Supported Kubernetes cluster versions

Each GKE attached clusters release comes with Kubernetes version notes. These are similar to release notes but are specific to a Kubernetes version and may offer more technical detail.

GKE attached clusters supports the following Kubernetes versions:

Kubernetes 1.33

1.33.0-gke.1

Kubernetes 1.32

1.32.0-gke.2

1.32.0-gke.1

Kubernetes 1.31

1.31.0-gke.5

1.31.0-gke.4

1.31.0-gke.3

1.31.0-gke.2

1.31.0-gke.1

Kubernetes 1.30

1.30.0-gke.7

1.30.0-gke.6

1.30.0-gke.5

1.30.0-gke.4

  • Breaking Change: GKE attached clusters validate that the following required services are enabled when creating or updating attached clusters: cloudresourcemanager.googleapis.com, monitoring.googleapis.com. For details, see Google Cloud requirements.

1.30.0-gke.3

1.30.0-gke.2

1.30.0-gke.1

Kubernetes 1.29

1.29.0-gke.9

1.29.0-gke.8

1.29.0-gke.7

  • Breaking Change: GKE attached clusters validate that the following required services are enabled when creating or updating attached clusters: cloudresourcemanager.googleapis.com, monitoring.googleapis.com. For details, see Google Cloud requirements.

1.29.0-gke.6

1.29.0-gke.5

1.29.0-gke.4

1.29.0-gke.3

1.29.0-gke.2

  • Breaking Change: Starting from Kubernetes 1.29, clusters require outbound HTTPS connectivity to the domain kubernetesmetadata.googleapis.com. Please ensure that your proxy server and/or firewall configuration allows this traffic. You also need to enable the Kubernetes Metadata API, which can be enabled in the Google Cloud console.

  • Feature: Removed the requirement for connectivity to the domain opsconfigmonitoring.googleapis.com. This domain was previously required for logging and monitoring but is no longer needed for Kubernetes 1.29 and later. You should remove this domain from your firewall and/or proxy server configuration.

  • Bug Fix: Fixed an issue where the Fluentbit agent can become unresponsive and stop ingesting logs into Cloud Logging. Added a mechanism to detect and automatically restart the agent when this occurs.

1.29.0-gke.1

  • Breaking Change: Starting from Kubernetes 1.29, clusters require outbound HTTPS connectivity to the domain kubernetesmetadata.googleapis.com. Please ensure that your proxy server and/or firewall configuration allows this traffic. You also need to enable the Kubernetes Metadata API, which can be enabled in the Google Cloud console.

  • Feature: Removed the requirement for connectivity to the domain opsconfigmonitoring.googleapis.com. This domain was previously required for logging and monitoring but is no longer needed for Kubernetes 1.29 and later. You should remove this domain from your firewall and/or proxy server configuration.

  • Bug Fix: Fixed an issue where the Fluentbit agent can become unresponsive and stop ingesting logs into Cloud Logging. Added a mechanism to detect and automatically restart the agent when this occurs.

Kubernetes 1.28

1.28.0-gke.9

1.28.0-gke.8

1.28.0-gke.7

1.28.0-gke.6

1.28.0-gke.5

  • Security Fixes:

1.28.0-gke.4

  • Security Fixes:

1.28.0-gke.3

1.28.0-gke.2

  • Bug Fix: Fixed an intermittent authorization failure when using Google Groups.

1.28.0-gke.1

  • Breaking Change: Starting from 1.28, clusters require outbound HTTPS connectivity to {GCP_LOCATION}-gkemulticloud.googleapis.com. Ensure your proxy server and/or firewall allows for this traffic.

  • Feature: Removed the need to explicitly add Google IAM bindings for most features.

    1. No longer need to add any bindings for gke-system/gke-telemetry-agent when creating a cluster.
    2. No longer need to add any bindings for gmp-system/collector or gmp-system/rule-evaluator when enabling managed data collection for Google Managed Service for Prometheus.
    3. No longer need to add any bindings for gke-system/binauthz-agent when enabling binary authorization.

  • Bug Fix: Enhanced Cloud Logging's ingestion of logs from Anthos attached clusters:

    • Fixed an issue in timestamp parsing.
    • Assigned the correct severity level to the anthos-metadata-agent's error logs.