Release notes (Rapid channel)

This page documents updates to releases in the Google Kubernetes Engine Rapid release channel. You can periodically check this page for announcements about new or updated features, bug fixes, known issues, and deprecated functionality. The overall release notes also include the information in this page.

For more detailed information about security-related known issues, see the security bulletin page.

To view release notes for versions prior to 2020, see the Release notes archive.

You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud Console, or you can programmatically access release notes in BigQuery.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly: https://cloud.google.com/feeds/gke-rapid-channel-release-notes.xml

October 15, 2021

(2021-R31) Version updates

Version 1.21.4-gke.2300 is now the default version in the Rapid channel.
The following versions are now available in the Rapid channel:
- 1.21.5-gke.1300
- 1.22.2-gke.1300
The following versions are no longer available in the Rapid channel:
- 1.21.4-gke.1801
- 1.22.1-gke.1602
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.4-gke.2300 with this release.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to 1.22.2-gke.1300 with this release.

GKE Windows clusters using the persistent disk CSI driver might experience volume mount issues with existing PersistentVolumeClaim or PersistentVolume resources if upgraded to one the following versions. Please do not upgrade your Windows node pools to the following versions in the Rapid channel:

1.22.1-gke.1602 or later

The fix will be available in a future GKE 1.22 release.

October 01, 2021

(2021-R30) Version updates

Version 1.21.4-gke.1801 is now the default version in the Rapid channel.
The following control plane and node versions are now available in the Rapid channel:
- 1.21.4-gke.2300
- 1.22.1-gke.1602
Version 1.21.4-gke.301 is no longer available in the Rapid channel.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.4-gke.1801 with this release.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to 1.22.1-gke.1602 with this release.

1.22 is now available in the Rapid channel

Kubernetes 1.22 is now available in the Rapid channel. Before upgrading, read the Kubernetes 1.22 Release Notes, especially the action required and deprecation sections.

Removed API versions in 1.22

The following Beta versions of previously graduated APIs are removed in 1.22 in favor of the GA versions. All existing objects can be interacted with via the stable APIs. Update API clients and manifests to use the GA APIs before upgrading. For more information, see the Kubernetes 1.22 deprecated APIs guide.

admissionregistration.k8s.io/v1beta1, MutatingWebhookConfiguration
admissionregistration.k8s.io/v1beta1, ValidatingWebhookConfiguration
apiextensions.k8s.io/v1beta1, CustomResourceDefinition
apiregistration.k8s.io/v1beta1, APIService
authentication.k8s.io/v1beta1, TokenReview
authorization.k8s.io/v1beta1, LocalSubjectAccessReview
authorization.k8s.io/v1beta1, SelfSubjectAccessReview
authorization.k8s.io/v1beta1, SubjectAccessReview
certificates.k8s.io/v1beta1, CertificateSigningRequest
coordination.k8s.io/v1beta1, Lease
extensions/v1beta1, Ingress
networking.k8s.io/v1beta1, Ingress
networking.k8s.io/v1beta1, IngressClass
rbac.authorization.k8s.io/v1beta1, ClusterRole
rbac.authorization.k8s.io/v1beta1, ClusterRoleBinding
rbac.authorization.k8s.io/v1beta1, Role
rbac.authorization.k8s.io/v1beta1, RoleBinding
scheduling.k8s.io/v1beta1, PriorityClass
storage.k8s.io/v1beta1, CSIDriver
storage.k8s.io/v1beta1, CSINode
storage.k8s.io/v1beta1, StorageClass
storage.k8s.io/v1beta1, VolumeAttachment

Deprecated API versions

These APIs are still served in version 1.22 but are in a deprecation period, and will be removed in 1.25:

PodSecurityPolicy
- policy/v1beta1 PodSecurityPolicy
- Deprecated in 1.21 with removal targeted for version 1.25.
The following Beta versions of graduated APIs will be removed in 1.25 in favor of their GA versions:
- discovery.k8s.io/v1beta1 EndpointSlice, deprecated since 1.21
- policy/v1beta1 PodDisruptionBudget, deprecated since 1.21
- batch/v1beta1 CronJob, deprecated since 1.21

New API versions in 1.22

The pods/eviction subresource now accepts policy/v1 eviction requests in addition to policy/v1beta1 eviction requests (#100724)

Notable features in 1.22

GA: Server-side Apply

Server-side Apply is a new object merge algorithm, as well as tracking of field ownership, running on the Kubernetes API server. Server-side Apply helps users and controllers create and modify their resources via declarative configurations by sending their fully specified intent. Refer to server-side apply documentation for more information. Improvements in 1.22 include:

scale subresource ownership is tracked correctly (#98377)
label selector fields are applied atomically (#97989)

Beta: DaemonSet maxSurge

DaemonSet objects now support a maxSurge rollout parameter, which allows running updated pods for the DaemonSet on nodes before removing old pods. Refer to the DaemonSet API documentation for more information.

Beta: Suspended jobs

Job objects can now be created or placed in a suspended state, to allow higher-level control over ordering and scheduling of batch workloads. Refer to the Job documentation for more information.

Beta: podAffinity namespace selection

Pod affinity rules can now specify namespaced using a label selector, in addition to a fixed list of namespace names. Refer to the pod affinity documentation for more information.

Notable changes and bug fixes in 1.22

The terminationGracePeriodSeconds field on pod specs and container probes should not be negative. Negative values of terminationGracePeriodSeconds will be treated as the value 1 on the delete path. Immutable field validation will be relaxed in order to update negative values. In a future release, negative values will not be permitted. (#98866)
As a mitigation for CVE-2021-25740, newly created Kubernetes 1.22 clusters no longer include write access to the Endpoints API in the edit and admin roles by default. Existing clusters upgraded to Kubernetes 1.22 retain previous permissions in those roles. For instructions to re-add Endpoints write access to the edit and admin roles in newly created 1.22 clusters, refer to the RBAC documentation.

September 17, 2021

(2021-R29) Version updates

Version 1.21.4-gke.301 is now the default version in the Rapid channel.
Version 1.21.4-gke.1801 is now available in the Rapid channel.
Version 1.21.3-gke.2001 is no longer available in the Rapid channel.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.4-gke.301 with this release.

September 07, 2021

(2021-R28) Version updates

Version 1.21.3-gke.2001 is now the default version in the Rapid channel.
The following control plane and node versions are now available in the Rapid channel:
- 1.21.3-gke.2001
- 1.21.4-gke.301
Version 1.21.3-gke.2000 is no longer available in the Rapid channel.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.3-gke.2001 with this release.

August 20, 2021

(2021-R27) Version updates

Version 1.20.8-gke.2100 is now the default version in the Rapid channel.
The following control plane and node versions are now available in the Rapid channel:
- 1.20.9-gke.2100
- 1.21.3-gke.2000
The following versions are no longer available in the Rapid channel:
- 1.20.8-gke.2100
- 1.21.3-gke.900
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.20.8-gke.2100 with this release.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.3-gke.901 with this release.

August 12, 2021

(2021-R26) Version updates

The following control plane and node versions are now available in the Rapid channel:
The following control plane and node versions are no longer available in the Rapid channel:
- 1.20.9-gke.700
- 1.21.3-gke.100
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.3-gke.900 with this release.

August 03, 2021

(2021-R25) Version updates

Version 1.20.8-gke.900 is now the default version in the Rapid channel.
Version 1.20.9-gke.700 is now available in the Rapid channel.
Version 1.21.3-gke.900 is now available in the Rapid channel.
Version 1.20.8-gke.700 is no longer available in the Rapid channel.
Version 1.21.2-gke.600 is no longer available in the Rapid channel.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.20.8-gke.900 with this release.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.21.3-gke.100 with this release.

July 27, 2021

(2021-R24) Version updates

Version 1.21.3-gke.100 is now available in the Rapid channel.

July 20, 2021

(2021-R23) Version updates

Version 1.20.8-gke.700 is now the default version in the Rapid channel.
Version 1.20.8-gke.900 is now available in the Rapid channel.
Version 1.20.7-gke.2200 is no longer available in the Rapid channel.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.20.8-gke.700 with this release.

July 09, 2021

(2021-R22) Version updates

Version 1.20.7-gke.2200 is now the default version.
Version 1.20.8-gke.700 is now available in the Rapid channel.
Version 1.21.2-gke.600 is now available in the Rapid channel.
Version 1.20.6-gke.1400 is no longer available in the Rapid channel.
Version 1.20.7-gke.1800 is no longer available in the Rapid channel.
Version 1.21.1-gke.2200 is no longer available in the Rapid channel.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.20.7-gke.2200 with this release.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.2-gke.600 with this release.

June 25, 2021

(2021-R21) Version updates

Version 1.20.7-gke.2200 is now available in the Rapid channel.
Version 1.21.1-gke.2200 is now available in the Rapid channel.
Version 1.21.1-gke.1800 is no longer available in the Rapid channel.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to 1.20.7-gke.1800 with this release.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.20.7-gke.1800 with this release.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.1-gke.2200 with this release.

June 16, 2021

(2021-R20) Version updates

Version 1.20.7-gke.1800 is now available in the Rapid channel.
Version 1.21.1-gke.1800 is now available in the Rapid channel.
Version 1.21.1-gke.400 is no longer available in the Rapid channel.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.1-gke.1800 with this release.

June 09, 2021

(2021-R19) Version updates

Version 1.20.6-gke.1400 is now the default version in the Rapid channel.
Version 1.21.1-gke.400 is now available in the Rapid channel.
Version 1.20.6-gke.1000 is no longer available in the Rapid channel.
Version 1.21.1-gke.100 is no longer available in the Rapid channel.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.20.6-gke.1400 with this release.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.1-gke.400 with this release.

May 28, 2021

(2021-R18) Version updates

Version 1.20.6-gke.1400 is now available in the Rapid channel.
Version 1.21.1-gke.100 is now available in the Rapid channel.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.1-gke.100 with this release.

1.21 available in the Rapid channel

Kubernetes version 1.21 is now available in the Rapid channel. Before upgrading, read the Kubernetes 1.21 Release Notes, especially the action required and deprecation sections.

1.21 Features

The following features are introduced in version 1.21:

CronJob (GA)

The CronJob API has graduated to General Availability (GA), bringing performance improvements and allowing scheduled jobs to be run using a stable API.

This resource is now available in the batch/v1 group/version.
The batch/v1beta1 group/version is deprecated, and will be removed in version 1.25. See the migration guide for details.

PodDisruptionBudget (GA)

The PodDisruptionBudget has graduated to GA, allowing pod evictions to be controlled using a stable API.

This resource is now available in the policy/v1 group/version.
The policy/v1beta1 group/version is deprecated, and will be removed in version 1.25. See the migration guide for details.

EndpointSlice (GA)

The EndpointSlice API has graduated to GA, bringing performance improvements over the v1 Endpoints API.

This more scalable API for service discovery is now enabled on all clusters and is promoted to discovery.k8s.io/v1.
The discovery.k8s.io/v1beta1 group/version is deprecated, and will be removed in version 1.25. See the migration guide for details.

Default namespace label (Beta)

Namespace API objects now have a kubernetes.io/metadata.name label matching their metadata.name field to allow selecting any namespace by its name using a label selector. This can be used for objects which select namespaces by label, such as admission webhooks and network policies.

Bound service account token volumes (Beta)

The API credentials injected into containers at /var/run/secrets/kubernetes.io/serviceaccount/token are now time-limited, auto-refreshed, and invalidated when the containing pod is deleted.
By default, injected tokens are given an extended lifetime so they remain valid even after a new refreshed token is provided. The metric serviceaccount_stale_tokens_total and the audit annotation authentication.k8s.io/stale-token can be used to monitor for workloads that depend on the extended lifetime and are continuing to use tokens even after a refreshed token is provided to the container.
Clients should reload the token from disk periodically (once per minute is recommended) to ensure they use the refreshed token. k8s.io/client-go version 11.0.0+ and 0.15.0+ reload tokens automatically.

In Kubernetes 1.21, newly provisioned PersistentVolumes by gce-pd will use the topology.kubernetes.io/zone GA label instead of the failure-domain.beta.kubernetes.io/zone beta label.

1.21 New Beta and Stable APIs

The following Stable APIs are new in 1.21:

batch/v1 CronJob
policy/v1 PodDisruptionBudget
discovery.k8s.io/v1 EndpointSlice

The following Beta APIs are new in 1.21:

storage.k8s.io/v1beta1 CSIStorageCapacity

1.21 Deprecated APIs

The following APIs are deprecated in the 1.21 release:

PodSecurityPolicy
- policy/v1beta1 PodSecurityPolicy
- Deprecated in 1.21 with removal targeted for version 1.25.
The following Beta versions of newly graduated APIs will be removed in 1.25 in favor of GA versions:
- discovery.k8s.io/v1beta1 EndpointSlice
- policy/v1beta1 PodDisruptionBudget
- batch/v1beta1 CronJob
The following Beta versions of previously graduated APIs will be removed in 1.22 in favor of GA versions:
- admissionregistration.k8s.io/v1beta1, MutatingWebhookConfiguration
- admissionregistration.k8s.io/v1beta1, ValidatingWebhookConfiguration
- apiextensions.k8s.io/v1beta1, CustomResourceDefinition
- apiregistration.k8s.io/v1beta1, APIService
- authentication.k8s.io/v1beta1, TokenReview
- authorization.k8s.io/v1beta1, LocalSubjectAccessReview
- authorization.k8s.io/v1beta1, SelfSubjectAccessReview
- authorization.k8s.io/v1beta1, SubjectAccessReview
- certificates.k8s.io/v1beta1, CertificateSigningRequest
- coordination.k8s.io/v1beta1, Lease
- extensions/v1beta1, Ingress
- networking.k8s.io/v1beta1, Ingress
- networking.k8s.io/v1beta1, IngressClass
- rbac.authorization.k8s.io/v1beta1, ClusterRole
- rbac.authorization.k8s.io/v1beta1, ClusterRoleBinding
- rbac.authorization.k8s.io/v1beta1, Role
- rbac.authorization.k8s.io/v1beta1, RoleBinding
- scheduling.k8s.io/v1beta1, PriorityClass
- storage.k8s.io/v1beta1, CSIDriver
- storage.k8s.io/v1beta1, CSINode
- storage.k8s.io/v1beta1, StorageClass
- storage.k8s.io/v1beta1, VolumeAttachment

May 20, 2021

In GKE version 1.20 and later, audit logging does not occur for Binary Authorization fail open events.

May 19, 2021

(2021-R17) Version updates

Version 1.20.6-gke.1000 is now the default version in the Rapid channel.
Version 1.19.9-gke.1900 is no longer available in the Rapid channel.
Version 1.19.10-gke.1000 is no longer available in the Rapid channel.
The following control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded with this release:
- From version 1.18 to 1.19.9-gke.1900.
- From version 1.19 to 1.20.6-gke.1000.
- From version 1.20 to 1.20.6-gke.1000.

May 12, 2021

(2021-R16) Version updates

Version 1.19.10-gke.1000 is now available in the Rapid channel.
Version 1.20.6-gke.1000 is now available in the Rapid channel.
Version 1.20.5-gke.2000 is no longer available in the Rapid channel.
The following control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded with this release:
- From version 1.18 to 1.19.9-gke.1900.
- From version 1.19 to 1.19.9-gke.1900.
- From version 1.20 to 1.20.6-gke.1000.

May 04, 2021

(2021-R15) Version updates

Version 1.19.9-gke.1900 is now the default version in the Rapid channel.
Version 1.19.9-gke.1400 is no longer available in the Rapid channel.
The following control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded with this release:
- From version 1.18 to 1.19.9-gke.1900.
- From version 1.19 to 1.19.9-gke.1900.

April 29, 2021

Fixes for the following GKE Autopilot clusters issues are rolling out to the Rapid release channel:

Pods with a priority lower than -10 would not trigger scale up.
Pod anti-affinity might cause overscaling.

April 27, 2021

(2021-R14) Version updates

Version 1.19.9-gke.1400 is now the default version in the Rapid channel.
Version 1.19.9-gke.1900 is now available in the Rapid channel.
Version 1.20.5-gke.2000 is now available in the Rapid channel.
Version 1.19.9-gke.700 is no longer available in the Rapid channel.
Version 1.20.5-gke.1300 is no longer available in the Rapid channel.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.18 to version 1.19.9-gke.1400 with this release.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.19.9-gke.1400 with this release.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.20.5-gke.2000 with this release.

April 20, 2021

(2021-R13) Version updates

Version 1.19.9-gke.700 is now the default version in the Rapid channel.
Version 1.19.9-gke.1400 is now available in the Rapid channel.
Version 1.20.5-gke.1300 is now available in the Rapid channel.
Version 1.19.9-gke.100 is no longer available in the Rapid channel.
Version 1.20.5-gke.800 is no longer available in the Rapid channel.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.18 to version 1.19.9-gke.700 with this release.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.19.9-gke.700 with this release.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.20.5-gke.1300 with this release.

April 14, 2021

(2021-R12) Version updates

Version 1.19.9-gke.100 is now the default version in the Rapid channel.
Version 1.19.9-gke.700 is now available in the Rapid channel.
Version 1.20.5-gke.800 is now available in the Rapid channel.
Version 1.19.8-gke.2000 is no longer available in the Rapid channel.
Version 1.20.5-gke.101 is no longer available in the Rapid channel.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.18 to version 1.19.9-gke.100 with this release.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.19.9-gke.100 with this release.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.20.5-gke.800 with this release.

April 06, 2021

(2021-R11) Version updates

Version 1.19.8-gke.2000 is now the default version.
The following versions are now available in the Rapid channel:
- 1.19.9-gke.100
- 1.20.5-gke.100
The following versions are no longer available in the Rapid channel:
- 1.19.8-gke.1600
- 1.20.4-gke.2200
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.18 to version 1.19.8-gke.2000 with this release.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.19.8-gke.2000 with this release.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.20.5-gke.100 with this release.

March 29, 2021

Version 1.19.8-gke.1600 is now the default version in the Rapid channel.
The following versions are now available in the Rapid channel:
- 1.19.8-gke.2000
- 1.20.4-gke.2200
The following versions are no longer available in the Rapid channel:
- 1.19.8-gke.1000
- 1.20.4-gke.1800
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.19.8-gke.1600 with this release.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.20.4-gke.2200 with this release.

March 23, 2021

Starting tomorrow, March 24, 2021, the mechanism we use to create GKE release notes will change. Although this change does not affect the content of the notes, it does affect the presentation and underlying syntax. If you subscribe to the XML feed for this page, entries for March 24 and earlier will be updated as a result of changes to formatting and syntax; the content itself did not change.

The feed URL will also change from https://cloud.google.com/feeds/kubernetes-engine-release-notes.xml to https://cloud.google.com/feeds/gke-main-release-notes.xml. We will automatically redirect from the old URL to the new one.

Windows Server, version 1909 is reaching end of support on May 11, 2021. Newer Windows Server image versions are available in GKE versions 1.19.8-gke.1600+ and 1.20.4-gke.500+.

March 16, 2021

(2021-R9) Version updates

Version 1.19.8-gke.1000 is now the default version in the Rapid channel.
Version 1.19.8-gke.1600 is now available in the Rapid channel.
Version 1.20.4-gke.1800 is now available in the Rapid channel.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.19.8-gke.1000 with this release.
Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.20.4-gke.1800 with this release.
Version 1.19.7-gke.2503 is no longer available in the Rapid channel.
Version 1.20.4-gke.400 is no longer available in the Rapid channel.

March 05, 2021

(2021-R8) Version updates

Version 1.19.7-gke.2503 is now available in the Rapid channel. This version is now the default.
Version 1.19.8-gke.1000 is now available in the Rapid channel.
Version 1.20.4-gke.400 is now available in the Rapid channel.
Auto-upgrading nodes and control planes in the Rapid channel upgrade from version 1.19 to version 1.19.7-gke.2503 with this release.
Auto-upgrading nodes and control planes in the Rapid channel upgrade from version 1.20 to version 1.20.4-gke.400 with this release.
Version 1.19.7-gke.1500 is no longer available in the Rapid channel.
Version 1.20.2-gke.2500 is no longer available in the Rapid channel.

February 25, 2021

(2021-R7) Version updates

Version 1.19.7-gke.1500 is the new default version in the Rapid channel.
Version 1.19.7-gke.2503 is now available in the Rapid channel.
Version 1.20.2-gke.2500 is now available in the Rapid channel. Before upgrading to 1.20.2-gke.2500, read the 1.20 available in the Rapid channel section in the release notes.
Version 1.19.7-gke.1302 is no longer available in the Rapid channel.
Auto-upgrading control planes in the Rapid channel automatically upgrade from version 1.19 to version 1.19.7-gke.1500 with this release.
Auto-upgrading control planes in the Rapid channel automatically upgrade from version 1.20 to version 1.20.2-gke.2500 with this release.
Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.19 to version 1.19.7-gke.1500 with this release.
Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.20 to version 1.20.2-gke.2500 with this release.

1.20 available in the Rapid channel

Kubernetes 1.20 is now available in the Rapid channel. Before upgrading to 1.20.2-gke.2500, read the Kubernetes 1.20 ReleaseNotes especially the Urgent upgrade notes and Deprecations sections.

RuntimeClass graduated to GA in version 1.20: The node.k8s.io/v1beta1 RuntimeClass API has graduated to node.k8s.io/v1 with no changes. API clients and manifests should switch to using the node.k8s.io/v1 API after version 1.20. The node.k8s.io/v1beta1 API is deprecated and will no longer be served starting in version 1.25.

As of version 1.20, the kubelet no longer creates the target_path for NodePublishVolume in accordance with the CSI spec. If you have self-managed CSI drivers deployed in your cluster, ensure that they are idempotent and do any necessary mount creation or verification. For more information, see Kubernetes issue #88759.

Starting in version 1.20, timeouts on exec probes are honored, and default to 1 second if unspecified. If you have Pods using exec probes, ensure that they can easily complete in 1 second or explicitly set an appropriate timeout. For more information, see Configure Probes.

Non-deterministic treatment of objects with invalid ownerReferences was fixed in version 1.20. Run the kubectl-check-ownerreferences tool prior to upgrade to locate existing objects with invalid ownerReferences.

A namespaced object with an ownerReference to another namespaced object which does not exist in the same namespace is now consistently treated as having a missing owner and is deleted.
A cluster-scoped object with an ownerReference to a namespaced object is now consistently treated as having an unresolvable owner, and is ignored by the garbage collector.
Starting in version 1.20, when a namespace mismatch between a child and owner object is detected, an event with a reason code of OwnerRefInvalidNamespace is recorded.

The metadata.selfLink field, deprecated since version 1.16, is no longer populated in version 1.20. See Kubernetes issue #1164 for details. A related bug in the k8s.io/client-go library in the GetReference function was fixed in versions 0.15.9 or later, 0.16.4 or later, and 0.17.0 or later. Clients using the GetReference function should upgrade to one of those versions of client-go or newer in order to work correctly against an API Server running version 1.20 or later.

February 17, 2021

(2021-R6) Version updates

Version 1.19.7-gke.1302 is now available in the Rapid channel. This version is now the default.
Version 1.19.7-gke.1500 is now available in the Rapid channel.
Version 1.18.12-gke.1206 is no longer available in the Rapid channel.
Version 1.19.7-gke.800 is no longer available in the Rapid channel.
Auto-upgrading control planes in the Rapid channel automatically upgrade from version 1.18 to version 1.19.7-gke.1302 with this release.
Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.18 to version 1.19.7-gke.1302 with this release.

February 09, 2021

(2021-R5) Version updates

Version 1.18.12-gke.1210 is now available in the Rapid channel. This version is now the default.
Version 1.19.7-gke.1302 is now available in the Rapid channel.
Version 1.18.12-gke.1205 is no longer available in the Rapid channel.
Version 1.19.6-gke.1700 is no longer available in the Rapid channel.
Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.18 to version 1.18.12-gke.1206 with this release.
Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.19 to version 1.19.7-gke.800 with this release.

February 02, 2021

(2021-R4) Version updates

Version 1.18.12-gke.1206 is now available in the Rapid channel.
Version 1.19.7-gke.800 is now available in the Rapid channel.
Version 1.19.6-gke.600 is no longer available in the Rapid channel.
Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.19 to version 1.19.6-gke.1700 with this release.

January 28, 2021

For clusters using a 1.19 version, with the Container-Optimized OS with Containerd (cos_containerd) node image, dockerd (the Docker Daemon) is not running at boot. It needs to be started manually. This issue will be fixed in a future release.

January 25, 2021

(2021-R3) Version updates

Version 1.19.6-gke.1700 is now available in the Rapid channel.

January 19, 2021

(2021-R2) Version updates

Version 1.18.12-gke.1205 is now available in the Rapid channel. This version is now the default.
Version 1.19.6-gke.600 is now available in the Rapid channel. Before upgrading to 1.19.6-gke.600, read the 1.19 available in the Rapid channel section in the release notes.
Version 1.18.12-gke.1200 is no longer available in the Rapid channel.
Version 1.18.12-gke.1202 is no longer available in the Rapid channel.
Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.18 to version 1.18.12-gke.1205 with this release.
Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.19 to version 1.19.6-gke.600 with this release.

1.19 available in the Rapid channel

Kubernetes 1.19 is now available in Rapid channel. Before upgrading to 1.19.6-gke.600, read Kubernetes 1.19 Release Notes especially the Urgent upgrade notes section.

Basic authentication with a password has been removed in Kubernetes 1.19. Clusters upgraded to 1.19 can no longer use basic authentication to authenticate users to the control plane.

Seccomp (secure computing mode) support for Kubernetes has graduated to General Availability (GA). This feature can be used to increase the workload security by restricting the system calls for a Pod (applies to all containers) or individual containers.

A new seccompProfile field is added to Pod and Container securityContext objects, starting in Kubernetes 1.19.

securityContext:
  seccompProfile:
    # "Unconfined", "RuntimeDefault", or "Localhost"
    type: Localhost
    # only necessary if type == Localhost
    localhostProfile: my-profiles/profile-allow.json

The alpha seccomp annotations seccomp.security.alpha.kubernetes.io/pod and container.seccomp.security.alpha.kubernetes.io/…are deprecated in favor of the GA API field. The alpha annotations will not be honored in Kubernetes 1.22+.

If you are currently using Seccomp annotations on Pods or Containers, you should identify and transition workloads using the annotations to set the API fields before 1.21 is released on GKE (approximately in June 2021). No change on PodSecurityPolicy is required, as it supports both annotation and field seccomp profiles. You can follow the recommended steps below:

Locate Seccomp annotation usages. In your Kubernetes manifest files, search for "seccomp.security.alpha.kubernetes.io/pod" and "container.seccomp.security.alpha.kubernetes.io/"".

Add or update securityContext fields. Based on your annotation usage, add or update (if securityContext already exists) the securityContext field in Pod or Container spec. The annotations can be left in place, but must match the securityContext API field.

Current annotation usage	Add or update securityContext
`seccomp.security.alpha.kubernetes.io/pod`	In Pod's securityContext, add seccompProfile field.
`container.seccomp.security.alpha.kubernetes.io/CONTAINER_NAME`	In `CONTAINER_NAME`'s securityContext, add seccompProfile field.

Set values for seccompProfile. The type field of seccompProfile corresponds to the annotation value, and localhostProfile field corresponds to the path following localhost annotation value.

Current annotation value	seccompProfile value
`unconfined`	`seccompProfile: type: Unconfined`
`runtime/default` or `docker/default`	`seccompProfile: type: RuntimeDefault`
`localhost/path/to/profile.json`	`seccompProfile: type: Localhost localhostProfile: path/to/profile.json`

For more details, see the following pages:

The widely used Ingress API has graduated to general availability in Kubernetes 1.19. The v1beta1 Ingress API is deprecated, and will no longer be served in 1.22+. Before 1.21, identify and transition clients and manifests using the v1beta1 Ingress API to use networking.k8s.io/v1.

Clusters with Google Cloud's operations suite enabled can use the following query to identify clients that access the Ingress v1beta1 APIs:

resource.type="k8s_cluster"
resource.labels.cluster_name="$CLUSTER_NAME"
protoPayload.authenticationInfo.principalEmail:("system:serviceaccount" OR "@")
protoPayload.request.apiVersion=("extensions/v1beta1" OR "networking.k8s.io/v1beta1")
protoPayload.request.kind="Ingress"
NOT ("kube-system")

Identify and transition clients and manifests using the v1beta1 Ingress APIs to use networking.k8s.io/v1 before 1.21 is released on GKE (approximately in June 2021), then verify no clients are using the v1beta1 API during the 1.21 timeframe. Workloads using the v1beta1 APIs need to be upgraded before your cluster is upgraded to GKE 1.22.

To migrate manifests to networking.k8s.io/v1:

Rename the spec.backend field (if specified) to spec.defaultBackend
Rename each backend.serviceName field to backend.service.name
Rename each numeric backend.servicePort field to backend.service.port.number
Rename each string backend.servicePort field to backend.service.port.name
Specify a pathType field for each defined path. Options are Prefix, Exact, and ImplementationSpecific. To match the undefined v1beta1 behavior, use ImplementationSpecific.

As an example, to migrate this v1beta1 manifest to v1:

v1beta1 manifest

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: example
spec:
  backend:
    serviceName: default-backend
    servicePort: 80
  rules:
  - http:
      paths:
      - path: /testpath
        backend:
          serviceName: test
          servicePort: 80

v1 manifest

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: example
spec:
  defaultBackend:
    service:
      name: default-backend
      port:
        number: 80
  rules:
  - http:
      paths:
      - path: /testpath
        pathType: ImplementationSpecific
        backend:
          service:
            name: test
            port:
              number: 80

The CertificateSigningRequest API has graduated to certificates.k8s.io/v1 in Kubernetes 1.19. The v1beta1 CertificateSigningRequest API is deprecated and will no longer be served in 1.22+.

Clusters with Google Cloud's operations suite enabled can use the following query to identify clients that access the CertificateSigningRequest v1beta1 APIs:

resource.type="k8s_cluster"
resource.labels.cluster_name="$CLUSTER_NAME"
protoPayload.authenticationInfo.principalEmail:("system:serviceaccount" OR "@")
protoPayload.request.apiVersion="certificates.k8s.io/v1beta1"
NOT ("kube-system")

Identify and transition clients and manifests using the v1beta1 CertificateSigningRequest API to use certificates.k8s.io/v1 before 1.21 is released on GKE (approximately in June 2021), then verifying no clients are using the v1beta1 API during the 1.21 timeframe. Workloads using the v1beta1 API need to be upgraded before your cluster is upgraded to GKE 1.22.

Differences between the v1beta1 and v1 API are as follows:

For API clients requesting certificates:
- spec.signerName is now required, and requests for kubernetes.io/legacy-unknown are not allowed to be created using the certificates.k8s.io/v1 API
- spec.usages is now required, cannot contain duplicate values, and must only contain known usages
For API clients approving or signing certificates:
- status.conditions cannot contain duplicate types
- status.conditions[*].status is now required
- status.certificate must be PEM-encoded, and must contain only CERTIFICATE blocks

January 08, 2021

(2021-R1) Version updates

Version 1.18.12-gke.1201 is now available in the Rapid channel. This version is now the default.
Version 1.18.12-gke.1205 is now available in the Rapid channel.
Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.18 to version 1.18.12-gke.1201 with this release.

December 14, 2020

(R41) Version updates

Version 1.18.12-gke.1201 is now available in the Rapid channel.
Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.18 to version 1.18.12-gke.1200 with this release.

December 07, 2020

(R40) Version updates

Version 1.18.12-gke.1200 is now available in the Rapid channel.
Version 1.18.12-gke.300 is now the default in the Rapid channel.
Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.18 to version 1.18.12-gke.300 with this release.
Version 1.18.10-gke.2701 is no longer available in the Rapid channel.

December 01, 2020

(R39) Version updates

Version 1.18.12-gke.300 is now available in the Rapid channel. This version is now the default.
1.18.10-gke.2701 is now the default version in the Rapid channel.
Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.18 to version 1.18.10-gke.2701 with this release.
Version 1.18.10-gke.2101 is no longer available in the Rapid channel.

November 25, 2020

Auto-upgrade status

GKE Auto-Upgrade is currently suspended for control planes, and nodes. Manual upgrades are available.

November 24, 2020

The November 17, 2020 release removed the following GKE version:

Version 1.18.10-gke.1500 is no longer available in the Rapid channel.

November 12, 2020

(R38) Version updates

This note was updated on November 24, 2020.

Version 1.18.10-gke.2701 is now available in the Rapid channel. This version is now the default.
Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.18 to version 1.18.10-gke.2101 with this release.
The issue from September 28, 2020 with Container Threat Detection on GKE 1.18 is resolved in GKE versions versions 1.18.9-gke.1300 and later and 1.19.2-gke.2000 and later.

The issue from September 28, 2020 with Container Threat Detection on GKE 1.18 is resolved in GKE versions versions 1.18.9-gke.1300 and later and 1.19.2-gke.2000 and later.

(R37) Version updates

Version 1.18.10-gke.2101 is now available in the Rapid channel.
Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.18 to version 1.18.10-gke.1500 with this release.
Version 1.18.10-gke.1500 is the new default version in the Rapid channel.

November 04, 2020

(R36) Version updates

Version 1.18.10-gke.1500 is now available in the Rapid channel.

This release sets sysctl net.netfilter.nf_conntrack_tcp_be_liberal=1 on the node image. This discourages netfilter from resetting TCP connections.
Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.18 to version 1.18.10-gke.601 with this release.

October 28, 2020

(R35) Version updates

Version 1.18.10-gke.601 is now available in the Rapid channel.
Version 1.18.9-gke.1501 is no longer available in the Rapid channel.

October 20, 2020

(R34) Version updates

Version 1.18.9-gke.2501 is now available in the Rapid channel.
Version 1.18.9-gke.2501 is the new default version for clusters in the Rapid channel.
Version 1.18.9-gke.801 is no longer available in the Rapid channel.

October 12, 2020

(R33) Version updates

Version 1.18.9-gke.1501 is now available in the Rapid channel.
Version 1.18.9-gke.801 is the new default version for clusters in the Rapid channel.
Version 1.17.9-gke.1504 is no longer available in the Rapid channel.
Version 1.18.6-gke.4801 is no longer available in the Rapid channel.
Auto-upgrading control planes upgrade from versions 1.17, 1.18 to version 1.18.9-gke.801 during this release.

October 02, 2020

(R32) Version updates

Version 1.18.9-gke.801 is now available in the Rapid channel.

September 25, 2020

(R31) Version updates

Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.18.6-gke.3504 to version 1.18.6-gke.4801 with this release.
Version 1.18.6-gke.3504 is no longer available in the Rapid channel.

September 15, 2020

(R30) Version updates

Version 1.18.6-gke.4801 is now available in the Rapid channel.
Version 1.18.6-gke.3504 is the new default version in the Rapid channel.
Version 1.17.9-gke.1503 is no longer available in the Rapid channel.
Version 1.18.6-gke.3503 is no longer available in the Rapid channel.
Auto-upgrading nodes and control planes upgrade from version 1.17 to version 1.17.9-gke.1504 during this release.

September 14, 2020

(R29.1) Version updates

Version 1.17.9-gke.1504 is now available in the Rapid channel. This version is now the default.

There is a known issue that prevents creating Rapid channel clusters on 1.18. To create a 1.18 cluster on the Rapid channel, create a Rapid channel cluster on 1.17, and then manually upgrade to 1.18.

September 03, 2020

(R29) Version updates

Version 1.18.6-gke.3503 is now available in the Rapid channel.

August 27, 2020

(R28) Version updates

Version 1.17.9-gke.1703 is no longer available.

August 20, 2020

(R27) Version updates

Version 1.17.9-gke.1703 is now available in the Rapid channel.
Version 1.17.9-gke.1503 is now available in the Rapid channel. This version is now the default.
Version 1.17.9-gke.600 is no longer available.

August 06, 2020

(R26) Version updates

Version 1.17.9-gke.1500 is now available in the Rapid channel.
Version 1.17.9-gke.600 is now available in the Rapid channel.

July 28, 2020

(R25) Version updates

Version 1.17.9-gke.600 is now available in the Rapid channel.
Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.17.7-gke.15 to version 1.17.8-gke.17 with this release.

July 22, 2020

(R24) Version updates

Version 1.17.8-gke.17 is now available in the Rapid channel.

This version includes node image upgrades for Ubuntu (ubuntu-gke-1804-1-17-v20200610) and Windows Server (windows-server-1909-dc-core-uefi-gke-v1592940889 and windows-server-2019-dc-core-uefi-gke-v1592939281).
Version 1.17.7-gke.15 is now available in the Rapid channel.

This version is now the default.
Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.17.6-gke.11 to version 1.17.7-gke.15 with this release.

July 13, 2020

(R23) Version updates

Version 1.17.7-gke.15 is now available in the Rapid channel.

A bug in gVisor has been fixed. Default gVisor node labels are now applied when user-specified labels.

June 29, 2020

1.17.6-gke.11 is now available.

June 23, 2020

1.17.6-gke.7 is now available.

June 08, 2020

1.17.6-gke.4 is now available.

June 01, 2020

1.17.5-gke.9 is now available.

May 27, 2020

Due to a newly discovered issue, version 1.17.5-gke.6 is no longer available.

May 19, 2020

1.17.5-gke.6 is now available in the Rapid release channel.

All GKE clusters running 1.17.3-gke.3 and up will have etcd upgraded to 3.4.7-0-gke.1. All new GKE clusters with 1.17.3-gke.3 and up will be created with etcd 3.4.7-0-gke.1.

May 13, 2020

1.17.5-gke.0 is now available in the Rapid release channel.

April 27, 2020

1.17.4-gke.10 is now available in the Rapid release channel.

Although clusters in the Rapid channel upgrade automatically, you should still review:

The RunAsUsername feature is now beta and allows specifying the username when running a Windows container.

The RuntimeClass scheduler simplifies scheduling Windows Pods to appropriate nodes

The following node labels are deprecated:

Cluster Versions	Deprecated Label	New Label
1.14+	beta.kubernetes.io/os	kubernetes.io/os
1.14+	beta.kubernetes.io/arch	kubernetes.io/arch
1.17+	beta.kubernetes.io/instance-type	node.kubernetes.io/instance-type
1.17+	failure-domain.beta.kubernetes.io/zone	topology.kubernetes.io/zone
1.17+	failure-domain.beta.kubernetes.io/region	topology.kubernetes.io/region

You must identify any node selectors using beta labels and modify them to use GA labels.

RBAC in the apps/v1alpha1 and apps/v1beta1 API versions are deprecated in 1.17 and will no longer be served in 1.20. Update your manifests and API clients to use the rbac.authorization.k8s.io/v1 APIs before 1.20 to avoid any issues.

April 15, 2020

1.16.8-gke.9 is now available in the Rapid release channel.

April 07, 2020

1.16.8-gke.8 is now available in the Rapid release channel. The node image for Container-Optimized OS is updated to cos-77-12371-208-0.

April 01, 2020

1.16.8-gke.4 is now available in the Rapid release channel.

Important: Existing clusters enrolled in the Rapid release channel will be auto-upgraded to this version.

March 26, 2020

1.16.8-gke.3 is now available in the Rapid release channel.

March 20, 2020

1.16.6-gke.18 is now available in the Rapid release channel.

March 16, 2020

1.16.6-gke.13 is now available in the Rapid release channel.

March 06, 2020

The user interface for creating clusters in Google Cloud Console has been redesigned. The new design makes it easier to follow GKE best practices.

1.16.6-gke.12 is now available in the Rapid release channel.

Important: Existing clusters enrolled in the Rapid release channel will be auto-upgraded to this version.

February 24, 2020

Ingress for Internal HTTP(S) Load Balancing is now available in Beta. This enables private L7 load balancing inside the VPC that can be deployed with Ingress resources.

February 18, 2020

1.16.5-gke.2 is now available in the Rapid release channel.

Important: Existing clusters enrolled in the Rapid release channel will be auto-upgraded to this version.

Node image for Container-Optimized OS updated to cos-77-12371-141-0.

February 11, 2020

1.16.4-gke.30 is now available in the Rapid release channel.

Important: Existing clusters enrolled in the Rapid release channel will be auto-upgraded to this version.

February 04, 2020

1.16.4-gke.27 is now available in the Rapid release channel.

Important: Existing clusters enrolled in the Rapid release channel will be auto-upgraded to this version.

January 29, 2020

1.16.4-gke.25 is now available in the Rapid release channel.

Important: Existing clusters enrolled in the Rapid release channel will be auto-upgraded to this version.

January 27, 2020

The ability to create clusters with node pools running Microsoft Windows Server is now in Beta.

January 22, 2020

1.16.4-gke.22 is now available in the Rapid release channel.

Added ability to specify minimum CPU Platform for auto-provisioned node pools.

Important: Existing clusters enrolled in the Rapid release channel will be auto-upgraded to this version.

January 08, 2020

Do not update to version 1.16.0-gke.20 if you depend on HPA. Horizontal Pod Autoscaling is not working in this version due to a recently discovered issue. A fix will be released with GKE 1.16.3+.