.1-gke.0 is now available.

Anthos clusters on AWS aws-1.9.1-gke.0 clusters run the following Kubernetes versions:

  • 1.18.20-gke.8300
  • 1.19.15-gke.1600
  • 1.20.11-gke.1600
  • 1.21.5-gke.1600

Release aws-1.9.1-gke.0 fixes an issue in release 1.9.0 in which authorization with AWS IAM assumed roles failed.

Release aws-1.9.1-gke.0 of Anthos Clusters on AWS fixes the following security issues:

For more information, click on the CVE or search for details at https://nvd.nist.gov.

October 25, 2021

The security community recently disclosed a new security vulnerability CVE-2021-30465 found in runc that has the potential to allow full access to a node filesystem.

For more information, see the GCP-2021-011 security bulletin.

A security issue was discovered in the Kubernetes ingress-nginx controller, CVE-2021-25742. Ingress-nginx custom snippets allows retrieval of ingress-nginx service account tokens and secrets across all namespaces. For more information, see the GCP-2021-024 security bulletin.

September 30, 2021

Anthos Clusters on AWS aws-1.9.0-gke.2 is now available.

Anthos clusters on AWS aws-1.9.0-gke.2 clusters run the following Kubernetes versions:

  • 1.18.20-gke.6300
  • 1.19.14-gke.2200
  • 1.20.10-gke.2000
  • 1.21.4-gke.2100

You can now launch Kubernetes 1.21 clusters.

Anthos Identity Service is available on Kubernetes clusters version 1.21 and above.

Kubernetes 1.21 clusters now support the Kubernetes Konnectivity tool for communication between nodes and the control plane. When you launch a 1.21 cluster, you must allow connections between control plane nodes and node pool nodes on port 8132.

You can now update the OIDC configuration on a running cluster.

You can now specify a Cloud Storage Bucket name where Anthos clusters on AWS stores configuration data.

You can now launch node pools with AWS R5 instances.

The VolumeSnapshot resource API version v1beta1 is deprecated in Kubernetes 1.21 clusters. Use API version v1 for 1.21 clusters and above. All previously persisted VolumeSnapshot objects remain functional.

A security vulnerability, CVE-2020-8561, has been discovered in Kubernetes where certain webhooks can be made to redirect kube-apiserver requests to private networks of that API server. For more information, see the GCP-2021-021 security bulletin.

You cannot create new 1.16 clusters. Existing 1.16 clusters continue to function.

Error messages when upgrading or downgrading your clusters have been clarified.

September 15, 2021

A security issue was discovered in Kubernetes, CVE-2021-25741, where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem. For more information, see the GCP-2021-018 security bulletin.

September 01, 2021

Anthos clusters on AWS aws-1.8.2-gke.2 is now available.

Anthos clusters on AWS aws-1.8.2-gke.2 clusters run the following Kubernetes versions:

  • 1.17.17-gke.15800
  • 1.18.20-gke.4800
  • 1.19.14-gke.600
  • 1.20.10-gke.600

The supported versions also offer the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on AWS 1.8.

July 29, 2021

Anthos clusters on AWS aws-1.8.1-gke.1 is now available.

Anthos clusters on AWS aws-1.8.1-gke.1 clusters run the following Kubernetes versions:

  • 1.17.17-gke.13600
  • 1.18.20-gke.2600
  • 1.19.13-gke.300
  • 1.20.9-gke.300

This release contains fixes for the following security vulnerabilities:

Anthos clusters on AWS now requires kubectl version 1.17 or higher and terraform version v0.14.3 or higher.

July 07, 2021

Anthos clusters on AWS aws-1.8.0-gke.8 is now available.

Anthos clusters on AWS aws-1.8.0-gke.8 clusters run the following Kubernetes versions:

  • 1.17.17-gke.11000
  • 1.18.19-gke.2300
  • 1.19.11-gke.2300
  • 1.20.7-gke.2400

This release fixes an issue mentioned in the entry on July 2, 2021. We recommend all customers upgrade to 1.8.0-gke.8.

When you upgrade or update a user cluster, the Connect agent is automatically updated to the latest version.

July 02, 2021

An issue has been discovered with Anthos clusters on AWS 1.8.0. When you complete an upgrade to your management service to 1.8.0, the management service automatically performs a rolling update of all node pools.

A fix for this issue is being developed. A new build will be published when the fix is available.

July 01, 2021

Anthos clusters on AWS aws-1.8.0-gke.7 is now available.

Anthos clusters on AWS aws-1.8.0-gke.7 clusters run the following Kubernetes versions:

  • 1.17.17-gke.11000
  • 1.18.19-gke.2300
  • 1.19.11-gke.2300
  • 1.20.7-gke.2400

You can now launch Kubernetes 1.20 clusters.

Workload identity to authenticate to Google Cloud services from your user clusters is now available. Using workload identity is supported on user clusters running version 1.20 and higher.

You can now update the security groups associated with user clusters and node pools. For more information, see Updating a user cluster

You can now modify proxy settings on a running cluster. For more information, see Changing Cluster Proxy Settings

Anthos clusters on AWS now supports Cloud Logging and Cloud Monitoring of user cluster control planes. For more information, see Configuring logging and monitoring.

June 03, 2021

Anthos clusters on AWS 1.7.2-gke.0 is now available.

Anthos clusters on AWS 1.7.2-gke.0 clusters run the following Kubernetes versions:

  • 1.16.15-gke.18500
  • 1.17.17-gke.8200
  • 1.18.18-gke.1500
  • 1.19.10-gke.1500

The Anthos clusters on AWS 1.7.2-gke.0 release addresses the following vulnerabilities:

April 30, 2021

Anthos clusters on AWS 1.7.1-gke.1 is now available.

Anthos clusters on AWS 1.7.1-gke.1 clusters run the following Kubernetes versions:

  • 1.16.15-gke.17300
  • 1.17.17-gke.7000
  • 1.18.18-gke.300
  • 1.19.9-gke.900

The Anthos clusters on AWS 1.7.1-gke.1 patch release addresses the following security vulnerabilities:

April 20, 2021

The Kubernetes project recently announced a new security vulnerability, CVE-2021-25735, that could allow node updates to bypass a Validating Admission Webhook. For more details, see the GCP-2021-003 security bulletin.

April 06, 2021

Anthos clusters on AWS 1.7.0-gke.12 is now available.

Anthos clusters on AWS 1.7.0-gke.12 clusters run the following Kubernetes versions:

  • 1.16.15-gke.8100
  • 1.17.13-gke.2800
  • 1.18.12-gke.1800
  • 1.19.8-gke.1000

To upgrade your clusters, perform the following steps:

This release fixes an issue mentioned in the entry on April 2, 2021. We recommend all customers running 1.7.0-gke.11 upgrade to 1.7.0-gke.12.

April 02, 2021

An issue has been discovered with Anthos clusters on AWS 1.7.0.

If you use a HTTP proxy, do not upgrade to 1.7.0.

If you do not use a HTTP proxy, you can upgrade to 1.7.0.

A fix for this issue is being developed.

March 31, 2021

Anthos clusters on AWS 1.7.0-gke.11 is now available.

This note is updated. For more information, see entry on April 2, 2021.

Anthos clusters on AWS 1.7.0-gke.11 clusters run the following Kubernetes versions:

  • 1.16.15-gke.8100
  • 1.17.13-gke.2800
  • 1.18.12-gke.1800
  • 1.19.8-gke.1000

To upgrade your clusters, perform the following steps:

Anthos clusters on AWS now supports Kubernetes 1.19.

Anthos clusters on AWS now supports exporting logs and metrics from an Anthos clusters on AWS user cluster to Cloud Logging and Cloud Monitoring.

For more information, see Configuring logging and monitoring for Anthos clusters on AWS

Anthos clusters on AWS now supports CMK encryption for component volumes. For more information, see Using CMK to encrypt volumes.

Workload identity in user clusters is now generally available.

Anthos clusters on AWS now supports gp3 EBS volume types. You can configure gp3 volumes on your management service, AWSCluster, and AWSNodePools.

February 25, 2021

Anthos clusters on AWS 1.6.2-gke.0 is now available.

Anthos clusters on AWS 1.6.2-gke.0 clusters run the following Kubernetes versions:

  • 1.16.15-gke.5302
  • 1.17.9-gke.6402
  • 1.18.10-gke.902

To upgrade your clusters, perform the following steps:

This release fixes an issue where the management service fails to start when provided with a KMS alias.

Bug fixes and security improvements.

February 03, 2021

GKE on AWS 1.6.1-gke.2 is now available.

GKE on AWS 1.6.1-gke.2 clusters run the following Kubernetes versions:

  • 1.16.15-gke.5301
  • 1.17.9-gke.6401
  • 1.18.10-gke.901

To upgrade your clusters, perform the following steps:

Snapshots now collect AWS EFS logs from user cluster nodes.

Bug fixes and performance improvements.

December 17, 2020

GKE on AWS 1.6.0-gke.3 is now available.

GKE on AWS 1.6.0-gke.3 clusters run the following Kubernetes versions:

  • 1.16.15-gke.5300
  • 1.17.9-gke.6400
  • 1.18.10-gke.900

To upgrade your clusters, perform the following steps:

  1. Upgrade your Management service to 1.6.0-gke.1.
  2. Upgrade your user clusters to a supported Kubernetes version.

GKE on AWS now supports Kubernetes 1.18.

The Kubernetes 1.18 version includes CoreDNS 1.7.1 and Cluster Autoscaler 1.18.

GKE on AWS now supports mounting AWS Elastic File System file systems without having to install a driver.

You can now specify an AWS KMS alias in your anthos-gke.yaml instead of a KMS ARN.

You can now use custom DNS hostnames in your VPC by setting enableDnsHostnames to false

Cluster state synchronizations between the management service and S3 now use HTTPS.

November 02, 2020

Anthos GKE on AWS 1.5.1-gke.1 is now available and clusters run on 1.16.15-gke.701 and v1.17.9-gke.2801. To upgrade your clusters, perform the following steps:

Upgrade your Management service to 1.5.1-gke.1. Upgrade your user clusters to 1.16.15-gke.701 or v1.17.9-gke.2801

You can now use Private Google Access to provision images for your GKE on AWS environment. For more information, see spec.ubuntuRepositoryMirror in the AWSManagementService resource.

Bug fixes and performance improvements.

October 12, 2020

GKE on AWS 1.5.0 supports volume snapshots.

October 02, 2020

Anthos GKE on-AWS 1.5.0-gke.6 is now available and clusters run on 1.16.15-gke.700 and v1.17.9-gke.2800. To upgrade your clusters, perform the following steps:

  1. Upgrade your Management service to 1.5.0-gke.6.
  2. Upgrade your user clusters to 1.16.15-gke.700 or v1.17.9-gke.2800

Workload identity (preview) lets you bind Kubernetes service accounts to AWS IAM accounts with specific permissions. Workload identity blocks unwanted access to cloud resources with AWS IAM permissions. With workload identity, you can assign different IAM roles to each workload. Fine grained permissions control allows you to follow the principle of least privilege. For more details, see Creating a user cluster with workload identity

You can now route traffic from the GKE on AWS management service and Connect through an HTTP/HTTPS proxy. For more details, see Using a proxy with GKE on AWS

Improved installation experience

  • This version enables installation and upgrade by using any Google Cloud–authenticated service account. You no longer need to be on the allowlist to access GKE on AWS components..

  • Additional preflight checks enforce enablement of required Google Cloud APIs. See Google Cloud requirements for more information.

When creating multiple multiple management clusters, users may have seen name collisions with S3 bucket. Now, you can specify a custom name for your S3 bucket to avoid naming conflicts.

September 17, 2020

GKE on AWS 1.4.3-gke.7 is now available. GKE on AWS 1.4.3-gke.7 clusters run on Kubernetes 1.16.13-gke.1402.

To Upgrade:

  1. Upgrade your Management service to 1.4.3-gke.7.
  2. Upgrade your user clusters to to 1.16.13-gke.1402.

A vulnerability, described in CVE-2020-14386, was recently discovered in the Linux kernel. The vulnerability may allow container escape to obtain root privileges on the host node.

All GKE on AWS nodes are affected.

To fix this vulnerability, upgrade your management service and user clusters to this patched version. The following GKE on AWS version contains the fix for this vulnerability:

  • GKE on AWS 1.4.3

For more information, see the Security Bulletin

August 27, 2020

GKE on AWS 1.4.2-gke.1 is released. This release includes Kubernetes version 1.16.13-gke.1401.

This release includes bug fixes and security improvements. We recommend you update your clusters to this version.

To upgrade your clusters, perform the following steps:

  1. Upgrade your management service to aws-1.4.2-gke.1.
  2. Upgrade your user cluster's AWSCluster and AWSNodePools to 1.16.13-gke.1401.

August 04, 2020

Anthos GKE on AWS 1.4.1-gke.17 is released. This release fixes a memory leak that causes clusters to become unresponsive.

To upgrade your clusters, perform the following steps:

  1. Restart your control plane instances.
  2. Upgrade your management service to aws-1.4.1-gke.17.
  3. Upgrade your user cluster's AWSCluster and AWSNodePools to 1.16.9-gke.15.

Use version 1.16.9-gke.15 for creating new clusters.

August 03, 2020

Anthos GKE on AWS 1.4.1-gke.15 clusters will experience a memory leak that results in an unresponsive cluster. A fix for this issue is in development.

If you are planning to deploy an Anthos GKE on AWS cluster, wait until the fix is ready.

July 24, 2020

Anthos GKE on AWS is now generally available.

Clusters support in-place upgrades, with the ability to upgrade the control plane and node pools separately.

Clusters can be deployed in a high availability (HA) configuration, where control plane instances and node pools are spread across multiple availability zones.

Clusters have been validated to support up to 200 nodes and 6000 pods.

Allows the number of nodes to be scaled dynamically based on traffic volume to increase utilization and reduce cost, and improve performance

Anthos can be deployed within existing AWS VPCs, leveraging existing security groups to secure those clusters. Customers can ingress traffic using NLB and ALBs. Additionally Anthos on AWS supports AWS IAM and OIDC. This makes deploying Anthos easy, eliminates the need to provision new accounts, and minimizes configuration of the environment.

With Anthos Config Management enterprises can set policies on their AWS workloads and with Anthos Service Mesh, they can monitor, manage, and secure them.

Kubernetes settings (flags and sysctl settings) have been updated to match GKE.

Upgrades from beta versions are not supported. To install Anthos GKE on AWS, you must remove your user and management clusters, then reinstall them.

May 29, 2020

A new build of Anthos GKE on AWS has been released. This build removes the need to check AWS IAM privileges when creating a management cluster. You don't need to update if you have not encountered this issue.

To install this build, download the anthos-gke tool by running the following command:

gsutil cp gs://gke-multi-cloud-release/bin/aws-0.2.1-gke.8/anthos-gke .

Then, recreate your Terraform configuration and continue with your installation.

May 07, 2020

To upgrade your Anthos GKE on AWS clusters, you need to uninstall all your management and user clusters. You also need to download the new version of the anthos-gke cli tool.

Anthos GKE on AWS now supports auto-scaling. You can enable auto-scaling by changing settings in your AWSNodePools, or scale your clusters manually by adding new AWSNodePools.

Built-in EBS StorageClass names have been changed to standard-rwo and premium-rwo. If you declare the singlewriter-standard or singlewriter-premium StorageClasses with your workloads, you must update your workloads when upgrading.

Anthos GKE on AWS now support for Application-layer secrets encryption with AWS KMS by passing a KMS key ARN to your AWSCluster.

April 02, 2020

Initial beta release of Anthos GKE on AWS

The release improves upon earlier releases with:

  • Improved reliability: User clusters are now deployed in a high availability (HA) fashion, where both control plane instances as well as node pools can be placed across multiple availability zones. AWS Auto Scaling groups are also now used for resiliency.

  • Improved security: Control plane instances for different user clusters are now isolated in separate security groups. Instance Metadata Service Version 2 (IMDSv2) is enabled to protect against SSRF attacks, and sensitive fields in EC2 metadata are now encrypted.

  • Easier to deploy: The installation process for the management layer has been simplified and performs additional validation checks. It uses Terraform modules for flexible integration into different AWS environments, and customers can now leverage existing security groups and IAM resources to secure clusters. Documentation has been improved and expanded.

  • Future-proof storage stack: We're now using the EBS CSI driver to manage all AWS EBS volumes. The legacy, in-tree Kubernetes EBS driver has been removed entirely, and all upcoming storage features, such as snapshots, will be provided using CSI.

  • Updated Kubernetes version: User clusters are now based on Kubernetes 1.15 and have passed open-source Kubernetes conformance tests.