This page explains how to prepare clusters for upgrades to GKE version 1.27. You can find API clients making calls to deprecated APIs removed in 1.27 and update those clients to use GA APIs. For more detailed information, see the Kubernetes deprecated API migration guide.
Removed APIs in version 1.27
The deprecated APIs in Kubernetes version 1.27 are either Beta APIs that have
graduated to GA (for example v2
) or from one Beta version to another (for example,
v1beta1
to v1beta2
). The GA APIs provide longer-term compatibility guarantees
and should be used in place of the deprecated Beta APIs.
All existing objects for APIs that have graduated to new versions can be interacted with by using the updated APIs.
CSIStorageCapacity
The storage.k8s.io/v1beta1
API version of CSIStorageCapacity is no longer
served as of v1.27.
Migrate manifests and API clients to use the storage.k8s.io/v1
API version, available since v1.24. All existing persisted objects are
accessible using the new API. There are no notable changes in the GA version.
Preparing to upgrade to version 1.27
You do not need to delete and recreate any of your API objects. All existing persisted API objects for APIs that graduated to GA can already be read and updated using the new API versions.
However, we recommend that you migrate your clients and manifests before upgrading to Kubernetes 1.27. To learn more, see Kubernetes Deprecated API Migration Guide.
You can view deprecation insights and recommendations to determine if your cluster is using Kubernetes 1.27 deprecated APIs. GKE generates deprecation insights when user agents call deprecated APIs, not from the configuration of your Kubernetes objects.
Find clusters using deprecated APIs
You can find which clusters are using deprecated APIs from deprecation insights. Deprecation insights also provide information such as which API clients are calling the deprecated APIs in your cluster.
You can also use audit logs to find which clients are making calls to deprecated APIs.
Locate API clients making write calls to deprecated APIs
For clusters with Google Cloud Observability enabled, you can use the following Admin Activity audit log query to show the use of deprecated APIs by user agents that are not Google-managed:
resource.type="k8s_cluster"
labels."k8s.io/removed-release"="DEPRECATED_API_MINOR_VERSION"
protoPayload.authenticationInfo.principalEmail:("system:serviceaccount" OR "@")
protoPayload.authenticationInfo.principalEmail!~("system:serviceaccount:kube-system:")
Replace DEPRECATED_API_MINOR_VERSION
with the minor
version where the deprecated API is removed, for example 1.22
.
Admin Activity audit logs are automatically enabled for GKE clusters. With this query, the logs show user agents making write calls to the deprecated APIs.
Locate API clients making read calls to deprecated APIs
By default, audit logs show only write calls to the deprecated APIs. To also show read calls to deprecated APIs, configure Data Access audit logs.
Follow the instructions to Configure Data Access audit logs with the Google Cloud console. In the Google Cloud console,
select the Kubernetes Engine API. In the Log Types tab in the information panel,
select Admin Read
and Data Read
.
With these logs enabled, you can now use the original query to see both read calls and write calls to the deprecated APIs.
Upgrading third-party components
Deprecation insights might display results for third-party agents that make calls to deprecated APIs in your cluster.
To resolve third-party agents calling deprecated APIs, we recommend the following best practices:
- Check with your third-party software provider for an updated version.
- Upgrade the third-party software to the latest version. If you cannot upgrade the software, you should test whether upgrading GKE to the version with the removed deprecated APIs would break your service.
We recommend that you perform this upgrade and the GKE version upgrade on a staging cluster to monitor for disruptions before you upgrade your production clusters.
Update clusters impacted by deprecations
To upgrade clusters impacted by deprecations, perform the following steps:
- Check which user agents use the deprecated APIs in the logs.
- Update the user agents that use the deprecated APIs to use supported API versions.
- Update any third-party software that calls deprecated APIs to the latest versions.
- Upgrade a test cluster and test your application in a testing environment before upgrading your production cluster to reduce the risk of disruptions when deprecated APIs are no longer available.
If you can't update an affected user agent, upgrade a separate test cluster to check whether the upgrade causes disruptions. If the upgrade doesn't cause disruptions, you can upgrade your cluster manually.
After you update all of the user agents, GKE waits until it has no longer observed use of deprecated APIs for 30 days, and then unblocks automatic upgrades. Automatic upgrades proceed according to the release schedule.
Resources
More information is available in the OSS Kubernetes documentation:
- Kubernetes Blog: Kubernetes Removals and Major Changes In 1.27
- Kubernetes 1.27 release notes
- Kubernetes Deprecated API Migration Guide