A new version of Anthos clusters on AWS (GKE on AWS) was released on April 30. See the release notes for more information.

Release notes

This page documents production updates to Anthos clusters on AWS. Check this page for announcements about new or updated features, bug fixes, known issues, and deprecated functionality.

You can see the latest product updates for all of Google Cloud on the Google Cloud page, or browse and filter all release notes in the Google Cloud Console.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly: http://cloud.google.com/feeds/gkeonaws-release-notes.xml

April 30, 2021

Anthos clusters on AWS 1.7.1-gke.1 is now available.

Anthos clusters on AWS 1.7.1-gke.1 clusters run the following Kubernetes versions:

  • 1.16.15-gke.17300
  • 1.17.17-gke.7000
  • 1.18.18-gke.300
  • 1.19.9-gke.900

The Anthos clusters on AWS 1.7.1-gke.1 patch release addresses the following security vulnerabilities:

April 20, 2021

The Kubernetes project recently announced a new security vulnerability, CVE-2021-25735, that could allow node updates to bypass a Validating Admission Webhook. For more details, see the GCP-2021-003 security bulletin.

April 06, 2021

Anthos clusters on AWS 1.7.0-gke.12 is now available.

Anthos clusters on AWS 1.7.0-gke.12 clusters run the following Kubernetes versions:

  • 1.16.15-gke.8100
  • 1.17.13-gke.2800
  • 1.18.12-gke.1800
  • 1.19.8-gke.1000

To upgrade your clusters, perform the following steps:

This release fixes an issue mentioned in the entry on April 2, 2021. We recommend all customers running 1.7.0-gke.11 upgrade to 1.7.0-gke.12.

April 02, 2021

An issue has been discovered with Anthos clusters on AWS 1.7.0.

If you use a HTTP proxy, do not upgrade to 1.7.0.

If you do not use a HTTP proxy, you can upgrade to 1.7.0.

A fix for this issue is being developed.

March 31, 2021

Anthos clusters on AWS 1.7.0-gke.11 is now available.

This note is updated. For more information, see entry on April 2, 2021.

Anthos clusters on AWS 1.7.0-gke.11 clusters run the following Kubernetes versions:

  • 1.16.15-gke.8100
  • 1.17.13-gke.2800
  • 1.18.12-gke.1800
  • 1.19.8-gke.1000

To upgrade your clusters, perform the following steps:

Anthos clusters on AWS now supports Kubernetes 1.19.

Anthos clusters on AWS now supports exporting logs and metrics from an Anthos clusters on AWS user cluster to Cloud Logging and Cloud Monitoring.

For more information, see Configuring logging and monitoring for Anthos clusters on AWS

Anthos clusters on AWS now supports CMK encryption for component volumes. For more information, see Using CMK to encrypt volumes.

Workload identity in user clusters is now generally available.

Anthos clusters on AWS now supports gp3 EBS volume types. You can configure gp3 volumes on your management service, AWSCluster, and AWSNodePools.

February 25, 2021

Anthos clusters on AWS 1.6.2-gke.0 is now available.

Anthos clusters on AWS 1.6.2-gke.0 clusters run the following Kubernetes versions:

  • 1.16.15-gke.5302
  • 1.17.9-gke.6402
  • 1.18.10-gke.902

To upgrade your clusters, perform the following steps:

This release fixes an issue where the management service fails to start when provided with a KMS alias.

Bug fixes and security improvements.

February 03, 2021

GKE on AWS 1.6.1-gke.2 is now available.

GKE on AWS 1.6.1-gke.2 clusters run the following Kubernetes versions:

  • 1.16.15-gke.5301
  • 1.17.9-gke.6401
  • 1.18.10-gke.901

To upgrade your clusters, perform the following steps:

Snapshots now collect AWS EFS logs from user cluster nodes.

Bug fixes and performance improvements.

December 17, 2020

GKE on AWS 1.6.0-gke.3 is now available.

GKE on AWS 1.6.0-gke.3 clusters run the following Kubernetes versions:

  • 1.16.15-gke.5300
  • 1.17.9-gke.6400
  • 1.18.10-gke.900

To upgrade your clusters, perform the following steps:

  1. Upgrade your Management service to 1.6.0-gke.1.
  2. Upgrade your user clusters to a supported Kubernetes version.

GKE on AWS now supports Kubernetes 1.18.

The Kubernetes 1.18 version includes CoreDNS 1.7.1 and Cluster Autoscaler 1.18.

GKE on AWS now supports mounting AWS Elastic File System file systems without having to install a driver.

You can now specify an AWS KMS alias in your anthos-gke.yaml instead of a KMS ARN.

You can now use custom DNS hostnames in your VPC by setting enableDnsHostnames to false

Cluster state synchronizations between the management service and S3 now use HTTPS.

November 02, 2020

Anthos GKE on AWS 1.5.1-gke.1 is now available and clusters run on 1.16.15-gke.701 and v1.17.9-gke.2801. To upgrade your clusters, perform the following steps:

Upgrade your Management service to 1.5.1-gke.1. Upgrade your user clusters to 1.16.15-gke.701 or v1.17.9-gke.2801

You can now use Private Google Access to provision images for your GKE on AWS environment. For more information, see spec.ubuntuRepositoryMirror in the AWSManagementService resource.

Bug fixes and performance improvements.

October 12, 2020

GKE on AWS 1.5.0 supports volume snapshots.

October 02, 2020

Anthos GKE on-AWS 1.5.0-gke.6 is now available and clusters run on 1.16.15-gke.700 and v1.17.9-gke.2800. To upgrade your clusters, perform the following steps:

  1. Upgrade your Management service to 1.5.0-gke.6.
  2. Upgrade your user clusters to 1.16.15-gke.700 or v1.17.9-gke.2800

Workload identity (preview) lets you bind Kubernetes service accounts to AWS IAM accounts with specific permissions. Workload identity blocks unwanted access to cloud resources with AWS IAM permissions. With workload identity, you can assign different IAM roles to each workload. Fine grained permissions control allows you to follow the principle of least privilege. For more details, see Creating a user cluster with workload identity

You can now route traffic from the GKE on AWS management service and Connect through an HTTP/HTTPS proxy. For more details, see Using a proxy with GKE on AWS

Improved installation experience

  • This version enables installation and upgrade by using any Google Cloud–authenticated service account. You no longer need to be on the allowlist to access GKE on AWS components..

  • Additional preflight checks enforce enablement of required Google Cloud APIs. See Google Cloud requirements for more information.

When creating multiple multiple management clusters, users may have seen name collisions with S3 bucket. Now, you can specify a custom name for your S3 bucket to avoid naming conflicts.

September 17, 2020

GKE on AWS 1.4.3-gke.7 is now available. GKE on AWS 1.4.3-gke.7 clusters run on Kubernetes 1.16.13-gke.1402.

To Upgrade:

  1. Upgrade your Management service to 1.4.3-gke.7.
  2. Upgrade your user clusters to to 1.16.13-gke.1402.

A vulnerability, described in CVE-2020-14386, was recently discovered in the Linux kernel. The vulnerability may allow container escape to obtain root privileges on the host node.

All GKE on AWS nodes are affected.

To fix this vulnerability, upgrade your management service and user clusters to this patched version. The following GKE on AWS version contains the fix for this vulnerability:

  • GKE on AWS 1.4.3

For more information, see the Security Bulletin

August 27, 2020

GKE on AWS 1.4.2-gke.1 is released. This release includes Kubernetes version 1.16.13-gke.1401.

This release includes bug fixes and security improvements. We recommend you update your clusters to this version.

To upgrade your clusters, perform the following steps:

  1. Upgrade your management service to aws-1.4.2-gke.1.
  2. Upgrade your user cluster's AWSCluster and AWSNodePools to 1.16.13-gke.1401.

August 04, 2020

Anthos GKE on AWS 1.4.1-gke.17 is released. This release fixes a memory leak that causes clusters to become unresponsive.

To upgrade your clusters, perform the following steps:

  1. Restart your control plane instances.
  2. Upgrade your management service to aws-1.4.1-gke.17.
  3. Upgrade your user cluster's AWSCluster and AWSNodePools to 1.16.9-gke.15.

Use version 1.16.9-gke.15 for creating new clusters.

August 03, 2020

Anthos GKE on AWS 1.4.1-gke.15 clusters will experience a memory leak that results in an unresponsive cluster. A fix for this issue is in development.

If you are planning to deploy an Anthos GKE on AWS cluster, wait until the fix is ready.

July 24, 2020

Anthos GKE on AWS is now generally available.

Clusters support in-place upgrades, with the ability to upgrade the control plane and node pools separately.

Clusters can be deployed in a high availability (HA) configuration, where control plane instances and node pools are spread across multiple availability zones.

Clusters have been validated to support up to 200 nodes and 6000 pods.

Allows the number of nodes to be scaled dynamically based on traffic volume to increase utilization and reduce cost, and improve performance

Anthos can be deployed within existing AWS VPCs, leveraging existing security groups to secure those clusters. Customers can ingress traffic using NLB and ALBs. Additionally Anthos on AWS supports AWS IAM and OIDC. This makes deploying Anthos easy, eliminates the need to provision new accounts, and minimizes configuration of the environment.

With Anthos Config Management enterprises can set policies on their AWS workloads and with Anthos Service Mesh, they can monitor, manage, and secure them.

Kubernetes settings (flags and sysctl settings) have been updated to match GKE.

Upgrades from beta versions are not supported. To install Anthos GKE on AWS, you must remove your user and management clusters, then reinstall them.

May 29, 2020

A new build of Anthos GKE on AWS has been released. This build removes the need to check AWS IAM privileges when creating a management cluster. You don't need to update if you have not encountered this issue.

To install this build, download the anthos-gke tool by running the following command:

gsutil cp gs://gke-multi-cloud-release/bin/aws-0.2.1-gke.8/anthos-gke .

Then, recreate your Terraform configuration and continue with your installation.

May 07, 2020

To upgrade your Anthos GKE on AWS clusters, you need to uninstall all your management and user clusters. You also need to download the new version of the anthos-gke cli tool.

Anthos GKE on AWS now supports auto-scaling. You can enable auto-scaling by changing settings in your AWSNodePools, or scale your clusters manually by adding new AWSNodePools.

Built-in EBS StorageClass names have been changed to standard-rwo and premium-rwo. If you declare the singlewriter-standard or singlewriter-premium StorageClasses with your workloads, you must update your workloads when upgrading.

Anthos GKE on AWS now support for Application-layer secrets encryption with AWS KMS by passing a KMS key ARN to your AWSCluster.

April 02, 2020

Initial beta release of Anthos GKE on AWS

The release improves upon earlier releases with:

  • Improved reliability: User clusters are now deployed in a high availability (HA) fashion, where both control plane instances as well as node pools can be placed across multiple availability zones. AWS Auto Scaling groups are also now used for resiliency.

  • Improved security: Control plane instances for different user clusters are now isolated in separate security groups. Instance Metadata Service Version 2 (IMDSv2) is enabled to protect against SSRF attacks, and sensitive fields in EC2 metadata are now encrypted.

  • Easier to deploy: The installation process for the management layer has been simplified and performs additional validation checks. It uses Terraform modules for flexible integration into different AWS environments, and customers can now leverage existing security groups and IAM resources to secure clusters. Documentation has been improved and expanded.

  • Future-proof storage stack: We're now using the EBS CSI driver to manage all AWS EBS volumes. The legacy, in-tree Kubernetes EBS driver has been removed entirely, and all upcoming storage features, such as snapshots, will be provided using CSI.

  • Updated Kubernetes version: User clusters are now based on Kubernetes 1.15 and have passed open-source Kubernetes conformance tests.