Release notes (Rapid channel)

This page documents updates to releases in the Google Kubernetes Engine Rapid release channel. You can periodically check this page for announcements about new or updated features, bug fixes, known issues, and deprecated functionality. The overall release notes also include the information in this page.

For more detailed information about security-related known issues, see the security bulletin page.

To view release notes for versions prior to 2020, see the Release notes archive.

You can see the latest product updates for all of Google Cloud on the Google Cloud page, or browse and filter all release notes in the Google Cloud Console.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly: https://cloud.google.com/feeds/gke-rapid-channel-release-notes.xml

July 20, 2021

(2021-R23) Version updates

  • Version 1.20.8-gke.700 is now the default version in the Rapid channel.
  • Version 1.20.8-gke.900 is now available in the Rapid channel.
  • Version 1.20.7-gke.2200 is no longer available in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.20.8-gke.700 with this release.

July 09, 2021

(2021-R22) Version updates

  • Version 1.20.7-gke.2200 is now the default version.
  • Version 1.20.8-gke.700 is now available in the Rapid channel.
  • Version 1.21.2-gke.600 is now available in the Rapid channel.
  • Version 1.20.6-gke.1400 is no longer available in the Rapid channel.
  • Version 1.20.7-gke.1800 is no longer available in the Rapid channel.
  • Version 1.21.1-gke.2200 is no longer available in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.20.7-gke.2200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.2-gke.600 with this release.

June 25, 2021

(2021-R21) Version updates

  • Version 1.20.7-gke.2200 is now available in the Rapid channel.
  • Version 1.21.1-gke.2200 is now available in the Rapid channel.
  • Version 1.21.1-gke.1800 is no longer available in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to 1.20.7-gke.1800 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.20.7-gke.1800 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.1-gke.2200 with this release.

June 16, 2021

(2021-R20) Version updates

  • Version 1.20.7-gke.1800 is now available in the Rapid channel.
  • Version 1.21.1-gke.1800 is now available in the Rapid channel.
  • Version 1.21.1-gke.400 is no longer available in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.1-gke.1800 with this release.

June 09, 2021

(2021-R19) Version updates

  • Version 1.20.6-gke.1400 is now the default version in the Rapid channel.
  • Version 1.21.1-gke.400 is now available in the Rapid channel.
  • Version 1.20.6-gke.1000 is no longer available in the Rapid channel.
  • Version 1.21.1-gke.100 is no longer available in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.20.6-gke.1400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.1-gke.400 with this release.

May 28, 2021

(2021-R18) Version updates

  • Version 1.20.6-gke.1400 is now available in the Rapid channel.
  • Version 1.21.1-gke.100 is now available in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.1-gke.100 with this release.

1.21 available in the Rapid channel

Kubernetes version 1.21 is now available in the Rapid channel. Before upgrading, read the Kubernetes 1.21 Release Notes, especially the action required and deprecation sections.

1.21 Features

The following features are introduced in version 1.21:

CronJob (GA)

The CronJob API has graduated to General Availability (GA), bringing performance improvements and allowing scheduled jobs to be run using a stable API.

  • This resource is now available in the batch/v1 group/version.
  • The batch/v1beta1 group/version is deprecated, and will be removed in version 1.25. See the migration guide for details.

PodDisruptionBudget (GA)

The PodDisruptionBudget has graduated to GA, allowing pod evictions to be controlled using a stable API.

  • This resource is now available in the policy/v1 group/version.
  • The policy/v1beta1 group/version is deprecated, and will be removed in version 1.25. See the migration guide for details.

EndpointSlice (GA)

The EndpointSlice API has graduated to GA, bringing performance improvements over the v1 Endpoints API.

  • This more scalable API for service discovery is now enabled on all clusters and is promoted to discovery.k8s.io/v1.
  • The discovery.k8s.io/v1beta1 group/version is deprecated, and will be removed in version 1.25. See the migration guide for details.

Default namespace label (Beta)

Namespace API objects now have a kubernetes.io/metadata.name label matching their metadata.name field to allow selecting any namespace by its name using a label selector. This can be used for objects which select namespaces by label, such as admission webhooks and network policies.

Bound service account token volumes (Beta)

  • The API credentials injected into containers at /var/run/secrets/kubernetes.io/serviceaccount/token are now time-limited, auto-refreshed, and invalidated when the containing pod is deleted.
  • By default, injected tokens are given an extended lifetime so they remain valid even after a new refreshed token is provided. The metric serviceaccount_stale_tokens_total and the audit annotation authentication.k8s.io/stale-token can be used to monitor for workloads that depend on the extended lifetime and are continuing to use tokens even after a refreshed token is provided to the container.
  • Clients should reload the token from disk periodically (once per minute is recommended) to ensure they use the refreshed token. k8s.io/client-go version 11.0.0+ and 0.15.0+ reload tokens automatically.

In Kubernetes 1.21, newly provisioned PersistentVolumes by gce-pd will use the topology.kubernetes.io/zone GA label instead of the failure-domain.beta.kubernetes.io/zone beta label.

1.21 New Beta and Stable APIs

The following Stable APIs are new in 1.21:

  • batch/v1 CronJob
  • policy/v1 PodDisruptionBudget
  • discovery.k8s.io/v1 EndpointSlice

The following Beta APIs are new in 1.21:

  • storage.k8s.io/v1beta1 CSIStorageCapacity

1.21 Deprecated APIs

The following APIs are deprecated in the 1.21 release:

  • PodSecurityPolicy
    • policy/v1beta1 PodSecurityPolicy
    • Deprecated in 1.21 with removal targeted for version 1.25.
  • The following Beta versions of newly graduated APIs will be removed in 1.25 in favor of GA versions:
    • discovery.k8s.io/v1beta1 EndpointSlice
    • policy/v1beta1 PodDisruptionBudget
    • batch/v1beta1 CronJob
  • The following Beta versions of previously graduated APIs will be removed in 1.22 in favor of GA versions:
    • admissionregistration.k8s.io/v1beta1, MutatingWebhookConfiguration
    • admissionregistration.k8s.io/v1beta1, ValidatingWebhookConfiguration
    • apiextensions.k8s.io/v1beta1, CustomResourceDefinition
    • apiregistration.k8s.io/v1beta1, APIService
    • authentication.k8s.io/v1beta1, TokenReview
    • authorization.k8s.io/v1beta1, LocalSubjectAccessReview
    • authorization.k8s.io/v1beta1, SelfSubjectAccessReview
    • authorization.k8s.io/v1beta1, SubjectAccessReview
    • certificates.k8s.io/v1beta1, CertificateSigningRequest
    • coordination.k8s.io/v1beta1, Lease
    • extensions/v1beta1, Ingress
    • networking.k8s.io/v1beta1, Ingress
    • networking.k8s.io/v1beta1, IngressClass
    • rbac.authorization.k8s.io/v1beta1, ClusterRole
    • rbac.authorization.k8s.io/v1beta1, ClusterRoleBinding
    • rbac.authorization.k8s.io/v1beta1, Role
    • rbac.authorization.k8s.io/v1beta1, RoleBinding
    • scheduling.k8s.io/v1beta1, PriorityClass
    • storage.k8s.io/v1beta1, CSIDriver
    • storage.k8s.io/v1beta1, CSINode
    • storage.k8s.io/v1beta1, StorageClass
    • storage.k8s.io/v1beta1, VolumeAttachment

May 20, 2021

In GKE version 1.20 and later, audit logging does not occur for Binary Authorization fail open events.

May 19, 2021

(2021-R17) Version updates

  • Version 1.20.6-gke.1000 is now the default version in the Rapid channel.
  • Version 1.19.9-gke.1900 is no longer available in the Rapid channel.
  • Version 1.19.10-gke.1000 is no longer available in the Rapid channel.
  • The following control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded with this release:

May 12, 2021

(2021-R16) Version updates

  • Version 1.19.10-gke.1000 is now available in the Rapid channel.
  • Version 1.20.6-gke.1000 is now available in the Rapid channel.
  • Version 1.20.5-gke.2000 is no longer available in the Rapid channel.
  • The following control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded with this release:

May 04, 2021

(2021-R15) Version updates

  • Version 1.19.9-gke.1900 is now the default version in the Rapid channel.
  • Version 1.19.9-gke.1400 is no longer available in the Rapid channel.
  • The following control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded with this release:

April 29, 2021

Fixes for the following GKE Autopilot clusters issues are rolling out to the Rapid release channel:

  • Pods with a priority lower than -10 would not trigger scale up.
  • Pod anti-affinity might cause overscaling.

April 27, 2021

(2021-R14) Version updates

  • Version 1.19.9-gke.1400 is now the default version in the Rapid channel.
  • Version 1.19.9-gke.1900 is now available in the Rapid channel.
  • Version 1.20.5-gke.2000 is now available in the Rapid channel.
  • Version 1.19.9-gke.700 is no longer available in the Rapid channel.
  • Version 1.20.5-gke.1300 is no longer available in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.18 to version 1.19.9-gke.1400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.19.9-gke.1400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.20.5-gke.2000 with this release.

April 20, 2021

(2021-R13) Version updates

  • Version 1.19.9-gke.700 is now the default version in the Rapid channel.
  • Version 1.19.9-gke.1400 is now available in the Rapid channel.
  • Version 1.20.5-gke.1300 is now available in the Rapid channel.
  • Version 1.19.9-gke.100 is no longer available in the Rapid channel.
  • Version 1.20.5-gke.800 is no longer available in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.18 to version 1.19.9-gke.700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.19.9-gke.700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.20.5-gke.1300 with this release.

April 14, 2021

(2021-R12) Version updates

  • Version 1.19.9-gke.100 is now the default version in the Rapid channel.
  • Version 1.19.9-gke.700 is now available in the Rapid channel.
  • Version 1.20.5-gke.800 is now available in the Rapid channel.
  • Version 1.19.8-gke.2000 is no longer available in the Rapid channel.
  • Version 1.20.5-gke.101 is no longer available in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.18 to version 1.19.9-gke.100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.19.9-gke.100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.20.5-gke.800 with this release.

April 06, 2021

(2021-R11) Version updates

  • Version 1.19.8-gke.2000 is now the default version.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.19.8-gke.1600
    • 1.20.4-gke.2200
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.18 to version 1.19.8-gke.2000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.19.8-gke.2000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.20.5-gke.100 with this release.

March 29, 2021

  • Version 1.19.8-gke.1600 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.19.8-gke.1000
    • 1.20.4-gke.1800
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.19.8-gke.1600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.20.4-gke.2200 with this release.

March 23, 2021

Starting tomorrow, March 24, 2021, the mechanism we use to create GKE release notes will change. Although this change does not affect the content of the notes, it does affect the presentation and underlying syntax. If you subscribe to the XML feed for this page, entries for March 24 and earlier will be updated as a result of changes to formatting and syntax; the content itself did not change.

The feed URL will also change from https://cloud.google.com/feeds/kubernetes-engine-release-notes.xml to https://cloud.google.com/feeds/gke-main-release-notes.xml. We will automatically redirect from the old URL to the new one.

Windows Server, version 1909 is reaching end of support on May 11, 2021. Newer Windows Server image versions are available in GKE versions 1.19.8-gke.1600+ and 1.20.4-gke.500+.

March 16, 2021

(2021-R9) Version updates

  • Version 1.19.8-gke.1000 is now the default version in the Rapid channel.
  • Version 1.19.8-gke.1600 is now available in the Rapid channel.
  • Version 1.20.4-gke.1800 is now available in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.19.8-gke.1000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.20.4-gke.1800 with this release.
  • Version 1.19.7-gke.2503 is no longer available in the Rapid channel.
  • Version 1.20.4-gke.400 is no longer available in the Rapid channel.

March 05, 2021

(2021-R8) Version updates

  • Version 1.19.7-gke.2503 is now available in the Rapid channel. This version is now the default.
  • Version 1.19.8-gke.1000 is now available in the Rapid channel.
  • Version 1.20.4-gke.400 is now available in the Rapid channel.
  • Auto-upgrading nodes and control planes in the Rapid channel upgrade from version 1.19 to version 1.19.7-gke.2503 with this release.
  • Auto-upgrading nodes and control planes in the Rapid channel upgrade from version 1.20 to version 1.20.4-gke.400 with this release.
  • Version 1.19.7-gke.1500 is no longer available in the Rapid channel.
  • Version 1.20.2-gke.2500 is no longer available in the Rapid channel.

February 25, 2021

(2021-R7) Version updates

  • Version 1.19.7-gke.1500 is the new default version in the Rapid channel.
  • Version 1.19.7-gke.2503 is now available in the Rapid channel.
  • Version 1.20.2-gke.2500 is now available in the Rapid channel. Before upgrading to 1.20.2-gke.2500, read the 1.20 available in the Rapid channel section in the release notes.
  • Version 1.19.7-gke.1302 is no longer available in the Rapid channel.
  • Auto-upgrading control planes in the Rapid channel automatically upgrade from version 1.19 to version 1.19.7-gke.1500 with this release.
  • Auto-upgrading control planes in the Rapid channel automatically upgrade from version 1.20 to version 1.20.2-gke.2500 with this release.
  • Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.19 to version 1.19.7-gke.1500 with this release.
  • Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.20 to version 1.20.2-gke.2500 with this release.

1.20 available in the Rapid channel

Kubernetes 1.20 is now available in the Rapid channel. Before upgrading to 1.20.2-gke.2500, read the Kubernetes 1.20 ReleaseNotes especially the Urgent upgrade notes and Deprecations sections.

RuntimeClass graduated to GA in version 1.20: The node.k8s.io/v1beta1 RuntimeClass API has graduated to node.k8s.io/v1 with no changes. API clients and manifests should switch to using the node.k8s.io/v1 API after version 1.20. The node.k8s.io/v1beta1 API is deprecated and will no longer be served starting in version 1.25.

As of version 1.20, the kubelet no longer creates the target_path for NodePublishVolume in accordance with the CSI spec. If you have self-managed CSI drivers deployed in your cluster, ensure that they are idempotent and do any necessary mount creation or verification. For more information, see Kubernetes issue #88759.

Starting in version 1.20, timeouts on exec probes are honored, and default to 1 second if unspecified. If you have Pods using exec probes, ensure that they can easily complete in 1 second or explicitly set an appropriate timeout. For more information, see Configure Probes.

Non-deterministic treatment of objects with invalid ownerReferences was fixed in version 1.20. Run the kubectl-check-ownerreferences tool prior to upgrade to locate existing objects with invalid ownerReferences.

  • A namespaced object with an ownerReference to another namespaced object which does not exist in the same namespace is now consistently treated as having a missing owner and is deleted.

  • A cluster-scoped object with an ownerReference to a namespaced object is now consistently treated as having an unresolvable owner, and is ignored by the garbage collector.

  • Starting in version 1.20, when a namespace mismatch between a child and owner object is detected, an event with a reason code of OwnerRefInvalidNamespace is recorded.

The metadata.selfLink field, deprecated since version 1.16, is no longer populated in version 1.20. See Kubernetes issue #1164 for details. A related bug in the k8s.io/client-go library in the GetReference function was fixed in versions 0.15.9 or later, 0.16.4 or later, and 0.17.0 or later. Clients using the GetReference function should upgrade to one of those versions of client-go or newer in order to work correctly against an API Server running version 1.20 or later.

February 17, 2021

(2021-R6) Version updates

  • Version 1.19.7-gke.1302 is now available in the Rapid channel. This version is now the default.
  • Version 1.19.7-gke.1500 is now available in the Rapid channel.
  • Version 1.18.12-gke.1206 is no longer available in the Rapid channel.
  • Version 1.19.7-gke.800 is no longer available in the Rapid channel.
  • Auto-upgrading control planes in the Rapid channel automatically upgrade from version 1.18 to version 1.19.7-gke.1302 with this release.
  • Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.18 to version 1.19.7-gke.1302 with this release.

February 09, 2021

(2021-R5) Version updates

  • Version 1.18.12-gke.1210 is now available in the Rapid channel. This version is now the default.
  • Version 1.19.7-gke.1302 is now available in the Rapid channel.
  • Version 1.18.12-gke.1205 is no longer available in the Rapid channel.
  • Version 1.19.6-gke.1700 is no longer available in the Rapid channel.
  • Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.18 to version 1.18.12-gke.1206 with this release.
  • Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.19 to version 1.19.7-gke.800 with this release.

February 02, 2021

(2021-R4) Version updates

  • Version 1.18.12-gke.1206 is now available in the Rapid channel.
  • Version 1.19.7-gke.800 is now available in the Rapid channel.
  • Version 1.19.6-gke.600 is no longer available in the Rapid channel.
  • Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.19 to version 1.19.6-gke.1700 with this release.

January 28, 2021

For clusters using a 1.19 version, with the Container-Optimized OS with Containerd (cos_containerd) node image, dockerd (the Docker Daemon) is not running at boot. It needs to be started manually. This issue will be fixed in a future release.

January 25, 2021

(2021-R3) Version updates

January 19, 2021

(2021-R2) Version updates

  • Version 1.18.12-gke.1205 is now available in the Rapid channel. This version is now the default.
  • Version 1.19.6-gke.600 is now available in the Rapid channel. Before upgrading to 1.19.6-gke.600, read the 1.19 available in the Rapid channel section in the release notes.
  • Version 1.18.12-gke.1200 is no longer available in the Rapid channel.
  • Version 1.18.12-gke.1202 is no longer available in the Rapid channel.
  • Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.18 to version 1.18.12-gke.1205 with this release.
  • Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.19 to version 1.19.6-gke.600 with this release.

1.19 available in the Rapid channel

Kubernetes 1.19 is now available in Rapid channel. Before upgrading to 1.19.6-gke.600, read Kubernetes 1.19 Release Notes especially the Urgent upgrade notes section.

Basic authentication with a password has been removed in Kubernetes 1.19. Clusters upgraded to 1.19 can no longer use basic authentication to authenticate users to the control plane.

Seccomp (secure computing mode) support for Kubernetes has graduated to General Availability (GA). This feature can be used to increase the workload security by restricting the system calls for a Pod (applies to all containers) or individual containers.

A new seccompProfile field is added to Pod and Container securityContext objects, starting in Kubernetes 1.19.

securityContext:
  seccompProfile:
    # "Unconfined", "RuntimeDefault", or "Localhost"
    type: Localhost
    # only necessary if type == Localhost
    localhostProfile: my-profiles/profile-allow.json

The alpha seccomp annotations seccomp.security.alpha.kubernetes.io/pod and container.seccomp.security.alpha.kubernetes.io/…are deprecated in favor of the GA API field. The alpha annotations will not be honored in Kubernetes 1.22+.

If you are currently using Seccomp annotations on Pods or Containers, you should identify and transition workloads using the annotations to set the API fields before 1.21 is released on GKE (approximately in June 2021). No change on PodSecurityPolicy is required, as it supports both annotation and field seccomp profiles. You can follow the recommended steps below:

  1. Locate Seccomp annotation usages. In your Kubernetes manifest files, search for "seccomp.security.alpha.kubernetes.io/pod" and "container.seccomp.security.alpha.kubernetes.io/"".

  2. Add or update securityContext fields. Based on your annotation usage, add or update (if securityContext already exists) the securityContext field in Pod or Container spec. The annotations can be left in place, but must match the securityContext API field.

    Current annotation usage Add or update securityContext
    seccomp.security.alpha.kubernetes.io/pod In Pod's securityContext, add seccompProfile field.
    container.seccomp.security.alpha.kubernetes.io/CONTAINER_NAME In CONTAINER_NAME's securityContext, add seccompProfile field.
  3. Set values for seccompProfile. The type field of seccompProfile corresponds to the annotation value, and localhostProfile field corresponds to the path following localhost annotation value.

    Current annotation value seccompProfile value
    unconfined seccompProfile:
    type: Unconfined
    runtime/default
    or docker/default
    seccompProfile:
    type: RuntimeDefault
    localhost/path/to/profile.json seccompProfile:
    type: Localhost
    localhostProfile: path/to/profile.json

For more details, see the following pages:

The widely used Ingress API has graduated to general availability in Kubernetes 1.19. The v1beta1 Ingress API is deprecated, and will no longer be served in 1.22+. Before 1.21, identify and transition clients and manifests using the v1beta1 Ingress API to use networking.k8s.io/v1.

Clusters with Google Cloud's operations suite enabled can use the following query to identify clients that access the Ingress v1beta1 APIs:

resource.type="k8s_cluster"
resource.labels.cluster_name="$CLUSTER_NAME"
protoPayload.authenticationInfo.principalEmail:("system:serviceaccount" OR "@")
protoPayload.request.apiVersion=("extensions/v1beta1" OR "networking.k8s.io/v1beta1")
protoPayload.request.kind="Ingress"
NOT ("kube-system")

Identify and transition clients and manifests using the v1beta1 Ingress APIs to use networking.k8s.io/v1 before 1.21 is released on GKE (approximately in June 2021), then verify no clients are using the v1beta1 API during the 1.21 timeframe. Workloads using the v1beta1 APIs need to be upgraded before your cluster is upgraded to GKE 1.22.

To migrate manifests to networking.k8s.io/v1:

  1. Rename the spec.backend field (if specified) to spec.defaultBackend
  2. Rename each backend.serviceName field to backend.service.name
  3. Rename each numeric backend.servicePort field to backend.service.port.number
  4. Rename each string backend.servicePort field to backend.service.port.name
  5. Specify a pathType field for each defined path. Options are Prefix, Exact, and ImplementationSpecific. To match the undefined v1beta1 behavior, use ImplementationSpecific.

As an example, to migrate this v1beta1 manifest to v1:

v1beta1 manifest

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: example
spec:
  backend:
    serviceName: default-backend
    servicePort: 80
  rules:
  - http:
      paths:
      - path: /testpath
        backend:
          serviceName: test
          servicePort: 80

v1 manifest

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: example
spec:
  defaultBackend:
    service:
      name: default-backend
      port:
        number: 80
  rules:
  - http:
      paths:
      - path: /testpath
        pathType: ImplementationSpecific
        backend:
          service:
            name: test
            port:
              number: 80

The CertificateSigningRequest API has graduated to certificates.k8s.io/v1 in Kubernetes 1.19. The v1beta1 CertificateSigningRequest API is deprecated and will no longer be served in 1.22+.

Clusters with Google Cloud's operations suite enabled can use the following query to identify clients that access the CertificateSigningRequest v1beta1 APIs:

resource.type="k8s_cluster"
resource.labels.cluster_name="$CLUSTER_NAME"
protoPayload.authenticationInfo.principalEmail:("system:serviceaccount" OR "@")
protoPayload.request.apiVersion="certificates.k8s.io/v1beta1"
NOT ("kube-system")

Identify and transition clients and manifests using the v1beta1 CertificateSigningRequest API to use certificates.k8s.io/v1 before 1.21 is released on GKE (approximately in June 2021), then verifying no clients are using the v1beta1 API during the 1.21 timeframe. Workloads using the v1beta1 API need to be upgraded before your cluster is upgraded to GKE 1.22.

Differences between the v1beta1 and v1 API are as follows:

  • For API clients requesting certificates:

    • spec.signerName is now required, and requests for kubernetes.io/legacy-unknown are not allowed to be created using the certificates.k8s.io/v1 API
    • spec.usages is now required, cannot contain duplicate values, and must only contain known usages
  • For API clients approving or signing certificates:

    • status.conditions cannot contain duplicate types
    • status.conditions[*].status is now required
    • status.certificate must be PEM-encoded, and must contain only CERTIFICATE blocks

January 08, 2021

(2021-R1) Version updates

  • Version 1.18.12-gke.1201 is now available in the Rapid channel. This version is now the default.
  • Version 1.18.12-gke.1205 is now available in the Rapid channel.
  • Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.18 to version 1.18.12-gke.1201 with this release.

December 14, 2020

(R41) Version updates

  • Version 1.18.12-gke.1201 is now available in the Rapid channel.
  • Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.18 to version 1.18.12-gke.1200 with this release.

December 07, 2020

(R40) Version updates

  • Version 1.18.12-gke.1200 is now available in the Rapid channel.
  • Version 1.18.12-gke.300 is now the default in the Rapid channel.
  • Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.18 to version 1.18.12-gke.300 with this release.
  • Version 1.18.10-gke.2701 is no longer available in the Rapid channel.

December 01, 2020

(R39) Version updates

  • Version 1.18.12-gke.300 is now available in the Rapid channel. This version is now the default.
  • 1.18.10-gke.2701 is now the default version in the Rapid channel.
  • Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.18 to version 1.18.10-gke.2701 with this release.
  • Version 1.18.10-gke.2101 is no longer available in the Rapid channel.

November 25, 2020

Auto-upgrade status

GKE Auto-Upgrade is currently suspended for control planes, and nodes. Manual upgrades are available.

November 24, 2020

The November 17, 2020 release removed the following GKE version:

  • Version 1.18.10-gke.1500 is no longer available in the Rapid channel.

November 12, 2020

(R38) Version updates

This note was updated on November 24, 2020.

  • Version 1.18.10-gke.2701 is now available in the Rapid channel. This version is now the default.
  • Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.18 to version 1.18.10-gke.2101 with this release.
  • The issue from September 28, 2020 with Container Threat Detection on GKE 1.18 is resolved in GKE versions versions 1.18.9-gke.1300 and later and 1.19.2-gke.2000 and later.

The issue from September 28, 2020 with Container Threat Detection on GKE 1.18 is resolved in GKE versions versions 1.18.9-gke.1300 and later and 1.19.2-gke.2000 and later.

(R37) Version updates

  • Version 1.18.10-gke.2101 is now available in the Rapid channel.
  • Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.18 to version 1.18.10-gke.1500 with this release.
  • Version 1.18.10-gke.1500 is the new default version in the Rapid channel.

November 04, 2020

(R36) Version updates

  • Version 1.18.10-gke.1500 is now available in the Rapid channel.

    This release sets sysctl net.netfilter.nf_conntrack_tcp_be_liberal=1 on the node image. This discourages netfilter from resetting TCP connections.

  • Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.18 to version 1.18.10-gke.601 with this release.

October 28, 2020

(R35) Version updates

  • Version 1.18.10-gke.601 is now available in the Rapid channel.
  • Version 1.18.9-gke.1501 is no longer available in the Rapid channel.

October 20, 2020

(R34) Version updates

  • Version 1.18.9-gke.2501 is now available in the Rapid channel.
  • Version 1.18.9-gke.2501 is the new default version for clusters in the Rapid channel.
  • Version 1.18.9-gke.801 is no longer available in the Rapid channel.

October 12, 2020

(R33) Version updates

  • Version 1.18.9-gke.1501 is now available in the Rapid channel.
  • Version 1.18.9-gke.801 is the new default version for clusters in the Rapid channel.
  • Version 1.17.9-gke.1504 is no longer available in the Rapid channel.
  • Version 1.18.6-gke.4801 is no longer available in the Rapid channel.
  • Auto-upgrading control planes upgrade from versions 1.17, 1.18 to version 1.18.9-gke.801 during this release.

October 02, 2020

(R32) Version updates

September 25, 2020

(R31) Version updates

  • Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.18.6-gke.3504 to version 1.18.6-gke.4801 with this release.
  • Version 1.18.6-gke.3504 is no longer available in the Rapid channel.

September 15, 2020

(R30) Version updates

  • Version 1.18.6-gke.4801 is now available in the Rapid channel.
  • Version 1.18.6-gke.3504 is the new default version in the Rapid channel.
  • Version 1.17.9-gke.1503 is no longer available in the Rapid channel.
  • Version 1.18.6-gke.3503 is no longer available in the Rapid channel.
  • Auto-upgrading nodes and control planes upgrade from version 1.17 to version 1.17.9-gke.1504 during this release.

September 14, 2020

(R29.1) Version updates

  • Version 1.17.9-gke.1504 is now available in the Rapid channel. This version is now the default.

There is a known issue that prevents creating Rapid channel clusters on 1.18. To create a 1.18 cluster on the Rapid channel, create a Rapid channel cluster on 1.17, and then manually upgrade to 1.18.

September 03, 2020

(R29) Version updates

August 27, 2020

(R28) Version updates

  • Version 1.17.9-gke.1703 is no longer available.

August 20, 2020

(R27) Version updates

  • Version 1.17.9-gke.1703 is now available in the Rapid channel.
  • Version 1.17.9-gke.1503 is now available in the Rapid channel. This version is now the default.
  • Version 1.17.9-gke.600 is no longer available.

August 06, 2020

(R26) Version updates

July 28, 2020

(R25) Version updates

  • Version 1.17.9-gke.600 is now available in the Rapid channel.
  • Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.17.7-gke.15 to version 1.17.8-gke.17 with this release.

July 22, 2020

(R24) Version updates

  • Version 1.17.8-gke.17 is now available in the Rapid channel.

    This version includes node image upgrades for Ubuntu (ubuntu-gke-1804-1-17-v20200610) and Windows Server (windows-server-1909-dc-core-uefi-gke-v1592940889 and windows-server-2019-dc-core-uefi-gke-v1592939281).

  • Version 1.17.7-gke.15 is now available in the Rapid channel.

    This version is now the default.

  • Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.17.6-gke.11 to version 1.17.7-gke.15 with this release.

July 13, 2020

(R23) Version updates

A bug in gVisor has been fixed. Default gVisor node labels are now applied when user-specified labels.

June 29, 2020

1.17.6-gke.11 is now available.

June 23, 2020

1.17.6-gke.7 is now available.

June 08, 2020

1.17.6-gke.4 is now available.

June 01, 2020

1.17.5-gke.9 is now available.

May 27, 2020

Due to a newly discovered issue, version 1.17.5-gke.6 is no longer available.

May 19, 2020

1.17.5-gke.6 is now available in the Rapid release channel.

All GKE clusters running 1.17.3-gke.3 and up will have etcd upgraded to 3.4.7-0-gke.1. All new GKE clusters with 1.17.3-gke.3 and up will be created with etcd 3.4.7-0-gke.1.

May 13, 2020

1.17.5-gke.0 is now available in the Rapid release channel.

April 27, 2020

1.17.4-gke.10 is now available in the Rapid release channel.

Although clusters in the Rapid channel upgrade automatically, you should still review:

The RunAsUsername feature is now beta and allows specifying the username when running a Windows container.

The RuntimeClass scheduler simplifies scheduling Windows Pods to appropriate nodes

The following node labels are deprecated:

Cluster Versions Deprecated Label New Label
1.14+ beta.kubernetes.io/os kubernetes.io/os
1.14+ beta.kubernetes.io/arch kubernetes.io/arch
1.17+ beta.kubernetes.io/instance-type node.kubernetes.io/instance-type
1.17+ failure-domain.beta.kubernetes.io/zone topology.kubernetes.io/zone
1.17+ failure-domain.beta.kubernetes.io/region topology.kubernetes.io/region

You must identify any node selectors using beta labels and modify them to use GA labels.

RBAC in the apps/v1alpha1 and apps/v1beta1 API versions are deprecated in 1.17 and will no longer be served in 1.20. Update your manifests and API clients to use the rbac.authorization.k8s.io/v1 APIs before 1.20 to avoid any issues.

April 15, 2020

1.16.8-gke.9 is now available in the Rapid release channel.

April 07, 2020

1.16.8-gke.8 is now available in the Rapid release channel. The node image for Container-Optimized OS is updated to cos-77-12371-208-0.

April 01, 2020

1.16.8-gke.4 is now available in the Rapid release channel.

Important: Existing clusters enrolled in the Rapid release channel will be auto-upgraded to this version.

March 26, 2020

1.16.8-gke.3 is now available in the Rapid release channel.

March 20, 2020

1.16.6-gke.18 is now available in the Rapid release channel.

March 16, 2020

1.16.6-gke.13 is now available in the Rapid release channel.

March 06, 2020

The user interface for creating clusters in Google Cloud Console has been redesigned. The new design makes it easier to follow GKE best practices.

1.16.6-gke.12 is now available in the Rapid release channel.

Important: Existing clusters enrolled in the Rapid release channel will be auto-upgraded to this version.

February 24, 2020

Ingress for Internal HTTP(S) Load Balancing is now available in Beta. This enables private L7 load balancing inside the VPC that can be deployed with Ingress resources.

February 18, 2020

1.16.5-gke.2 is now available in the Rapid release channel.

Important: Existing clusters enrolled in the Rapid release channel will be auto-upgraded to this version.

Node image for Container-Optimized OS updated to cos-77-12371-141-0.

February 11, 2020

1.16.4-gke.30 is now available in the Rapid release channel.

Important: Existing clusters enrolled in the Rapid release channel will be auto-upgraded to this version.

February 04, 2020

1.16.4-gke.27 is now available in the Rapid release channel.

Important: Existing clusters enrolled in the Rapid release channel will be auto-upgraded to this version.

January 29, 2020

1.16.4-gke.25 is now available in the Rapid release channel.

Important: Existing clusters enrolled in the Rapid release channel will be auto-upgraded to this version.

January 27, 2020

January 22, 2020

1.16.4-gke.22 is now available in the Rapid release channel.

Added ability to specify minimum CPU Platform for auto-provisioned node pools.

Important: Existing clusters enrolled in the Rapid release channel will be auto-upgraded to this version.

January 08, 2020

Do not update to version 1.16.0-gke.20 if you depend on HPA. Horizontal Pod Autoscaling is not working in this version due to a recently discovered issue. A fix will be released with GKE 1.16.3+.