This documentation is for the most recent version of Anthos clusters on Azure, released on November 3rd. See the Release notes for more information.
Stay organized with collections Save and categorize content based on your preferences.

Supported Kubernetes cluster versions

This topic lists the Kubernetes versions that Anthos clusters on Azure supports.

Anthos clusters on Azure supports the following Kubernetes versions:

Kubernetes 1.24

1.24.5-gke.200

Kubernetes OSS release notes

1.24.3-gke.2100

Kubernetes OSS release notes

  • Disable profiling endpoint (/debug/pprof) by default in kube-scheduler and kube-controller-manager.
  • Update kube-apiserver and kubelet to only use Strong Cryptographic Ciphers.
  • go1.18 stops accepting certificates signed with the SHA-1 hash algorithm by default. Admission/conversion webhooks or aggregated server endpoints using these insecure certificates will break by default in 1.24. The environment variable GODEBUG=x509sha1=1 is set in Anthos on-Azure clusters as a temporary workaround to let these insecure certificates continue to work. However, the go team is anticipated to remove support on this workaround in the near coming releases. Customers should check and ensure there aren't any admission/conversion webhooks or aggregated server endpoints that are using such insecure certificates before upgrading to the upcoming breaking version.
  • Improve network connectivity checks during cluster and node pool creation to help troubleshooting.

  • Security Fixes

  • Upload Kubernetes resource metrics to Google Cloud Monitoring for Windows node pools.

  • Deploy Daemonset azure-cloud-node-manager with kubelet credentials to complete node initialization.

  • Update kubelet to apply external Azure cloud provider.

  • Upload workload metrics using Google Managed Service for Prometheus to Cloud Monarch is available as invite only private preview.

Kubernetes 1.23

1.23.11-gke.300

Kubernetes OSS release notes

1.23.9-gke.2100

Kubernetes OSS release notes

1.23.9-gke.800

Kubernetes OSS release notes

1.23.8-gke.1700

Kubernetes OSS release notes

1.23.7-gke.1300

Kubernetes OSS release notes

  • Source code of Azuredisk available at https://console.cloud.google.com/storage/browser/gke-multi-cloud-api-release/azuredisk-csi-driver
  • Source code of Azurefile available at https://console.cloud.google.com/storage/browser/gke-multi-cloud-api-release/azurefile-csi-driver
  • Disable profiling endpoint (/debug/pprof) by default in kube-scheduler and kube-controller-manager.
  • Update kube-apiserver and kubelet to only use Strong Cryptographic Ciphers. Supported Ciphers used by Kubelet:

    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256

    Supported Ciphers used by kube api-server:

    TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384

  • Security Fixes

Kubernetes 1.22

1.22.15-gke.100

Kubernetes OSS release notes

1.22.12-gke.2300

Kubernetes OSS release notes

1.22.12-gke.1100

Kubernetes OSS release notes

1.22.12-gke.200

Kubernetes OSS release notes

1.22.10-gke.1500

Kubernetes OSS release notes.

1.22.8-gke.2100

Kubernetes OSS release notes.

  • Windows nodes now use pigz to improve image layer extraction performance.

1.22.8-gke.1300

You cannot create new clusters with this version, or upgrade existing clusters to this version. However existing clusters or node pools at this version will continue working, and can be upgraded to a later version.

  • Bug fixes
    • Fixed an issue where addons cannot be applied when Windows nodepools are enabled.
    • Fixed an issue where logging agent could fill up attached disk space.
  • Security Fixes
    • Fixed CVE-2022-1055.
    • Fixed CVE-2022-0886.
    • Fixed CVE-2022-0492.
    • Fixed CVE-2022-24769.
    • This release includes the following Role-based access control (RBAC) changes:
      • Scoped down anet-operator permissions for Lease update.
      • Scoped down anetd Daemonset permissions for Nodes and pods.
      • Scoped down fluentbit-gke permissions for service account tokens.
      • Scoped down gke-metrics-agent for service account tokens.
      • Scoped down coredns-autoscaler permissions for Nodes, ConfigMaps and Deployments.

1.22.8-gke.200

You cannot create new clusters with this version, or upgrade existing clusters to this version. However existing clusters or node pools at this version will continue working, and can be upgraded to a later version.

Kubernetes OSS release notes

  • When you create a new cluster using Kubernetes version 1.22, you can now configure custom logging parameters.
  • As a preview feature, you can now choose Windows as your node pool image type when you create node pools with Kubernetes version 1.22.
  • You can now view most common asynchronous cluster and nodepool boot errors in the long running operation error field. For more information, see the gcloud container azure operations list reference documentation.
  • Security Fixes
  • Bug Fixes
    • GKE Connect Agent now correctly reads and applies the cluster's proxy settings.