Release notes (Rapid channel)

This page documents updates to releases in the Google Kubernetes Engine Rapid release channel. You can periodically check this page for announcements about new or updated features, bug fixes, known issues, and deprecated functionality. The overall release notes also include the information in this page.

For more detailed information about security-related known issues, see the security bulletin page.

You can see the latest product updates for all of Google Cloud on the Google Cloud release notes page.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly: https://cloud.google.com/feeds/kubernetes-engine-rapid-channel-release-notes.xml

November 25, 2020

Auto-upgrade status

GKE Auto-Upgrade is currently suspended for control planes, and nodes. Manual upgrades are available.

November 24, 2020

The November 17, 2020 release removed the following GKE version.

Version 1.18.10-gke.1500 is no longer available in the Rapid channel.

November 12, 2020 (R38)

This note was updated on November 24, 2020.

Version 1.18.10-gke.2701 is now available in the Rapid channel. This version is now the default.

Auto-upgrading nodes in the Rapid channel automatically upgrade to version 1.18.10-gke.2101 with this release.

The issue from September 28, 2020 with Container Threat Detection on GKE 1.18 is resolved in GKE versions versions 1.18.9-gke.1300 and later and 1.19.2-gke.2000 and later.

November 12, 2020 (R37)

Version 1.18.10-gke.2101 is now available in the Rapid channel.

Auto-upgrading nodes in the Rapid channel automatically upgrade to version 1.18.10-gke.1500 with this release.

Version 1.18.10-gke.1500 is the new default version in the Rapid channel.

November 4, 2020 (R36)

Version 1.18.10-gke.1500 is now available in the Rapid channel.

This release sets sysctl net.netfilter.nf_conntrack_tcp_be_liberal=1 on the node image. This discourages netfilter from resetting TCP connections.

Auto-upgrading nodes in the Rapid channel automatically upgrade to version 1.18.10-gke.601 with this release.

October 28, 2020 (R35)

Version 1.18.10-gke.601 is now available in the Rapid channel.

Version 1.18.9-gke.1501 is no longer available in the Rapid channel.

October 20, 2020 (R34)

Version 1.18.9-gke.2501 is now available in the Rapid channel.

Version 1.18.9-gke.2501 is the new default version for clusters in the Rapid channel.

Version 1.18.9-gke.801 is no longer available in the Rapid channel.

October 12, 2020 (R33)

Version 1.18.9-gke.1501 is now available in the Rapid channel.

Version 1.18.9-gke.801 is the new default version for clusters in the Rapid channel.

Version 1.17.9-gke.1504 is no longer available in the Rapid channel.

Version 1.18.6-gke.4801 is no longer available in the Rapid channel.

Auto-upgrading control planes upgrade from versions 1.17, 1.18 to version 1.18.9-gke.801 during this release.

October 02, 2020 (R32)

Version 1.18.9-gke.801 is now available in the Rapid channel.

September 25, 2020 (R31)

Auto-upgrading nodes in the Rapid channel automatically upgrade to version 1.18.6-gke.4801 with this release.

Version 1.18.6-gke.3504 is no longer available in the Rapid channel.

September 15, 2020 (R30)

Version 1.18.6-gke.4801 is now available in the Rapid channel.

Version 1.18.6-gke.3504 is the new default version in the Rapid channel.

Version 1.17.9-gke.1503 is no longer available in the Rapid channel.

Version 1.18.6-gke.3503 is no longer available in the Rapid channel.

Auto-upgrading nodes and control planes upgrade from version 1.17 to version 1.17.9-gke.1504 during this release.

September 14, 2020 (R29.1)

Version 1.17.9-gke.1504 is now available in the Rapid channel. This version is now the default.

Known issues

There is a known issue that prevents creating Rapid channel clusters on 1.18. To create a 1.18 cluster on the Rapid channel, create a Rapid channel cluster on 1.17, and then manually upgrade to 1.18.

September 3, 2020 (R29)

Version 1.18.6-gke.3503 is now available in the Rapid channel.

August 27, 2020 (R28)

Version 1.17.9-gke.1703 is no longer available.

August 20, 2020 (R27)

Version 1.17.9-gke.1703 is now available in the Rapid channel.

Version 1.17.9-gke.1503 is now available in the Rapid channel. This version is now the default.

Version 1.17.9-gke.600 is no longer available.

August 06, 2020 (R26)

Version 1.17.9-gke.1500 is now available in the Rapid channel.

Version 1.17.9-gke.600 is now available in the Rapid channel.

July 28, 2020 (R25)

Version 1.17.9-gke.600 is now available in the Rapid channel.

Auto-upgrading nodes in the Rapid channel automatically upgrade to version 1.17.8-gke.17 with this release.

July 22, 2020 (R24)

Version 1.17.8-gke.17 is now available in the Rapid channel.

This version includes node image upgrades for Ubuntu (ubuntu-gke-1804-1-17-v20200610) and Windows Server (windows-server-1909-dc-core-uefi-gke-v1592940889 and windows-server-2019-dc-core-uefi-gke-v1592939281).

Version 1.17.7-gke.15 is now available in the Rapid channel.

This version is now the default.

Auto-upgrading nodes in the Rapid channel automatically upgrade to version 1.17.7-gke.15 with this release.

July 13, 2020 (R23)

Version 1.17.7-gke.15 is now available in the Rapid channel.

Fixed issues

A bug in gVisor has been fixed. Default gVisor node labels are now applied when user-specified labels.

June 29, 2020

1.17.6-gke.11 is now available.

June 23, 2020

1.17.6-gke.7 is now available.

June 8, 2020

1.17.6-gke.4 is now available.

June 1, 2020

1.17.5-gke.9 is now available.

May 27, 2020

Known issue

Due to a newly discovered issue, version 1.17.5-gke.6 is no longer available.

May 19, 2020

1.17.5-gke.6 is now available in the Rapid release channel.

All GKE clusters running 1.17.3-gke.3 and up will have etcd upgraded to 3.4.7-0-gke.1. All new GKE clusters with 1.17.3-gke.3 and up will be created with etcd 3.4.7-0-gke.1.

May 13, 2020

1.17.5-gke.0 is now available in the Rapid release channel.

April 27, 2020

1.17.4-gke.10 is now available in the Rapid release channel.

Although clusters in the Rapid channel upgrade automatically, you should still review:

New features

The RunAsUsername feature is now beta and allows specifying the username when running a Windows container.

The RuntimeClass scheduler simplifies scheduling Windows Pods to appropriate nodes

Deprecations

The following node labels are deprecated:

Cluster Versions	Deprecated Label	New Label
1.14+	beta.kubernetes.io/os	kubernetes.io/os
1.14+	beta.kubernetes.io/arch	kubernetes.io/arch
1.17+	beta.kubernetes.io/instance-type	node.kubernetes.io/instance-type
1.17+	failure-domain.beta.kubernetes.io/zone	topology.kubernetes.io/zone
1.17+	failure-domain.beta.kubernetes.io/region	topology.kubernetes.io/region

You must identify any node selectors using beta labels and modify them to use GA labels.

RBAC in the apps/v1alpha1 and apps/v1beta1 API versions are deprecated in 1.17 and will no longer be served in 1.20. Update your manifests and API clients to use the rbac.authorization.k8s.io/v1 APIs before 1.20 to avoid any issues.

April 15, 2020

1.16.8-gke.9 is now available in the Rapid release channel.

April 07, 2020

1.16.8-gke.8 is now available in the Rapid release channel. The node image for Container-Optimized OS is updated to cos-77-12371-208-0.

April 1, 2020

1.16.8-gke.4 is now available in the Rapid release channel.

March 26, 2020

1.16.8-gke.3 is now available in the Rapid release channel.

March 20, 2020

1.16.6-gke.18 is now available in the Rapid release channel.

March 16, 2020

1.16.6-gke.13 is now available in the Rapid release channel.

March 6, 2020

New features

The user interface for creating clusters in Google Cloud Console has been redesigned. The new design makes it easier to follow GKE best practices.

Version updates

1.16.6-gke.12 is now available in the Rapid release channel.

Important: Existing clusters enrolled in the Rapid release channel will be auto-upgraded to this version.

February 24, 2020

New features

Ingress for Internal HTTP(S) Load Balancing is now available in Beta. This enables private L7 load balancing inside the VPC that can be deployed with Ingress resources.

February 18, 2020

1.16.5-gke.2 is now available in the Rapid release channel.

Node image for Container-Optimized OS updated to cos-77-12371-141-0.

February 11, 2020

1.16.4-gke.30 is now available in the Rapid release channel.

February 4, 2020

1.16.4-gke.27 is now available in the Rapid release channel.

January 29, 2020

1.16.4-gke.25 is now available in the Rapid release channel.

January 27, 2020

The ability to create clusters with node pools running Microsoft Windows Server is now in Beta.

January 22, 2020

1.16.4-gke.22 is now available in the Rapid release channel.

Added ability to specify minimum CPU Platform for auto-provisioned node pools.

January 8, 2020

Do not update to version 1.16.0-gke.20 if you depend on HPA. Horizontal Pod Autoscaling is not working in this version due to a recently discovered issue. A fix will be released with GKE 1.16.3+.

December 23, 2019

Global access for internal TCP/UDP load balancing Services is now Beta. Global access allows internal load balancing IP addresses to be accessed from any region within a VPC.

December 13, 2019

1.16.0-gke.20

GKE 1.16.0-gke.20 (alpha) is now available for testing and validation in the Rapid release channel.

Added support for PVMs in node auto-provisioning.

New clusters have the cos-metrics-enabled flag enabled by default. This change allows kernel crash logs to be collected. You can disable by adding --metadata cos-metrics-enabled=false when you create clusters.

Retired APIs

extensions/v1beta1, apps/v1beta1, and apps/v1beta2 won't be served by default.

All resources under apps/v1beta1 and apps/v1beta2 - use apps/v1 instead.
daemonsets, deployments, replicasets resources under extensions/v1beta1 - use apps/v1 instead.
networkpolicies resources under extensions/v1beta1 - use networking.k8s.io/v1 instead.
podsecuritypolicies resources under extensions/v1beta1 - use policy/v1beta1 instead.

November 5, 2019

1.15.4-gke.18

GKE 1.15.4-gke.18 (alpha) is now available for testing and validation in the Rapid release channel.

This release includes a patch for the golang vulnerability CVE-2019-17596, fixed in go-boringcrypto 1.13.1 and 1.12.11.

October 30, 2019

1.15.4-gke.17

GKE 1.15.4-gke.17 (alpha) is now available for testing and validation in the Rapid release channel.

Fixes a known issue reported on October 11, 2019 regarding fdatasync performance regression on COS/Ubuntu. Node image for Container-Optimized OS updated to cos-77-12371-89-0. Node image for Ubuntu updated to ubuntu-gke-1804-d1903-0-v20191011a

October 18, 2019

1.15.4-gke.15

GKE 1.15.4-gke.15 (alpha) is now available for testing and validation in the Rapid release channel.

This release includes a patch for CVE-2019-11253. For more information, see the security bulletin for October 16, 2019.

October 11, 2019

1.15.3-gke.18

GKE 1.15.3-gke.18 (alpha) is now available for testing and validation in the Rapid release channel.

Upgraded Istio to 1.2.5.

Improvements to gVisor.

Node image for Container-Optimized OS updated to cos-rc-77-12371-44-0. This update includes upgrading the kernel to 4.19 from 4.14 and upgrading Docker to 19.03 from 18.09.

Node image for Ubuntu updated to ubuntu-gke-1804-d1903-0-v20190917a. This update includes upgrading the kernel to 5 from 4.15 and upgrading Docker to 19.03 from 18.09.

Do not update to this version if you have clusters with hundreds of nodes per cluster or with I/O intensive workloads. Clusters with these characteristics may be impacted by a known issue in versions 4.19 and 5.0 of the Linux kernel that introduces performance regressions in the `fdatasync` system call.

September 26, 2019

1.15.3-gke.1

GKE 1.15.3-gke.1 (alpha) is now available for testing and validation in the Rapid release channel.

For more details, refer to the release notes for Kubernetes v1.15.

Starting with GKE 1.15, the open source Kubernetes Dashboard is no longer natively supported in GKE as a managed add-on. To deploy it manually, follow the deployment instructions in the Kubernetes Dashboard documentation.

Resizing PersistentVolumes is now a beta feature. As part of this change, resizing a PersisntentVolume no longer requires you to restart the Pod.

September 16, 2019

Correction

The release notes for September 16, 2019 were incorrectly published early, on September 9. The incorrect release notes included an announcement of the availability of a security patch that was not actually made available on that date. For more information about the security patch, see the security bulletin for September 16, 2019.

1.14.6-gke.1

This release includes a patch for CVE-2019-9512 and CVE-2019-9514. For more information, see the security bulletin for September 16, 2019.

Reduces startup time for GPU nodes running Container-Optimized OS.

September 9, 2019

September 5, 2019

GKE 1.14.5-gke.5 is now available in the Rapid release channel. It includes bug fixes and performance improvements. For more details, refer to the release notes for Kubernetes v1.14.

August 22, 2019

GKE 1.14.3-gke.11 (alpha) is now available for testing and validation in the Rapid release channel. For more details, refer to the release notes for Kubernetes v1.14.

This version mitigates against the vulnerability described in the security bulletin published on August 5, 2019.

Upgrade Istio to 1.1.13, to address address two vulnerabilities announced by the Istio project. These vulnerabilities can be used to mount a Denial of Service (DoS) attack against services using Istio.

The node image for Container-Optimized OS (COS) is now cos-73-11647-267-0.

When creating a new GKE cluster, Stackdriver Kubernetes Engine Monitoring is now the default Stackdriver support option. This is a change from prior versions where Stackdriver Logging and Stackdriver Monitoring were the default Stackdriver support option. For more information, see Overview of Stackdriver support for GKE.

New features

Config Connector is a Kubernetes addon that allows you to manage your Google Cloud resources through Kubernetes configuration.

August 12, 2019

1.14.3-gke.10

GKE 1.14.3-gke.10 (alpha) is now available for testing and validation in the Rapid release channel. For more details, refer to the release notes for Kubernetes v1.14.

Fixes the vulnerability announced in the security bulletin for August 5, 2019.

Fixes a problem where Cluster Autoscaler can create too many nodes when scaling up.

In 1.14.3-gke.10 and higher, GKE Sandbox uses the gvisor.config.common-webhooks.networking.gke.io webhook, which is created when the cluster starts and makes sandboxed nodes available faster.

### New features {:.hide-from-toc}

Clusters running 1.13.6-gke.0 or higher can use Shielded GKE Nodes (beta), which provide strong, verifiable node identity and integrity to increase the security of your nodes.

Rollout schedule

The rollout schedule is now included in Versioning and upgrades.

August 1, 2019

For important information about the July 8, 2019 release, see the main GKE release note for August 1, 2019.

July 29, 2019

VPC-native is no longer the default cluster network mode for new clusters created using gcloud v256.0.0 or higher. Instead, the routes-based cluster network mode is used by default. We recommend manually enabling VPC-native, to avoid exhausting routes quota.

VPC-native clusters are created by default when you use Google Cloud Console or gcloud versions 251.0.0 through 255.0.0. Routes-based clusters are created by default when using the REST API.

June 27, 2019

1.14.3-gke.9

This version contains a patch for recently discovered TCP vulnerabilities in the Linux kernel. See the associated security bulletin for more information.

June 4, 2019

1.14.1-gke.5 is the default for new Rapid channel clusters. This version includes patched node images that address CVE-2019-11245.

GKE nodes running Kubernetes 1.14.2 are affected by CVE-2019-11245. Information about the impact and mitigation of this vulnerability is available in this Kubernetes issue report. In addition to security concerns, this bug can cause Pods that must run as a specific UID to fail.

June 3, 2019

Corrections

The rollout dates for the May 28, 2019 releases are incorrect. Day 2 spanned May 29-30, day 3 is May 31, and day 4 is June 3.

May 28, 2019

1.14.2-gke.2 is the default for new Rapid channel clusters, and includes the following changes:

GKE Sandbox is supported on 1.14.x clusters running 1.14.2-gke.2 or higher.

The node image for Container-Optimized OS (COS) is now cos-u-73-11647-182-0.

The node image for Ubuntu is now ubuntu-gke-1804-d1809-0-v20190517.

Node images have been updated to fix Microarchitectural Data Sampling (MDS) vulnerabilities announced by Intel. For more information, see the security bulletin.

The patch alone is not sufficient to mitigate exposure to this vulnerability. For more information, see the security bulletin.
Nodes using these images are now shielded VMs with the following properties:
- UEFI boot is enabled.
- SecureBoot is disabled.
- vTPM is enabled.
- Integrity Monitoring is enabled.

The following IP ranges have been added to default non-IP-masq iptables rules:

100.64.0.0/10
192.0.0.0/24
192.0.2.0/24
192.88.99.0/24
198.18.0.0/15
198.51.100.0/24
203.0.113.0/24
240.0.0.0/4

May 20, 2019

No 1.14.x versions this week.

New features

Google Cloud's operations suite Kubernetes Engine Monitoring is now generally available for clusters using the following GKE versions:

1.12.x clusters 1.12.7-gke.17 and newer
1.13.x clusters 1.13.5-gke.10 and newer
1.14.x (Alpha) clusters 1.14.1-gke.5 and newer

Users of the legacy Google Cloud's operations suite support are encouraged to migrate to Google Cloud's operations suite Kubernetes Engine Monitoring before support for legacy Google Cloud's operations suite is removed.

Rollout schedule

The rollout schedule is now included in Versioning and upgrades.

May 13, 2019

GKE 1.14.1-gke.5 (alpha) is now available for testing and validation in the Rapid release channel. For more details, refer to the release notes for Kubernetes v1.14.

Changes

GKE 1.14.x has the following differences from Kubernetes 1.14.1.

GKE 1.14.x uses kube-dns rather than core-dns.
GKE 1.14.x does not support Dramatically Simplify Kubernetes Cluster Creation, a sub-feature of kubeadm.
GKE 1.14.x does not support taint-based eviction.

You cannot yet create an alpha cluster running GKE 1.14.x. If you attempt to use the --enable-kubernetes-alpha flag, cluster creation fails.