Deleted Kubernetes 1.25 APIs

GKE on Bare Metal version 1.14 runs on Kubernetes 1.25. Kubernetes 1.25 has deleted certain APIs. You can see a list of these deleted APIs in Kubernetes 1.25 deleted APIs.

Determine if the API deletion affects you

In version 1.13, of GKE on Bare Metal, all clusters have cluster audit logging enabled and audit logs are streamed to Google Cloud's operations suite.

To determine if the Kubernetes Service Accounts you use make calls to any deleted APIs, run the supplied query in Logs Explorer:

  1. In the Google Cloud console, go to the Logs Explorer page in the Logging menu.

    Go to Logs Explorer

  2. In the Query field, enter the following query:

    resource.labels.cluster_name = "CLUSTER_NAME" AND
    logName = "projects/PROJECT_ID/logs/" AND
    protoPayload.authenticationInfo.principalEmail:("system:serviceaccount" OR "@") AND
    protoPayload.authenticationInfo.principalEmail!~("system:serviceaccount:kube-system:") AND
    protoPayload.authenticationInfo.principalEmail!~("system:serviceaccount:cert-manager:") AND
    protoPayload.authenticationInfo.principalEmail!~("system:serviceaccount:capi-kubeadm-bootstrap-system:") AND
    protoPayload.authenticationInfo.principalEmail!~("system:serviceaccount:capi-kubeadm-bootstrap-system-webhook:") AND
    protoPayload.authenticationInfo.principalEmail!~("system:serviceaccount:capi-system:") AND
    protoPayload.authenticationInfo.principalEmail!~("system:serviceaccount:capi-system-webhook:") AND

    The output from this query shows if any of your Kubernetes Service Accounts make deleted API calls.