Kubernetes version notes
Each GKE on Azure release comes with Kubernetes version notes. These are similar to release notes but are specific to a Kubernetes version and might offer more technical detail.
GKE on Azure supports the Kubernetes versions listed in the following sections. If a version isn't included in this file, it's unsupported.
Kubernetes 1.30
1.30.5-gke.200
- Security Fixes:
- Fixed CVE-2024-28834
- Fixed CVE-2024-28835
- Fixed CVE-2024-9143
- Fixed GHSA-87m9-rv8p-rgmg
- Fixed GHSA-mh55-gqvf-xfwm
1.30.4-gke.400
- Bug Fix: Fixed an issue of a frequent error message "object has been modified" by updating the
csi-snapshotter
to version 6.3.3. - Security Fixes:
- Fixed CVE-2024-0397
- Fixed CVE-2024-4032
- Fixed CVE-2024-4603
- Fixed CVE-2024-7348
- Fixed CVE-2024-8088
1.30.3-gke.100
Feature: The
gcloud beta container fleet memberships get-credentials
command uses a preview feature of the Connect gateway that lets you run thekubectl
attach
,cp
, andexec
commands. For more information, see Limitations in the Connect gateway documentation.Security Fixes:
- Fixed CVE-2024-21626
- Fixed CVE-2024-7264
Kubernetes 1.29
1.29.8-gke.1800
- Security Fixes:
- Fixed CVE-2024-28834
- Fixed CVE-2024-28835
- Fixed CVE-2024-9143
- Fixed GHSA-87m9-rv8p-rgmg
- Fixed GHSA-mh55-gqvf-xfwm
1.29.8-gke.600
- Bug Fix: Fixed an issue of a frequent error message "object has been modified" by updating the
csi-snapshotter
to version 6.3.3. - Security Fixes:
- Fixed CVE-2024-0397
- Fixed CVE-2024-4032
- Fixed CVE-2024-4603
- Fixed CVE-2024-7348
- Fixed CVE-2024-8088
1.29.7-gke.100
- Security Fixes:
- Fixed CVE-2024-7264
1.29.6-gke.600
- Security Fixes
- Fixed CVE-2022-40735
- Fixed CVE-2023-24329
- Fixed CVE-2023-40217
- Fixed CVE-2023-41105
- Fixed CVE-2023-50387
- Fixed CVE-2023-50868
- Fixed CVE-2023-5678
- Fixed CVE-2023-6129
- Fixed CVE-2023-6237
- Fixed CVE-2023-6597
- Fixed CVE-2024-0450
- Fixed CVE-2024-0727
- Fixed CVE-2024-28834
- Fixed CVE-2024-28835
- Fixed CVE-2024-26642
- Fixed CVE-2024-26923
1.29.5-gke.1100
- Security Fixes:
- Fixed CVE-2024-6387
- Fixed CVE-2024-26643
- Fixed CVE-2024-26809
- Fixed CVE-2024-26924
- Fixed CVE-2024-26925
1.29.5-gke.700
- Security Fixes:
- Fixed CVE-2022-3715
- Fixed CVE-2022-48303
- Fixed CVE-2023-2953
- Fixed CVE-2023-39804
- Fixed CVE-2023-4641
- Fixed CVE-2023-47038
- Fixed CVE-2023-52425
- Fixed CVE-2023-52447
- Fixed CVE-2023-5678
- Fixed CVE-2023-5981
- Fixed CVE-2023-6004
- Fixed CVE-2023-6129
- Fixed CVE-2023-6237
- Fixed CVE-2023-6246
- Fixed CVE-2023-6779
- Fixed CVE-2023-6780
- Fixed CVE-2023-6918
- Fixed CVE-2023-7008
- Fixed CVE-2024-0553
- Fixed CVE-2024-0567
- Fixed CVE-2024-0727
- Fixed CVE-2024-0985
- Fixed CVE-2024-22365
- Fixed CVE-2024-2398
- Fixed CVE-2024-26583
- Fixed CVE-2024-26584
- Fixed CVE-2024-26585
- Fixed CVE-2024-26808
- Fixed CVE-2024-28085
- Fixed CVE-2024-28182
- Fixed CVE-2024-28757
- Fixed CVE-2024-28834
- Fixed CVE-2024-28835
1.29.4-gke.200
- Security Fixes:
- Fixed CVE-2023-52620.
- Fixed CVE-2024-1085.
- Fixed CVE-2024-26581.
1.29.3-gke.600
Breaking Change: Starting from Kubernetes 1.29, clusters require outbound HTTPS connectivity to the domain
kubernetesmetadata.googleapis.com
. Please ensure that your proxy server and/or firewall configuration allows this traffic. You also need to enable the Kubernetes Metadata API, which can be enabled in the Google Cloud console.Feature: Removed the requirement for connectivity to the domain
opsconfigmonitoring.googleapis.com
. This domain was previously required for logging and monitoring but is no longer needed for Kubernetes 1.29 and later. You should remove this domain from your firewall and/or proxy server configuration.Bug Fix: Fixed an issue where the Fluentbit agent becomes unresponsive and stops ingesting logs into Cloud Logging. Added a mechanism to detect and automatically restart the agent when this occurs.
Security Fixes:
- Fixed CVE-2020-29509
- Fixed CVE-2020-29511
- Fixed CVE-2020-29652
- Fixed CVE-2021-29923
- Fixed CVE-2021-31525
- Fixed CVE-2021-33195
- Fixed CVE-2021-33196
- Fixed CVE-2021-33197
- Fixed CVE-2021-33198
- Fixed CVE-2021-34558
- Fixed CVE-2021-36221
- Fixed CVE-2021-38297
- Fixed CVE-2021-38561
- Fixed CVE-2021-39293
- Fixed CVE-2021-41771
- Fixed CVE-2021-41772
- Fixed CVE-2021-43565
- Fixed CVE-2021-44716
- Fixed CVE-2022-1705
- Fixed CVE-2022-1962
- Fixed CVE-2022-21698
- Fixed CVE-2022-23772
- Fixed CVE-2022-23773
- Fixed CVE-2022-23806
- Fixed CVE-2022-24675
- Fixed CVE-2022-24921
- Fixed CVE-2022-27191
- Fixed CVE-2022-27664
- Fixed CVE-2022-28131
- Fixed CVE-2022-28327
- Fixed CVE-2022-2879
- Fixed CVE-2022-2880
- Fixed CVE-2022-29526
- Fixed CVE-2022-30580
- Fixed CVE-2022-30629
- Fixed CVE-2022-30630
- Fixed CVE-2022-30631
- Fixed CVE-2022-30632
- Fixed CVE-2022-30633
- Fixed CVE-2022-30635
- Fixed CVE-2022-32148
- Fixed CVE-2022-32149
- Fixed CVE-2022-32189
- Fixed CVE-2022-41715
- Fixed CVE-2022-41717
- Fixed CVE-2022-41724
- Fixed CVE-2022-41725
- Fixed CVE-2023-24532
- Fixed CVE-2023-24534
- Fixed CVE-2023-24536
- Fixed CVE-2023-24537
- Fixed CVE-2023-24538
- Fixed CVE-2023-24539
- Fixed CVE-2023-24540
- Fixed CVE-2023-29400
- Fixed CVE-2023-29402
- Fixed CVE-2023-29403
- Fixed CVE-2023-29404
- Fixed CVE-2023-29405
- Fixed CVE-2023-45287
Kubernetes 1.28
1.28.14-gke.200
- Security Fixes:
- Fixed CVE-2024-28834
- Fixed CVE-2024-28835
- Fixed CVE-2024-9143
- Fixed GHSA-87m9-rv8p-rgmg
- Fixed GHSA-mh55-gqvf-xfwm
1.28.13-gke.600
- Bug Fix: Fixed an issue of a frequent error message "object has been modified" by updating the
csi-snapshotter
to version 6.3.3. - Security Fixes:
- Fixed CVE-2024-0397
- Fixed CVE-2024-4032
- Fixed CVE-2024-4603
- Fixed CVE-2024-7348
- Fixed CVE-2024-8088
1.28.12-gke.100
1.28.11-gke.600
- Security Fixes
- Fixed CVE-2022-40735
- Fixed CVE-2023-24329
- Fixed CVE-2023-40217
- Fixed CVE-2023-41105
- Fixed CVE-2023-50387
- Fixed CVE-2023-50868
- Fixed CVE-2023-5678
- Fixed CVE-2023-6129
- Fixed CVE-2023-6237
- Fixed CVE-2023-6597
- Fixed CVE-2024-0450
- Fixed CVE-2024-0727
- Fixed CVE-2024-28834
- Fixed CVE-2024-28835
- Fixed CVE-2024-26642
- Fixed CVE-2024-26923
1.28.10-gke.1300
- Security Fixes:
- Fixed CVE-2024-6387
- Fixed CVE-2024-26643
- Fixed CVE-2024-26809
- Fixed CVE-2024-26924
- Fixed CVE-2024-26925
1.28.10-gke.800
- Security Fixes:
- Fixed CVE-2022-3715
- Fixed CVE-2022-48303
- Fixed CVE-2023-2953
- Fixed CVE-2023-39804
- Fixed CVE-2023-4641
- Fixed CVE-2023-52425
- Fixed CVE-2023-52447
- Fixed CVE-2023-5678
- Fixed CVE-2023-5981
- Fixed CVE-2023-6004
- Fixed CVE-2023-6129
- Fixed CVE-2023-6237
- Fixed CVE-2023-6246
- Fixed CVE-2023-6779
- Fixed CVE-2023-6780
- Fixed CVE-2023-6918
- Fixed CVE-2023-7008
- Fixed CVE-2024-0553
- Fixed CVE-2024-0567
- Fixed CVE-2024-0727
- Fixed CVE-2024-0985
- Fixed CVE-2024-22365
- Fixed CVE-2024-2398
- Fixed CVE-2024-26583
- Fixed CVE-2024-26584
- Fixed CVE-2024-26585
- Fixed CVE-2024-26808
- Fixed CVE-2024-28085
- Fixed CVE-2024-28182
- Fixed CVE-2024-28757
- Fixed CVE-2024-28834
- Fixed CVE-2024-28835
1.28.9-gke.400
- Security Fixes:
- Fixed CVE-2023-52620.
- Fixed CVE-2024-1085.
- Fixed CVE-2024-26581.
1.28.8-gke.800
- Security Fixes:
- Fixed CVE-2020-29509
- Fixed CVE-2020-29511
- Fixed CVE-2020-29652
- Fixed CVE-2021-29923
- Fixed CVE-2021-31525
- Fixed CVE-2021-33195
- Fixed CVE-2021-33196
- Fixed CVE-2021-33197
- Fixed CVE-2021-33198
- Fixed CVE-2021-34558
- Fixed CVE-2021-36221
- Fixed CVE-2021-38297
- Fixed CVE-2021-38561
- Fixed CVE-2021-39293
- Fixed CVE-2021-41771
- Fixed CVE-2021-41772
- Fixed CVE-2021-43565
- Fixed CVE-2021-44716
- Fixed CVE-2022-1705
- Fixed CVE-2022-1962
- Fixed CVE-2022-21698
- Fixed CVE-2022-23772
- Fixed CVE-2022-23773
- Fixed CVE-2022-23806
- Fixed CVE-2022-24675
- Fixed CVE-2022-24921
- Fixed CVE-2022-27191
- Fixed CVE-2022-27664
- Fixed CVE-2022-28131
- Fixed CVE-2022-28327
- Fixed CVE-2022-2879
- Fixed CVE-2022-2880
- Fixed CVE-2022-29526
- Fixed CVE-2022-30580
- Fixed CVE-2022-30629
- Fixed CVE-2022-30630
- Fixed CVE-2022-30631
- Fixed CVE-2022-30632
- Fixed CVE-2022-30633
- Fixed CVE-2022-30635
- Fixed CVE-2022-32148
- Fixed CVE-2022-32149
- Fixed CVE-2022-32189
- Fixed CVE-2022-41715
- Fixed CVE-2022-41717
- Fixed CVE-2022-41724
- Fixed CVE-2022-41725
- Fixed CVE-2023-24532
- Fixed CVE-2023-24534
- Fixed CVE-2023-24536
- Fixed CVE-2023-24537
- Fixed CVE-2023-24538
- Fixed CVE-2023-24539
- Fixed CVE-2023-24540
- Fixed CVE-2023-29400
- Fixed CVE-2023-29402
- Fixed CVE-2023-29403
- Fixed CVE-2023-29404
- Fixed CVE-2023-29405
- Fixed CVE-2023-45287
1.28.7-gke.1700
1.28.5-gke.1200
- Bug Fixes
- Fixed a bug for file descriptor leak in runc (CVE-2024-21626).
- Security Fixes
- Fixed CVE-2023-38039.
- Fixed CVE-2023-46219.
- Fixed CVE-2023-39326.
- Fixed CVE-2023-44487.
- Fixed CVE-2023-45142.
- Fixed CVE-2023-45285.
- Fixed CVE-2023-48795.
- Fixed CVE-2024-0193.
- Fixed CVE-2023-6932.
- Fixed CVE-2024-0193.
- Fixed CVE-2023-6817.
1.28.5-gke.100
- Security Fixes
- Fixed CVE-2022-28948.
- Fixed CVE-2023-29491.
- Fixed CVE-2023-36054.
- Fixed CVE-2023-5363.
- Fixed CVE-2023-47038.
- Fixed CVE-2023-5981.
- Fixed CVE-2023-4806.
- Fixed CVE-2023-4016.
- Fixed CVE-2023-4813.
- Fixed CVE-2022-48522.
- Fixed CVE-2023-46218.
- Fixed CVE-2023-5156.
- Fixed CVE-2023-39804.
- Fixed CVE-2023-5869.
- Fixed CVE-2023-39417.
- Fixed CVE-2023-5868.
- Fixed CVE-2023-5870.
- Fixed GHSA-6xv5-86q9-7xr8.
1.28.3-gke.700
Breaking Change: Starting from 1.28, clusters require outbound HTTPS connectivity to
{GCP_LOCATION}-gkemulticloud.googleapis.com
. Ensure your proxy server and/or firewall allows for this traffic.Feature: Removed the need to explicitly add Google IAM bindings for most features.
- No longer need to add any bindings for
gke-system/gke-telemetry-agent
when creating a cluster. - No longer need to add any bindings for
gmp-system/collector
orgmp-system/rule-evaluator
when enabling managed data collection for Google Managed Service for Prometheus.
- No longer need to add any bindings for
Feature: Ubuntu 22.04 now uses linux-azure 6.2 kernel version.
Bug Fix: Monitoring metrics for the
gke-azure-encryption-provider
control plane Pod are now reported on thekube-system
namespace. Previously, they were mistakenly being reported on the default namespace.Bug Fix: Upgrading a cluster to version 1.28 will clean up obsolete resources that may have been created in older versions (up to 1.25) but are no longer relevant. The following resources in the namespace
gke-system
are deleted if exist:- daemonsets
fluentbit-gke-windows
andgke-metrics-agent-windows
- configmaps
fluentbit-gke-windows-config
andgke-metrics-agent-windows-conf
- daemonsets
Bug Fix: Enhanced Cloud Logging's ingestion of logs from Anthos clusters on Azure:
- Fixed an issue in timestamp parsing.
- Assigned the correct severity level to the
anthos-metadata-agent
's error logs.
Security Fixes
- Fixed CVE-2023-3610
- Fixed CVE-2023-3776
- Fixed CVE-2023-3611
- Fixed CVE-2023-5197
- Fixed CVE-2023-44487
- Fixed CVE-2023-39325
- Fixed CVE-2023-4147
- Fixed CVE-2022-1996
- Fixed CVE-2023-29406
- Fixed CVE-2023-29409
- Fixed CVE-2023-39318
- Fixed CVE-2023-39319
- Fixed CVE-2023-39323
- Fixed CVE-2023-3978