Google Distributed Cloud version 1.14 runs on Kubernetes 1.25. Kubernetes 1.25 has deleted certain APIs. You can see a list of these deleted APIs in Kubernetes 1.25 deleted APIs.
Determine if the API deletion affects you
In version 1.13, of Google Distributed Cloud, all clusters have cluster audit logging enabled and audit logs are streamed to Google Cloud Observability.
To determine if the Kubernetes Service Accounts you use make calls to any deleted APIs, run the supplied query in Logs Explorer:
In the Google Cloud console, go to the Logs Explorer page in the Logging menu.
In the Query field, enter the following query:
resource.labels.cluster_name = "CLUSTER_NAME" AND logName = "projects/PROJECT_ID/logs/externalaudit.googleapis.com%2Factivity" AND protoPayload.authenticationInfo.principalEmail:("system:serviceaccount" OR "@") AND protoPayload.authenticationInfo.principalEmail!~("system:serviceaccount:kube-system:") AND protoPayload.authenticationInfo.principalEmail!~("system:serviceaccount:cert-manager:") AND protoPayload.authenticationInfo.principalEmail!~("system:serviceaccount:capi-kubeadm-bootstrap-system:") AND protoPayload.authenticationInfo.principalEmail!~("system:serviceaccount:capi-kubeadm-bootstrap-system-webhook:") AND protoPayload.authenticationInfo.principalEmail!~("system:serviceaccount:capi-system:") AND protoPayload.authenticationInfo.principalEmail!~("system:serviceaccount:capi-system-webhook:") AND labels."k8s.io/removed-release"="1.25"
The output from this query shows if any of your Kubernetes Service Accounts make deleted API calls.