Unsupported Kubernetes cluster versions
The following versions of GKE on Azure are unsupported.
Kubernetes 1.25
1.25.14-gke.700
- Security Fixes
- Fixed CVE-2015-3276
- Fixed CVE-2022-29155
1.25.13-gke.200
- Security Fixes
- Fixed CVE-2023-3610
- Fixed CVE-2023-3776
- Fixed CVE-2023-3611
1.25.12-gke.500
Kubernetes OSS release notes
* Feature: Expanded the list of metrics collected from node pools to include
gke-metrics-agent
, cilium-agent
, cilium-operator
, coredns
,
fluentbit-gke
, kubelet
, and konnectivity-agent
.
- Security Fixes
- Fixed CVE-2022-3821
- Fixed CVE-2022-4415
- Fixed CVE-2022-29458
- Fixed CVE-2023-0464
- Fixed CVE-2023-0465
- Fixed CVE-2023-0466
- Fixed CVE-2023-2650
1.25.10-gke.1400
- Security Fixes
- Fixed CVE-2022-0464
- Fixed CVE-2022-27664
- Fixed CVE-2022-32149
- Fixed CVE-2023-29491
- Fixed CVE-2023-31484
1.25.10-gke.1200
- Security Fixes
- Migrated node pool metrics agent and metrics server to authenticated kubelet port.
1.25.8-gke.500
Bug Fixes
- Fixed an issue in which the logging agent consumed increasingly high amounts of memory.
Security Fixes
- Fixed CVE-2023-1872.
1.25.7-gke.1000
Bug Fixes: Newly-created clusters now use etcd v3.4.21 for improved stability. Existing clusters of previous versions were already using etcd v3.5.x and will not be downgraded to v3.4.21 during cluster upgrade; these clusters will instead use v3.5.6.
Security Fixes
- Fixed CVE-2023-0461.
1.25.6-gke.1600
Bug Fix: Fixed an issue that could cause cluster upgrades to fail if certain types of validating admission webhooks are registered.
Security Fixes
- Fixed CVE-2023-25153.
- Fixed CVE-2023-25173.
- Fixed CVE-2023-0286.
- Fixed CVE-2022-4450.
- Fixed CVE-2023-0215.
- Fixed CVE-2022-2097.
- Fixed CVE-2022-4304.
1.25.5-gke.2000
Feature: Updated Anthos Identity Service to better handle concurrent authentication webhook requests.
Bug Fix: Fixed an issue where certain errors were not propagated and reported during cluster create/update operations.
Bug Fix: Fixed an issue where authentication through the Anthos Service Mesh dashboard failed due to inability to impersonate end user.
Security Fixes
- Fixed CVE-2022-2097.
- Fixed CVE-2022-42898.
1.25.5-gke.1500
Known Issue: Some UI surfaces in Google Cloud console can't authorize to the cluster and might display the cluster as unreachable. A workaround is to manually apply RBAC permitting user impersonation. For details, see Troubleshooting.
Security Fixes
- Fixed CVE-2022-23471
- Fixed CVE-2021-46848
- Fixed CVE-2022-42898
1.25.4-gke.1300
Known Issue: Some UI surfaces in Google Cloud console can't authorize to the cluster and might display the cluster as unreachable. A workaround is to manually apply RBAC permitting user impersonation. For details, see Troubleshooting.
Deprecation: Removed deprecated in-tree volume plugins flocker, quobyte and storageos.
Feature: Uploading of workload metrics using Google Managed Service for Prometheus with managed collection to Cloud Monarch is now available in GA.
Feature: Enhanced security by restricted static pods running on the cluster's control plane VMs to run as non-root Linux users.
Feature: Azure AD GA. This feature allows cluster admins to configure RBAC policies based on Azure AD groups for authorization in clusters. This supports retrieval of groups information for users belonging to more than 200 groups, thus overcoming a limitation of regular OIDC configured with Azure AD as the identity provider.
Feature: Added a new token manager (gke-token-manager) to generate tokens for control plane components, using the service account signing key. Benefits:
- Eliminate the dependency on kube-apiserver for control plane components to authenticate to Google services. Previously, control plane components would use the TokenRequest API and were reliant on a healthy kube-apiserver. Whereas now the gke-token-manager component mints the tokens directly using the service account signing key.
- Eliminate the RBAC for generating token for controlplane components.
- Uncouple the logging and kube-apiserver. So that the logging can be ingested before the kube-apiserver is up.
- Make the controlplane more resilience. When the kube-apiserver is out of service the controlplane components can still get the tokens and keep working.
Feature: As a preview feature, ingest a variety of metrics from the control plane components to Cloud Monitoring, including kube-apiserver, etcd, kube-scheduler and kube-controller-manager.
Feature: Users in a Google Group can access Azure clusters using Connect Gateway by granting necessary RBAC permission to the Group. More details at Set up the Connect gateway with Google Groups.
Bug Fix: Fixed an issue which could result in outdated versions of
gke-connect-agent
not being removed after cluster upgrades.Security Fixes
- Fixed CVE-2020-16156
- Fixed CVE-2021-3671
- Fixed CVE-2021-4037
- Fixed CVE-2021-43618
- Fixed CVE-2022-0171
- Fixed CVE-2022-1184
- Fixed CVE-2022-20421
- Fixed CVE-2022-2602
- Fixed CVE-2022-2663
- Fixed CVE-2022-2978
- Fixed CVE-2022-3061
- Fixed CVE-2022-3116
- Fixed CVE-2022-3176
- Fixed CVE-2022-32221
- Fixed CVE-2022-3303
- Fixed CVE-2022-35737
- Fixed CVE-2022-3586
- Fixed CVE-2022-3621
- Fixed CVE-2022-3646
- Fixed CVE-2022-3649
- Fixed CVE-2022-37434
- Fixed CVE-2022-3903
- Fixed CVE-2022-39188
- Fixed CVE-2022-39842
- Fixed CVE-2022-40303
- Fixed CVE-2022-40304
- Fixed CVE-2022-40307
- Fixed CVE-2022-40768
- Fixed CVE-2022-4095
- Fixed CVE-2022-41674
- Fixed CVE-2022-41916
- Fixed CVE-2022-42010
- Fixed CVE-2022-42011
- Fixed CVE-2022-42012
- Fixed CVE-2022-42719
- Fixed CVE-2022-42720
- Fixed CVE-2022-42721
- Fixed CVE-2022-42722
- Fixed CVE-2022-43680
- Fixed CVE-2022-43750
- Fixed CVE-2022-44638
Kubernetes 1.24
1.24.14-gke.2700
- Security Fixes
- Fixed CVE-2022-28321
- Fixed CVE-2022-44640
1.24.14-gke.1400
1.24.13-gke.500
Bug Fixes
- Fixed an issue in which the logging agent consumed increasingly high amounts of memory.
Security Fixes
- Fixed CVE-2023-1872.
1.24.11-gke.1000
Bug Fixes: Newly-created clusters now use etcd v3.4.21 for improved stability. Existing clusters of previous versions were already using etcd v3.5.x and will not be downgraded to v3.4.21 during cluster upgrade; these clusters will instead use v3.5.6.
Security Fixes
- Fixed CVE-2023-0461.
1.24.10-gke.1200
- Bug Fix: Fixed an issue that could cause cluster upgrades to fail if certain types of validating admission webhooks are registered.
- Bug Fix: Fixed Cilium security ID propagation so that IDs are properly passed in the tunnel header when requests are forwarded to Services of type NodePort and LoadBalancer.
- Security Fixes
- Fixed CVE-2023-25153.
- Fixed CVE-2023-25173.
- Fixed CVE-2023-0286.
- Fixed CVE-2022-4450.
- Fixed CVE-2023-0215.
- Fixed CVE-2022-2097.
- Fixed CVE-2022-4304.
1.24.9-gke.2000
Feature: Updated Anthos Identity Service to better handle concurrent authentication webhook requests.
Bug Fix: Fixed an issue where certain errors were not propagated and reported during cluster create/update operations.
Security Fixes
- Fixed CVE-2022-2097.
- Fixed CVE-2022-42898.
1.24.9-gke.1500
- Security Fixes
- Fixed CVE-2022-23471
- Fixed CVE-2021-46848
- Fixed CVE-2022-42898
1.24.8-gke.1300
Feature: Azure AD GA. This feature allows cluster admins to configure RBAC policies based on Azure AD groups for authorization in clusters. This supports retrieval of groups information for users belonging to more than 200 groups, thus overcoming a limitation of regular OIDC configured with Azure AD as the identity provider.
Security Fixes
- Fixed CVE-2020-16156
- Fixed CVE-2021-3671
- Fixed CVE-2021-4037
- Fixed CVE-2021-43618
- Fixed CVE-2022-0171
- Fixed CVE-2022-1184
- Fixed CVE-2022-20421
- Fixed CVE-2022-2602
- Fixed CVE-2022-2663
- Fixed CVE-2022-2978
- Fixed CVE-2022-3061
- Fixed CVE-2022-3116
- Fixed CVE-2022-3176
- Fixed CVE-2022-32221
- Fixed CVE-2022-3303
- Fixed CVE-2022-3586
- Fixed CVE-2022-3621
- Fixed CVE-2022-3646
- Fixed CVE-2022-3649
- Fixed CVE-2022-37434
- Fixed CVE-2022-3903
- Fixed CVE-2022-39188
- Fixed CVE-2022-39842
- Fixed CVE-2022-40303
- Fixed CVE-2022-40304
- Fixed CVE-2022-40307
- Fixed CVE-2022-40768
- Fixed CVE-2022-4095
- Fixed CVE-2022-41674
- Fixed CVE-2022-42010
- Fixed CVE-2022-42011
- Fixed CVE-2022-42012
- Fixed CVE-2022-42719
- Fixed CVE-2022-42720
- Fixed CVE-2022-42721
- Fixed CVE-2022-42722
- Fixed CVE-2022-43680
- Fixed CVE-2022-43750
- Fixed CVE-2022-44638
1.24.5-gke.200
- Security Fixes
- Fixed CVE-2022-40674
- Fixed CVE-2021-3999
- Fixed CVE-2022-1679
- Fixed CVE-2022-2795
- Fixed CVE-2022-3028
- Fixed CVE-2022-38177
- Fixed CVE-2022-38178
- Fixed CVE-2021-3502
- Fixed CVE-2021-44648
- Fixed CVE-2021-46829
- Fixed CVE-2022-2905
- Fixed CVE-2022-3080
- Fixed CVE-2022-35252
- Fixed CVE-2022-39190
- Fixed CVE-2022-41222
- Fixed CVE-2020-8287
- Fixed CVE-2022-1184
- Fixed CVE-2022-1586
- Fixed CVE-2022-1587
- Fixed CVE-2022-2153
- Fixed CVE-2022-39188
- Fixed CVE-2022-20422
- Fixed CVE-2021-3999
- Fixed CVE-2022-1586
- Fixed CVE-2022-1587
- Fixed CVE-2022-35252
- Fixed CVE-2020-35525
- Fixed CVE-2020-35527
- Fixed CVE-2021-20223
- Fixed CVE-2022-37434
- Fixed CVE-2022-40674
- Fixed CVE-2021-3999
- Fixed CVE-2022-32744
- Fixed CVE-2021-46828
- Fixed CVE-2022-2509
- Fixed CVE-2022-2031
- Fixed CVE-2022-32745
- Fixed CVE-2022-1586
- Fixed CVE-2022-1587
- Fixed CVE-2022-32742
- Fixed CVE-2022-32746
- Fixed CVE-2022-1586
- Fixed CVE-2022-1587
- Fixed CVE-2022-40674
- Fixed CVE-2022-37434
- Fixed CVE-2021-3999
- Fixed CVE-2022-2509
- Fixed CVE-2021-46828
1.24.3-gke.2100
- Feature: Disable profiling endpoint (/debug/pprof) by default in kube-scheduler and kube-controller-manager.
- Feature: Update kube-apiserver and kubelet to only use Strong Cryptographic Ciphers.
- Feature: go1.18 stops accepting certificates signed with the SHA-1 hash algorithm by default. Admission/conversion webhooks or aggregated server endpoints using these insecure certificates will break by default in 1.24. The environment variable GODEBUG=x509sha1=1 is set in Anthos on-Azure clusters as a temporary workaround to let these insecure certificates continue to work. However, the go team is anticipated to remove support on this workaround in the near coming releases. Customers should check and ensure there aren't any admission/conversion webhooks or aggregated server endpoints that are using such insecure certificates before upgrading to the upcoming breaking version.
- Feature: Improve network connectivity checks during cluster and node pool creation to help troubleshooting.
- Feature: Upload Kubernetes resource metrics to Google Cloud Monitoring for Windows node pools.
- Feature: Deploy Daemonset
azure-cloud-node-manager
with kubelet credentials to complete node initialization. - Feature: Update kubelet to apply external Azure cloud provider.
Feature: Upload workload metrics using Google Managed Service for Prometheus to Cloud Monarch is available as invite only private preview.
Security Fixes
- Fixed CVE-2022-1786.
- Fixed CVE-2022-29582.
- Fixed CVE-2022-29581.
- Fixed CVE-2022-1116.
- Fixed CVE-2022-34903.
- Fixed CVE-2021-4209.
- Fixed CVE-2022-29900.
- Fixed CVE-2022-29901.
- Fixed CVE-2022-2385.
- Fixed CVE-2022-1462
- Fixed CVE-2022-1882
- Fixed CVE-2022-21505
- Fixed CVE-2022-2585
- Fixed CVE-2022-23816
- Fixed CVE-2022-2509
- Fixed CVE-2022-2586
- Fixed CVE-2022-2588
- Fixed CVE-2022-26373
- Fixed CVE-2022-36879
- Fixed CVE-2022-36946
Kubernetes 1.23
1.23.16-gke.2800
Bug Fix: Fixed an issue that could cause cluster upgrades to fail if certain types of validating admission webhooks are registered.
Security Fixes
- Fixed CVE-2023-25153.
- Fixed CVE-2023-25173.
- Fixed CVE-2023-0215.
- Fixed CVE-2022-4450.
- Fixed CVE-2023-0286.
- Fixed CVE-2022-4304.
- Fixed CVE-2022-2097.
1.23.16-gke.200
- Bug Fix: Fixed an issue where certain errors were not propagated and reported during cluster create/update operations.
Bug Fix: Fixed cpp-httplib issues with kubeapi server unable to reach AIS.
Security Fixes
- Fixed CVE-2022-2097.
1.23.14-gke.1800
- Security Fixes
- Fixed CVE-2022-23471
- Fixed CVE-2021-46848
- Fixed CVE-2022-42898
1.23.14-gke.1100
Feature: Azure AD GA. This feature allows cluster admins to configure RBAC policies based on Azure AD groups for authorization in clusters. This supports retrieval of groups information for users belonging to more than 200 groups, thus overcoming a limitation of regular OIDC configured with Azure AD as the identity provider.
Security Fixes
- Fixed CVE-2016-10228
- Fixed CVE-2019-19126
- Fixed CVE-2019-25013
- Fixed CVE-2020-10029
- Fixed CVE-2020-16156
- Fixed CVE-2020-1752
- Fixed CVE-2020-27618
- Fixed CVE-2020-6096
- Fixed CVE-2021-27645
- Fixed CVE-2021-3326
- Fixed CVE-2021-33574
- Fixed CVE-2021-35942
- Fixed CVE-2021-3671
- Fixed CVE-2021-3999
- Fixed CVE-2021-43618
- Fixed CVE-2022-1586
- Fixed CVE-2022-1587
- Fixed CVE-2022-23218
- Fixed CVE-2022-23219
- Fixed CVE-2022-3116
- Fixed CVE-2022-32221
- Fixed CVE-2022-35737
- Fixed CVE-2022-37434
- Fixed CVE-2022-41916
- Fixed CVE-2022-43680
1.23.11-gke.300
- Security Fixes
- Fixed CVE-2021-3999
- Fixed CVE-2022-35252
- Fixed CVE-2020-35525
- Fixed CVE-2020-35527
- Fixed CVE-2021-20223
- Fixed CVE-2022-37434
- Fixed CVE-2022-40674
- Fixed CVE-2021-3999
- Fixed CVE-2022-32744
- Fixed CVE-2021-46828
- Fixed CVE-2022-2509
- Fixed CVE-2022-2031
- Fixed CVE-2022-32745
- Fixed CVE-2022-1586
- Fixed CVE-2022-1587
- Fixed CVE-2022-32742
- Fixed CVE-2022-32746
- Fixed CVE-2022-1586
- Fixed CVE-2022-1587
- Fixed CVE-2022-40674
- Fixed CVE-2022-37434
- Fixed CVE-2021-3999
- Fixed CVE-2022-2509
- Fixed CVE-2021-46828
1.23.9-gke.2100
- Security Fixes
- Fixed CVE-2022-34903.
- Fixed CVE-2021-4209.
- Fixed CVE-2022-29900.
- Fixed CVE-2022-29901.
- Fixed CVE-2022-2385.
- Fixed CVE-2021-4209
1.23.9-gke.800
- Security Fixes
- Fixed CVE-2022-34903.
- Fixed CVE-2021-4209.
- Fixed CVE-2022-29901.
- Fixed CVE-2022-28693.
- Fixed CVE-2022-29900.
- Fixed CVE-2022-23825.
- Fixed CVE-2022-31030.
1.23.8-gke.1700
- Security Fixes
- Fixed CVE-2021-4160.
- Fixed CVE-2021-43566.
- Fixed CVE-2022-0778.
- Fixed CVE-2022-1292.
- Fixed CVE-2022-1304.
- Fixed CVE-2022-1664.
- Fixed CVE-2022-2068.
- Fixed CVE-2022-2097.
- Fixed CVE-2022-2327.
- Fixed CVE-2022-32206.
- Fixed CVE-2022-32208.
1.23.7-gke.1300
- Feature: Source code of Azuredisk available at https://console.cloud.google.com/storage/browser/gke-multi-cloud-api-release/azuredisk-csi-driver
- Feature: Source code of Azurefile available at https://console.cloud.google.com/storage/browser/gke-multi-cloud-api-release/azurefile-csi-driver
- Feature: Disable profiling endpoint (/debug/pprof) by default in kube-scheduler and kube-controller-manager.
Feature: Update kube-apiserver and kubelet to only use Strong Cryptographic Ciphers. Supported Ciphers used by Kubelet:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256
Supported Ciphers used by kube api-server:
TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384
Security Fixes
- Fixed CVE-2022-1786.
- Fixed CVE-2022-29582.
- Fixed CVE-2022-29581.
- Fixed CVE-2022-1116.
Kubernetes 1.22
1.22.15-gke.100
- Security Fixes
- Fixed CVE-2021-3999
- Fixed CVE-2022-35252
- Fixed CVE-2020-35525
- Fixed CVE-2020-35527
- Fixed CVE-2021-20223
- Fixed CVE-2022-40674
- Fixed CVE-2022-37434
- Fixed CVE-2022-2509
- Fixed CVE-2022-2031
- Fixed CVE-2021-46828
- Fixed CVE-2022-32744
- Fixed CVE-2021-3999
- Fixed CVE-2022-32745
- Fixed CVE-2022-1586
- Fixed CVE-2022-1587
- Fixed CVE-2022-32742
- Fixed CVE-2022-32746
- Fixed CVE-2022-1586
- Fixed CVE-2022-1587
- Fixed CVE-2022-40674
- Fixed CVE-2022-37434
- Fixed CVE-2021-3999
- Fixed CVE-2022-2509
- Fixed CVE-2021-46828
1.22.12-gke.2300
- Security Fixes
- Fixed CVE-2022-34903.
- Fixed CVE-2021-4209.
- Fixed CVE-2022-29900.
- Fixed CVE-2022-29901.
- Fixed CVE-2022-2385.
- Fixed CVE-2022-2509.
1.22.12-gke.1100
- Security Fixes
- Fixed CVE-2022-34903.
- Fixed CVE-2021-4209.
- Fixed CVE-2022-29901.
- Fixed CVE-2022-28693.
- Fixed CVE-2022-29900.
- Fixed CVE-2022-23825.
- Fixed CVE-2022-31030.
1.22.12-gke.200
- Security Fixes
- Fixed CVE-2021-4160.
- Fixed CVE-2021-43566.
- Fixed CVE-2022-0778.
- Fixed CVE-2022-1292.
- Fixed CVE-2022-1304.
- Fixed CVE-2022-1664.
- Fixed CVE-2022-2068.
- Fixed CVE-2022-2097.
- Fixed CVE-2022-2327.
- Fixed CVE-2022-32206.
- Fixed CVE-2022-32208.
1.22.10-gke.1500
- Security Fixes
- Fixed CVE-2022-1786.
- Fixed CVE-2022-29582.
- Fixed CVE-2022-29581.
- Fixed CVE-2022-1116.
1.22.8-gke.2100
- Feature: Windows nodes now use pigz to improve image layer extraction performance.
1.22.8-gke.1300
Feature: You cannot create new clusters with this version, or upgrade existing clusters to this version. However existing clusters or node pools at this version will continue working, and can be upgraded to a later version.
Bug Fixes
- Fixed an issue where addons cannot be applied when Windows nodepools are enabled.
- Fixed an issue where logging agent could fill up attached disk space.
Security Fixes
- Fixed CVE-2022-1055.
- Fixed CVE-2022-0886.
- Fixed CVE-2022-0492.
- Fixed CVE-2022-24769.
- This release includes the following Role-based access control (RBAC) changes:
- Scoped down
anet-operator
permissions for Lease update. - Scoped down
anetd
Daemonset permissions for Nodes and pods. - Scoped down
fluentbit-gke
permissions for service account tokens. - Scoped down
gke-metrics-agent
for service account tokens. - Scoped down
coredns-autoscaler
permissions for Nodes, ConfigMaps and Deployments.
1.22.8-gke.200
Feature: You cannot create new clusters with this version, or upgrade existing clusters to this version. However existing clusters or node pools at this version will continue working, and can be upgraded to a later version.
Feature: When you create a new cluster using Kubernetes version 1.22, you can now configure custom logging parameters.
Feature: As a preview feature, you can now choose Windows as your node pool image type when you create node pools with Kubernetes version 1.22.
Feature: You can now view most common asynchronous cluster and nodepool boot errors in the long running operation error field. For more information, see the
gcloud container azure operations list
reference documentation.Bug Fixes
- GKE Connect Agent now correctly reads and applies the cluster's proxy settings.
Security Fixes
- Fixed CVE-2022-23648.
- Fixed CVE-2021-22600.
- Fixed CVE-2022-0001.
- Fixed CVE-2022-0002.
- Fixed CVE-2022-23960.
- Fixed CVE-2022-0847.
Kubernetes 1.21
1.21.14-gke.2900
- Security Fixes
- Fixed CVE-2022-2097.
- Fixed CVE-2022-32206.
- Fixed CVE-2022-32208.
- Fixed CVE-2022-34903.
- Fixed CVE-2021-4209.
- Fixed CVE-2022-29901.
- Fixed CVE-2022-28693.
- Fixed CVE-2022-29900.
- Fixed CVE-2022-23825.
- Fixed CVE-2022-31030.
1.21.14-gke.2100
- Security Fixes
- Fixed CVE-2016-10228.
- Fixed CVE-2018-16301.
- Fixed CVE-2018-25032.
- Fixed CVE-2019-18276.
- Fixed CVE-2019-20838.
- Fixed CVE-2019-25013.
- Fixed CVE-2020-14155.
- Fixed CVE-2020-27618.
- Fixed CVE-2020-27820.
- Fixed CVE-2020-29562.
- Fixed CVE-2020-6096.
- Fixed CVE-2020-8037.
- Fixed CVE-2021-20193.
- Fixed CVE-2021-22600.
- Fixed CVE-2021-26401.
- Fixed CVE-2021-27645.
- Fixed CVE-2021-28711.
- Fixed CVE-2021-28712.
- Fixed CVE-2021-28713.
- Fixed CVE-2021-28714.
- Fixed CVE-2021-28715.
- Fixed CVE-2021-3326.
- Fixed CVE-2021-35942.
- Fixed CVE-2021-36084.
- Fixed CVE-2021-36085.
- Fixed CVE-2021-36086.
- Fixed CVE-2021-36087.
- Fixed CVE-2021-36690.
- Fixed CVE-2021-3711.
- Fixed CVE-2021-3712.
- Fixed CVE-2021-3772.
- Fixed CVE-2021-39685.
- Fixed CVE-2021-39686.
- Fixed CVE-2021-39698.
- Fixed CVE-2021-3995.
- Fixed CVE-2021-3996.
- Fixed CVE-2021-3999.
- Fixed CVE-2021-4083.
- Fixed CVE-2021-4135.
- Fixed CVE-2021-4155.
- Fixed CVE-2021-4160.
- Fixed CVE-2021-4197.
- Fixed CVE-2021-4202.
- Fixed CVE-2021-43566.
- Fixed CVE-2021-43618.
- Fixed CVE-2021-43975.
- Fixed CVE-2021-43976.
- Fixed CVE-2021-44733.
- Fixed CVE-2021-45095.
- Fixed CVE-2021-45469.
- Fixed CVE-2021-45480.
- Fixed CVE-2022-0001.
- Fixed CVE-2022-0002.
- Fixed CVE-2022-0330.
- Fixed CVE-2022-0435.
- Fixed CVE-2022-0492.
- Fixed CVE-2022-0516.
- Fixed CVE-2022-0617.
- Fixed CVE-2022-0778.
- Fixed CVE-2022-1011.
- Fixed CVE-2022-1016.
- Fixed CVE-2022-1055.
- Fixed CVE-2022-1116.
- Fixed CVE-2022-1158.
- Fixed CVE-2022-1198.
- Fixed CVE-2022-1271.
- Fixed CVE-2022-1292.
- Fixed CVE-2022-1304.
- Fixed CVE-2022-1353.
- Fixed CVE-2022-1516.
- Fixed CVE-2022-1664.
- Fixed CVE-2022-1966.
- Fixed CVE-2022-20008.
- Fixed CVE-2022-20009.
- Fixed CVE-2022-2068.
- Fixed CVE-2022-21123.
- Fixed CVE-2022-21125.
- Fixed CVE-2022-21166.
- Fixed CVE-2022-21499.
- Fixed CVE-2022-22576.
- Fixed CVE-2022-22942.
- Fixed CVE-2022-23036.
- Fixed CVE-2022-23037.
- Fixed CVE-2022-23038.
- Fixed CVE-2022-23039.
- Fixed CVE-2022-23040.
- Fixed CVE-2022-23041.
- Fixed CVE-2022-23042.
- Fixed CVE-2022-23218.
- Fixed CVE-2022-23219.
- Fixed CVE-2022-2327.
- Fixed CVE-2022-23960.
- Fixed CVE-2022-24407.
- Fixed CVE-2022-24448.
- Fixed CVE-2022-24958.
- Fixed CVE-2022-24959.
- Fixed CVE-2022-25258.
- Fixed CVE-2022-25375.
- Fixed CVE-2022-25636.
- Fixed CVE-2022-26490.
- Fixed CVE-2022-26966.
- Fixed CVE-2022-27223.
- Fixed CVE-2022-27666.
- Fixed CVE-2022-27774.
- Fixed CVE-2022-27775.
- Fixed CVE-2022-27776.
- Fixed CVE-2022-27781.
- Fixed CVE-2022-27782.
- Fixed CVE-2022-28356.
- Fixed CVE-2022-28388.
- Fixed CVE-2022-28389.
- Fixed CVE-2022-28390.
- Fixed CVE-2022-29155.
- Fixed CVE-2022-29581.
- Fixed CVE-2022-30594.
1.21.11-gke.1900
- Security Fixes
- Fixed CVE-2022-1786.
- Fixed CVE-2022-29582.
- Fixed CVE-2022-29581.
- Fixed CVE-2022-1116.
1.21.11-gke.1800
1.21.11-gke.1100
You cannot create new clusters with this version, or upgrade existing clusters to this version. However existing clusters or node pools at this version will continue working, and can be upgraded to a later version.
- Security Fixes
- Fixed CVE-2022-1055.
- Fixed CVE-2022-0886.
- Fixed CVE-2022-0492.
- Fixed CVE-2022-24769.
- RBAC fixes:
- Scoped down anet-operator permissions for Lease update.
- Scoped down anetd Daemonset permissions for Nodes and pods.
- Scoped down fluentbit-gke permissions for service account tokens.
- Scoped down gke-metrics-agent for service account tokens.
- Scoped down coredns-autoscaler permissions for Nodes, ConfigMaps and Deployments.
1.21.11-gke.100
Kubernetes OSS release notes. * Feature: You cannot create new clusters with this version, or upgrade existing clusters to this version. However existing clusters or node pools at this version will continue working, and can be upgraded to a later version. * Bug Fixes * GKE Connect Agent now correctly reads and applies the cluster's proxy settings.
- Security Fixes
- Fixed CVE-2022-23648.
- Fixed CVE-2021-22600.
- Fixed CVE-2022-0001.
- Fixed CVE-2022-0002.
- Fixed CVE-2022-23960.
- Fixed CVE-2022-0847.
1.21.6-gke.1500
Security Fixes - Fixed CVE-2021-4154, see GCP-2022-002 for more details. - Fixed CVE-2022-0185, see GCP-2022-002 for more details. - Fixed CVE-2021-4034, see GCP-2022-004 for more details. - Fixed CVE-2021-43527, see GCP-2022-005 for more details.