GKE release notes

The Observability dashboards on the GKE Clusters List, Cluster Details, and Workload List pages are now customizable. Additionally, the Cluster Details dashboards can be customized across the entire project, or per-cluster for specific use cases.

The me-central2 region in Dammam, Saudi Arabia is now available.

You can now use node auto-provisioning for TPU slices. With this feature, Standard clusters with GKE version 1.28 and later provision TPU node pools and multi-host TPU accelerators automatically to ensure the capacity required to schedule AI/ML workloads. To learn more, see Configuring TPU node auto-provisioning.

GKE now supports the ability to create nodes and workloads with multiple network interfaces. You can create new clusters with version 1.27 and later with multi networking enabled. The additional network interfaces on the Pods can be regular interfaces or high performance interfaces where the network interface is directly attached to the Pod. For more information, see Setup multi-network support for Pods.

Your clusters can now perform operations, such as node auto-provisioning or version upgrades, on multiple node pools in parallel. You no longer have to wait for an operation to complete before you initiate another operation. This feature is enabled for all GKE versions. This change provides you with benefits like the following:

• More efficient scaling, which results in improved savings and faster workload deployment
• Faster, less disruptive node pool upgrades
• Fewer "operation already in progress" messages that could delay subsequent planned operations
• More reliable rollback behavior to fix upgrade-related disruptions in production
• Automatic control plane resize operations won't block other operations on the cluster

The Google Cloud Platform Terraform provider has also been updated to take advantage of this change.

You can now create Cloud Tensor Processing Unit (TPU) nodes in GKE to run AI workloads, from training to inference models. GKE manages your cluster by automating TPU resource provisioning, scaling, scheduling, repairing, and upgrading. GKE provides TPU infrastructure metrics in Cloud Monitoring, TPU logs, and error reports for better visibility and monitoring of TPU node pools in GKE clusters. TPUs are available with GKE Standard clusters. GKE supports TPU v4 in version 1.26.1.gke-1500 and later, and supports TPU v5e in version 1.27.2-gke.1500 and later. To learn more, see About TPUs in GKE.

You can now sequence the rollout of cluster upgrades across fleets or across scopes. To learn more, see About cluster upgrades with rollout sequencing.

GKE now delivers insights and recommendations to ensure your workloads are ready for disruption using features such as Pod Disruption Budgets. To learn more, see Ensure stateful workloads are disruption-ready.

The europe-west10 region in Berlin, Germany is now available.

You can now easily identify clusters that use deprecated Kubernetes APIs removed in versions 1.25, 1.26, and 1.27. Kubernetes deprecation insights are now available for these versions.

GKE Infrastructure Dashboards and Metrics Packages are now available for both GKE Autopilot and Standard clusters with control plane version 1.27.2-gke.1200 and later. You can now configure Autopilot or Standard clusters to export a predefined list of metrics emitted by GKE managed KSM (kube-state-metrics) for workloads state and Persistent Storage. These metrics are collected by Google Cloud Managed Service for Prometheus and are sent to Cloud Monitoring. You can also view new dashboards (Persistent and Workloads state) rendering those metrics in the Observability tab. For more information, see View observability metrics.

You can now troubleshoot issues with CPU limit utilization and Memory limit utilization of containers running in GKE by using the new "interactive playbook" dashboards in Cloud Monitoring.

The Filestore CSI driver now supports smaller share sizes (10Gi) for Filestore multishares for GKE for enterprise instances starting in version 1.27.

You can now run workloads on A100 80GB GPUs in Autopilot clusters that use GKE version 1.27 and later.

Kubernetes control plane logs and Kubernetes control plane metrics are now available for GKE Autopilot clusters with control plane version 1.22.0 and later and 1.22.13 and later, respectively. You can now configure Autopilot cluster to export logs and certain metrics emitted by the Kubernetes API server, scheduler, and controller manager to Cloud Logging and Cloud Monitoring.

GKE Autopilot supports extended duration Pods from 1.27 or later with the cluster-autoscaler.kubernetes.io/safe-to-evict=false annotation. To learn more, see how to extend the run time of Autopilot Pods.

The managed Cloud Storage FUSE CSI driver for GKE is now GA in versions 1.26.5 and later. You can use this driver to consume Cloud Storage buckets for GKE workloads.

GKE Dataplane V2 observability is now available in Public Preview starting in GKE versions 1.26.4-gke.500 or later, or 1.27.1-gke.400 or later. You can now enable Dataplane V2 metrics and observability tools on your cluster. Dataplane V2 metrics are included in new Autopilot clusters and opt-in for new Standard clusters. You can opt-in to enable Dataplane V2 observability tools for Autopilot and Standard clusters. Existing clusters can also be updated to enable metrics and observability tooling.

For more information, check out GKE Dataplane V2 observability.

In GKE version 1.24 and later, new beta APIs are, by default, disabled in new clusters. Starting in version 1.27, which is the first new minor version since 1.24 where new beta APIs are introduced, you can enable new APIs on cluster creation or for an existing cluster.

For more information, see how to Use Kubernetes beta APIs with GKE clusters.

You can now troubleshoot common GKE issues by using the new "interactive playbook" dashboards in Cloud Monitoring: unschedulable pods and crashlooping containers. You can also access the interactive playbooks from GKE UI insights and set alerts that will allow you to know once those issues occurs.

For information about using these dashboards, see the GKE troubleshooting documentation for unschedulable pods and crashlooping.

Starting in GKE version 1.27, cluster autoscaler always considers Compute Engine Reservations when making the scale-up decisions. The node pools with matching unused reservations are prioritized when choosing the node pool to scale up, even when the node pool is not the most efficient one. Additionally, unused reservations are always prioritized when balancing multi-zonal scale-ups.

For more information, see how to use cluster autoscaler.

The new release of the GKE Gateway controller (2023-R2) is now generally available. With this release, the GKE Gateway controller will provide the following new capabilities:

• New GatewayClasses supporting the regional external Application Load Balancer
• Identity-aware Proxy (IAP) Integration
• Custom request and response headers
• URL Rewrites and Path Redirects

To learn more, see the supported capabilities per GatewayClass.

Managed Service for Prometheus is enabled by default in new GKE Standard clusters running version 1.27 and later. Existing clusters that upgrade to 1.27 will not automatically enable this feature. For more information, see Enable managed collection: GKE.

Automatic GPU driver installation is available in version 1.27.2-gke.1200 and later, which enables you to install NVIDIA GPU drivers on nodes without manually applying a DaemonSet.

For instructions, see Running GPUs.

GKE Autopilot now supports the ability to deploy your own service mesh. Many service meshes, such as Istio or LinkerD, require CAP_NET_ADMIN Linux capability to function, which is disabled on Autopilot clusters by default to reduce the size of the security attack surface. You can now optionally enable NET_ADMIN on your Autopilot clusters if you need this capability for your service meshes or other opt-in use cases. See Autopilot Security for more information for how to enable NET_ADMIN.

GKE support for Hyperdisk Throughput and Hyperdisk Extreme as an attached persistent disk option is now generally available. Support is available for both Autopilot and Standard clusters running GKE versions 1.26 and later.

Clusters with low or no utilization can be identified by Idle Cluster insights.

Dual-stack LoadBalancer Services are now available in Preview. Dual-stack LoadBalancer Services are supported on both GKE Standard and Autopilot dual-stack clusters. To learn more, see Single-stack and dual-stack Services.

You can now use deprecation insights to identify clusters on versions 1.21 to 1.24 that use Pod Security Policy, which is unsupported on GKE version 1.25 and later.

New Autopilot clusters that run GKE version 1.25.5-gke.1000 and later automatically use Image streaming to pull eligible images.

In addition to the existing egress network policy GKE already supports, you can now control the egress traffic of your Pods by using a network policy that matches a fully-qualified domain name or a regular expression. FQDN Network Policy is now available in Preview for clusters in version 1.26.4-gke.500 and later, and 1.27.1-gke.400 and later. For more information, see Control Pod egress traffic using FQDN network policies.

Agones on GKE users will get recommendations and insights if they did not install the Agones controller on dedicated nodes.

The Observability tab for each of your GKE clusters now includes metrics for ephemeral storage. For more information, see View observability metrics.

The C3 machine family is generally available for GKE Standard clusters running on version 1.22 and later. You can select this family by using the --machine-type flag when creating a cluster or node pool.

The following features are not supported for this machine family:

• Node auto-provisioning.
• Confidential GKE nodes.
• Local SSD.
• Standard persistent disks (pd-standard).

For more information, refer to the C3 machine series documentation.

The g2-standard machine family with NVIDIA L4 is generally available for node pools in clusters running GKE version 1.22 and later. To select the machine family, use the --machine-type flag in your create command.

Now in GA for both GKE Standard and Autopilot clusters with GKE version 1.26 and later, you can add more IPv4 secondary Pod ranges to a new or existing cluster with the --additional-pod-ipv4-ranges flag. To learn more, see Adding Pod IP addresses.

The managed Cloud Storage FUSE CSI driver for GKE is now available in Preview in GKE versions 1.26.3 and later. You can use this driver to consume Cloud Storage buckets for GKE workloads.

Pods bound to Preemptible and Spot nodes are now automatically deleted from the Kubernetes API server after the Preemptible or Spot instance is preempted. This is available in GKE versions:

• 1.25.7-gke.1000 or later
• 1.26.2-gke.1000 or later

The new release of the GKE Gateway controller (2023-R01) is now generally available. With this release, the GKE Gateway controller will provide the following new capabilities:

• Gateway API on Autopilot clusters by default (GKE 1.26+)
• The Global External HTTP(S) Load Balancer GatewayClass graduates to GA
• Global Access for the gke-l7-rilb GatewayClass
• SSL Policies
• HTTP-to-HTTPS redirect
• Cloud Armor integration

You can check all the supported capabilities per GatewayClass in this page.

The g2-standard machine family with NVIDIA L4 is available in Preview for node pools in clusters running GKE version 1.22 and later. To select the machine family, use the --machine-type flag in your create command.

GKE now supports a streamlined Fleet registration process, allowing users to register their clusters to a Fleet directly when clusters are created using the gcloud command. For more information, see Register a GKE cluster to your fleet.

The me-central1 region in Doha, Qatar is now available.

Starting from GKE 1.26, cluster autoscaler can drain Pods from multiple nodes in parallel. The removal criteria are not changing, so the end state after scale down is going to be the same, but it will be achieved faster.

The europe-west12 region in Turin, Italy is now available.

Backend Service-based external Network load balancers are now generally available with GKE. Regional Backend Service is a foundational element of a Google Cloud Load Balancer and using it for your external LoadBalancer Services will unlock new capabilities going forward. To learn more, see how to deploy a backend service-based external network load balancer.

In Standard clusters with GKE version 1.26 and later, you can now audit workloads to validate if they are compatible with Autopilot clusters. Use kubectl get audit to see the cluster objects.

Starting from GKE control plane versions 1.26.0-gke.2200, 1.25.5-gke.2200, 1.24.9-gke.2200 or later, SingleStack IPv6 and DualStack (IPv4/IPv6) services, stub domains, and upstream nameservers are supported with Cloud DNS for GKE.

The Balanced compute class is now generally available in Autopilot clusters running GKE version 1.25 and later.

You can now specify a minimum CPU platform in the Balanced compute class in Autopilot clusters running GKE version 1.25 and later if your workloads have specialized CPU requirements such as a high base frequency or optimized power management functionality. For instructions, refer to Choose a minimum CPU platform.

You can now expose randomly assigned host ports in Pods on GKE Autopilot running version 1.24.7-gke.1200 and later or 1.25.3-gke.1100 and later.

You can now attach ephemeral and block devices backed by Local NVMe SSDs during GKE node pool creation, using the Ephemeral Storage Local SSD API and the Local NVMe SSD Block API respectively, with node version 1.25.3-gke.1800 or later.

Windows Server 2022 OS image is generally available on GKE. You can now create Windows Node pools with Windows Server 2022 OS images using the command line. For more information, see Creating a cluster using Windows Server node pools.

You can now run GPU-based workloads in GA in Autopilot clusters that use GKE version 1.24.2-gke.1800 and later.

Dual-stack clusters in GKE are now generally available. Dual-stack networking is supported on both Standard and Autopilot clusters. To learn more, see Use an IPv4/IPv6 dual-stack network to create a dual-stack cluster.

You can now enable NCCL Fast Socket on your multi-GPU workloads. NCCL Fast Socket is a transport layer plugin designed to improve NVIDIA Collective Communication Library (NCCL) performance on Google Cloud. To enable NCCL Fast Socket, you must be using a GKE Standard cluster with control plane version 1.25.2-gke.1700 or later. For more information, see Improve workload efficiency using NCCL Fast Socket.

Global external HTTP(S) load balancer is now supported with the GKE Gateway controller in Preview. You can now configure GKE clusters with control plane version 1.24 or later in Rapid channel to use a global external HTTP(S) load balancer to expose web services to the Internet, in a single cluster or multi-cluster architecture. You can benefit from many advanced traffic management capabilities offered by the new generation of Google Cloud global external HTTP(S) load balancers natively in GKE by using the Kubernetes Gateway API and specifying a new Gateway class. To see the difference between Gateway classes compatible with our GKE Gateway controller, see here.

Cloud DNS for GKE (cluster scope) is now Generally Available. You can now configure GKE clusters with control plane version 1.24.7-gke.800, 1.25.3-gke.700 or later to use Cloud DNS as the DNS provider for in-cluster name resolution, and replace the existing DNS service based on kube-dns.

GKE Autopilot clusters may now migrate the cluster's datapath provider to Dataplane V2. Migration is triggered during a control plane upgrade (see version requirements below). The migration is complete once all nodes running the legacy datapath have been recreated. Node pools created after the control plane upgrade will be created using Dataplane V2.

• For clusters running 1.24 without Dataplane V2, upgrading to 1.24.7-gke.300 or a higher 1.24 version will begin the migration to Dataplane V2.

• For clusters running 1.25 without Dataplane V2, upgrading to 1.25.3-gke.200 or a higher 1.25 version will begin the migration to Dataplane V2.

To determine whether you are in the process of migrating the datapath, run:

gcloud container clusters describe <CLUSTER> --region <REGION> --project <PROJECT> --format="value(networkConfig.datapathProvider)"

Clusters migrating to Dataplane V2 will have the datapath provider field of the cluster set to MIGRATE_TO_ADVANCED_DATAPATH.

Clusters that have migrated to Dataplane V2 will have the datapath provider field of the cluster set to ADVANCED_DATAPATH.

Compact placement policy is now generally available. Set up a compact placement policy to specify that nodes within the node pool should be placed in closer physical proximity to each other within a zone. Having nodes closer to each other can reduce network latency between nodes, which can be useful for tightly-coupled batch workloads.

Kubernetes control plane logs are now Generally Available. You can now configure GKE clusters with control plane version 1.22.0 or later to export to Cloud Logging logs emitted by the Kubernetes API server, Scheduler, and Controller Manager.

These logs are stored in Cloud Logging and can be queried in the Cloud Logging Log Explorer or Cloud Logging API. These logs can also be sent to Google Cloud Storage, BigQuery, or Pub/Sub using the Log Router.

You can now use deprecation insights to identify clusters on versions 1.23 and earlier that use Docker-based node images, which are unsupported on GKE version 1.24 and later.

The Logs tab available for each cluster on the Kubernetes Engine > Clusters page now includes suggested queries for your logs. For more information about using your GKE logs, see Viewing your GKE logs.

GKE Autopilot clusters support compact placement policies in version 1.25 and later.

GKE Autopilot clusters support signaling to GKE that a particular node is problematic in version 1.24 and later.

You can now use use compact placement for node auto-provisioning in Standard clusters with GKE version 1.25 and later. To learn more, see Use compact placement for node auto-provisioning.

GKE Gateway for Single Cluster is now generally available in GKE version 1.24 and later. Use the Gateway API to express the intent of your inbound HTTP(S) traffic into your GKE cluster and the Gateway controller will instrument and fully manage the external and/or internal HTTP(S) load balancer(s) that forwards traffic to your applications. For complete details about the GKE Gateway controller, refer to the following documentation.

When you create a LoadBalancer service in GKE, the Google Cloud controllers automatically create the following firewall rules and apply them to the GKE nodes to allow inbound connections on the Service port:

• Internal load balancer with GKE subsetting or external load balancer with regional backend services (RBS): k8s2-[cluster-id]-[namespace]-[service-name]-[suffixhash]
• Internal load balancer without GKE subsetting or external load balancer with target pool: k8s-fw-[loadbalancer-hash]

These rules now include the load balancer IP address in the destination ranges field to further control the inbound connections to the nodes. You can use the gcloud compute firewall-rules describe command to check a relevant firewall. The new field in the output is similar to the following:

destinationRanges:
- [LOADBALANCER_VIRTUAL_IP_ADDRESS]

You can now easily identify clusters that use certificates incompatible with Kubernetes version 1.23. Kubernetes 1.23 deprecation insights are now available in Preview for clusters of at least version 1.22.6-gke.1000.

GKE Cost Allocation has been released for general availability. With GKE Cost Allocation, you can see cost breakdowns in clusters for namespaces, and pod labels for utilized CPU and MEM. For complete details, refer to View detailed breakdown of cluster costs.

You can now run GPU-based workloads in Preview in Autopilot clusters that use GKE version 1.24.2-gke.1800 and later. For more information, see the Google Cloud blog post.

In Autopilot clusters running GKE version 1.24.1-gke.1400 and later, you can now use the Balanced compute class to schedule your workloads that require very high memory or CPU requests.

GKE control plane metrics is now available for clusters running Kubernetes control plane version 1.22.13 or later.

The a2-ultragpu machine family is available in Preview for node pools in clusters running GKE version 1.24 and later. To select the machine family, use the --machine-type flag in your create command.

The me-west1 region in Tel Aviv, Israel is now available.

On GKE Standard clusters using control plane version 1.24.2-gke.300 or later, you can configure the cluster and node pools to deploy an alternative version of the Logging agent designed to maximize logging throughput. The default Logging agent running in each GKE cluster guarantees at least 100 KB per second log throughput per node for system and workload logs. This Logging agent variant provides a 100x improvement, allowing for throughput as high as 10 MB per second on nodes that have at least 2 unused CPU cores.

Additionally, all GKE clusters with system metrics enabled now export a new metric (kubernetes.io/node/logs/input_bytes), which indicates the number of log bytes generated on a node. Using this metric can help you decide which variant of the logging agent makes sense to deploy in your cluster or node pools.