GKE release notes

Stay organized with collections Save and categorize content based on your preferences.
This page documents production updates to Google Kubernetes Engine (GKE). You can periodically check this page for announcements about new or updated features, bug fixes, known issues, and deprecated functionality.

This page includes release notes for all channels and releases.

Current versions

The following table lists the latest minor versions available as defaults in GKE for the specified release channels. This table includes the latest default GKE patch version and the Container-Optimized OS version for each supported minor version.

Kubernetes minor versions 1.24 1.23 1.24 1.25
GKE release channel Static1 (no channel) Stable Regular Rapid
Default patch version 1.24.8-gke.2000 1.23.14-gke.1800 1.24.8-gke.2000 1.25.5-gke.2000
COS version available cos-97-16919-189-12 cos-93-16623-295-14 cos-97-16919-189-12 cos-101-17162-40-42

For information on the current versions rollout and support schedule, see the GKE release schedule. For information on versioning and upgrades, see GKE versioning and support and Upgrades.

  1. Other versions may be available for static version clusters.

Other resources

For more detailed information about security-related known issues, see the security bulletin page.

To view release notes for versions prior to 2020, see the Release notes archive.

You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or you can programmatically access release notes in BigQuery.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly: https://cloud.google.com/feeds/gke-main-release-notes.xml

February 03, 2023

The POD_FINDER_IP_MISMATCH errors that caused Pods to fail to access Google Cloud APIs are fixed in the following GKE versions in the Rapid release channel:

  • 1.22.17-gke.3100 or later
  • 1.23.16-gke.200 or later
  • 1.24.9-gke.3200 or later
  • 1.25.6-gke.200 or later
  • 1.26.1-gke.400 or later

To fix the issue, upgrade your nodes to any of these versions.

February 02, 2023

(2023-R03) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • The following control plane and node versions are now available:
  • The following control plane versions are no longer available:
    • 1.21.14-gke.4300
    • 1.25.4-gke.2100
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.21.14-gke.5300 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.22.15-gke.2500 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to version 1.22.15-gke.2500 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.25 to version 1.25.5-gke.1500 with this release.

Stable channel

  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.21.14-gke.4300
    • 1.24.8-gke.401
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.14-gke.5300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.14-gke.5300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.24 to version 1.24.9-gke.1500 with this release.

Regular channel

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.21.14-gke.5300
    • 1.24.7-gke.900
    • 1.25.4-gke.2100
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.14-gke.7100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.15-gke.2500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.23.14-gke.1800 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.23.14-gke.1800 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.25.5-gke.2000 with this release.

Rapid channel

  • Version 1.25.5-gke.2000 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.21.14-gke.14600
    • 1.22.16-gke.1300
    • 1.23.14-gke.1800
    • 1.24.8-gke.401
    • 1.25.5-gke.1500
    • 1.26.0-gke.2000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.14-gke.15800 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.16-gke.2000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.15-gke.1400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.8-gke.2000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.8-gke.2000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.25.5-gke.2000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.26.1-gke.200 with this release.

January 27, 2023

If containerd restarts on a node that has existing running Pods that use Workload Identity, those specific Pods might fail to access Google Cloud APIs and might return POD_FINDER_IP_MISMATCH errors. This affects nodes with the following GKE versions:

  • 1.22.16-gke.2100 and later
  • 1.23.14-gke.1900 and later
  • 1.24.7-gke.700 and later
  • 1.25.0 and later
  • 1.26.0 and later

This issue will be fixed in a future release

Starting from GKE control plane versions 1.26.0-gke.2200, 1.25.5-gke.2200, 1.24.9-gke.2200 or later, SingleStack IPv6 and DualStack (IPv4/IPv6) services, stub domains, and upstream nameservers are supported with Cloud DNS for GKE.

A known issue with kube-dns receiving a DNS response from an upstream DNS resolver with a large TTL has been fixed. For more information, see Large TTL from DNS upstream servers

Public zonal clusters upgraded to GKE versions 1.24 and later will eventually be migrated to use Private Service Connect (PSC) for private control plane communication. There is no price increase for using GKE public clusters running on PSC.

January 26, 2023

The Balanced compute class is now generally available in Autopilot clusters running GKE version 1.25 and later.

You can now specify a minimum CPU platform in the Balanced compute class in Autopilot clusters running GKE version 1.25 and later if your workloads have specialized CPU requirements such as a high base frequency or optimized power management functionality. For instructions, refer to Choose a minimum CPU platform.

January 24, 2023

You can now expose randomly assigned host ports in Pods on GKE Autopilot running version 1.24.7-gke.1200 and later or 1.25.3-gke.1100 and later.

January 17, 2023

You can now attach ephemeral and block devices backed by Local NVMe SSDs during GKE node pool creation, using the Ephemeral Storage Local SSD API and the Local NVMe SSD Block API respectively, with node version 1.25.3-gke.1800 or later.

January 13, 2023

(2023-R02) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • Version 1.23.14-gke.1800 is now the default version in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to version 1.23.14-gke.1800 with this release.

Regular channel

  • Version 1.24.8-gke.2000 is now the default version in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.23.14-gke.401 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.24.8-gke.2000 with this release.

Rapid channel

  • Version 1.25.5-gke.1500 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.21.14-gke.14100
    • 1.22.15-gke.2500
    • 1.23.14-gke.401
    • 1.24.7-gke.900
    • 1.25.4-gke.2100
    • 1.26.0-gke.1500
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.14-gke.14600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.16-gke.1300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.14-gke.1800 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.8-gke.401 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.8-gke.401 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.25.5-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.26.0-gke.2000 with this release.

January 12, 2023

Two new vulnerabilities (CVE-2022-3786 and CVE-2022-3602) have been discovered in OpenSSL v3.0.6 that can potentially cause a crash. While this has been rated a High in the NVD database, GKE endpoints use boringSSL or an older version of OpenSSL that is not affected, so the rating has been reduced to a Medium for GKE. For more information, refer to the GCP-2022-026 security bulletin.

January 09, 2023

The release notes for 1.26 available in the Rapid channel were modified with an additional notable change:

Windows Server 2022 OS image is generally available on GKE. You can now create Windows Node pools with Windows Server 2022 OS images using the command line. For more information, see Creating a cluster using Windows Server node pools.

January 05, 2023

2023-01-09 update: Added an additional Notable change to 1.26 for this release note.

(2023-R01) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • The following control plane and node versions are now available:
  • The following control plane versions are no longer available:
    • 1.22.15-gke.100
    • 1.25.3-gke.800
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.22.15-gke.1000 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to version 1.22.15-gke.1000 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.25 to version 1.25.4-gke.2100 with this release.

Stable channel

  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.22.15-gke.100
    • 1.23.11-gke.300
    • 1.24.7-gke.900
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.22.15-gke.2500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.22.15-gke.2500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.24 to version 1.24.8-gke.401 with this release.

Regular channel

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.22.15-gke.100
    • 1.23.13-gke.900
    • 1.24.5-gke.600
    • 1.25.3-gke.800
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.15-gke.1000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.23.14-gke.401 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.23.14-gke.401 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.25.4-gke.2100 with this release.

Rapid channel

  • Version 1.25.4-gke.2100 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.21.14-gke.8500
    • 1.22.15-gke.1000
    • 1.23.13-gke.900
    • 1.24.6-gke.1500
    • 1.25.4-gke.1600
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.14-gke.14100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.15-gke.2500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.14-gke.401 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.7-gke.900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.7-gke.900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.25.4-gke.2100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.26.0-gke.1500 with this release.

1.26 is now available in the Rapid channel

Kubernetes 1.26 is now available in the Rapid channel. Before upgrading, read the Kubernetes 1.26 Release Notes, especially the action required and deprecation sections.

Notable changes

New API versions

  • flowcontrol.apiserver.k8s.io/v1beta3 FlowSchema, PriorityLevelConfiguration
    • The PriorityLevelConfiguration spec.limited.assuredConcurrencyShares field is renamed to spec.limited.nominalConcurrencyShares

Deprecated API versions

These APIs are still served in version 1.26 but are in a deprecation period:

  • The following Beta versions of graduated APIs will be removed in 1.27 in favor of newer versions:
    • storage.k8s.io/v1beta1 CSIStorageCapacity
    • deprecated since 1.24
    • use storage.k8s.io/v1 instead, available since 1.24
  • The following Beta versions of graduated APIs will be removed in 1.29 in favor of newer versions:
    • flowcontrol.apiserver.k8s.io/v1beta2 FlowSchema, PriorityLevelConfiguration
    • deprecated since 1.26
    • use flowcontrol.apiserver.k8s.io/v1beta3 instead, available since 1.26

Removed API versions

The following Beta versions of graduated APIs will be removed in 1.26 in favor of newer versions:

  • flowcontrol.apiserver.k8s.io/v1beta1 FlowSchema, PriorityLevelConfiguration
    • deprecated since 1.23
    • use flowcontrol.apiserver.k8s.io/v1beta2 instead, available since 1.23
  • autoscaling/v2beta2 HorizontalPodAutoscaler
    • deprecated since 1.23
    • use autoscaling/v2 instead, available since 1.23 (or autoscaling/v1)

January 04, 2023

You can now run GPU-based workloads in GA in Autopilot clusters that use GKE version 1.24.2-gke.1800 and later.

December 22, 2022

Dual-stack clusters in GKE are now generally available. Dual-stack networking is supported on both Standard and Autopilot clusters. To learn more, see Use an IPv4/IPv6 dual-stack network to create a dual-stack cluster.

December 21, 2022

A new vulnerability (CVE-2022-2602) has been discovered in the io_uring subsystem in the Linux kernel that can allow an attacker to potentially execute arbitrary code. For more information, see the GCP-2022-025 security bulletin.

You can now enable NCCL Fast Socket on your multi-GPU workloads. NCCL Fast Socket is a transport layer plugin designed to improve NVIDIA Collective Communication Library (NCCL) performance on Google Cloud. To enable NCCL Fast Socket, you must be using a GKE Standard cluster with control plane version 1.25.2-gke.1700 or later. For more information, see Improve workload efficiency using NCCL Fast Socket.

December 19, 2022

CVE-2022-37434, CVE-2022-40674, CVE-2022-1586, CVE-2022-1587 have been patched in the PD CSI driver in 1.22, 1.23, 1.24 for newly created clusters. CVE-2022-37434, CVE-2021-3999, CVE-2022-40674, CVE-2022-1586, CVE-2022-1587 have been patched in the PD CSI driver in 1.25 for newly created clusters.

December 16, 2022

Global external HTTP(S) load balancer is now supported with the GKE Gateway controller in Preview. You can now configure GKE clusters with control plane version 1.24 or later in Rapid channel to use a global external HTTP(S) load balancer to expose web services to the Internet, in a single cluster or multi-cluster architecture. You can benefit from many advanced traffic management capabilities offered by the new generation of Google Cloud global external HTTP(S) load balancers natively in GKE by using the Kubernetes Gateway API and specifying a new Gateway class. To see the difference between Gateway classes compatible with our GKE Gateway controller, see here.

December 14, 2022

(2022-R28) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • Version 1.23.13-gke.900 is now the default version in the Stable channel
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to version 1.23.13-gke.900 with this release.

Regular channel

  • Version 1.24.7-gke.900 is now the default version in the Regular channel
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.22.13-gke.1000
    • 1.23.12-gke.1600
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.15-gke.100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.23.13-gke.900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.23.13-gke.900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.24.7-gke.900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.25.3-gke.800 with this release.

Rapid channel

  • Version 1.25.4-gke.1600 is now the default version in the Rapid channel
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.22.15-gke.100
    • 1.23.12-gke.1600
    • 1.24.5-gke.600
    • 1.25.3-gke.800
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.15-gke.1000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.13-gke.900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.23.13-gke.900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.25.4-gke.1600 with this release.

Cloud DNS for GKE (cluster scope) is now Generally Available. You can now configure GKE clusters with control plane version 1.24.7-gke.800, 1.25.3-gke.700 or later to use Cloud DNS as the DNS provider for in-cluster name resolution, and replace the existing DNS service based on kube-dns.

GKE Autopilot clusters may now migrate the cluster's datapath provider to Dataplane V2. Migration is triggered during a control plane upgrade (see version requirements below). The migration is complete once all nodes running the legacy datapath have been recreated. Node pools created after the control plane upgrade will be created using Dataplane V2.

  • For clusters running 1.24 without Dataplane V2, upgrading to 1.24.7-gke.300 or a higher 1.24 version will begin the migration to Dataplane V2.

  • For clusters running 1.25 without Dataplane V2, upgrading to 1.25.3-gke.200 or a higher 1.25 version will begin the migration to Dataplane V2.

To determine whether you are in the process of migrating the datapath, run:

gcloud container clusters describe <CLUSTER> --region <REGION> --project <PROJECT> --format="value(networkConfig.datapathProvider)"

Clusters migrating to Dataplane V2 will have the datapath provider field of the cluster set to MIGRATE_TO_ADVANCED_DATAPATH.

Clusters that have migrated to Dataplane V2 will have the datapath provider field of the cluster set to ADVANCED_DATAPATH.

December 13, 2022

Compact placement policy is now generally available. Set up a compact placement policy to specify that nodes within the node pool should be placed in closer physical proximity to each other within a zone. Having nodes closer to each other can reduce network latency between nodes, which can be useful for tightly-coupled batch workloads.

December 12, 2022

Public clusters upgraded to GKE versions 1.25 and later will eventually be migrated to use Private Service Connect (PSC) for private control plane communication. There is no price increase for using GKE public clusters running on PSC.

December 05, 2022

(2022-R27) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.24.5-gke.600 is now the default version.
  • The following control plane and node versions are now available:
  • The following control plane versions are no longer available:
    • 1.21.14-gke.3000
    • 1.21.14-gke.9500
    • 1.22.12-gke.2300
    • 1.23.8-gke.1900
    • 1.23.9-gke.900
    • 1.23.9-gke.2100
    • 1.23.10-gke.1000
    • 1.24.4-gke.800
  • The following node version is no longer available: 1.21.14-gke.9500
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.21.14-gke.4300 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.22.15-gke.100 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.23 to version 1.23.11-gke.300 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.24.5-gke.600 with this release.

Stable channel

  • Version 1.23.11-gke.300 is now the default version in the Stable channel
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.21.14-gke.3000
    • 1.22.12-gke.2300
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.14-gke.4300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.22.15-gke.100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.24 to version 1.24.7-gke.900 with this release.

Regular channel

  • Version 1.24.5-gke.600 is now the default version in the Regular channel
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.22.12-gke.2300
    • 1.23.12-gke.100
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.13-gke.1000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.23.12-gke.1600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.23.12-gke.1600 with this release.

Rapid channel

  • Version 1.25.3-gke.800 is now the default version in the Rapid channel
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.21.14-gke.7100
    • 1.21.14-gke.9500
    • 1.22.14-gke.300
    • 1.23.12-gke.100
    • 1.24.4-gke.800
    • 1.25.2-gke.1700
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.14-gke.8500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.15-gke.100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.12-gke.1600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.6-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.6-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.25.3-gke.800 with this release.

November 29, 2022

Kubernetes control plane logs are now Generally Available. You can now configure GKE clusters with control plane version 1.22.0 or later to export to Cloud Logging logs emitted by the Kubernetes API server, Scheduler, and Controller Manager.

These logs are stored in Cloud Logging and can be queried in the Cloud Logging Log Explorer or Cloud Logging API. These logs can also be sent to Google Cloud Storage, BigQuery, or Pub/Sub using the Log Router.

You can now use deprecation insights to identify clusters on versions 1.23 and earlier that use Docker-based node images, which are unsupported on GKE version 1.24 and later.

November 22, 2022

GKE version 1.21.14-gke.9500 has an issue where Pods in certain conditions might get stuck terminating indefinitely, due to a Linux kernel bug. The version has been removed and is no longer available for new clusters. If your node pools are running 1.21.14-gke.9500 and experience the issue, we recommend downgrading the node pool to 1.21.14-gke.8500.

November 21, 2022

The Logs tab available for each cluster on the Kubernetes Engine > Clusters page now includes suggested queries for your logs. For more information about using your GKE logs, see Viewing your GKE logs.

November 18, 2022

GKE Autopilot clusters support compact placement policies in version 1.25 and later.

November 17, 2022

GKE Autopilot clusters support signaling to GKE that a particular node is problematic in version 1.24 and later.

November 11, 2022

The Filestore CSI driver has patched the following CVEs for newly created clusters running GKE version 1.23 and later:

  • CVE-2022-37434
  • CVE-2019-19126
  • CVE-2019-25013
  • CVE-2022-23219
  • CVE-2021-35942
  • CVE-2020-10029
  • CVE-2021-3326
  • CVE-2022-23218
  • CVE-2020-1752
  • CVE-2021-3999
  • CVE-2020-27618
  • CVE-2021-27645
  • CVE-2016-10228
  • CVE-2020-6096
  • CVE-2021-33574
  • CVE-2022-29458

November 10, 2022

You can now use use compact placement for node auto-provisioning in Standard clusters with GKE version 1.25 and later. To learn more, see Use compact placement for node auto-provisioning.

November 09, 2022

GKE Gateway for Single Cluster is now generally available in GKE version 1.24 and later. Use the Gateway API to express the intent of your inbound HTTP(S) traffic into your GKE cluster and the Gateway controller will instrument and fully manage the external and/or internal HTTP(S) load balancer(s) that forwards traffic to your applications. For complete details about the GKE Gateway controller, refer to the following documentation.

November 08, 2022

A security vulnerability, CVE-2022-39278, has been discovered in Istio, which is used in Anthos Service Mesh, that allows a malicious attacker to crash the control plane. GKE doesn't ship with Istio and isn't affected by this vulnerability. However, if you separately installed Anthos Service Mesh or Istio in your GKE cluster, refer to the Anthos Service Mesh security bulletin for more information.

November 07, 2022

When you create a LoadBalancer service in GKE, the Google Cloud controllers automatically create the following firewall rules and apply them to the GKE nodes to allow inbound connections on the Service port:

  • Internal load balancer with GKE subsetting or external load balancer with regional backend services (RBS): k8s2-[cluster-id]-[namespace]-[service-name]-[suffixhash]
  • Internal load balancer without GKE subsetting or external load balancer with target pool: k8s-fw-[loadbalancer-hash]

These rules now include the load balancer IP address in the destination ranges field to further control the inbound connections to the nodes. You can use the gcloud compute firewall-rules describe command to check a relevant firewall. The new field in the output is similar to the following:

destinationRanges:
- [LOADBALANCER_VIRTUAL_IP_ADDRESS]

November 04, 2022

(2022-R26) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.23.12-gke.100 is now the default version.
  • The following control plane and node versions are now available:
  • The following control plane versions are no longer available:
    • 1.22.12-gke.500
    • 1.22.12-gke.1200
    • 1.24.3-gke.2100
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to 1.22.15-gke.100 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to 1.22.15-gke.100 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to 1.24.4-gke.800 with this release.

Stable channel

  • Version 1.22.15-gke.100 is now the default version in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to 1.22.15-gke.100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to 1.22.15-gke.100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.24 to 1.24.5-gke.600 with this release.

Regular channel

  • Version 1.23.12-gke.100 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.21.14-gke.4300
    • 1.22.12-gke.500
    • 1.23.8-gke.1900
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.21.14-gke.5300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to 1.21.14-gke.5300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to 1.23.12-gke.100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to 1.23.12-gke.100 with this release.

Rapid channel

  • Version 1.24.5-gke.600 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.21.14-gke.5300
    • 1.22.13-gke.1000
    • 1.23.11-gke.300
    • 1.24.3-gke.2100
    • 1.25.1-gke.500
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.14-gke.7100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.22.14-gke.300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to 1.23.12-gke.100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to 1.24.5-gke.600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to 1.24.5-gke.600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to 1.25.2-gke.1700 with this release.

November 03, 2022

You can now easily identify clusters that use certificates incompatible with Kubernetes version 1.23. Kubernetes 1.23 deprecation insights are now available in Preview for clusters of at least version 1.22.6-gke.1000.

October 28, 2022

A new vulnerability, CVE-2022-20409, has been discovered in the Linux kernel that could allow an unprivileged user to escalate to system execution privilege. For instructions and more details, see the GKE security bulletin.

October 27, 2022

A new vulnerability, CVE-2022-3176, has been discovered in the Linux kernel that can lead to local privilege escalation. This vulnerability allows an unprivileged user to achieve full container breakout to root on the node. For instructions and more details, see the GKE security bulletin.

October 19, 2022

(2022-R25) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.23.8-gke.1900 is now the default version.
  • The following control plane and node versions are now available:
  • The following control plane versions are no longer available:
    • 1.21.14-gke.2700
    • 1.22.12-gke.300
    • 1.24.2-gke.1900
    • 1.24.3-gke.200
    • 1.24.3-gke.900
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to 1.21.14-gke.3000 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to 1.22.12-gke.2300 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to 1.22.12-gke.2300 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to 1.24.3-gke.2100 with this release.

Stable channel

  • Version 1.22.12-gke.2300 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.21.14-gke.2700
    • 1.22.12-gke.1200
    • 1.23.8-gke.1900
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to 1.21.14-gke.3000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to 1.22.12-gke.2300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to 1.22.12-gke.2300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to 1.23.11-gke.300 with this release.

Regular channel

  • Version 1.23.8-gke.1900 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.21.14-gke.2700
    • 1.22.12-gke.300
    • 1.24.2-gke.1900
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.21.14-gke.4300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to 1.21.14-gke.4300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to 1.23.8-gke.1900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to 1.24.5-gke.600 with this release.

Rapid channel

  • Version 1.24.4-gke.800 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.21.14-gke.4300
    • 1.22.12-gke.2300
    • 1.23.10-gke.1000
    • 1.24.3-gke.900
    • 1.25.0-gke.1100
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.14-gke.5300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.22.13-gke.1000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to 1.23.11-gke.300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to 1.24.4-gke.800 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to 1.24.4-gke.800 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to 1.25.1-gke.500 with this release.

October 14, 2022

GKE Cost Allocation has been released for general availability. With GKE Cost Allocation, you can see cost breakdowns in clusters for namespaces, and pod labels for utilized CPU and MEM. For complete details, refer to View detailed breakdown of cluster costs.

October 12, 2022

Creating public clusters on GKE versions 1.23 or later might fail with the following error due to a missing API permission in certain compliance regimes (FedRAMP High, US Regions and Support, EU Regions and Support, EU Regions and Support with Sovereign Controls):

ManagedResourceService.AddServiceBundle, PERMISSION_DENIED'/> APPLICATION_ERROR;google.cloud.servicedirectory.v1beta1/ManagedResourceService.AddServiceBundle;Request is disallowed by organization's constraints/gcp.restrictServiceUsage constraint for 'projects/<projectID> attempting to use service 'servicedirectory.googleapis.com'

To fix this issue, refer to the October 5, 2022 Assured Workloads release note.

October 05, 2022

(2022-R24) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • The following versions are now available in the Stable channel:

Regular channel

Rapid channel

September 30, 2022

You can now run GPU-based workloads in Preview in Autopilot clusters that use GKE version 1.24.2-gke.1800 and later. For more information, see the Google Cloud blog post.

In Autopilot clusters running GKE version 1.24.1-gke.1400 and later, you can now use the Balanced compute class to schedule your workloads that require very high memory or CPU requests.

September 28, 2022

The Calico CNI authentication errors that caused pods to get stuck in Terminating or Pending state (see August 19, 2022 release notes) are fixed in the following GKE versions in the Rapid release channel:

  • 1.24.4-gke.500 or later
  • 1.23.11-gke.300 or later
  • 1.22.14-gke.300 or later

To fix the issue, upgrade your control plane to any of these versions. If you prefer not to use the Rapid channel, open a Google Cloud Support ticket to have your cluster patched internally.

GKE control plane metrics is now available for clusters running Kubernetes control plane version 1.22.13 or later.

September 23, 2022

(2022-R23) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.22.12-gke.2300 is now the default version.
  • The following control plane and node versions are now available:

  • The following control plane versions are no longer available:

    • 1.21.14-gke.700
    • 1.21.14-gke.2100
    • 1.22.11-gke.400
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.21.14-gke.2700 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.22.12-gke.1200 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to version 1.22.12-gke.1200 with this release.

Stable channel

  • Version 1.22.12-gke.1200 is now the default version in the Stable channel.

  • The following versions are now available in the Stable channel:

  • The following versions are no longer available in the Stable channel:

    • 1.21.14-gke.700
    • 1.22.12-gke.500
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.14-gke.2700 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.22.12-gke.1200 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.22.12-gke.1200 with this release.

Regular channel

  • Version 1.22.12-gke.2300 is now the default version in the Regular channel.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.12-gke.2300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.22.12-gke.2300 with this release.

Rapid channel

  • Version 1.24.3-gke.2100 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.12-gke.2300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.3-gke.2100 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.3-gke.2100 with this release.

2022-09-22 update: Updated new default versions for the 2022-R22 release in the Stable channel.

September 22, 2022

The a2-ultragpu machine family is available in Preview for node pools in clusters running GKE version 1.24 and later. To select the machine family, use the --machine-type flag in your create command.

September 15, 2022

CVE-2022-2068 has been patched in the Filestore CSI driver for GKE clusters running version 1.23 or later.

Starting from GKE version 1.25 and gke-metrics-agent version 1.0.0, we increase the memory request and limit of gke-metrics-agent to 100 MiB. This change makes the system metrics collection more stable and reliable.

September 14, 2022

1.25 is now available in the Rapid channel

Kubernetes 1.25 is now available in the Rapid channel. Before upgrading, read the Kubernetes 1.25 Release Notes, especially the action required and deprecation sections.

Notable changes

Support for the deprecated quobyte and storageOS volume types is removed in 1.25.

Deprecated API versions

These APIs are still served in version 1.25 but are in a deprecation period:

  • The following Beta versions of graduated APIs will be removed in 1.26 in favor of newer versions:
    • flowcontrol.apiserver.k8s.io/v1beta1 FlowSchema, PriorityLevelConfiguration
      • deprecated since 1.23
      • use flowcontrol.apiserver.k8s.io/v1beta2 instead, available since 1.23
    • autoscaling/v2beta2 HorizontalPodAutoscaler
      • deprecated since 1.23
      • use autoscaling/v2 instead, available since 1.23 (or autoscaling/v1)
  • The following Beta versions of graduated APIs will be removed in 1.27 in favor of newer versions:
    • storage.k8s.io/v1beta1 CSIStorageCapacity, deprecated since 1.24

Removed API versions

  • PodSecurityPolicy
    • policy/v1beta1 PodSecurityPolicy
    • Deprecated in 1.21 and removed in 1.25.
    • 1.24 is the last version supporting the beta PodSecurityPolicy feature. Use of this feature must be discontinued before clusters will upgrade to 1.25. See PodSecurityPolicy deprecation for more information.
  • The following Beta versions of graduated APIs are removed in 1.25 in favor of their newer versions:
    • discovery.k8s.io/v1beta1 EndpointSlice, deprecated since 1.21
    • policy/v1beta1 PodDisruptionBudget, deprecated since 1.21
    • batch/v1beta1 CronJob, deprecated since 1.21
    • node.k8s.io/v1beta1 RuntimeClass
    • autoscaling/v2beta1 HorizontalPodAutoscaler

September 13, 2022

(2022-R22) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.22.12-gke.300 is now the default version.
  • The following control plane and node versions are now available:
  • The following control plane versions are no longer available:

    • 1.20.15-gke.11400
    • 1.20.15-gke.12800
    • 1.20.15-gke.13400
    • 1.20.15-gke.13700
    • 1.21.13-gke.900
    • 1.22.10-gke.600
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.22.12-gke.500 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to version 1.22.12-gke.500 with this release.

Stable channel

  • Version 1.22.12-gke.500 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:

  • The following versions are no longer available in the Stable channel:

    • 1.20.15-gke.11400
    • 1.21.13-gke.900
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.22.12-gke.500 with this release.

Regular channel

  • Version 1.22.12-gke.300 is now the default version in the Regular channel.

  • The following versions are now available in the Regular channel:

  • The following versions are no longer available in the Regular channel:

    • 1.20.15-gke.12800
    • 1.21.14-gke.2100
    • 1.22.11-gke.400
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.14-gke.2700 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.12-gke.300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.22.12-gke.300 with this release.

Rapid channel

  • Version 1.24.3-gke.900 is now the default version in the Rapid channel
  • The following versions are now available in the Rapid channel:

  • The following versions are no longer available in the Rapid channel:

    • 1.20.15-gke.13700
    • 1.21.14-gke.3000
    • 1.22.12-gke.1200
    • 1.23.9-gke.2100
    • 1.24.3-gke.200
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.14-gke.4300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.12-gke.2300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.10-gke.1000 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.3-gke.900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.3-gke.900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.25.0-gke.1100 with this release.

The me-west1 region in Tel Aviv, Israel is now available.

On GKE Standard clusters using control plane version 1.24.2-gke.300 or later, you can configure the cluster and node pools to deploy an alternative version of the Logging agent designed to maximize logging throughput. The default Logging agent running in each GKE cluster guarantees at least 100 KB per second log throughput per node for system and workload logs. This Logging agent variant provides a 100x improvement, allowing for throughput as high as 10 MB per second on nodes that have at least 2 unused CPU cores.

Additionally, all GKE clusters with system metrics enabled now export a new metric (kubernetes.io/node/logs/input_bytes), which indicates the number of log bytes generated on a node. Using this metric can help you decide which variant of the logging agent makes sense to deploy in your cluster or node pools.

September 08, 2022

The Calico issue link included in the August 19, 2022 release notes issue was updated to the Calico issue #4857.

September 07, 2022

The ip-masq-agent is not able to boot up on Arm nodes in GKE clusters with control planes running the following versions:

  • 2022-R18: 1.23.8-gke.1900, 1.24.2-gke.1900

  • 2022-R19: 1.24.3-gke.200

  • 2022-R20: 1.23.9-gke.900, 1.24.3-gke.900

This regression has been fixed. Please upgrade your control plane to versions included in the 2022-R21 release.

CVE-2021-4160, CVE-2022-1664, CVE-2022-1292, and CVE-2022-29155 have been patched in the Filestore CSI driver for newly created clusters.

September 02, 2022

(2022-R21) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • The following control plane and node versions are now available:

  • The following control plane versions are no longer available:

    • 1.21.12-gke.2200
    • 1.23.7-gke.1400
    • 1.23.8-gke.400
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.21.14-gke.700 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.21.14-gke.700 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.23 to version 1.23.8-gke.1900 with this release.

Stable channel

  • The following versions are now available in the Stable channel:

  • Version 1.21.14-gke.700 is now the default version in the Stable channel.

  • The following versions are no longer available in the Stable channel:

    • 1.21.12-gke.2200
    • 1.22.10-gke.600
    • 1.23.7-gke.1400
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.14-gke.700 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.14-gke.700 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.22.12-gke.500 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to version 1.23.8-gke.1900 with this release.

Regular channel

  • The following versions are now available in the Regular channel:

  • The following versions are no longer available in the Regular channel:

    • 1.21.14-gke.700
    • 1.23.7-gke.1400
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.14-gke.2100 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.11-gke.400 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.23.8-gke.1900 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:

  • Version 1.24.3-gke.200 is now the default version in the Rapid channel.

  • The following versions are no longer available in the Rapid channel:

    • 1.21.14-gke.2700
    • 1.22.12-gke.500
    • 1.23.9-gke.900
    • 1.24.2-gke.1900
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.14-gke.3000 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.12-gke.1200 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.9-gke.2100 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.3-gke.200 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.3-gke.200 with this release.

August 23, 2022

CVE-2022-24675 CVE-2022-2068 CVE-2022-28327 have been patched in the PD CSI driver in 1.23 for newly created clusters.

For VPC-native clusters, the user-managed secondary range for Services can now be shared among clusters in the same subnet. The Services range no longer needs to be unique for clusters on the same subnet. Shared Services ranges are backwards-compatible with all GKE versions.

August 19, 2022

GKE clusters that run versions 1.22 or later and use Calico Network Policy might experience issues with terminating Pods. The Calico CNI plugin shows error terminating Pods, and eviction takes too long.

Pods that experience this issue display an error message similar to the following:

Warning FailedKillPod 36m (x389 over 121m) kubelet error killing pod: failed to "KillPodSandbox" for "af9ab8f9-d6d6-4828-9b8c-a58441dd1f86" with KillPodSandboxError: "rpc error: code = Unknown desc = networkPlugin cni failed to teardown pod "myclient-pod-6474c76996" network: error getting ClusterInformation: connection is unauthorized: Unauthorized"

To resolve this issue, restart the calico-node pods or restart kubelet.

This link was updated on September 8, 2022: For more information about this issue, see Calico issue #4857.

August 18, 2022

(2022-R20) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.22.11-gke.400 is now the default version.
  • The following control plane and node versions are now available:
  • The following control plane versions are no longer available:
    • 1.20.15-gke.9900
    • 1.21.12-gke.1700
    • 1.22.8-gke.201
    • 1.22.8-gke.202
    • 1.22.8-gke.2200
    • 1.22.9-gke.1300
    • 1.22.9-gke.1500
    • 1.22.9-gke.2000
    • 1.23.5-gke.1503
    • 1.23.5-gke.2400
    • 1.23.6-gke.1500
    • 1.23.6-gke.1501
    • 1.23.6-gke.1700
    • 1.23.6-gke.2200
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to version 1.20.15-gke.11400 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.21.13-gke.900 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.21.13-gke.900 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to version 1.22.10-gke.600 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.23 to version 1.23.7-gke.1400 with this release.

Stable channel

  • Version 1.21.13-gke.900 is now the default version in the Stable channel.
  • Version 1.20.15-gke.11400 is now available in the Stable channel.
  • Version 1.20.15-gke.9900 is no longer available in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to version 1.20.15-gke.11400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.13-gke.900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.13-gke.900 with this release.

Regular channel

  • Version 1.22.11-gke.400 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.20.15-gke.11400
    • 1.21.13-gke.900
    • 1.22.10-gke.600
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to version 1.20.15-gke.12800 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.14-gke.700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.21.14-gke.700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.22.11-gke.400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.24.2-gke.1900 with this release.

Rapid channel

  • Version 1.24.2-gke.1900 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.20.15-gke.13400
    • 1.21.14-gke.2100
    • 1.22.12-gke.300
    • 1.23.8-gke.1900
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.20.15-gke.13700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.14-gke.2700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.21.14-gke.2700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.9-gke.900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.2-gke.1900 with this release.

August 15, 2022

The GKE Clusters List page now includes a new Observability tab. This tab shows infrastructure health metric trends such as CPU, Memory, container restarts and Control Plane metrics. It also provides visibility into ingestion into Google Cloud Managed Service for Prometheus and Cloud Logging. For more information, see View observability metrics.

August 08, 2022

Newly created GKE Clusters on version 1.24 or later using Services without .spec.ports field defined will cause a crash-loop of the ingress-gce controller (l7lbcontroller pod). This will result in not being able to provide L7 Ingress, L4 Internal LoadBalancer Service with Subsetting turned on, and L4 Network LoadBalancer based on Regional Backend Services in the cluster.

To recover from this situation, delete the Service without a port specified or recreate the cluster without any Service with .spec.ports undefined.

August 04, 2022

(2022-R19) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • The following control plane and node versions are now available:

  • The following control plane versions are no longer available:

    • 1.21.12-gke.1500
    • 1.24.2-gke.300
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.21.12-gke.2200 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.21.12-gke.2200 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.24.2-gke.1900 with this release.

Stable channel

  • The following versions are now available in the Stable channel:

  • Version 1.21.12-gke.2200 is now the default version in the Stable channel.

  • The following versions are no longer available in the Stable channel:

    • 1.21.12-gke.1700
    • 1.22.8-gke.201
    • 1.22.8-gke.202
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.12-gke.2200 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.12-gke.2200 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.22.10-gke.600 with this release.

Regular channel

  • The following versions are now available in the Regular channel:

  • The following versions are no longer available in the Regular channel:

    • 1.20.15-gke.9900
    • 1.21.12-gke.2200
    • 1.22.8-gke.202
    • 1.23.5-gke.1503
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to version 1.20.15-gke.11400 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.13-gke.900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.21.13-gke.900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.23.7-gke.1400 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:

  • Version 1.23.8-gke.1900 is now the default version in the Rapid channel.

  • The following versions are no longer available in the Rapid channel:

    • 1.21.14-gke.700
    • 1.22.10-gke.600
    • 1.22.11-gke.400
    • 1.23.6-gke.2200
    • 1.23.7-gke.1400
    • 1.23.8-gke.400
    • 1.24.2-gke.300
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.20.15-gke.13400 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.14-gke.2100 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.12-gke.300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.8-gke.1900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.23.8-gke.1900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.2-gke.1900 with this release.

August 03, 2022

GKE total size control is now available in GKE version 1.24 clusters. For autoscaled node pools you can now set the minimum and maximum number of the total number of nodes across all zones, rather than specify a per zone limit. To learn more, see Cluster autoscaler.

The maximum number of Pods that can run on each node has increased from 110 to 256 with GKE version 1.23.5-gke.1300 or later. To learn more, see Optimizing IP address allocation.

July 27, 2022

GKE node system configuration now supports setting the cgroup mode to use the cgroupv2 resource management subsystem.

July 26, 2022

(2022-R18) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • The following control plane and node versions are now available:
  • Version 1.22.10-gke.600 is now the default version
  • The following control plane versions are no longer available:
    • 1.20.15-gke.8700
    • 1.21.11-gke.1100
    • 1.21.11-gke.1900
    • 1.22.8-gke.200
    • 1.23.5-gke.1501
    • 1.24.1-gke.1800
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to version 1.20.15-gke.9900 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.21.12-gke.1700 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.21.12-gke.1700 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.24.2-gke.300 with this release.

Stable channel

  • The following versions are now available in the Stable channel:
  • Version 1.21.12-gke.1700 is now the default version in the Stable channel
  • The following versions are no longer available in the Stable channel:
    • 1.20.15-gke.8700
    • 1.21.12-gke.1500
    • 1.22.8-gke.200
    • 1.23.6-gke.2200
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to version 1.20.15-gke.9900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.12-gke.1700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.12-gke.1700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to version 1.23.7-gke.1400 with this release.

Regular channel

  • The following versions are now available in the Regular channel:
  • Version 1.22.10-gke.600 is now the default version in the Regular channel
  • The following versions are no longer available in the Regular channel:
    • 1.23.5-gke.1501
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to version 1.20.15-gke.9900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.10-gke.600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.22.10-gke.600 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • Version 1.23.8-gke.400 is now the default version in the Rapid channel
  • The following versions are no longer available in the Rapid channel:
    • 1.21.13-gke.900
    • 1.22.9-gke.2000
    • 1.23.6-gke.1700
    • 1.24.1-gke.1800
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.20.15-gke.9900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.14-gke.700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.21.14-gke.700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.8-gke.400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.23.8-gke.400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.2-gke.300 with this release.

July 22, 2022

GKE Gateway integration with Cloud Certificate Manager is now available as Public Preview in GKE versions 1.20 and later. Use the new TLS features and high scale offered by Cloud Certificate Manager with GKE Gateway. For more information, see Gateway Security.

July 21, 2022

If you start a credential rotation or an IP address rotation, ensure that you manually complete the rotation. If an operation causes a control plane re-creation while the rotation remains incomplete, your cluster might enter a broken state.

Kubernetes control plane metrics are now Generally Available. You can now configure GKE clusters with control plane version 1.23.6-gke.1500 or later to export to Cloud Monitoring certain metrics emitted by the Kubernetes API server, scheduler, and controller manager.

These metrics are stored in Cloud Monitoring in a Prometheus-compatible format. They can be queried by sending either a PromQL or MQL query to the Cloud Monitoring API. They can also be used anywhere within Cloud Monitoring, including in custom dashboards or alerting rules.

July 19, 2022

(2022-R17) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.20.15-gke.8200
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.12-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to version 1.23.6-gke.2200 with this release.

Regular channel

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.20.15-gke.8700
    • 1.21.12-gke.1700
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.12-gke.2200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.21.12-gke.2200 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.21.12-gke.2200
    • 1.22.9-gke.1500
    • 1.23.6-gke.1501
    • 1.24.1-gke.1400
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.13-gke.900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.21.13-gke.900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.1-gke.1800 with this release.

July 15, 2022

Clusters that are using custom or manually created EndpointSlices (EPS) can cause Ingresses and NEGs to stop syncing if missing the service label kubernetes.io/service-name: <service-name>. This issue affects clusters running GKE 1.21, 1.22, and 1.23. Users should add the service label to all custom-made EndpointSlices to ensure that their Ingresses and NEGs continue to be synced.

Cluster autoscaler Location Policy is now generally available in GKE version 1.24.1-gke.800. This change allows users to pick one of two different spreading policies. For more information see Location policy.

July 13, 2022

You can now run Arm-based workloads in Preview in Standard clusters with GKE version 1.24 and later, and in Autopilot clusters with GKE version 1.24.1-gke.1400 and later.

You can now select compute classes to run GKE Autopilot workloads that have specialized hardware requirements, such as Arm architecture. The Scale-Out compute class is available in Preview in Autopilot clusters running GKE version 1.24.1-gke.1400 and later.

July 06, 2022

The blue-green upgrade mechanism is now available to upgrade your GKE node pools, and can be selected per node pool instead of the default surge upgrade mechanism.

June 30, 2022

(2022-R16) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Control plane and node version 1.24.1-gke.1800 is now available.
  • The following control plane versions are no longer available:
    • 1.19.16-gke.9400
    • 1.19.16-gke.11000
    • 1.19.16-gke.11800
    • 1.19.16-gke.13800
    • 1.19.16-gke.14000
    • 1.19.16-gke.14500
    • 1.19.16-gke.15700
    • 1.20.15-gke.6000
    • 1.20.15-gke.8000
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.21.12-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.21.12-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.24.1-gke.1400 with this release.

Stable channel

  • Version 1.21.12-gke.1500 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.19.16-gke.11800
    • 1.19.16-gke.13800
    • 1.20.15-gke.8000
    • 1.21.11-gke.1900
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.12-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.12-gke.1500 with this release.

Regular channel

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.20.15-gke.8200
    • 1.21.12-gke.1500
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.12-gke.1700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.21.12-gke.1700 with this release.

Rapid channel

  • Version 1.23.7-gke.1400 is now the default version in the Rapid channel.
  • Version 1.24.1-gke.1800 is now available in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.20.15-gke.9900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.7-gke.1400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.23.7-gke.1400 with this release.

A new vulnerability (CVE-2022-1786) has been discovered in the Linux kernel versions 5.10 and 5.11. This vulnerability allows an unprivileged user with local access to the cluster to achieve a full container breakout to root on the node. Only clusters that run Container-Optimized OS are affected. GKE Ubuntu versions use either version 5.4 or 5.15 of the kernel and are not affected. For more information, refer to the GCP-2022-017 security bulletin.

GKE Cost Allocation has been released for public preview. With GKE Cost Allocation public preview, you will be able to see cost breakdowns in clusters for namespaces, and pod labels for utilized CPU and MEM. For complete details, refer to View detailed breakdown of cluster costs.

June 29, 2022

You can now give multiple containers time-shared access to the full compute resources of a single NVIDIA GPU accelerator. Time-sharing GPUs is generally available in GKE version 1.23.7-gke.1400 and later. For more information, refer to Time-sharing GPUs on GKE.

June 24, 2022

Three new memory corruption vulnerabilities (CVE-2022-29581, CVE-2022-29582, CVE-2022-1116) have been discovered in the Linux kernel. These vulnerabilities allow an unprivileged user with local access to the cluster to achieve a full container breakout to root on the node. All Linux clusters (Container-Optimized OS and Ubuntu) are affected. For more information, refer to the GCP-2022-016 security bulletin.

You can now create dual-stack clusters in Alpha Compute Engine API-enabled projects with GKE versions 1.24.1-gke.1000 and later. With dual-stack networking, GKE assigns an IPv4 and an IPv6 address to the cluster nodes and Pods. You can create dual-stack Services of type ClusterIP or NodePort. This feature is now available in Preview. For more information, see the Dual-stack networking.

June 23, 2022

(2022-R15) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.19.16-gke.11000
    • 1.20.15-gke.6000
    • 1.21.11-gke.1100
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to version 1.20.15-gke.8000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.20.15-gke.8000 with this release.

Regular channel

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.20.15-gke.8000
    • 1.21.11-gke.1900
    • 1.22.8-gke.201
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to version 1.20.15-gke.8200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.12-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.21.12-gke.1500 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.21.12-gke.1700
    • 1.22.9-gke.1300
    • 1.23.6-gke.1500
    • 1.24.0-gke.1801
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.19.16-gke.11800 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.12-gke.2200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.10-gke.600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.22.10-gke.600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.1-gke.1400 with this release.

June 22, 2022

To deliver a better default price-performance for applications, all GKE clusters created with control plane version 1.24 and later have the Balanced Persistent Disk (PD) by default for attached volumes. Additionally, the node boot disk default has also been changed to Balanced Persistent Disk (PD).

The new default for attached volumes is applied to all clusters running control plane version 1.24 and later. The new default node boot disk is applied to all new node pools of any node pool version created in a cluster with control plane version 1.24 and later. Existing preferences will not be changed.

For more information on boot disks, see Configuring a custom boot disk.

For more information on attached volumes see Persistent volumes and dynamic provisioning.

June 15, 2022

Confidential GKE Nodes is now generally available in GKE version 1.22 and later for stateful workloads using persistent disks, and in all GKE versions for stateless workloads. Use Confidential GKE Nodes to encrypt your workload data in-use through Compute Engine Confidential VMs.

June 13, 2022

(2022-R14) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • Version 1.21.11-gke.1900 is now the default version in the Stable channel.
  • Version 1.22.8-gke.202 is now available in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.11-gke.1900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.11-gke.1900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.22.8-gke.202 with this release.

Regular channel

  • Version 1.22.8-gke.202 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.20.15-gke.6000
    • 1.21.11-gke.1100
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to version 1.20.15-gke.8000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.11-gke.1900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.8-gke.202 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.22.8-gke.202 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.23.5-gke.1503 with this release.

Rapid channel

  • Version 1.23.6-gke.1501 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.21.12-gke.1500
    • 1.22.8-gke.2200
    • 1.23.5-gke.2400
    • 1.24.0-gke.1000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.19.16-gke.11000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.12-gke.1700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.9-gke.1300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.6-gke.1501 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.23.6-gke.1501 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.0-gke.1801 with this release.

CVE-2022-25235 has been patched in the PD CSI driver in 1.22 and 1.23 clusters. If your cluster is not configured for auto-upgrade, please manually upgrade to eliminate this vulnerability.

GKE Node System Configuration now supports setting pod pid limits.

June 10, 2022

You can now easily identify clusters that use deprecated Kubernetes APIs removed in version 1.22. Kubernetes deprecation insights are now available in Preview.

June 07, 2022

The us-south1 region in Dallas, Texas is now available.

May 26, 2022

1.24 is now available in the Rapid channel

Kubernetes 1.24 is now available in the Rapid channel. Before upgrading, read the Kubernetes 1.24 Release Notes, especially the action required and deprecation sections.

(2022-R13) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.22.8-gke.201 is now the default version.
  • The following control plane and node version are now available:

  • The following control plane versions are no longer available:

    • 1.19.16-gke.10800
    • 1.20.15-gke.3400
    • 1.20.15-gke.3600
    • 1.20.15-gke.4100
    • 1.20.15-gke.5000
    • 1.20.15-gke.5200
    • 1.21.10-gke.400
    • 1.21.10-gke.1300
    • 1.21.10-gke.1500
    • 1.21.10-gke.2000
    • 1.22.6-gke.300
    • 1.22.6-gke.1000
    • 1.22.7-gke.300
    • 1.22.7-gke.900
    • 1.22.7-gke.1300
    • 1.22.7-gke.1500
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to 1.20.15-gke.6000 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to 1.21.11-gke.1100 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to 1.21.11-gke.1100 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to 1.22.8-gke.201 with this release.

Stable channel

  • Version 1.21.11-gke.1100 is now the default version in the Stable channel.

  • The following versions are now available in the Stable channel:

  • The following versions are no longer available in the Stable channel:

    • 1.19.16-gke.10800
    • 1.20.15-gke.5200
    • 1.21.11-gke.900
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to version 1.20.15-gke.6000 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.11-gke.1100 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.11-gke.1100 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.22.8-gke.201 with this release.

Regular channel

  • Version 1.22.8-gke.201 is now the default version in the Regular channel.
  • Version 1.22.8-gke.200 is no longer available in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to 1.22.8-gke.201 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to 1.22.8-gke.201 with this release.

Rapid channel

  • Version 1.23.5-gke.2400 is now the default version in the Rapid channel.

  • The following versions are now available in the Rapid channel:

  • The following versions are no longer available in the Rapid channel:

    • 1.21.11-gke.1900
    • 1.22.8-gke.201
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to 1.20.15-gke.6000 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.12-gke.1500 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.12-gke.1500 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to 1.23.5-gke.2400 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to 1.24.0-gke.1000 with this release.

New API versions

  • storage.k8s.io/v1 CSIStorageCapacity

Notable changes

  • GKE does not support node images that use Docker as the runtime in GKE version 1.24 and later. For more information, see migrating from Docker to containerd.
  • Secret API objects containing service account tokens are not automatically created in 1.24.
    • This change improves security by reducing readable, permanent, Secret-based tokens to ones that have been explicitly requested, and improves performance by reducing the amount of persisted Secret data and avoiding unnecessary utilization of application-layer secrets encryption.
    • Existing Secret-based tokens from previous versions remain valid on upgrade.
    • Secret-based tokens are not used by nodes or pods on version 1.21 and later.
    • Only node versions 1.22 and later are supported running against 1.24 clusters.
    • Clients retrieving tokens directly from the API can still obtain a token using these methods supported in all available GKE versions:
    • Examples of incorrect ways to obtain Secret-based tokens from the API include:
      • Scanning the secrets[*].name field of a ServiceAccount object; this field lists secrets usable by pods running as that service account, not for other purposes, and secrets in that list have never been guaranteed to be service account token secrets.
      • Looking for existing Secret objects of type kubernetes.io/service-account-token created by other clients; a Secret created by another client is owned by that client, and cannot be assumed to be stable for use by other clients.
  • Kubernetes 1.24 deprecates support for insecure serving certificates signed with a SHA-1 hash. Aggregated API servers, admission webhooks, and custom resource conversion webhooks using TLS certificates that are signed by SHA-1 should replace the serving certificates as soon as possible.

    • At cluster version 1.24.0 and later, GKE provides a Cloud Audit log to check if your cluster contains an affected service. You can use the following filter to search for the logs of a 1.24+ cluster:

      logName: "projects/$PROJECT/logs/cloudaudit.googleapis.com%2Factivity"
      resource.type = "k8s_cluster"
      operation.producer = "k8s.io"
      "invalid-cert.kubernetes.io"
      ```
      
    • If you are not affected you won't see any logs. If you do see such an audit log, it will include the name of the service (whether webhook or aggregated API).

Deprecated API versions

These APIs are still served in version 1.24 but are in a deprecation period:

  • PodSecurityPolicy

    • policy/v1beta1 PodSecurityPolicy
    • Deprecated in 1.21 with removal targeted for version 1.25.
    • 1.24 is the last version supporting the beta PodSecurityPolicy feature. Use of this feature must be discontinued before clusters will upgrade to 1.25. For more information, see PodSecurityPolicy deprecation.
  • The following Beta versions of graduated APIs will be removed in 1.25 in favor of their newer versions:

    • discovery.k8s.io/v1beta1 EndpointSlice, deprecated since 1.21
    • policy/v1beta1 PodDisruptionBudget, deprecated since 1.21
    • batch/v1beta1 CronJob, deprecated since 1.21
    • node.k8s.io/v1beta1 RuntimeClass
    • autoscaling/v2beta1 HorizontalPodAutoscaler
  • The following Beta versions of graduated APIs will be removed in 1.26 in favor of newer versions:

    • flowcontrol.apiserver.k8s.io/v1beta1 FlowSchema, PriorityLevelConfiguration
      • deprecated since 1.23
      • use flowcontrol.apiserver.k8s.io/v1beta2 instead, available since 1.23
    • autoscaling/v2beta2 HorizontalPodAutoscaler
      • deprecated since 1.23
      • use autoscaling/v2 instead, available since 1.23 (or autoscaling/v1)
  • The following Beta versions of graduated APIs will be removed in 1.27 in favor of new versions:

    • storage.k8s.io/v1beta1 CSIStorageCapacity, deprecated since 1.24

Nodes on version 1.24.0-gke.1000 with more than 80GB of memory will fail to start successfully due to a known bug, which will be resolved in future 1.24 versions.

May 25, 2022

You can now easily assess the running cost implications at cluster creation time. The GKE cluster cost widget lets you get an estimated cost range when you are creating a cluster.

This information can help you get a better understanding of the upper and lower monthly cost to expect based on your cluster autoscaling setup. This feature is now available in Preview.

For more information, see Introducing GKE cost estimator, built right into the Google Cloud console.

GKE clusters that run control plane versions 1.21 or later and node versions 1.16 or earlier might experience:

  • Readiness check failures.
  • Network endpoint groups (NEGs) and load balancers (LBs) not created or synced.

This occurs because the Ingress controllers running in GKE cluster control plane versions 1.21 or later are not compatible with node versions 1.16 and earlier. To resolve this issue, upgrade your node pools.

For more information, see Node version not compatible with control plane version.

May 24, 2022

The us-east5 region in Columbus, Ohio is now available.

May 20, 2022

You can now quickly identify which of your workloads are underutilized in the Cost Optimization tab. You can also quickly apply suggested values for resource requests and limits (or your own preferred values).

This feature is now available in Preview. For more information, see GKE workload rightsizing.

May 19, 2022

(2022-R12) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • Version 1.21.11-gke.900 is now the default version in the Stable channel.

  • The following versions are now available in the Stable channel:

  • The following versions are no longer available in the Stable channel:

    • 1.19.16-gke.9900
    • 1.20.15-gke.3400
    • 1.20.15-gke.3600
    • 1.20.15-gke.4100
    • 1.21.10-gke.2000
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to 1.19.16-gke.10800 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to 1.21.11-gke.900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to 1.21.11-gke.900 with this release.

Regular channel

  • Version 1.21.11-gke.1100 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:

  • The following versions are no longer available in the Regular channel:

    • 1.20.15-gke.5200
    • 1.21.9-gke.1002
    • 1.21.10-gke.400
    • 1.21.10-gke.2000
    • 1.21.11-gke.900
    • 1.22.6-gke.300
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to 1.20.15-gke.6000 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.21.11-gke.1100 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to 1.21.11-gke.1100 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:

  • The following versions are no longer available in the Rapid channel:

    • 1.21.11-gke.1100
    • 1.22.7-gke.1500
    • 1.22.8-gke.200
    • 1.23.5-gke.1500
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.11-gke.1900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.11-gke.1900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to 1.23.5-gke.2400 with this release.

May 13, 2022

Tags are now available. You can use tags to group or organize your clusters according to custom business dimensions. This is in addition to the hierarchical resource organization provided by Google Cloud's resource manager. The integration of tags with policy engines (via conditional rules) such as IAM or Organization Policy, also allows you to apply centralized policies to custom security perimeters defined through tag bindings.

May 11, 2022

(2022-R11) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.21.11-gke.900 is now the default version.
  • The following control plane versions are no longer available:
    • 1.21.6-gke.1503
    • 1.21.9-gke.300
    • 1.21.9-gke.1001
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.18 to 1.19.16-gke.9900 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to 1.19.16-gke.9900 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.23 to 1.23.5-gke.1501 with this release.

Stable channel

  • The following versions are now available in the Stable channel:

  • Version 1.19.16-gke.9400 is no longer available in the Stable channel.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.18 to 1.19.16-gke.9900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to 1.19.16-gke.9900 with this release.

Regular channel

  • Version 1.21.11-gke.900 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:

  • The following versions are no longer available in the Regular channel:

    • 1.20.15-gke.5000
    • 1.21.6-gke.1503
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to 1.20.15-gke.5200 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.21.11-gke.900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to 1.21.11-gke.900 with this release.

Rapid channel

  • Version 1.22.8-gke.2200 is now the default version in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.22.8-gke.2200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to 1.22.8-gke.2200 with this release.

May 10, 2022

The europe-southwest1 region in Madrid is now available.

May 04, 2022

Spot Pods for GKE Autopilot clusters is now generally available. Use Spot Pods to run your fault-tolerant workloads at reduced costs.

Spot VMs on GKE is now generally available. Spot VMs let you run fault-tolerant workloads at lower costs.

May 03, 2022

(2022-R10) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • Version 1.21.10-gke.2000 is now the default version in the Stable channel.

  • The following versions are now available in the Stable channel:

  • The following versions are no longer available in the Stable channel:

    • 1.19.16-gke.9200
    • 1.20.15-gke.2500
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.18 to 1.19.16-gke.9400 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to 1.19.16-gke.9400 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to 1.21.10-gke.2000 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to 1.22.8-gke.200 with this release.

Regular channel

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.20.15-gke.4100
    • 1.21.5-gke.1805
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.18 to 1.19.16-gke.9400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to 1.20.15-gke.5000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.20.15-gke.5000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to 1.23.5-gke.1501 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.21.11-gke.900
    • 1.22.7-gke.1300
    • 1.23.5-gke.200
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.18 to 1.19.16-gke.9400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to 1.20.15-gke.4100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.11-gke.1100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.11-gke.1100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to 1.23.5-gke.1500 with this release.

The europe-west9 region in Paris is now available.

April 27, 2022

Two security vulnerabilities, CVE-2022-1055 and CVE-2022-27666 have been discovered in the Linux kernel. Each can lead to a local attacker being able to perform a container breakout, privilege escalation on the host, or both. These vulnerabilities affect all GKE node operating systems (Container-Optimized OS and Ubuntu). For instructions and more details, see the GCP-2022-014 security bulletin.

April 21, 2022

(2022-R9) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.21.10-gke.2000 is now the default version.
  • The following control plane and node versions are now available:
  • The following control plane versions are no longer available:
    • 1.19.16-gke.8300
    • 1.20.15-gke.1000
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.18 to version 1.19.16-gke.9200 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to version 1.20.15-gke.3400 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.20.15-gke.3400 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.21.10-gke.2000 with this release.

Stable channel

Note: Your clusters might not have these versions available. Rollouts begin on the day of the note and take four or more business days to be completed across all Google Cloud zones.

  • Version 1.21.10-gke.2000 is now the default version in the Stable channel.

  • The following versions are now available in the Stable channel:

  • The following versions are no longer available in the Stable channel:

    • 1.19.16-gke.9200
    • 1.20.15-gke.2500
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.18 to 1.19.16-gke.9400 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to 1.19.16-gke.9400 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to 1.21.10-gke.2000 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to 1.22.8-gke.200 with this release.

Regular channel

  • Version 1.21.10-gke.2000 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • Version 1.20.15-gke.3600 is no longer available in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.18 to version 1.19.16-gke.9200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to version 1.20.15-gke.4100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.10-gke.2000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.21.10-gke.2000 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.21.10-gke.2000
    • 1.22.7-gke.900
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.18 to version 1.19.16-gke.9200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.20.15-gke.2500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.11-gke.900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.21.11-gke.900 with this release.

April 20, 2022

The europe-west8 region in Milan is now available.

April 13, 2022

A security vulnerability, CVE-2022-23648, has been discovered in containerd's handling of path traversal in the OCI image volume specification. Containers launched through containerd's CRI implementation with a specially-crafted image configuration could gain full read access to arbitrary files and directories on the host. This vulnerability may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy). This vulnerability affects all GKE node operating systems (Container-Optimized OS and Ubuntu) which use containerd by default. All GKE, Autopilot, and GKE Sandbox nodes are affected.

For more information, see the GCP-2022-013 security bulletin.

Egress NAT policy to configure IP masquerade is now generally available on GKE Autopilot clusters with Dataplane v2 in versions 1.22.7-gke.1500+ or 1.23.4-gke.1600+. For configuration examples of Egress NAT policy, see Egress NAT Policy documentation.

April 11, 2022

(2022-R8) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • The following control plane and node versions are now available:
  • The following control plane versions are no longer available:
    • 1.19.16-gke.6800
    • 1.20.15-gke.300
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.18 to version 1.19.16-gke.8300 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to version 1.20.15-gke.2500 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.20.15-gke.2500 with this release.

Stable channel

  • Version 1.20.15-gke.2500 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.19.16-gke.6800
    • 1.20.15-gke.300
    • 1.21.5-gke.1805
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.18 to version 1.19.16-gke.8300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to version 1.20.15-gke.2500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.20.15-gke.2500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.10-gke.2000 with this release.

Regular channel

  • Version 1.20.15-gke.3600 is now available in the Regular channel.
  • Version 1.20.15-gke.2500 is no longer available in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.18 to version 1.19.16-gke.8300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to version 1.20.15-gke.3600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.6-gke.1503 with this release.

Rapid channel

  • Version 1.22.8-gke.200 is now the default version in the Rapid channel.
  • Version 1.21.11-gke.900 is now available in the Rapid channel.
  • The following versions are no longer available in the Rapid channel:
    • 1.21.10-gke.1500
    • 1.22.7-gke.300
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.18 to version 1.19.16-gke.8300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.20.15-gke.1000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.10-gke.2000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.8-gke.200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.22.8-gke.200 with this release.

April 08, 2022

A security vulnerability, CVE-2022-0847, has been discovered in the Linux kernel version 5.8 and later that can potentially escalate container privileges to root.

For more information, see the GCP-2022-012 security bulletin.

March 31, 2022

(2022-R7) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • The following versions are now available in the Stable channel:

  • The following versions are no longer available in the Stable channel:

    • 1.19.16-gke.6100
    • 1.20.12-gke.1500
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.18 to 1.19.16-gke.6800 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to 1.19.16-gke.6800 with this release.

Regular channel

  • Version 1.21.6-gke.1503 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.21.6-gke.1503 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to 1.21.6-gke.1503 with this release.

Rapid channel

  • Version 1.22.7-gke.1500 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.21.10-gke.1300
    • 1.23.4-gke.1600
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.10-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.10-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to 1.23.5-gke.200 with this release.

March 22, 2022

There is a misconfiguration with Simultaneous Multi-Threading (SMT), also known as Hyper-threading, on GKE Sandbox images. The misconfiguration leaves nodes potentially exposed to side channel attacks such as Microarchitectural Data Sampling (MDS) (for more context, see GKE Sandbox documentation). We do not recommend using the following affected versions:

  • 1.22.4-gke.1501
  • 1.22.6-gke.300
  • 1.23.2-gke.300
  • 1.23.3-gke.600

For instructions and more details, see the GKE security bulletin.

March 21, 2022

(2022-R6) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • Version 1.20.15-gke.1000 is now the default version in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to 1.20.15-gke.1000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to 1.20.15-gke.1000 with this release.

Regular channel

  • The following versions are now available in the Regular channel:

  • The following versions are no longer available in the Regular channel:

    • 1.20.15-gke.1000
    • 1.21.6-gke.1503
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to 1.20.15-gke.2500 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.20.15-gke.2500 with this release.

Rapid channel

  • Version 1.22.7-gke.900 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:

  • The following versions are no longer available in the Rapid channel:

    • 1.21.10-gke.400
    • 1.22.6-gke.1500
    • 1.23.4-gke.1300
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.10-gke.1300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.10-gke.1300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to 1.22.7-gke.300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to 1.23.4-gke.1600 with this release.

March 16, 2022

Starting in GKE version 1.22, the Compute Engine persistent disk CSI driver is generally available for Windows clusters.

March 15, 2022

The following GKE versions fix a known issue in which random TCP connection resets might happen for GKE nodes that use Container-Optimized OS with Docker (cos). To fix the issue, upgrade your nodes to any of these versions:

  • 1.20.15-gke.3400 and later
  • 1.21.10-gke.1300 and later
  • 1.22.7-gke.1300 and later
  • 1.23.4-gke.1300 and later

March 14, 2022

(2022-R5) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.21.9-gke.1002 is now the default version.
  • The following control plane and node versions are now available:

  • The following control plane versions are no longer available:

    • 1.19.16-gke.3600
    • 1.20.11-gke.1300
    • 1.20.11-gke.1801
    • 1.22.4-gke.1501
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.18 to 1.19.16-gke.6100 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to 1.20.15-gke.300 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to 1.20.15-gke.300 with this release.

Stable channel

  • Version 1.20.15-gke.300 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:

  • The following versions are no longer available in the Stable channel:

    • 1.19.16-gke.3600
    • 1.20.11-gke.1801
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.18 to 1.19.16-gke.6100 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to 1.20.15-gke.300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to 1.20.15-gke.300 with this release.

Regular channel

  • Version 1.21.9-gke.1002 is now the default version in the Regular channel.
  • Version 1.20.15-gke.1000 is now available in the Regular channel.
  • Version 1.20.15-gke.300 is no longer available in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to 1.20.15-gke.1000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.21.9-gke.1002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to 1.21.9-gke.1002 with this release.

Rapid channel

  • Version 1.22.7-gke.300 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:

  • The following versions are no longer available in the Rapid channel:

    • 1.21.9-gke.1002
    • 1.22.6-gke.1000
    • 1.23.4-gke.300
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.10-gke.400 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.10-gke.400 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to 1.22.6-gke.1500 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to 1.23.4-gke.1300 with this release.

If you specify --enable-dataplane-v2 in a Windows LTSC node pool running GKE version 1.22.7-gke.1300, Windows nodes cannot join the cluster.

March 10, 2022

In GKE version 1.23.2-gke.300 and later, you can now use network tags to dynamically apply firewall rules to nodes in your GKE Autopilot clusters and auto-provisioned GKE Standard node pools without disrupting running workloads.

March 09, 2022

The following GKE versions fix a known issue in which the CAP_NET_BIND_SERVICE file capability was dropped from the metrics-server. To fix the issue, upgrade your control plane to any of these versions:

  • 1.21.9-gke.1002 and later
  • 1.21.10-gke.400 and later
  • 1.22.6-gke.300 and later
  • 1.22.7-gke.300 and later
  • 1.22.7-gke.900 and later
  • 1.23.4-gke.300 and later

March 08, 2022

Setting a minimum CPU platform for node pools created by node auto-provisioning using the autoscaling.autoprovisioning_node_pool_defaults.min_cpu_platform field is deprecated. This field will be removed in a future release. In GKE versions 1.23 and later, you can request a minimum CPU platform at the workload level using a node selector or node affinity rule for cloud.google.com/requested-min-cpu-platform. For instructions, refer to Minimum CPU platform.

March 07, 2022

(2022-R4) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • The following versions are now available in the Stable channel:

  • The following versions are no longer available in the Stable channel:

    • 1.19.16-gke.1500
    • 1.20.11-gke.1300
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.18 to 1.19.16-gke.3600 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to 1.19.16-gke.3600 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to 1.21.5-gke.1805 with this release.

Regular channel

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:

    • 1.20.12-gke.1500
    • 1.21.5-gke.1805
    • 1.22.3-gke.1500
    • 1.22.4-gke.1501
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to 1.20.15-gke.300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.21.6-gke.1503 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to 1.21.6-gke.1503 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to 1.22.6-gke.300 with this release.

Rapid channel

  • Version 1.22.6-gke.1500 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:

  • The following versions are no longer available in the Rapid channel:

    • 1.21.9-gke.300
    • 1.21.9-gke.1001
    • 1.22.4-gke.1501
    • 1.22.6-gke.300
    • 1.23.3-gke.1100
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.9-gke.1002 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.9-gke.1002 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to 1.22.6-gke.1000 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to 1.23.4-gke.300 with this release.

Identity Service for GKE is now generally available. You can authenticate to GKE clusters with external identity providers that use OpenID Connect (OIDC).

March 04, 2022

Some unexpected paths to access the node VM on GKE Autopilot clusters could have been used to escalate privileges in the cluster. These issues have been fixed and no further action is required. The fixes address issues reported through our Vulnerability Reward Program.

For instructions and more details, see the GCP-2022-009 security bulletin.

Public clusters created on GKE versions 1.22 and later, and created between October 28, 2021 and February 17, 2022 use Private Service Connect (PSC). Therefore, each control plane is assigned to a private IP address from the cluster node subnet.

For public clusters created outside of this time frame or with a different GKE version, the control plane has a public IP address by default.

February 25, 2022

The Envoy project recently discovered a set of vulnerabilities. All issues listed below are fixed in Envoy release 1.21.1.

For more information, see the GCP-2022-008 security bulletin.

February 24, 2022

(2022-R3) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • Version 1.19.16-gke.3600 is now available in the Stable channel.
  • Version 1.21.5-gke.1805 is now available in the Stable channel.
  • The following versions are no longer available in the Stable channel:
    • 1.19.15-gke.1801
    • 1.21.5-gke.1802
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to 1.21.5-gke.1805 with this release.

Regular channel

  • Version 1.21.6-gke.1503 is now the default version in the Regular channel.
  • Version 1.21.5-gke.1805 is now available in the Regular channel.
  • Version 1.21.6-gke.1503 is now available in the Regular channel.
  • Version 1.22.4-gke.1501 is now available in the Regular channel.
  • The following versions are no longer available in the Regular channel:
    • 1.20.11-gke.1801
    • 1.21.5-gke.1802
    • 1.21.6-gke.1500
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.21.6-gke.1503 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to 1.21.6-gke.1503 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to 1.22.4-gke.1501 with this release.

Rapid channel

  • Version 1.22.6-gke.300 is now the default version in the Rapid channel.
  • Version 1.21.9-gke.1001 is now available in the Rapid channel.
  • Version 1.22.6-gke.1000 is now available in the Rapid channel.
  • Version 1.22.6-gke.1500 is now available in the Rapid channel.
  • Version 1.23.3-gke.1100 is now available in the Rapid channel.
  • The following versions are no longer available in the Rapid channel:
    • 1.21.6-gke.1500
    • 1.22.3-gke.700
    • 1.22.3-gke.1500
    • 1.23.2-gke.300
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.9-gke.1001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.9-gke.1001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to 1.23.3-gke.1100 with this release.

GKE nodes that use Container-Optimized OS with Docker (cos) may experience random TCP connection resets when two pods on the same node communicate using a Kubernetes ClusterIP Service.

For more information, see GKE Node images known issues.

February 22, 2022

GKE Gateway traffic management is now in Preview for GKE 1.22 and later version clusters. You can now autoscale Pods or dynamically shift traffic between clusters based on Service traffic capacity.

February 17, 2022

Kubernetes Network Policy API allows specifying range of ports (see KEP on port ranges) on which the policy is enforced in GKE 1.22 and later versions. If you specify endPort field in a Network Policy, it might not take effect in Dataplane V2 based on the cluster configuration. This API will be supported in Calico Network Policy enabled clusters but not in Dataplane V2 clusters.

For more information, see GKE Dataplane V2 known issues.

February 15, 2022

A security vulnerability, CVE-2022-0492, has been discovered in the Linux kernel's cgroup_release_agent_write function. The attack uses unprivileged user namespaces, and under certain circumstances, this vulnerability can be exploitable for container breakout.

For more information, see the GCP-2022-006 security bulletin.

February 14, 2022

Kubernetes 1.23 is now available in the Rapid channel. Before upgrading, read the Kubernetes 1.23 Release Notes, especially the action required and deprecation sections. Also, read the guide for ensuring compatibility of webhook and aggregated API server certificates before the upgrade.

February 11, 2022

A security vulnerability, CVE-2021-43527, has been discovered in any binary that links to the vulnerable versions of libnss3 found in NSS (Network Security Services) versions prior to 3.73 or 3.68.1.

Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS.

For more information, see the GCP-2022-005 security bulletin.

February 10, 2022

Versions 1.21.9-gke.300, 1.22.6-gke.300, and 1.23.2-gke.300 contain a fix for a race condition which could result in erroneously detaching all endpoints from network endpoint groups for a short period.

February 04, 2022

A security vulnerability, CVE-2021-4034, has been discovered in pkexec, a part of the Linux policy kit package (polkit), that allows an authenticated user to perform a privilege escalation attack. PolicyKit is generally used only on Linux desktop systems to allow non-root users to perform actions such as rebooting the system, installing packages, restarting services etc, as governed by a policy. GKE clusters are not affected.

For instructions and more details, see the GCP-2022-004 security bulletin.

You will not be able to create new node pools that use a Docker node image starting with GKE v1.23 when:

  • Creating a new cluster,
  • Adding a node pool to an existing cluster, or
  • Using Node Auto-provisioning (NAP) with --autoprovisioning-image-type set to Docker node images.
  • For existing clusters, you will also not be able to change the value of --autoprovisioning-image-type to Docker node images.

If you are upgrading your GKE clusters from GKE v1.22 to v1.23, then you will be able to continue using:

  • Docker node pools that were configured before the upgrade.
  • Cluster Autoscaler on Docker node pools.
  • Node Auto-provisioning (NAP) with --autoprovisioning-image-type set to Docker node images if it was configured before upgrading to v1.23. However, we highly recommend you to migrate to GKE node images that use the Containerd container runtime.

For your reference, below are the GKE node images for the Containerd and Docker container runtimes:

  • Containerd container runtime (recommended): cos_containerd, ubuntu_containerd, windows_ltsc_containerd, windows_sac_containerd
  • Docker container runtime (unsupported starting with v1.24): cos, ubuntu, windows_ltsc, windows_sac

Containerd is the default runtime on GKE. Most user workloads do not have dependencies on the container runtime. Support for Docker as a container runtime on Kubernetes nodes will be removed from OSS Kubernetes and GKE starting with v1.24. If you use a node image based on Docker container runtime, please migrate your GKE workloads to a Containerd node image as soon as possible. For more details, see Containerd node images.

February 03, 2022

(2022-R02) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Control plane and node version 1.19.16-gke.6100 is now available.
  • Control plane and node version 1.20.15-gke.300 is now available.
  • Control plane and node version 1.21.9-gke.300 is now available.
  • Control plane and node version 1.22.6-gke.300 is now available.
  • Control plane version 1.21.5-gke.1302 is no longer available.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.18 to 1.19.16-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to 1.19.16-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to 1.21.6-gke.1500 with this release.

Stable channel

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.18 to 1.19.16-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to 1.19.16-gke.1500 with this release.

Regular channel

  • Version 1.22.3-gke.1500 is now available in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to 1.20.12-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.21.6-gke.1500 with this release.

Rapid channel

  • Version 1.22.4-gke.1501 is now the default version in the Rapid channel.
  • Version 1.21.9-gke.300 is now available in the Rapid channel.
  • Version 1.22.6-gke.300 is now available in the Rapid channel.
  • Version 1.23.2-gke.300 is now available in the Rapid channel.
  • Version 1.21.5-gke.1802 is no longer available in the Rapid channel.
  • Version 1.23.1-gke.500 is no longer available in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.6-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.6-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to 1.22.4-gke.1501 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to 1.23.2-gke.300 with this release.

February 02, 2022

Three security vulnerabilities, CVE-2021-4154, CVE-2021-22600, and CVE-2022-0185 have been discovered in the Linux kernel, each of which can lead to either a container breakout, privilege escalation on the host, or both. These vulnerabilities affect all GKE node operating systems and Anthos clusters on VMware node operating systems (COS and Ubuntu).

Pods using GKE Sandbox are not vulnerable to these vulnerabilities. For more information, see the GCP-2022-002 security bulletin.

January 31, 2022

In GKE, you can now filter Pub/Sub cluster notifications by notification type. For more information, see Receive cluster notifications.

When creating a maintenance exclusion window, you can restrict the exclusion to specify types of maintenance. For example, during a specific time period you can exclude minor upgrades from occurring on your cluster. For more information, see Maintenance exclusions documentation.

January 27, 2022

Starting with GKE version 1.23.0, if a Kubernetes event is created using k8s.io/api/core/v1, the LastTimestamp field is used as the timestamp of the corresponding event log if the field is non-empty. Otherwise, the timestamp field will be unset and will be determined by Cloud Logging.

If a Kubernetes event is created using k8s.io/api/events/v1, the Series.LastObservedTime field is used as the timestamp of the corresponding event log if the field is non-empty. Otherwise, the timestamp field will be unset and will be determined by Cloud Logging. An event created with k8s.io/api/events/v1 will be converted to k8s.io/api/core/v1 before exporting to Cloud Logging.

Log payload of an event log will contain the LastTimestamp field from k8s.io/api/core/v1 Event API. If an event is created using k8s.io/api/events/v1, the value of this field will be null. Instead, use the Series.LastObservedTime field in the log payload.

January 21, 2022

(2022-R01) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.21.6-gke.1500 is now the default version.
  • Control plane and node version 1.19.16-gke.3600 is now available.
  • The following control plane versions are no longer available:
    • 1.19.15-gke.1300
    • 1.20.10-gke.1600
    • 1.20.10-gke.2100
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.18 to 1.19.15-gke.1801 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to 1.20.12-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to 1.20.12-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to 1.21.5-gke.1802 with this release.

Stable channel

  • Version 1.20.12-gke.1500 is now the default version in the Stable channel.
  • Version 1.21.5-gke.1802 is now available in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to 1.20.12-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to 1.20.12-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to 1.21.5-gke.1802 with this release.

Regular channel

  • Version 1.21.6-gke.1500 is now the default version in the Regular channel.
  • Version 1.21.6-gke.1500 is now available in the Regular channel.
  • Version 1.21.5-gke.1302 is no longer available in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.21.6-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to 1.21.6-gke.1500 with this release.

Rapid channel

  • Version 1.22.3-gke.1500 is now the default version in the Rapid channel.
  • Version 1.22.4-gke.1501 is now available in the Rapid channel.
  • Version 1.23.1-gke.500 is now available in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.5-gke.1802 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.5-gke.1802 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to 1.22.3-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to 1.23.1-gke.500 with this release.

1.23 is now available in the Rapid channel

Kubernetes 1.23 is now available in the Rapid channel. Before upgrading, read the Kubernetes 1.23 Release Notes, especially the action required and deprecation sections.

Notable features

Beta: PodSecurity admission

PodSecurity replaces the deprecated PodSecurityPolicy admission controller (which will be removed in 1.25). PodSecurity is an admission controller that enforces Pod Security Standards on Pods in a Namespace based on specific namespace labels that set the enforcement level. In 1.23, the PodSecurity feature is enabled by default, and applies to namespaces that opt into enforcement. Refer to the PodSecurity documentation and PodSecurityPolicy migration guide for more information.

Notable changes and bug fixes

Kubernetes 1.23 is built with go1.17, which requires aggregated API servers, admission webhooks, and custom resource conversion webhooks to use TLS certificates that include the service DNS name as a subjectAltName.

  • Before upgrading to 1.23, ensure any non-local aggregated API servers, admission webhooks, and custom resource conversion webhooks in your cluster are served using valid TLS certificates.
  • At cluster version 1.22.3-gke.700 or higher, GKE provides a Cloud Audit log to check if your cluster contains an affected service. You can use the following filter to search for the logs:

    logName: "projects/$PROJECT/logs/cloudaudit.googleapis.com%2Factivity"
    resource.type = "k8s_cluster"
    operation.producer = "k8s.io"
    "invalid-cert.webhook.gke.io"
    
  • If you are not affected you won't see any logs. If you do see such an audit log, it will include the name of the service (whether webhook or aggregated API).

New API versions

  • flowcontrol.apiserver.k8s.io/v1beta2 FlowSchema, PriorityLevelConfiguration
  • autoscaling/v2 HorizontalPodAutoscaler

Deprecated API versions

These APIs are still served in version 1.23 but are in a deprecation period:

  • PodSecurityPolicy
    • policy/v1beta1 PodSecurityPolicy
    • Deprecated in 1.21 with removal targeted for version 1.25.
  • The following Beta versions of graduated APIs will be removed in 1.25 in favor of their GA versions:
    • discovery.k8s.io/v1beta1 EndpointSlice, deprecated since 1.21
    • policy/v1beta1 PodDisruptionBudget, deprecated since 1.21
    • batch/v1beta1 CronJob, deprecated since 1.21
    • node.k8s.io/v1beta RuntimeClass
    • autoscaling/v2beta1 HorizontalPodAutoscaler
  • The following Beta versions of graduated APIs will be removed in 1.26 in favor of newer versions:
    • flowcontrol.apiserver.k8s.io/v1beta1 FlowSchema, PriorityLevelConfiguration
      • deprecated since 1.23
      • use flowcontrol.apiserver.k8s.io/v1beta2 instead, available since 1.23
    • autoscaling/v2beta2 HorizontalPodAutoscaler
      • deprecated since 1.23
    • use autoscaling/v2 instead, available since 1.23 (or autoscaling/v1)

Clusters running GKE node versions 1.19.16-gke.1500 and 1.19.16-gke.3600 will be unstable if Container Threat Detection (KTD) is enabled. To use KTD, create the cluster with the most recent 1.19.15 version or any GKE version 1.20 or later. If you require GKE version 1.19.16-gke.1500 or 1.19.16-gke.3600, you should disable KTD on the cluster using the Cloud Security Command Center Advanced Settings before creating or upgrading nodes to these versions

January 20, 2022

VPC-scoped DNS for GKE using Cloud DNS is now generally available for GKE versions 1.21 and later. This allows for seamless VPC-wide DNS resolution of GKE Services. Note that cluster-scoped DNS using Cloud DNS is still in public preview.

A new kubernetes metric, Network policy event count (kubernetes.io/pod/network/policy_event_count), is available (beta) for GKE Dataplane V2 clusters in GKE versions 1.22.3-gke.700 and later.

This metric can be viewed in the Metrics Explorer in Cloud Monitoring for resource type, Kubernetes Pod.

This metric provides visibility into network policy events and shows the Change in the number of network policy events seen in the dataplane, each event has the following metric labels:

  • verdict: Policy verdict, possible values: [allow, deny].
  • workload_kind: Kind of the workload, policy-enforced-pod belongs to, for example, "Deployment", "Replicaset", "StatefulSet", "DaemonSet", "Job", or "CronJob".
  • workload_name: Name of the workload, policy-enforced-pod belongs to.
  • direction: Direction of the traffic from the point of view of policy-enforced-pod, possible values: [ingress, egress].

In addition to these metric labels, customers can also see usual resource labels for resource type, Kubernetes Pod: project_id, location, cluster_name, namespace_name, and pod_name.

This metric can be used for setting up automated alerts for specific behaviors (denials higher than a threshold), identifying security issues, gaining better understanding of traffic flow, and troubleshooting.

January 17, 2022

Now available in Preview: Use a compact placement policy to specify that nodes within the node pool should be placed in closer physical proximity to each other within a zone. Having nodes closer to each other can reduce network latency between nodes, which can be useful for tightly-coupled batch workloads.

December 20, 2021

For GKE versions 1.21 and later, newly created clusters will have the DenyServiceExternalIPs admission controller enabled by default, disabling the use of ExternalIPs Services.

For existing clusters, when you upgrade the cluster to GKE version 1.21 or later, the DenyServiceExternalIPs admission controller will not be enabled. Since ExternalIPs Services are not widely used, we recommend manually auditing any external IP usage. You can choose to block ExternalIPs by using the following command:

gcloud container clusters update --no-enable-service-externalips

For more information, refer to Hardening your cluster's security.

A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs.

This issue is fixed in the following GKE versions:

  • 1.22.3-gke.1100 or above
  • 1.21.6-gke.700 or above
  • 1.20.12-gke.700 or above
  • 1.19.16-gke.700 or above

For more information about the CVE, refer to CVE-2021-41103.

December 14, 2021

File capability CAP_NET_BIND_SERVICE required by metrics-server to bind privileged port 443 is dropped in clusters that enable PodSecurityPolicy and use the Ubuntu with Docker container runtime in node pools. As a result, metrics-server fails to bootstrap and autoscaling functionality fails to function. All 1.21 and 1.22 node versions are impacted. This issue will be fixed in a future release. Automatic node upgrades from GKE version 1.20 to 1.21 will be halted until this issue is fixed.

December 09, 2021

GKE version 1.22.3-gke.1500 and later support user impersonation for all user-defined users and groups. System users and groups such as the kube-apiserver user and the system:masters group cannot be impersonated.

December 06, 2021

(2021-R34) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • The following control plane versions are no longer available:
    • 1.19.13-gke.1900, 1.19.14-gke.301, 1.19.14-gke.1900, 1.19.14-gke.2300, 1.19.15-gke.500
    • 1.21.3-gke.2003, 1.21.4-gke.2300, 1.21.4-gke.2302, 1.21.5-gke.1300
  • The following control planes and nodes with auto-upgrade enabled will be upgraded with this release:

Stable channel

Regular channel