Version 1.11. This version is no longer supported. For information about how to upgrade to version 1.12, see Upgrading Anthos on bare metal in the 1.12 documentation. For more information about supported and unsupported versions, see the Version history page in the latest documentation.

Deprecated Kubernetes 1.22 APIs

GKE on Bare Metal version 1.11 runs on Kubernetes 1.22. Kubernetes 1.22 has deprecated certain APIs, and a list of these deprecated APIs can be found in Kubernetes 1.22 deprecated APIs.

In version 1.11, of GKE on Bare Metal, all clusters have cluster audit logging enabled and audit logs are streamed to Google Cloud's operations suite. To determine if Kubernetes Service Accounts (SA) you use make calls to any deprecated APIs, go to Cloud Operation Log Explorer and run the query below. Output from this query will show if any of your Kubernetes SAs make deprecated API calls:

resource.labels.cluster_name = "<cluster_name>" AND
logName = "projects/<project>/logs/externalaudit.googleapis.com%2Factivity" AND
protoPayload.authenticationInfo.principalEmail:("system:serviceaccount" OR "@") AND
protoPayload.authenticationInfo.principalEmail!~("system:serviceaccount:kube-system:") AND
protoPayload.authenticationInfo.principalEmail!~("system:serviceaccount:cert-manager:") AND
protoPayload.authenticationInfo.principalEmail!~("system:serviceaccount:capi-kubeadm-bootstrap-system:") AND
protoPayload.authenticationInfo.principalEmail!~("system:serviceaccount:capi-kubeadm-bootstrap-system-webhook:") AND
protoPayload.authenticationInfo.principalEmail!~("system:serviceaccount:capi-system:") AND
protoPayload.authenticationInfo.principalEmail!~("system:serviceaccount:capi-system-webhook:") AND
(protoPayload.methodName:"io.k8s.apiextensions.v1beta1.CustomResourceDefinition" OR
protoPayload.methodName:"io.k8s.admissionregistration.v1beta1.MutatingWebhookConfiguration" OR
protoPayload.methodName:"io.k8s.admissionregistration.v1beta1.ValidatingWebhookConfiguration" OR
protoPayload.methodName:"io.k8s.apiregistration.v1beta1.APIService" OR
protoPayload.methodName:"io.k8s.authentication.v1beta1.TokenReview" OR
protoPayload.methodName:"io.k8s.authentication.v1beta1.LocalSubjectAccessReview" OR
protoPayload.methodName:"io.k8s.authentication.v1beta1.SelfSubjectAccessReview" OR
protoPayload.methodName:"io.k8s.authentication.v1beta1.SubjectAccessReview" OR
protoPayload.methodName:"io.k8s.certificates.v1beta1.CertificateSigningRequest" OR
protoPayload.methodName:"io.k8s.coordination.v1beta1.Lease" OR
protoPayload.methodName:"io.k8s.networking.v1beta1.Ingress" OR
protoPayload.methodName:"io.k8s.networking.v1beta1.IngressClass" OR
protoPayload.methodName:"io.k8s.authorization.rbac.v1beta1.ClusterRole" OR
protoPayload.methodName:"io.k8s.authorization.rbac.v1beta1.ClusterRoleBinding" OR
protoPayload.methodName:"io.k8s.authorization.rbac.v1beta1.Role" OR
protoPayload.methodName:"io.k8s.authorization.rbac.v1beta1.RoleBinding" OR
protoPayload.methodName:"io.k8s.scheduling.v1beta1.PriorityClass" OR
protoPayload.methodName:"io.k8s.storage.v1beta1.CSIDriver" OR
protoPayload.methodName:"io.k8s.storage.v1beta1.CSINode" OR
protoPayload.methodName:"io.k8s.storage.v1beta1.StorageClass" OR
protoPayload.methodName:"io.k8s.storage.v1beta1.VolumeAttachment"
)