GKE release notes

This page documents production updates to Google Kubernetes Engine (GKE). You can periodically check this page for announcements about new or updated features, bug fixes, known issues, and deprecated functionality.

This page includes release notes for all channels and releases.

Current versions

The following table lists the latest minor versions available as defaults in GKE for the specified release channels. This table includes the latest default GKE patch version and the Container-Optimized OS version for each supported minor version.

Kubernetes minor versions 1.27 1.27 1.27 1.29
GKE release channel Static1 (no channel) Stable Regular Rapid
Default patch version 1.27.8-gke.1067004 1.27.8-gke.1067004 1.27.8-gke.1067004 1.29.1-gke.1589017
COS version available cos-105-17412-226-62 cos-105-17412-226-62 cos-105-17412-226-62 cos-109-17800-66-78

For information on the current versions rollout and support schedule, see the GKE release schedule. For information on versioning and upgrades, see GKE versioning and support and Upgrades.

  1. Other versions may be available for static version clusters.

Other resources

For more detailed information about security-related known issues, see the security bulletin page.

To view release notes for versions prior to 2020, see the Release notes archive.

You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or programmatically access release notes in BigQuery.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly: https://cloud.google.com/feeds/gke-main-release-notes.xml

March 15, 2024

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-1085

For more information, see the GCP-2024-018 security bulletin.

March 14, 2024

A previous version of the GKE logging agent that rolled out in GKE version 1.28.7-gke.1100000 contained a security vulnerability. This version has been immediately removed.

March 11, 2024

Private clusters created on GKE versions 1.29.0-gke.1384000 and later use Private Service Connect (PSC) for nodes to privately communicate with the control plane. There is no price increase for using GKE private clusters running on PSC.

For private clusters created with a different GKE version, the clusters continue to use VPC Peering for node-to-control plane communication.

Secret Manager add-on for GKE is now available. With the add-on, you can access the secrets stored in Secret Manager as volumes mounted in Kubernetes Pods. The add-on is supported on Standard and Autopilot clusters versioned 1.29 and later. For more info, see Use Secret Manager add-on with GKE.

Opportunistic bursting and lower Pod minimums are now available on newly created GKE Autopilot clusters at version 1.29.2-gke.1060000 or later, and on existing clusters created at 1.26 or later that have been fully upgraded (including all nodes) to 1.29.2-gke.1060000 or later. To learn more, see Configure Pod bursting on GKE.

March 08, 2024

For GKE versions later than 1.29.1-gke.1760000, the NEG, Ingress, L4 internal load balancer with subsetting, and L4 RBS controllers will skip processing the nodes missing the topology.kubernetes.io/zone label until the zone information is ready. The load balancer controllers will no longer block sync operations when a node is introduced without the label.

Managed ASM installation and node scaling fails on GKE Autopilot clusters on versions between 1.28.6-gke.1095000 and 1.28.7-gke.1025000 and on versions between 1.29.1-gke.1016000 and 1.29.1-gke.1781000. To mitigate this issue, upgrade the cluster to version 1.28.7-gke.1026000 or later, or 1.29.2-gke.1060000 or later.

With 2024-R07, clusters created in the Rapid channel are defaulting to an affected version. To avoid creating a cluster on an affected version, manually specify version 1.28.7-gke.1026000 or later, or 1.29.2-gke.1060000 or later when creating clusters in the Rapid channel.

March 07, 2024

You can now preload data or container images in new nodes to get fast workload deployment and auto scaling. This feature is available in Preview starting from GKE version 1.28.3-gke.1067000.

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2023-3611

For more information, see the GCP-2024-017 security bulletin.

Starting in GKE 1.29.2-gke.1035000, you can configure Identity-Aware Proxy (IAP) with Google Managed OAuth Client for load balancers configured through GKE Ingress. To learn more, see Ingress configuration on Google Cloud.

(2024-R07) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.26.11-gke.1055000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.26.11-gke.1055000 with this release.

Regular channel

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.25.16-gke.1360000
    • 1.26.13-gke.1052000
    • 1.29.0-gke.1381000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.25.16-gke.1460000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.13-gke.1144000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.13-gke.1144000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.1-gke.1589017 with this release.

Rapid channel

  • Version 1.29.1-gke.1589017 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.25.16-gke.1537000
    • 1.26.14-gke.1006000
    • 1.27.11-gke.1018000
    • 1.28.6-gke.1456000
    • 1.29.0-gke.1381000
    • 1.29.1-gke.1589000
    • 1.29.2-gke.1060000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.25.16-gke.1570000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.14-gke.1044000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.11-gke.1062000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.11-gke.1062000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.1-gke.1589017 with this release.

March 04, 2024

(2024-R06) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

Regular channel

  • There are no new releases in the Regular release channel.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.25.16-gke.1460000
    • 1.26.13-gke.1144000
    • 1.27.10-gke.1207000
    • 1.28.6-gke.1369000
    • 1.29.1-gke.1575000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.25.16-gke.1537000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.14-gke.1006000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.11-gke.1018000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.11-gke.1018000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.1-gke.1589000 with this release.

NVIDIA H100 (80 GB) GPUs are now available in GKE Autopilot mode in versions 1.28.6-gke.1369000 or later, and 1.29.1-gke.1575000 or later.

GPU workloads running in Autopilot mode can now be configured using the Accelerator Compute Class. This configuration supports resource reservations, Compute Engine committed use discounts, and a new pricing model in GKE versions 1.28.6-gke.1095000 and later, and 1.29.1-gke.1143000 and later.

February 28, 2024

The Performance Compute Class, designed for running whole-machine CPU workloads, is available in Autopilot mode from versions 1.28.6-gke.1369000 and 1.29.1-gke.1575000 and later.

February 26, 2024

GKE now supports Gemma (2B, 7B), Google's new state-of-the-art open models. To learn more, refer to the following guides:

Deployment to GKE is also supported via Vertex AI Model Garden as part of our Hugging Face, Vertex AI, and GKE integration.

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-0193

For more information, see the GCP-2024-013 security bulletin.

February 23, 2024

(2024-R05) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • There are no new releases in the Stable release channel.

Regular channel

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.25.16-gke.1268000
    • 1.26.12-gke.1111000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.25.16-gke.1360000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.13-gke.1052000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.13-gke.1052000 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.25.16-gke.1497000
    • 1.26.13-gke.1189000
    • 1.27.10-gke.1152000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.10-gke.1207000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.10-gke.1207000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.1-gke.1575000 with this release.

February 21, 2024

The GKE Stateful HA Operator is now available in GA starting in GKE versions 1.28.5-gke.1113000 and later, or 1.29.0-gke.1272000 and later. The GKE Stateful HA Operator is enabled in new Autopilot clusters and opt-in for new Standard clusters.

February 20, 2024

A bug in the image streaming feature might cause containers to fail because of a missing file or files.

Containers running on a node with image streaming enabled on the following versions might fail to start or run with errors informing that certain files don't exist. The following are examples of such errors:

  • No such file or directory
  • Executable file not found in $PATH

The following GKE versions are impacted:

  • For 1.27: 1.27.10-gke.1077000 and later
  • For 1.28: All 1.28 versions
  • For 1.29: All 1.29 versions

GKE is working on fixing the issue. In the meantime, if you are impacted by this issue, please disable image streaming.

You can now use the GKE API to apply Resource Manager tags to your GKE nodes. GKE attaches these tags to the underlying Compute Engine VMs. You can use these tags to selectively enforce Cloud Firewall network firewall policies. This feature is generally available in GKE version 1.28 and later.

Kubernetes Engine best practice observability packages, including control plane logs, control plane metrics, and kube state metrics are now enabled by default for new managed GKE Enterprise clusters to ensure availability of necessary data when it's needed for troubleshooting or optimization. Control plane metrics and kube state metrics are included in GKE Enterprise Edition at no additional charge.

GKE now delivers insights and recommendations if your cluster's Certificate Authority (CA) is expired or will expire in the next 180 days. To learn more, see Find clusters with expiring or expired credentials.

February 16, 2024

The following GKE versions might cause Ubuntu node pools to enter an unhealthy state. Don't create or upgrade your Ubuntu node pools using these versions:

  • 1.25.16-gke.1497000
  • 1.26.13-gke.1189000

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2023-6932

For more information, see the GCP-2024-011 security bulletin.

February 15, 2024

HorizontalPodAutoscaler (HPA) and VerticalPodAutoscaler (VPA) may stop autoscaling all workloads in a cluster if it contains misconfigured autoscaling/v2 HPA objects. The issue impacts clusters running earlier patch versions of GKE version 1.27 and 1.28 (for example, 1.27.3-gke.100).

The fix is available in following cluster versions:

  • 1.27.5-gke.1300 and later
  • 1.28.1-gke.1400 and later
  • 1.29 and later

We recommend that affected customers upgrade clusters to these versions to prevent HPA and VPA from misbehaving when there is at least one misconfigured HPA object.

We recommend that affected customers correct misconfigured autoscaling/v2 HPA objects by making sure the fields in spec.metrics.resource.target match, for example:

  • When spec.metrics.resource.target.type is Utilization then target should be averageUtilization;
  • When spec.metrics.resource.target.type is AverageValue then target should be averageValue.

For more details on how to configure autoscaling/v2 HPA objects, see the HorizontalPodAutoscaler Kubernetes documentation.

February 14, 2024

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

  • CVE-2023-6931

For more information, see the GCP-2024-010 security bulletin.

February 13, 2024

(2024-R04) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • There are no new releases in the Stable release channel.

Regular channel

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.25.16-gke.1041000
    • 1.26.11-gke.1055000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.25.16-gke.1268000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.12-gke.1111000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.12-gke.1111000 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.25.16-gke.1360000
    • 1.26.13-gke.1052000
    • 1.27.10-gke.1055000
    • 1.28.6-gke.1095000
    • 1.28.6-gke.1289000
    • 1.29.1-gke.1016000
    • 1.29.1-gke.1425000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.25.16-gke.1460000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.13-gke.1144000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.10-gke.1152000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.10-gke.1152000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.0-gke.1381000 with this release.

February 09, 2024

The following GKE versions fix a memory leak issue with the Google Cloud Storage FUSE CSI driver DaemonSet Pod:

  • 1.25.16-gke.1360000 and later
  • 1.26.13-gke.1052000 and later
  • 1.27.10-gke.1055000 and later
  • 1.28.6-gke.1095000 and later
  • 1.29.1-gke.1425000 and later

February 08, 2024

(2024-R03) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • Version 1.27.7-gke.1121002 is now the default version in the Stable channel.
  • Version 1.28.3-gke.1286000 is now available in the Stable channel.
  • Version 1.27.3-gke.100 is no longer available in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.3-gke.1203001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.3-gke.1203001 with this release.

Regular channel

  • Version 1.27.8-gke.1067004 is now the default version in the Regular channel.
  • The following versions are no longer available in the Regular channel:
    • 1.26.6-gke.1700
    • 1.27.3-gke.100
    • 1.28.3-gke.1118000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.11-gke.1055000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.11-gke.1055000 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.25.16-gke.1268000
    • 1.26.12-gke.1111000
    • 1.27.9-gke.1092000
    • 1.28.5-gke.1217000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.25.16-gke.1360000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.13-gke.1052000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.10-gke.1055000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.10-gke.1055000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.1-gke.1016000 with this release.

February 06, 2024

Clusters on control plane versions 1.26.6-gke.1900 and later might encounter intermittent connection establishment failures.

The chances of failures are low and it doesn't affect all clusters. The failures should stop completely after a few days since the symptom onset.

Alternatively, upgrade to the following versions instead, which are not affected by this issue:

  • 1.26.13-gke.1052000 and later.
  • 1.27.10-gke.1055000 and later.
  • 1.28.6-gke.1095000 and later.
  • 1.29.1-gke.1016000 and later.

February 02, 2024

FQDN network policies are now generally available with the following GKE versions:

  • 1.26.4-gke.500 and later.
  • 1.27.1-gke.400 and later.
  • 1.28 and later.

You can further control your GKE workloads' egress traffic to a public or private service or endpoint by using a network policy matching a fully-qualified domain name or a regular expression.

FQDN Network Policy is only available and supported with GKE Enterprise.

To learn more, read Control Pod egress traffic using FQDN network policies.

February 01, 2024

You can now encrypt Pod-to-Pod traffic between nodes in the same cluster or in a multi-cluster environment natively with GKE. Inter-node transparent encryption is now generally available, only with GKE Enterprise, for GKE clusters in the following versions:

  • 1.26.9-gke.1024000 and later.
  • 1.27.6-gke.1506000 and later.
  • 1.28.2-gke.1098000 and later.
  • 1.29 and later.

To learn more, see Encrypt your data in-transit in GKE with user-managed encryption keys.

A security vulnerability, CVE-2024-21626, has been discovered in runc where a user with permission to create Pods on Container-Optimized OS and Ubuntu nodes might be able to gain full access to the node file system.

For instructions and more details, see the GCP-2024-005 security bulletin.

January 31, 2024

The africa-south1 region in Johannesburg, South Africa is now available.

January 26, 2024

(2024-R02) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.24.17-gke.200
    • 1.24.17-gke.2266000
    • 1.25.10-gke.2700
    • 1.25.13-gke.200
    • 1.27.4-gke.900
    • 1.27.5-gke.200
    • 1.27.7-gke.1121000
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.24 to version 1.25.15-gke.1115000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.26.10-gke.1101000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.26.10-gke.1101000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.7-gke.1121002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.3-gke.1118000 with this release.

Regular channel

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.24.17-gke.2266000
    • 1.24.17-gke.2364000
    • 1.25.15-gke.1115000
    • 1.26.10-gke.1101000
    • 1.27.7-gke.1121000
    • 1.27.8-gke.1067000
    • 1.28.3-gke.1203001
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.25.16-gke.1041000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.25.16-gke.1041000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.8-gke.1067004 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.3-gke.1286000 with this release.

Rapid channel

  • Version 1.29.0-gke.1381000 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.24.17-gke.2364000
    • 1.24.17-gke.2472000
    • 1.25.16-gke.1041000
    • 1.26.11-gke.1055000
    • 1.27.8-gke.1067000
    • 1.28.3-gke.1203001
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.25.16-gke.1268000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.12-gke.1111000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.9-gke.1092000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.3-gke.1286000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.3-gke.1286000 with this release.

Clusters that are running GPUs and are upgraded from 1.26 to a 1.27 patch version earlier than 1.27.8 might experience issues with their nodes' GPU device plugins (nvidia-gpu-device-plugin). Do the following steps depending on the state of your cluster:

  • If your cluster is running version 1.26 and has GPUs, don't manually upgrade your cluster until version 1.27.8 is available in your cluster's release channel. As of the publishing date of this release note, 1.27.8 patch versions are available in the Rapid and Regular channels.
  • If your cluster is running an earlier 1.27 patch version and the nodes are affected, restart the nodes or manually delete the nvidia-gpu-device-plugin Pod on the nodes (the add-on manager will create a new working plugin).
  • If your cluster is using auto-upgrades, this doesn't affect you as automatic upgrades will only move clusters to patch versions with the fix.

January 24, 2024

The following vulnerability was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2023-6817

For instructions and more details, see the GCP-2024-004 security bulletin.

January 22, 2024

We have identified several clusters where users have granted Kubernetes privileges to the system:authenticated group, which includes all users with a Google account. These types of bindings are not recommended, as they violate the principle of least privilege and grant access to very large groups of users. See guidance under 'What should I do' for instructions on how to find these types of bindings.

For more information, see the GCP-2024-003 security bulletin.

January 19, 2024

You can create Cloud Tensor Processing Unit (TPU) nodes in GKE to run AI workloads, from training to inference models. GKE manages your cluster by automating TPU resource provisioning, scaling, scheduling, repairing, and upgrading. GKE provides TPU infrastructure metrics in Cloud Monitoring, TPU logs, and error reports for better visibility and monitoring of TPU node pools in GKE clusters. TPUs are available with GKE Standard clusters. To learn more, see About TPUs in GKE. See TPU availability in GKE to find the TPU availability depending on the machine type and version.

January 18, 2024

The following vulnerability was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS nodes:

  • CVE-2023-6111

For instructions and more details, see the GKE security bulletin.

January 11, 2024

(2024-R01) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.24.16-gke.500
    • 1.25.12-gke.500
    • 1.26.7-gke.500
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to version 1.24.17-gke.200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.24 to version 1.24.17-gke.200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.26.8-gke.200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.5-gke.200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.3-gke.1203001 with this release.

Regular channel

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.24.17-gke.2230000
    • 1.25.13-gke.200
    • 1.26.10-gke.1073000
    • 1.27.7-gke.1056000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.24.17-gke.2266000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.25.15-gke.1115000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.25.15-gke.1115000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.7-gke.1121000 with this release.

Rapid channel

  • Version 1.28.3-gke.1286000 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.24.17-gke.2347000
    • 1.25.16-gke.1020000
    • 1.26.10-gke.1235000
    • 1.27.5-gke.200
    • 1.27.7-gke.1293000
    • 1.28.4-gke.1083000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.17-gke.2364000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.25.16-gke.1041000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.11-gke.1055000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.8-gke.1067000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.3-gke.1203001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.3-gke.1203001 with this release.

1.29 is now available in the Rapid channel

Kubernetes 1.29 is now available in the Rapid channel. For more information about the content of Kubernetes 1.29, read the Kubernetes 1.29 Release Notes.

New Features

New APIs

  • flowcontrol.apiserver.k8s.io/v1 FlowSchema, PriorityLevelConfiguration
    • Notable changes in flowcontrol.apiserver.k8s.io/v1:
      • The PriorityLevelConfiguration spec.limited.nominalConcurrencyShares field only defaults to 30 when unspecified, and an explicit value of 0 is not changed to 30.

Deprecated APIs

  • The following Beta versions of graduated APIs are deprecated in 1.29 in favor of newer versions:
    • flowcontrol.apiserver.k8s.io/v1beta3 FlowSchema, PriorityLevelConfiguration
      • Deprecated since 1.29
      • Instead, use flowcontrol.apiserver.k8s.io/v1, available since 1.29
  • The status.nodeInfo.kubeProxyVersion field in the Node API is deprecated and will not be populated starting in version 1.33. The field is currently populated with the kubelet version, not the kube-proxy version, and might not accurately reflect the kube-proxy version in use. For more information, see KEP-4004.

Removed APIs

The following Beta versions of graduated APIs are removed in 1.29 in favor of newer versions:

  • flowcontrol.apiserver.k8s.io/v1beta2 FlowSchema, PriorityLevelConfiguration
    • Deprecated since 1.26
    • Instead, use flowcontrol.apiserver.k8s.io/v1beta3 available since 1.26, or flowcontrol.apiserver.k8s.io/v1, available since 1.29

Removed SHA-1 certificate support

  • Starting from version 1.29, GKE no longer supports webhook backends that use TLS certificates signed with the insecure SHA-1 algorithm. To prevent impact on your clusters, you must replace incompatible certificates of webhook servers and extension API servers before upgrading your clusters to version 1.29.
  • GKE will not auto-upgrade clusters with webhook backends using incompatible certificates to 1.29 until you replace the certificates or until version 1.28 reaches end of life. For more information, refer to Ensure compatibility of TLS certificates before upgrading to GKE 1.29.

Deprecated in-tree volume support

  • The Ceph CephFS (kubernetes.io/cephfs) and RBD (kubernetes.io/rbd) volume plugins are deprecated in 1.28 and will be removed in a future release.
  • To determine if you have volumes or Pods using RBD or Ceph volumes, run the following commands. If either of them print output, then you are using a deprecated volume type.
    • kubectl describe pv | egrep -i 'Type: *(RBD|CephFS)'
    • kubectl describe pod -A | egrep -i 'Type: *(RBD|CephFS)'
  • Switch to use an RBD or CephFS CSI driver, such as the drivers provided in the Ceph CSI GitHub repo, or use a Google-managed solution such as Filestore.
  • For more information, refer to the OSS Kubernetes announcement and the Ceph CSI GitHub repo.

January 08, 2024

GKE clusters in Autopilot mode no longer require workload-level logging to be enabled. Pass --logging=SYSTEM to create-auto or update to disable workload logs.

December 19, 2023

You can now modify the vm.max_map_count Linux kernel attribute for nodes in a GKE Standard cluster node pool using the node system configuration. To learn more, see Sysctl configuration options.

December 18, 2023

The GKE NEG controller now supports IPv6 endpoints with GKE version 1.28.4-gke.1083000 and later.

With this new capability, when you create a dual stack Service in a dual stack GKE cluster, any NEGs associated with the Service will now contain both IPv4 and IPv6 endpoints. Existing dual stack Services utilizing NEGs (i.e. Ingress, Services using Standalone NEGs) will be migrated from "IPv4 only" endpoints to "IPv4 + IPv6" endpoints.

The migration will be completed in approximately one hour. In the event that a NEG contains a single endpoint, you might experience brief downtime of approximately 1-2 minutes during the migration of that endpoint.

Note that Having IPv6 endpoints in NEGs doesn't necessarily mean that the load balancer uses IPv6 for communication. How the load balancer communicates with your Pod depends on how the BackendService is configured, such as fields like IpAddressSelectionPolicy.

All newly created Google Kubernetes Engine (GKE) Autopilot clusters starting with 1.27.4-gke.900 will automatically collect and send metrics from the kube-state-metrics package to Managed Service for Prometheus.

December 15, 2023

The Observability tab in the cluster details page for each cluster and in the GKE cluster list page now shows GPU metrics if the cluster has GPU nodes. For more information, see View observability metrics.

December 14, 2023

An attacker who has compromised the Fluent Bit logging container could combine that access with high privileges required by Anthos Service Mesh (on clusters that have enabled it) to escalate privileges in the cluster.

For more information, see the GCP-2023-047 security bulletin.

We've identified an issue with configuring TLS for Gateways in clusters running GKE version 1.28.4-gke.1083000. This affects TLS configurations using either an SSLCertificate or a CertificateMap. If you're upgrading a cluster with existing Gateways, updates made to the Gateway will fail. For brand new Gateways, the load balancers won't be provisioned. This issue will be fixed in an upcoming GKE 1.28 patch version.

December 12, 2023

(2023-R26) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

There are no new releases in the Stable channel.

Regular channel

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.24.17-gke.200
    • 1.27.3-gke.1700
    • 1.27.5-gke.200
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.24.17-gke.2230000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.24.17-gke.2230000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.7-gke.1056000 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.24.17-gke.2266000
    • 1.25.15-gke.1115000
    • 1.26.10-gke.1101000
    • 1.27.7-gke.1121000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.17-gke.2347000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.25.16-gke.1020000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.10-gke.1235000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.26.10-gke.1235000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.3-gke.1286000 with this release.

December 06, 2023

This is an update to the release note regarding the Dataplane V2 issue published on September 07, 2023. The issue, which affected GKE version 1.26, is fixed in control plane versions 1.26.9-gke.1507000 and later. Automatic upgrades will only move clusters to the patched versions.

December 04, 2023

(2023-R25) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • The following control plane and node versions are now available:
  • The following control plane versions are no longer available:
    • 1.24.15-gke.1700
    • 1.24.17-gke.2113000
    • 1.24.17-gke.2155000
    • 1.24.17-gke.2230000
    • 1.25.11-gke.1700
    • 1.25.14-gke.1421000
    • 1.25.14-gke.1474000
    • 1.25.15-gke.1083000
    • 1.26.5-gke.2700
    • 1.26.9-gke.1437000
    • 1.26.9-gke.1507000
    • 1.26.10-gke.1073000
    • 1.27.2-gke.2100
    • 1.27.6-gke.1248000
    • 1.27.6-gke.1445000
    • 1.27.7-gke.1088000
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.23 to version 1.24.16-gke.500 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.24.16-gke.500 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.26.7-gke.500 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.4-gke.900 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.3-gke.1203001 with this release.

Stable channel

  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.24.15-gke.1700
    • 1.26.5-gke.2700
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to version 1.24.16-gke.500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.24 to version 1.24.16-gke.500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.26.7-gke.500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.4-gke.900 with this release.

Regular channel

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.24.16-gke.500
    • 1.25.12-gke.500
    • 1.26.7-gke.500
    • 1.27.4-gke.900
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.24.17-gke.200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.25.13-gke.200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.25.13-gke.200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.5-gke.200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.3-gke.1203001 with this release.

Rapid channel

  • Version 1.28.3-gke.1203001 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.24.17-gke.200
    • 1.24.17-gke.2113000
    • 1.24.17-gke.2155000
    • 1.24.17-gke.2230000
    • 1.25.13-gke.200
    • 1.25.14-gke.1421000
    • 1.25.14-gke.1474000
    • 1.25.15-gke.1083000
    • 1.26.8-gke.200
    • 1.26.9-gke.1437000
    • 1.26.9-gke.1507000
    • 1.26.10-gke.1073000
    • 1.27.4-gke.900
    • 1.27.6-gke.1248000
    • 1.27.6-gke.1445000
    • 1.27.7-gke.1088000
    • 1.28.2-gke.1157000
    • 1.28.3-gke.1090000
    • 1.28.3-gke.1118000
    • 1.28.3-gke.1203000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.17-gke.2266000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.17-gke.2266000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.10-gke.1101000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.5-gke.200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.5-gke.200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.3-gke.1203001 with this release.

November 29, 2023

Starting in GKE version 1.27.6-gke.1248000, clusters in Autopilot mode detect nodes that can't fit all DaemonSets and, over time, migrate workloads to larger nodes that can fit all DaemonSets. For more information, see Best practices for DaemonSets on Autopilot.

The following GKE versions fix an issue that could cause the NVIDIA GPU driver installer image to be garbage collected on Container-optimized OS nodes:

  • 1.25.15-gke.1040000 and later
  • 1.26.10-gke.1030000 and later
  • 1.27.6-gke.1513000 and later
  • 1.28.3-gke.1061000 and later

Starting in GKE 1.27.7, you can configure your workloads to use TPU reservations with node auto-provisioning.

November 22, 2023

A vulnerability (CVE-2023-5717) has been discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

GKE clusters are impacted.

For more information, see the GCP-2023-046 security bulletin.

November 17, 2023

(2023-R24) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • There are no new releases in the Stable release channel.

Regular channel

  • There are no new releases in the Regular release channel.

Rapid channel

You can now run workloads on L4 GPUs in Autopilot clusters that use GKE version 1.28.3-gke.1203000 and later. For instructions, see Deploy GPU workloads in Autopilot.

November 15, 2023

Dynamic Workload Scheduler support on GKE through the Provisioning Request API launched in Preview in version 1.28. Use the Dynamic Workload Scheduler to get large atomic sets of available GPU models in GKE Standard clusters. For more information, see Deploy GPUs for batch workloads with ProvisioningRequest.

November 14, 2023

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

  • CVE-2023-4147

For more information, see the GCP-2023-042 security bulletin.

November 10, 2023

A vulnerability (CVE-2023-4004) has been discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes. GKE clusters are impacted. For more information, see the GCP-2023-041 security bulletin.

The Observability tab for a GKE deployment now shows application performance metrics if the metrics are available. The supported metric sources include Istio, GKE Ingress, NGINX Ingress and gRPC, and HTTP metrics collected by using Google Managed Service for Prometheus. For more information, see Use application performance metrics.

November 09, 2023

(2023-R23) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • Version 1.24.14-gke.2700 is no longer available in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to 1.24.15-gke.1700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.24 to 1.24.15-gke.1700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to 1.26.5-gke.2700 with this release.

Regular channel

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.24.15-gke.1700
    • 1.25.11-gke.1700
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to 1.24.16-gke.500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to 1.25.12-gke.500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to 1.25.12-gke.500 with this release.

Rapid channel

GKE Infrastructure Dashboards and Metrics Packages are now generally available for both GKE Autopilot and Standard clusters with control plane version 1.27.2-gke.1200 and later.

You can now configure your Autopilot or Standard clusters to export a predefined list of metrics emitted by GKE managed kube-state-metrics (KSM) for workloads state and persistent storage. The component will run in the GKE system namespace "gke-managed-cim" to collect the metrics using Google Cloud Managed Service for Prometheus and send them to Cloud Monitoring. You can view the metrics in the new Persistent and Workloads State dashboards in the Observability tab.

November 08, 2023

New inference-focused Cloud Tensor Processing Unit (TPU) v5e machine types are available in GKE. These single-host TPU VMs are designed for inference workloads and contain one, four, or eight TPU v5e chips. These three new TPU v5e machine types (ct5l-hightpu-1t, ct5l-hightpu-4t, and ct5l-hightpu-8t) are currently available in the us-central1-a and europe-west4-b zones.

Cloud Tensor Processing Unit (TPU) v5e is generally available in clusters running GKE version 1.27.2-gke.2100 and later.

TPU v5e is purpose-built to bring the cost-efficiency and performance required for medium- and large-scale training and inference. TPU v5e delivers up to 2x higher training performance per dollar and up to 2.5x inference performance per dollar for LLMs and gen AI models compared to Cloud TPU v4. At less than half the cost of TPU v4, TPU v5e makes it possible for more organizations to train and deploy larger, more complex AI models.

November 07, 2023

A set of vulnerabilities (CVE-2023-4015, CVE-2023-4623, CVE-2023-4623, CVE-2023-4921) have been discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

GKE clusters are impacted.

For more information, see the following security bulletins:

GKE begins automatically upgrading clusters still running version 1.24 to version 1.25 after 1.24 reaches end of life on January 8, 2024. We extended this date from October 31, 2023 to minimize disruptions around the end-of-year holiday period, and will provide patches only for critical vulnerabilities during this extended period. To learn more about the GKE minor version lifecycle, see GKE versioning and support. GKE continues to pause automatic upgrades until January 8, 2024 for clusters still using deprecated APIs removed in version 1.25, including beta APIs and PodSecurityPolicy. We recommend that you upgrade your clusters to version 1.25 as soon as possible as GKE minor versions that have reached end of life will no longer receive security patches and bug fixes.

November 02, 2023

A bug that caused failures when many concurrent operations were run on the same cluster (such as when creating multiple node pools) has been fixed.

October 31, 2023

GKE multi-cluster Gateway is now generally available in GKE versions 1.24 and later for GKE Standard clusters, and versions 1.26 and later for GKE Autopilot clusters. Use the Gateway API to express the intent of your inbound HTTP(S) traffic into your fleet of GKE clusters. The multi-cluster Gateway controller deploys and manages the Application Load Balancers that forward traffic to your applications. To learn more, see Enable multi-cluster Gateways. For the list of supported Cloud Load Balancers and their features, refer to GatewayClass capabilities.

October 30, 2023

You can now use GKE node service account insights to troubleshoot common GKE node service account issues. These insights are available in the Network Analyzer and the Recommender API.

October 23, 2023

The Cloud Storage FUSE CSI driver now enforces injected sidecar containers to follow the Restricted Pod security standard. This change is available in v0.1.6 of the driver, and in GKE clusters with control planes running the following versions: 1.24.17-gke.2146000, 1.25.14-gke.1466000, 1.26.9-gke.1494000, 1.27.6-gke.1506000, and 1.28.2-gke.1157000 or later.

October 20, 2023

New Autopilot clusters created with versions 1.24.17-gke.2146000, 1.25.14-gke.1466000, and 1.26.9-gke.1494000 or later are now provisioned with e2-small default nodes, which are removed immediately after cluster creation. With this change, DaemonSets are guaranteed to schedule on all candidate nodes if you follow best practices for DaemonSets on Autopilot.

You can now use the GKE API to apply Resource Manager tags to your GKE resources. GKE attaches these tags to the underlying Compute Engine VMs. You can use these tags to selectively enforce Cloud Firewall network firewall policies. This feature is available in Public Preview in GKE version 1.28 and later.

October 19, 2023

Compute resources can now be reserved in advance for use with GKE. Create a future reservation to request assurance of important or difficult-to-obtain capacity in advance. There are no additional costs for creating future reservation requests. You only start to pay when Compute Engine provisions the reserved resources, and you're charged at the same cost as on-demand reservations.

(2023-R22) Version updates

GKE cluster versions have been updated. There are no version updates for 2023-R21.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • There are no new releases in the Stable release channel.

Regular channel

  • There are no new releases in the Regular release channel.

Rapid channel

October 16, 2023

Filestore Enterprise now supports backups on GKE, allowing you to make reliable copies of your data to be stored for later use. To trigger backups on Filestore Enterprise, use Kubernetes volume snapshots. Backups are currently not supported for Filestore Enterprise instances with multishares enabled.

October 13, 2023

(2023-R20) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • There are no new releases in the Stable release channel.

Regular channel

  • There are no new releases in the Regular release channel.

Rapid channel

Starting in GKE 1.28.1-gke.1066000, two new TPU usage metrics are available: TensorCore utilization and Memory Bandwidth utilization.

Containers running in nodes in GKE version 1.28.1-gke.201 or later don't need to have privileged mode enabled to access TPUs. When upgrading a cluster to 1.28.1-gke.201 or later, we recommend removing privileged: true from the securityContext of any TPU workload. To learn more, see Deploy TPU workloads.

October 10, 2023

A Denial-of-Service (DoS) vulnerability was recently discovered in multiple implementations of the HTTP/2 protocol (CVE-2023-44487), including the golang HTTP server used by Kubernetes. The vulnerability could lead to a DoS of the Google Kubernetes Engine (GKE) control plane. GKE clusters with authorized networks configured are protected by limiting network access, but all other clusters are affected. For more information, see the GCP-2023-030 security bulletin.

October 09, 2023

If you are using a third generation machine series (for example, C3), GKE configures Local SSD volumes as the local ephemeral storage by default. You no longer need to specify the --ephemeral-storage-local-ssd flag when provisioning clusters or node pools. When you configure Local SSD volumes as raw block storage with the --local-nvme-ssd-block flag, specifying the count value is now optional.

October 06, 2023

A previously published release note on December 14, 2022 has been updated. Support for migration of GKE Autopilot clusters' datapath provider to Dataplane V2 has been paused. We will update this release note when migration support resumes.

October 05, 2023

(2023-R19) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • The following version is no longer available in the Stable channel: 1.26.5-gke.2100

Regular channel

  • There are no new releases in the Regular release channel.

Rapid channel

An issue was previously reported with running certain commands in container images when Image streaming is enabled. See the August 31, 2023 release note for details. This issue is fixed in the following minor versions:

  • 1.25 with the patch versions 1.25.14-gke.1351000 and later.
  • 1.25 with the patch versions 1.26.9-gke.1345000 and later.
  • 1.27 with the patch versions 1.27.6-gke.100 and later.
  • 1.28 with the patch version 1.28.1-gke.1157000 and later.

To receive the fix, upgrade your nodes to an applicable patch version.

October 04, 2023

Log rotation is misconfigured on nodes running a COS-based image type (cos_containerd). This affects all COS-based nodes running version 1.28 or higher. As a result of this issue, your logs may fill up the disk and cause your nodes to be marked as 'Not Ready' and to be auto-repaired. As a workaround, use a privileged DaemonSet to change the logrotate path to /usr/bin/ instead of /usr/sbin/ in Systemd unit kube-logrotate.service.

October 02, 2023

GKE now delivers insights and recommendations if users have installed webhooks that intercept system resources or webhooks that have no available endpoints. To learn more, see Ensure control plane stability when using webhooks.

September 29, 2023

This is a follow-up message to the release note regarding blue-green upgrades from September 18, 2023. You can now resume upgrading clusters with the blue-green upgrade strategy as the issue with rollback functionality has been fixed. GKE is no longer blocking automatic upgrades due to this issue.

September 21, 2023

When you create a LoadBalancer service in GKE, the Google Cloud controllers automatically create the following firewall rules and apply them to the GKE nodes to allow inbound connections on the Service port:

  • Internal load balancer with GKE subsetting or external load balancer with regional backend services (RBS): k8s2-[cluster-id]-[namespace]-[service-name]-[suffixhash]
  • Internal load balancer without GKE subsetting or external load balancer with target pool: k8s-fw-[loadbalancer-hash]

For clusters running version 1.25 or later, these rules now include the load balancer IP address in the destination ranges field to further control the inbound connections to the nodes. You can use the gcloud compute firewall-rules describe command to check a relevant firewall. The new field in the output is similar to the following:

destinationRanges:
- [LOADBALANCER_VIRTUAL_IP_ADDRESS]

For services that use externalIP, ensure you have firewall rules that allow traffic to the specified IP addresses.

The Observability dashboards on the GKE Clusters List, Cluster Details, and Workload List pages are now customizable. Additionally, the Cluster Details dashboards can be customized across the entire project, or per-cluster for specific use cases.

September 19, 2023

The me-central2 region in Dammam, Saudi Arabia is now available.

September 18, 2023

GKE clusters running version 1.28 or later block new bindings of ClusterRole cluster-admin to User system:anonymous, Group system:authenticated, or Group system:unauthenticated due to the security risks of these bindings. GKE does not block existing bindings.

GKE has temporarily paused all automatic node upgrades due to an issue with blue-green upgrades rollback functionality. You can still manually upgrade node pools with the surge upgrade strategy. Do not manually upgrade node pools with blue-green upgrades. GKE is working on a fix for this issue and will post a follow-up note here when the issue is fixed and automatic upgrades resume.

September 12, 2023

You can now use node auto-provisioning for TPU slices. With this feature, Standard clusters with GKE version 1.28 and later provision TPU node pools and multi-host TPU accelerators automatically to ensure the capacity required to schedule AI/ML workloads. To learn more, see Configuring TPU node auto-provisioning.

September 11, 2023

Compute Engine persistent disk CSI Drivers deployed on clusters running version 1.26 and later now support filesystem size expansion during restoration from a snapshot or a clone when the PVC data source is larger than the original volume. For more information, see the GitHub pull request.

September 07, 2023

Three vulnerabilities (CVE-2023-3676, CVE-2023-3955, CVE-2023-3893) have been discovered in Kubernetes where a user that can create Pods on Windows nodes may be able to escalate to admin privileges on those nodes. These vulnerabilities affect the Windows versions of Kubelet and the Kubernetes CSI proxy.

GKE clusters are only affected if they include Windows nodes.

For more information, see the GCP-2023-026 security bulletin.

With the recently released version of GKE, version 1.28, you cannot yet use the SidecarContainer feature with alpha clusters. Pods defining restartable Init containers will not start. This is a known issue that will be resolved in a future release.

For GKE clusters using Dataplane V2, upgrades to GKE version 1.26 might cause GKE to temporarily be unable to configure workloads. In some cases, this might cause existing workloads to temporarily lose networking access. This issue does not impact new clusters and GKE clusters not using Dataplane V2. For clusters running version 1.25 with Dataplane V2 enabled, GKE has temporarily disabled auto-upgrades to version 1.26. We recommend that customers not manually upgrade their Dataplane V2-enabled cluster to GKE version 1.26. This is a known issue for GKE version 1.26 and will be fixed in a future patch version of 1.26.

September 05, 2023

(2023-R18) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • The following control plane and node versions are now available:
  • The following control plane versions are no longer available: 1.23.17-gke.8400, 1.23.17-gke.10000, 1.23.17-gke.10700, 1.24.14-gke.1400, 1.24.14-gke.2100, 1.25.10-gke.2100, 1.26.5-gke.1400

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.23 to version 1.24.14-gke.2700 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.25.10-gke.2700 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.25 to version 1.25.10-gke.2700 with this release.

Stable channel

  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel: 1.23.17-gke.8400, 1.24.14-gke.1400, 1.25.10-gke.2100, 1.27.3-gke.1700
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to version 1.24.14-gke.2700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.24 to version 1.25.10-gke.2700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.25.10-gke.2700 with this release.

Regular channel

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel: 1.23.17-gke.10000, 1.24.14-gke.2700, 1.25.10-gke.2700, 1.26.5-gke.2700
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.24.15-gke.1700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.25.11-gke.1700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.6-gke.1700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.6-gke.1700 with this release.

Rapid channel

  • Version 1.27.4-gke.900 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel: 1.23.17-gke.10000, 1.23.17-gke.10700, 1.24.16-gke.500, 1.25.11-gke.1700, 1.26.6-gke.1700, 1.27.3-gke.1700
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.17-gke.200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.25.12-gke.500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.7-gke.500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.4-gke.900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.4-gke.900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.1-gke.200 with this release.

1.28 is now available in the Rapid channel

Kubernetes 1.28 is now available in the Rapid channel. For more information about the content of Kubernetes 1.28, read the Kubernetes 1.28 Release Notes.

New APIs

  • The kubectl auth whoami command and the authentication.k8s.io/v1 SelfSubjectReview API enables checking the authenticated user information as seen by the server.

Deprecated API versions

These APIs are still served in version 1.28 but are in a deprecation period:

  • The following Beta versions of graduated APIs will be removed in 1.29 in favor of newer versions:
    • flowcontrol.apiserver.k8s.io/v1beta2 FlowSchema, PriorityLevelConfiguration
      • deprecated since 1.26
      • use flowcontrol.apiserver.k8s.io/v1beta3 instead, available since 1.26.

Deprecated in-tree volume support

  • The Ceph CephFS (kubernetes.io/cephfs) and RBD (kubernetes.io/rbd) volume plugins are deprecated in 1.28 and will be removed in a future release.
  • To determine if you have volumes or Pods using RBD or Ceph volumes, run the following commands. If either of them print output, then you are using a deprecated volume type.
    • kubectl describe pv | egrep -i 'Type: *(RBD|CephFS)'
    • kubectl describe pod -A | egrep -i 'Type: *(RBD|CephFS)'
  • Switch to use an RBD or CephFS CSI driver, such as the drivers provided in the Ceph CSI GitHub repo, or use a Google-managed solution such as Filestore. For more information, refer to the OSS Kubernetes announcement and the Ceph CSI GitHub repo.

The recently released version of GKE, version 1.28, has a known regression in behavior. After node restart, Pods that have started initialization before the restart will run Init containers in-parallel with regular containers instead of waiting for Init containers to complete.

To deliver a better default price-performance for applications, all GKE Autopilot clusters with control plane version 1.27.5 and later will use an SSD-based persistent disk for ephemeral storage. This change will only affect newly created clusters and new node pools created in clusters upgraded to version 1.27.5 and later.

It is not yet possible to enable Gateway API support in GKE 1.28 (Standard or Autopilot), this will be fixed in an upcoming patch release to GKE 1.28. Clusters that already have Gateway API enabled before upgrading to GKE 1.28 will continue to be supported. This will not affect existing Gateways.

September 01, 2023

Starting on September 1, 2023, a new automation policy is in effect where GKE automatically starts a credential rotation within 30 days of your cluster's certificate authority expiry date to ensure that your cluster doesn't have a complete outage. For example, if your cluster's CA expires on 2024-01-05, an automatic rotation starts on or after 2023-12-06. Automatic credential rotation is a critical update that ignores any configured maintenance windows.

This automatic rotation might cause API clients outside the cluster, such as kubectl in a local environment, to stop working unless you update those clients to use the new credentials.

You should plan for and perform credential rotations well in advance of your cluster CA expiring to ensure a smooth transition to new credentials and minimal workload disruptions. Don't rely on automatic rotation; it is intended to be a last resort to prevent complete outages. To learn more about the stages of credential rotation, see Rotate your cluster's credentials.

August 31, 2023

For GKE nodes running version 1.25 and later, when Image streaming is enabled, the mv command and renameat2 system call might fail on symlink files in container images with the error message "No such device or address". The issue is caused by a regression on recent Linux kernels. GKE does not currently have a fix for the issue. To learn more, see the troubleshooting section for this issue.

August 30, 2023

GKE now supports the ability to create nodes and workloads with multiple network interfaces. You can create new clusters with version 1.27 and later with multi networking enabled. The additional network interfaces on the Pods can be regular interfaces or high performance interfaces where the network interface is directly attached to the Pod. For more information, see Setup multi-network support for Pods.

Your clusters can now perform operations, such as node auto-provisioning or version upgrades, on multiple node pools in parallel. You no longer have to wait for an operation to complete before you initiate another operation. This feature is enabled for all GKE versions. This change provides you with benefits like the following:

  • More efficient scaling, which results in improved savings and faster workload deployment
  • Faster, less disruptive node pool upgrades
  • Fewer "operation already in progress" messages that could delay subsequent planned operations
  • More reliable rollback behavior to fix upgrade-related disruptions in production
  • Automatic control plane resize operations won't block other operations on the cluster

The Google Cloud Platform Terraform provider has also been updated to take advantage of this change.

August 29, 2023

You can now create Cloud Tensor Processing Unit (TPU) nodes in GKE to run AI workloads, from training to inference models. GKE manages your cluster by automating TPU resource provisioning, scaling, scheduling, repairing, and upgrading. GKE provides TPU infrastructure metrics in Cloud Monitoring, TPU logs, and error reports for better visibility and monitoring of TPU node pools in GKE clusters. TPUs are available with GKE Standard clusters. GKE supports TPU v4 in version 1.26.1.gke-1500 and later, and supports TPU v5e in version 1.27.2-gke.1500 and later. To learn more, see About TPUs in GKE.

You can now sequence the rollout of cluster upgrades across fleets or across scopes. To learn more, see About cluster upgrades with rollout sequencing.

August 28, 2023

Version 4.80.0 of the Terraform provider for Google Cloud fixes an issue observed when deploying new GKE Autopilot clusters that would destroy and re-create the cluster due to a change in the dns_config state. This version of the provider ensures that customers can deploy GKE Autopilot clusters using Cloud DNS as the default in-cluster DNS provider. For more information, see Terraform plans to re-create Autopilot cluster due to dns_config change.

August 25, 2023

GKE now delivers insights and recommendations to ensure your workloads are ready for disruption using features such as Pod Disruption Budgets. To learn more, see Ensure stateful workloads are disruption-ready.

August 22, 2023

The europe-west10 region in Berlin, Germany is now available.

August 17, 2023

You can now easily identify clusters that use deprecated Kubernetes APIs removed in versions 1.25, 1.26, and 1.27. Kubernetes deprecation insights are now available for these versions.

August 16, 2023

GKE Infrastructure Dashboards and Metrics Packages are now available for both GKE Autopilot and Standard clusters with control plane version 1.27.2-gke.1200 and later. You can now configure Autopilot or Standard clusters to export a predefined list of metrics emitted by GKE managed KSM (kube-state-metrics) for workloads state and Persistent Storage. These metrics are collected by Google Cloud Managed Service for Prometheus and are sent to Cloud Monitoring. You can also view new dashboards (Persistent and Workloads state) rendering those metrics in the Observability tab. For more information, see View observability metrics.

You can now troubleshoot issues with CPU limit utilization and Memory limit utilization of containers running in GKE by using the new "interactive playbook" dashboards in Cloud Monitoring.

August 10, 2023

Public clusters upgraded to GKE versions 1.24 and later will eventually be migrated to use Private Service Connect (PSC) for private control plane communication. After the control plane has been reconfigured, GKE schedules an update for your cluster's nodes to use the new private IP address to communicate with control plane. Each node pool is marked for recreation. You can use maintenance windows to control when your nodes are recreated. There is no price increase for using GKE public clusters running on PSC. For more information, see Public clusters with Private Service Connect.

August 09, 2023

The Filestore CSI driver now supports smaller share sizes (10Gi) for Filestore multishares for GKE for enterprise instances starting in version 1.27.

CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, and CVE-2023-2650 have been patched in Filestore CSI driver in GKE versions 1.23 and 1.24, for newly created clusters.

August 08, 2023

(2023-R17) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.27.3-gke.100 is now the default version.
  • The following control plane and node versions are now available:
  • The following control plane versions are no longer available:
    • 1.22.17-gke.12700
    • 1.22.17-gke.14100
    • 1.23.17-gke.7700
    • 1.24.14-gke.1200
    • 1.25.10-gke.1200
    • 1.25.10-gke.1400
    • 1.26.5-gke.1200
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to version 1.23.17-gke.8400 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.23 to version 1.24.14-gke.1400 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.25.10-gke.2100 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.25 to version 1.25.10-gke.2100 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.26.5-gke.2100 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.3-gke.100 with this release.

Stable channel

  • Version 1.27.3-gke.100 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.22.17-gke.12700
    • 1.23.17-gke.7700
    • 1.24.14-gke.1200
    • 1.25.10-gke.1200
    • 1.26.5-gke.1400
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.23.17-gke.8400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to version 1.24.14-gke.1400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.24 to version 1.25.10-gke.2100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.25.10-gke.2100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.26.5-gke.2100 with this release.

Regular channel

  • Version 1.27.3-gke.100 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.22.17-gke.14100
    • 1.23.17-gke.8400
    • 1.24.14-gke.1400
    • 1.25.10-gke.1400
    • 1.26.5-gke.1400
    • 1.27.2-gke.1200
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.23.17-gke.10000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.24.14-gke.2700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.25.10-gke.2700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.5-gke.2700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.5-gke.2700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.3-gke.100 with this release.

Rapid channel

  • Version 1.27.3-gke.1700 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.22.17-gke.14100
    • 1.23.17-gke.8400
    • 1.24.15-gke.1700
    • 1.25.10-gke.2700
    • 1.26.5-gke.2700
    • 1.27.3-gke.100
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.17-gke.10000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.16-gke.500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.25.11-gke.1700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.6-gke.1700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.3-gke.1700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.3-gke.1700 with this release.

August 04, 2023

GKE Autopilot supports the creation of certificate signing request (CSR) objects on new clusters with version 1.27 or later, as long as those CSRs do not conflict with system components identities, and Google-managed IAM service accounts. This feature will be enabled for existing 1.27 clusters within the next few weeks.

August 02, 2023

You can now run workloads on A100 80GB GPUs in Autopilot clusters that use GKE version 1.27 and later.

July 26, 2023

(2023-R16) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.27.2-gke.1200 is now the default version.
  • The following control plane and node versions are now available:
  • The following control plane versions are no longer available:
    • 1.21.14-gke.18800
    • 1.23.17-gke.6800
    • 1.23.17-gke.7000
    • 1.24.13-gke.2500
    • 1.25.8-gke.1000
    • 1.25.9-gke.2300
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to version 1.23.17-gke.7700 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.23 to version 1.24.14-gke.1200 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.25.10-gke.1200 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.25 to version 1.25.10-gke.1200 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.26.5-gke.1400 with this release.

Stable channel

  • Version 1.26.5-gke.1400 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.21.14-gke.18800
    • 1.23.17-gke.6800
    • 1.24.13-gke.2500
    • 1.25.9-gke.2300
    • 1.26.5-gke.1200
    • 1.27.2-gke.1200
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.23.17-gke.7700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to version 1.24.14-gke.1200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.24 to version 1.25.10-gke.1200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.25.10-gke.1200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.26.5-gke.1400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.3-gke.100 with this release.

Regular channel

  • Version 1.27.2-gke.1200 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.21.14-gke.18800
    • 1.22.17-gke.12700
    • 1.23.17-gke.7000
    • 1.24.14-gke.1200
    • 1.25.10-gke.1200
    • 1.26.5-gke.1200
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.17-gke.14100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.23.17-gke.8400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.24.14-gke.1400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.25.10-gke.1400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.5-gke.1400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.5-gke.1400 with this release.

Rapid channel

  • Version 1.27.3-gke.100 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.21.14-gke.18800
    • 1.23.17-gke.7700
    • 1.24.14-gke.2700
    • 1.25.10-gke.2100
    • 1.26.5-gke.2100
    • 1.27.2-gke.2100
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.17-gke.8400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.15-gke.1700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.25.10-gke.2700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.5-gke.2700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.26.5-gke.2700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.3-gke.100 with this release.

July 25, 2023

Kubernetes control plane logs and Kubernetes control plane metrics are now available for GKE Autopilot clusters with control plane version 1.22.0 and later and 1.22.13 and later, respectively. You can now configure Autopilot cluster to export logs and certain metrics emitted by the Kubernetes API server, scheduler, and controller manager to Cloud Logging and Cloud Monitoring.

July 24, 2023

In new Autopilot clusters running GKE version 1.27 and later, GKE assigns IP addresses for GKE Services from a Google-managed range: 34.118.224.0/20 by default. With this feature, you don't need to specify your own IP address range for Services. For more information, see Subnet secondary IP address range for Services.

GKE Autopilot supports extended duration Pods from 1.27 or later with the cluster-autoscaler.kubernetes.io/safe-to-evict=false annotation. To learn more, see how to extend the run time of Autopilot Pods.

July 21, 2023

Update to the Issue release note published on July 19, 2023

We investigated this issue and are rolling back the --no-enable-insecure-kubelet-readonly-port flag in the gcloud CLI. New or existing clusters where the port is still enabled aren't affected. If you already disabled the port, your cluster will continue to work, but you may notice inconsistency in whether the port is fully disabled on every node of the cluster. We'll publish a release note if we have new updates related to the kubelet read-only port.

July 20, 2023

In GKE version 1.25 and later, there is a bug fix in the Ingress Controller to unset the Cloud Armor Ingress Security Policy when removed from the BackendConfig.

Users who have manually attached the Security Policy to a backend service should no longer use this method and should use the BackendConfig to continue using Cloud Armor Security Policies prior to cluster upgrades to GKE version 1.25 and later.

With this fix, the Ingress Controller will reconcile using the configuration in the BackendConfig, thus unsetting any Security Policies added manually to a backend service.

July 19, 2023

There's a known issue causing the gcloud CLI to crash when you run the command to disable the insecure kubelet read-only port, as described in Stop using the insecure kubelet read-only port in GKE clusters. We're investigating this issue and will publish an update when it's fixed.

Starting in GKE version 1.27 and gke-metrics-agent version 2.0.0, the memory request and limit of gke-metrics-agent will increase by an extra 60MiB. This change makes the system metrics collection more stable and reliable.

July 14, 2023

New Autopilot clusters created with version 1.27.3-gke.100 or later are now provisioned with e2-small default nodes, which are removed immediately after cluster creation. With this change, DaemonSets are guaranteed to schedule on all candidate nodes, as long as you follow best practices for DaemonSets on Autopilot.

July 13, 2023

The managed Cloud Storage FUSE CSI driver for GKE is now GA in versions 1.26.5 and later. You can use this driver to consume Cloud Storage buckets for GKE workloads.

July 12, 2023

GKE Dataplane V2 observability is now available in Public Preview starting in GKE versions 1.26.4-gke.500 or later, or 1.27.1-gke.400 or later. You can now enable Dataplane V2 metrics and observability tools on your cluster. Dataplane V2 metrics are included in new Autopilot clusters and opt-in for new Standard clusters. You can opt-in to enable Dataplane V2 observability tools for Autopilot and Standard clusters. Existing clusters can also be updated to enable metrics and observability tooling.

For more information, check out GKE Dataplane V2 observability.

Revision for the release note announced on June 26, 2023

Starting August 2023, Cloud DNS will become the default DNS provider for new GKE Autopilot clusters created with version 1.25.9-gke.400 or later, or version 1.26.4-gke.500 or later (effectively replacing kube-dns). The rollout will be gradual and expected to be completed by August 11, 2023. To learn more, see Cloud DNS for GKE.

In GKE version 1.24 and later, new beta APIs are, by default, disabled in new clusters. Starting in version 1.27, which is the first new minor version since 1.24 where new beta APIs are introduced, you can enable new APIs on cluster creation or for an existing cluster.

For more information, see how to Use Kubernetes beta APIs with GKE clusters.

July 11, 2023

You can now troubleshoot common GKE issues by using the new "interactive playbook" dashboards in Cloud Monitoring: unschedulable pods and crashlooping containers. You can also access the interactive playbooks from GKE UI insights and set alerts that will allow you to know once those issues occurs.

For information about using these dashboards, see the GKE troubleshooting documentation for unschedulable pods and crashlooping.

Starting in GKE version 1.27, cluster autoscaler always considers Compute Engine Reservations when making the scale-up decisions. The node pools with matching unused reservations are prioritized when choosing the node pool to scale up, even when the node pool is not the most efficient one. Additionally, unused reservations are always prioritized when balancing multi-zonal scale-ups.

For more information, see how to use cluster autoscaler.

July 10, 2023

The new release of the GKE Gateway controller (2023-R2) is now generally available. With this release, the GKE Gateway controller will provide the following new capabilities:

  • New GatewayClasses supporting the regional external Application Load Balancer
  • Identity-aware Proxy (IAP) Integration
  • Custom request and response headers
  • URL Rewrites and Path Redirects

To learn more, see the supported capabilities per GatewayClass.

July 07, 2023

(2023-R15) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • The following control plane and node versions are now available:

  • The following control plane versions are no longer available:

    • 1.22.17-gke.8000
    • 1.22.17-gke.11400
    • 1.23.17-gke.5600
    • 1.24.12-gke.500
    • 1.24.12-gke.1000
    • 1.24.13-gke.500
    • 1.26.3-gke.1000
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to version 1.23.17-gke.6800 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.23 to version 1.24.13-gke.2500 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.24.13-gke.2500 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.26.5-gke.1200 with this release.

Stable channel

  • Version 1.26.5-gke.1200 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.23.17-gke.5600
    • 1.24.12-gke.1000
    • 1.25.8-gke.1000
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.23.17-gke.6800 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to version 1.24.13-gke.2500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.24 to version 1.25.9-gke.2300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.25.9-gke.2300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.2-gke.1200 with this release.

Regular channel

  • The following versions are now available in the Regular channel:

  • The following versions are no longer available in the Regular channel:

    • 1.23.17-gke.6800
    • 1.24.13-gke.2500
    • 1.25.9-gke.2300
    • 1.26.3-gke.1000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.23.17-gke.7000 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.24.14-gke.1200 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.25.10-gke.1200 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.25.10-gke.1200 with this release.

Rapid channel

  • Version 1.27.2-gke.2100 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.22.17-gke.12700
    • 1.23.17-gke.7000
    • 1.24.14-gke.2100
    • 1.25.10-gke.1400
    • 1.26.5-gke.1400
    • 1.27.2-gke.1200
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.17-gke.14100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.17-gke.7700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.14-gke.2700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.25.10-gke.2100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.5-gke.2100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.26.5-gke.2100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.2-gke.2100 with this release.

June 28, 2023

FQDN Network Policy, currently in Public Preview, can now be enabled on GKE Autopilot clusters, by updating your clusters. To lean more, see Control Pod egress traffic using FQDN network policies.

June 27, 2023

With CVE-2023-31436, an out-of-bounds memory access flaw was found in the Linux kernel's traffic control (QoS) subsystem in how a user triggers the qfq_change_class function with an incorrect MTU value of the network device used as lmax. This flaw allows a local user to crash or potentially escalate their privileges on the system.

For more information, see the GCP-2023-017 security bulletin.

A new vulnerability (CVE-2023-2235) has been discovered in the Linux kernel that can lead to a privilege escalation on the node. For more information, see the GCP-2023-018 security bulletin.

(2023-R14) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.22.17-gke.8000
    • 1.23.17-gke.2000
    • 1.24.12-gke.500
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.22.17-gke.12700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.23.17-gke.5600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to version 1.24.12-gke.1000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.24 to version 1.24.12-gke.1000 with this release.

Regular channel

  • Version 1.26.5-gke.1200 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.22.17-gke.11400
    • 1.23.17-gke.5600
    • 1.24.12-gke.1000
    • 1.25.8-gke.1000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.17-gke.12700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.23.17-gke.6800 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.24.13-gke.2500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.25.9-gke.2300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.5-gke.1200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.5-gke.1200 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.23.17-gke.6800
    • 1.24.14-gke.1400
    • 1.25.10-gke.1200
    • 1.26.5-gke.1200
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.17-gke.7000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.14-gke.2100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.25.10-gke.1400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.5-gke.1400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.26.5-gke.1400 with this release.

June 26, 2023

Managed Service for Prometheus is enabled by default in new GKE Standard clusters running version 1.27 and later. Existing clusters that upgrade to 1.27 will not automatically enable this feature. For more information, see Enable managed collection: GKE.

Starting June 26, 2023, Cloud DNS becomes the default DNS provider for new GKE Autopilot clusters created with version 1.25.9-gke.400 or later or version 1.26.4-gke.500 or later, effectively replacing kube-dns. To learn more, see Cloud DNS for GKE.

June 23, 2023

Automatic GPU driver installation is available in version 1.27.2-gke.1200 and later, which enables you to install NVIDIA GPU drivers on nodes without manually applying a DaemonSet.

For instructions, see Running GPUs.

June 22, 2023

GKE Autopilot now supports the ability to deploy your own service mesh. Many service meshes, such as Istio or LinkerD, require CAP_NET_ADMIN Linux capability to function, which is disabled on Autopilot clusters by default to reduce the size of the security attack surface. You can now optionally enable NET_ADMIN on your Autopilot clusters if you need this capability for your service meshes or other opt-in use cases. See Autopilot Security for more information for how to enable NET_ADMIN.

June 21, 2023

A new vulnerability, CVE-2023-0468, has been discovered in the Linux kernel that could allow an unprivileged user to escalate privileges to root when io_poll_get_ownership will keep increasing req->poll_refs on every io_poll_wake then overflow to 0 which will fput req->file twice and cause a struct file refcount issue. GKE clusters, including Autopilot clusters, with Container-Optimized OS using Linux Kernel version 5.15 are affected. GKE clusters using Ubuntu images or using GKE Sandbox are unaffected.

For instructions and more details, see the GKE security bulletin.

GKE support for Hyperdisk Throughput and Hyperdisk Extreme as an attached persistent disk option is now generally available. Support is available for both Autopilot and Standard clusters running GKE versions 1.26 and later.

June 16, 2023

Two new security issues were discovered in Kubernetes where users may be able to launch containers that bypass policy restrictions when using ephemeral containers and either ImagePolicyWebhook (CVE-2023-2727) or the ServiceAccount admission plugin (CVE-2023-2728).

For more information, see the GCP-2023-014 security bulletin.

June 15, 2023

(2023-R13) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.25.8-gke.1000 is now the default version.
  • The following control plane and node versions are now available:
  • The following control plane versions are no longer available:
    • 1.21.14-gke.18100
    • 1.24.11-gke.1000
    • 1.26.4-gke.500
    • 1.26.4-gke.1400
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.21.14-gke.18800 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.21.14-gke.18800 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.25.8-gke.1000 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.2-gke.1200 with this release.

Stable channel

  • The following versions are now available in the Stable channel:
  • Version 1.24.11-gke.1000 is no longer available in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.24 to version 1.25.8-gke.1000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.26.5-gke.1200 with this release.

Regular channel

  • Version 1.25.8-gke.1000 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.22.17-gke.8000
    • 1.23.17-gke.2000
    • 1.25.8-gke.500
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.17-gke.11400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.23.17-gke.5600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.23.17-gke.5600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.25.8-gke.1000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.25.8-gke.1000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.2-gke.1200 with this release.

Rapid channel

  • Version 1.27.2-gke.1200 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.22.17-gke.11400
    • 1.23.17-gke.5600
    • 1.24.14-gke.1200
    • 1.25.9-gke.2300
    • 1.26.3-gke.1000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.17-gke.12700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.17-gke.6800 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.14-gke.1400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.25.10-gke.1200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.5-gke.1200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.26.5-gke.1200 with this release.

June 14, 2023

Clusters with low or no utilization can be identified by Idle Cluster insights.

June 12, 2023

Dual-stack LoadBalancer Services are now available in Preview. Dual-stack LoadBalancer Services are supported on both GKE Standard and Autopilot dual-stack clusters. To learn more, see Single-stack and dual-stack Services.

You can now use deprecation insights to identify clusters on versions 1.21 to 1.24 that use Pod Security Policy, which is unsupported on GKE version 1.25 and later.

June 09, 2023

New Autopilot clusters that run GKE version 1.25.5-gke.1000 and later automatically use Image streaming to pull eligible images.

In addition to the existing egress network policy GKE already supports, you can now control the egress traffic of your Pods by using a network policy that matches a fully-qualified domain name or a regular expression. FQDN Network Policy is now available in Preview for clusters in version 1.26.4-gke.500 and later, and 1.27.1-gke.400 and later. For more information, see Control Pod egress traffic using FQDN network policies.

June 08, 2023

The PD CSI Driver will be automatically enabled on upgrades to 1.25, for clusters with the add-on disabled. There are no cost implications for enabling the driver, and it requests only a small amount of node resources. This upgrade enables gce-pd volumes to continue working on Kubernetes clusters version 1.25 and later. You can still disable the driver manually after upgrade. For more details, see Configuring add-ons.

June 07, 2023

(2023-R12) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • Version 1.25.8-gke.1000 is now the default version in the Stable channel.
  • Version 1.21.14-gke.18100 is no longer available in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.14-gke.18800 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.14-gke.18800 with this release.

Regular channel

  • Version 1.24.13-gke.2500 is now available in the Regular channel.
  • Version 1.24.12-gke.500 is no longer available in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.24.12-gke.1000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.24.12-gke.1000 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.22.17-gke.8000
    • 1.23.17-gke.2000
    • 1.23.17-gke.3600
    • 1.24.13-gke.2500
    • 1.25.8-gke.1000
    • 1.26.4-gke.500
    • 1.26.4-gke.1400
    • 1.27.1-gke.400
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.17-gke.11400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.17-gke.5600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.14-gke.1200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.25.9-gke.2300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.25.9-gke.2300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.2-gke.1200 with this release.

June 06, 2023

A new vulnerability (CVE-2023-1872) has been discovered in the Linux kernel that can lead to a privilege escalation to root on the node. For more information, see the GCP-2023-008.

A new vulnerability (CVE-2023-2878) has been discovered in the secrets-store-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. On GKE, the severity is None. For more information, see the GCP-2023-009 security bulletin.

June 05, 2023

(2023-R11) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • The following control plane and node versions are now available:
  • The following control plane versions are no longer available:
    • 1.22.17-gke.7500
    • 1.22.17-gke.9400
    • 1.23.17-gke.1700
    • 1.24.10-gke.2300
    • 1.25.7-gke.1000
    • 1.25.9-gke.400
    • 1.26.2-gke.1000
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.22.17-gke.8000 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to version 1.23.17-gke.2000 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.23 to version 1.24.12-gke.500 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.24.12-gke.500 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.25 to version 1.25.8-gke.500 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.26.3-gke.1000 with this release.

Stable channel

  • Version 1.24.12-gke.500 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.22.17-gke.7500
    • 1.23.17-gke.1700
    • 1.24.10-gke.2300
    • 1.25.8-gke.500
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.22.17-gke.8000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.23.17-gke.2000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to version 1.24.12-gke.500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.24 to version 1.24.12-gke.500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.25.8-gke.1000 with this release.

Regular channel

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.22.17-gke.7500
    • 1.23.17-gke.1700
    • 1.24.11-gke.1000
    • 1.26.2-gke.1000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.17-gke.8000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.23.17-gke.2000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.24.12-gke.500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.24.12-gke.500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.3-gke.1000 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.22.17-gke.9400
    • 1.23.17-gke.1700
    • 1.24.13-gke.500
    • 1.25.9-gke.400
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.17-gke.8000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.17-gke.2000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.13-gke.2500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.13-gke.2500 with this release.

June 01, 2023

Agones on GKE users will get recommendations and insights if they did not install the Agones controller on dedicated nodes.

May 26, 2023

The Observability tab for each of your GKE clusters now includes metrics for ephemeral storage. For more information, see View observability metrics.

May 25, 2023

CVE-2022-4450, CVE-2022-2097, CVE-2023-0286, CVE-2023-0215, and CVE-2022-4304 have been patched in all minor versions for all existing and new clusters using the Compute Engine persistent disk CSI driver.

For VPC peering-based private clusters running version 1.27 or later, traffic from kube-apiserver to nodes routes through the Konnectivity service. If your cluster was created before 2020-09-17, this traffic from does not route through Konnectivity unless you have rotated the control plane IP address after 2020-09-17.

May 23, 2023

CVE-2023-26604 has been fixed in clusters running version 1.25 using the Filestore CSI driver. The fix is transparent, but to mitigate instability, it is available by manually upgrading the cluster to the newest 1.25 patch version. The CVE is not present in clusters running version 1.26 or later.

May 22, 2023

The C3 machine family is generally available for GKE Standard clusters running on version 1.22 and later. You can select this family by using the --machine-type flag when creating a cluster or node pool.

The following features are not supported for this machine family:

  • Node auto-provisioning.
  • Confidential GKE nodes.
  • Local SSD.
  • Standard persistent disks (pd-standard).

For more information, refer to the C3 machine series documentation.

May 18, 2023

Two new vulnerabilities (CVE-2023-1281, CVE-2023-1829) have been discovered in the Linux kernel that can lead to a privilege escalation to root on the node. GKE Standard clusters are affected. For more information, see the GCP-2023-005 security bulletin.

May 12, 2023

The g2-standard machine family with NVIDIA L4 is generally available for node pools in clusters running GKE version 1.22 and later. To select the machine family, use the --machine-type flag in your create command.

May 09, 2023

(2023-R10) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.25.8-gke.500 is now the default version.
  • The following control plane versions are now available:
  • The following versions are no longer available:
    • 1.21.14-gke.8500
    • 1.21.14-gke.15800
    • 1.22.17-gke.5400
    • 1.22.17-gke.6100
    • 1.23.16-gke.1400
    • 1.23.16-gke.2500
    • 1.23.17-gke.300
    • 1.24.9-gke.3200
    • 1.24.10-gke.1200
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.21.14-gke.18100 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.22.17-gke.7500 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to version 1.23.17-gke.1700 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.23 to version 1.24.11-gke.1000 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.24.11-gke.1000 with this release.

Stable channel

  • Version 1.24.11-gke.1000 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.21.14-gke.15800
    • 1.22.17-gke.5400
    • 1.23.16-gke.1400
    • 1.24.9-gke.3200
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.14-gke.18100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.22.17-gke.7500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.23.17-gke.1700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to version 1.24.11-gke.1000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.24 to version 1.24.11-gke.1000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.25.8-gke.500 with this release.

Regular channel

  • Version 1.25.8-gke.500 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.22.17-gke.6100
    • 1.23.17-gke.300
    • 1.24.10-gke.2300
    • 1.25.7-gke.1000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.17-gke.7500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.23.17-gke.1700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.24.11-gke.1000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.25.8-gke.500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.25.8-gke.500 with this release.

Rapid channel

  • Version 1.26.3-gke.1000 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.22.17-gke.7500
    • 1.23.17-gke.300
    • 1.24.12-gke.1000
    • 1.25.8-gke.500
    • 1.26.3-gke.400
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.17-gke.8000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.17-gke.1700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.13-gke.500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.25.8-gke.1000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.25.8-gke.1000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.26.3-gke.1000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.1-gke.400 with this release.

Now in GA for both GKE Standard and Autopilot clusters with GKE version 1.26 and later, you can add more IPv4 secondary Pod ranges to a new or existing cluster with the --additional-pod-ipv4-ranges flag. To learn more, see Adding Pod IP addresses.

May 03, 2023

In GKE version 1.26, for VPC peering-based private clusters that were created after 2020-08, the Konnectivity service will be initialized but not used. Traffic from kube-apiserver to nodes continues to route directly.

May 02, 2023

The managed Cloud Storage FUSE CSI driver for GKE is now available in Preview in GKE versions 1.26.3 and later. You can use this driver to consume Cloud Storage buckets for GKE workloads.

We're working on automatically enabling the PD CSI Driver on upgrades to 1.25, for clusters with the add-on disabled. There are no cost implications for enabling the driver, and it requests only a small amount of node resources. This upgrade enables gce-pd volumes to continue working on Kubernetes clusters version 1.25 and greater. You can still disable the driver manually after upgrade. For more details, please read here.

April 19, 2023

(2023-R09) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • Version 1.24.11-gke.1000 is now available in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to version 1.24.10-gke.2300 with this release.

Regular channel

  • Version 1.25.7-gke.1000 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • Version 1.23.16-gke.2500 is no longer available in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.23.17-gke.300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.23.17-gke.300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.2-gke.1000 with this release.

Rapid channel

  • Version 1.26.3-gke.400 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.22.17-gke.6100
    • 1.23.16-gke.2500
    • 1.24.12-gke.500
    • 1.25.7-gke.1000
    • 1.26.2-gke.1000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.17-gke.7500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.17-gke.300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.12-gke.1000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.25.8-gke.500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.25.8-gke.500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.26.3-gke.400 with this release.

April 14, 2023

Pods bound to Preemptible and Spot nodes are now automatically deleted from the Kubernetes API server after the Preemptible or Spot instance is preempted. This is available in GKE versions:

  • 1.25.7-gke.1000 or later
  • 1.26.2-gke.1000 or later

April 11, 2023

Two new vulnerabilities, CVE-2023-0240 and CVE-2023-23586, have been discovered in the Linux kernel that could allow an unprivileged user to escalate privileges. For more information, see the GCP-2023-003 security bulletin.

In GKE 1.27 and later, GKE nodes will not keep compressed image layers in containerd's content store once they have been unpacked, by setting discard_unpacked_layers=true in containerd configuration. This change will not impact workloads running as Kubernetes Pods and Containers. However, if your workload relies on the image layers in containerd's content store, please make sure your workload can handle the case where image layers are missing.

The new release of the GKE Gateway controller (2023-R01) is now generally available. With this release, the GKE Gateway controller will provide the following new capabilities:

  • Gateway API on Autopilot clusters by default (GKE 1.26+)
  • The Global External HTTP(S) Load Balancer GatewayClass graduates to GA
  • Global Access for the gke-l7-rilb GatewayClass
  • SSL Policies
  • HTTP-to-HTTPS redirect
  • Cloud Armor integration

You can check all the supported capabilities per GatewayClass in this page.

April 05, 2023

The g2-standard machine family with NVIDIA L4 is available in Preview for node pools in clusters running GKE version 1.22 and later. To select the machine family, use the --machine-type flag in your create command.

April 03, 2023

GKE now supports a streamlined Fleet registration process, allowing users to register their clusters to a Fleet directly when clusters are created using the gcloud command. For more information, see Register a GKE cluster to your fleet.

March 31, 2023

(2023-R08) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • The following versions are now available in the Stable channel:
  • Version 1.24.10-gke.2300 is now the default version in the Stable channel.
  • The following versions are no longer available in the Stable channel:
    • 1.21.14-gke.14600
    • 1.22.17-gke.4000
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to 1.21.14-gke.15800 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to 1.22.17-gke.5400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to 1.23.16-gke.1400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.24 to 1.24.10-gke.2300 with this release.

Regular channel

  • The following versions are now available in the Regular channel:
  • Version 1.24.10-gke.2300 is now the default version in the Regular channel.
  • The following versions are no longer available in the Regular channel:
    • 1.21.14-gke.18100
    • 1.22.17-gke.5400
    • 1.24.9-gke.3200
    • 1.25.6-gke.1000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.21.14-gke.18800 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to 1.22.17-gke.6100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to 1.23.16-gke.2500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to 1.24.10-gke.2300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to 1.24.10-gke.2300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to 1.25.7-gke.1000 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • Version 1.26.2-gke.1000 is now the default version in the Rapid channel.
  • The following versions are no longer available in the Rapid channel:
    • 1.22.17-gke.5400
    • 1.23.16-gke.1400
    • 1.24.11-gke.1000
    • 1.25.6-gke.1000
    • 1.26.1-gke.1500
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.22.17-gke.6100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to 1.23.16-gke.2500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to 1.24.12-gke.500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to 1.25.7-gke.1000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to 1.25.7-gke.1000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to 1.26.2-gke.1000 with this release.

March 30, 2023

The me-central1 region in Doha, Qatar is now available.

March 29, 2023

Starting from GKE 1.26, cluster autoscaler can drain Pods from multiple nodes in parallel. The removal criteria are not changing, so the end state after scale down is going to be the same, but it will be achieved faster.

March 23, 2023

The europe-west12 region in Turin, Italy is now available.

March 22, 2023

(2023-R07) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • The following control plane and node versions are now available:

  • The following control plane versions are no longer available:

    • 1.21.14-gke.14100
    • 1.22.17-gke.3100
    • 1.25.6-gke.200
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to 1.21.14-gke.14600 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to 1.22.17-gke.4000 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to 1.22.17-gke.4000 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.25 to 1.25.6-gke.1000 with this release.

Stable channel

  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.22.17-gke.3100
    • 1.23.16-gke.1100
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to 1.22.17-gke.4000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to 1.23.16-gke.1400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to 1.23.16-gke.1400 with this release.

Regular channel

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.21.14-gke.15800
    • 1.22.17-gke.4000
    • 1.23.16-gke.1100
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.21.14-gke.18100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to 1.22.17-gke.5400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to 1.23.16-gke.2500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to 1.23.16-gke.2500 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.21.14-gke.18100
    • 1.22.17-gke.4300
    • 1.24.10-gke.2300
    • 1.25.6-gke.200
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.14-gke.18800 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.22.17-gke.5400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to 1.23.16-gke.2500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to 1.24.11-gke.1000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to 1.25.6-gke.1000 with this release.

March 21, 2023

Starting on March 21, 2023, traffic to k8s.gcr.io will be redirected to registry.k8s.io, following the community announcement. This change will happen gradually to reduce disruption, and should be transparent to the majority of GKE clusters.

To check for edge cases, and mitigate a potential impact, follow the step-by-step guidance in k8s.gcr.io Redirect to registry.k8s.io - What You Need to Know.

March 07, 2023

Backend Service-based external Network load balancers are now generally available with GKE. Regional Backend Service is a foundational element of a Google Cloud Load Balancer and using it for your external LoadBalancer Services will unlock new capabilities going forward. To learn more, see how to deploy a backend service-based external network load balancer.

March 03, 2023

(2023-R06) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • Version 1.24.9-gke.3200 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.21.14-gke.14100
    • 1.23.14-gke.1800
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.14-gke.14600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.14-gke.14600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.23.16-gke.1100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to version 1.23.16-gke.1100 with this release.

Regular channel

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.22.17-gke.3100
    • 1.23.16-gke.200
    • 1.25.6-gke.200
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.17-gke.4000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.23.16-gke.1100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.23.16-gke.1100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.25.6-gke.1000 with this release.

Rapid channel

  • Version 1.26.1-gke.1500 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.21.14-gke.15800
    • 1.22.17-gke.4000
    • 1.23.16-gke.1100
    • 1.24.10-gke.1200
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.14-gke.18100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.17-gke.4300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.16-gke.1400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.10-gke.2300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.10-gke.2300 with this release.

March 01, 2023

A new vulnerability (CVE-2022-4696) has been discovered in the Linux kernel that can lead to a privilege escalation on the node. GKE clusters, including Autopilot clusters, are impacted. GKE clusters using GKE Sandbox are not affected. For instructions and more details, see the GKE security bulletin.

February 22, 2023

(2023-R05) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.24.9-gke.3200 is now the default version.
  • The following control plane and node versions are now available:
  • The following control plane versions are no longer available:
    • 1.21.14-gke.7100
    • 1.22.15-gke.1000
    • 1.22.15-gke.2500
    • 1.22.16-gke.1300
    • 1.22.16-gke.2000
    • 1.25.5-gke.2000
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.21.14-gke.14100 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.22.17-gke.3100 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to version 1.22.17-gke.3100 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.25 to version 1.25.6-gke.200 with this release.

Stable channel

  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.22.16-gke.2000
    • 1.24.9-gke.1500
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.22.17-gke.3100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.22.17-gke.3100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.24 to version 1.24.9-gke.3200 with this release.

Regular channel

  • Version 1.24.9-gke.3200 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.21.14-gke.14600
    • 1.22.16-gke.2000
    • 1.23.14-gke.1800
    • 1.24.9-gke.2000
    • 1.25.5-gke.2000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.14-gke.15800 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.17-gke.3100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.23.16-gke.200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.24.9-gke.3200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.24.9-gke.3200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.25.6-gke.200 with this release.

Rapid channel

  • Version 1.25.6-gke.1000 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.22.17-gke.3100
    • 1.23.16-gke.200
    • 1.24.9-gke.3200
    • 1.26.1-gke.200
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.17-gke.4000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.16-gke.1100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.10-gke.1200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.25.6-gke.1000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.25.6-gke.1000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.26.1-gke.1500 with this release.

February 17, 2023

In Standard clusters with GKE version 1.26 and later, you can now audit workloads to validate if they are compatible with Autopilot clusters. Use kubectl get audit to see the cluster objects.

February 10, 2023

(2023-R04) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.24.9-gke.2000 is now the default version.
  • The following control plane and node versions are now available:
  • The following control plane versions are no longer available:
    • 1.21.14-gke.5300
    • 1.22.17-gke.1400
    • 1.22.17-gke.1900
    • 1.24.7-gke.900
    • 1.24.8-gke.401
    • 1.25.5-gke.1500
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.21.14-gke.7100 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.21.14-gke.7100 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to version 1.23.14-gke.1800 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.24.8-gke.2000 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.25 to version 1.25.5-gke.2000 with this release.

Stable channel

  • Version 1.21.14-gke.14600 is now available in the Stable channel.
  • The following versions are no longer available in the Stable channel:
    • 1.21.14-gke.5300
    • 1.21.14-gke.7100
    • 1.21.14-gke.8500
    • 1.22.15-gke.2500
    • 1.23.13-gke.900
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.14-gke.14100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.22.16-gke.2000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.23.14-gke.1800 with this release.

Regular channel

  • Version 1.24.9-gke.2000 is now the default version in the Regular channel.
  • The following versions are no longer available in the Regular channel:
    • 1.21.14-gke.7100
    • 1.21.14-gke.8500
    • 1.22.15-gke.1000
    • 1.22.15-gke.2500
    • 1.22.16-gke.1300
    • 1.23.14-gke.401
    • 1.24.8-gke.2000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.14-gke.14600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.16-gke.2000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.23.14-gke.1800 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.24.9-gke.2000 with this release.

Rapid channel

  • Version 1.25.6-gke.200 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.22.16-gke.2000
    • 1.22.17-gke.1400
    • 1.22.17-gke.1900
    • 1.23.15-gke.1400
    • 1.23.15-gke.1900
    • 1.24.8-gke.2000
    • 1.24.9-gke.1500
    • 1.24.9-gke.2000
    • 1.25.5-gke.2000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.17-gke.3100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.16-gke.200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.9-gke.3200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.9-gke.3200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.25.6-gke.200 with this release.

February 07, 2023

For clusters running on GKE version 1.21—which reaches end of life on January 31, 2023—you can apply a one-time maintenance exclusion to prevent the cluster from being upgraded until April 30, 2023. For more information, see the note at When does GKE resume automatic upgrades?

February 03, 2023

The POD_FINDER_IP_MISMATCH errors that caused Pods to fail to access Google Cloud APIs are fixed in the following GKE versions in the Rapid release channel:

  • 1.22.17-gke.3100 or later
  • 1.23.16-gke.200 or later
  • 1.24.9-gke.3200 or later
  • 1.25.6-gke.200 or later
  • 1.26.1-gke.400 or later

To fix the issue, upgrade your nodes to any of these versions.

February 02, 2023

(2023-R03) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • The following control plane and node versions are now available:
  • The following control plane versions are no longer available:
    • 1.21.14-gke.4300
    • 1.25.4-gke.2100
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.21.14-gke.5300 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.22.15-gke.2500 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to version 1.22.15-gke.2500 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.25 to version 1.25.5-gke.1500 with this release.

Stable channel

  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.21.14-gke.4300
    • 1.24.8-gke.401
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.14-gke.5300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.14-gke.5300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.24 to version 1.24.9-gke.1500 with this release.

Regular channel

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.21.14-gke.5300
    • 1.24.7-gke.900
    • 1.25.4-gke.2100
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.14-gke.7100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.15-gke.2500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.23.14-gke.1800 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.23.14-gke.1800 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.25.5-gke.2000 with this release.

Rapid channel

  • Version 1.25.5-gke.2000 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.21.14-gke.14600
    • 1.22.16-gke.1300
    • 1.23.14-gke.1800
    • 1.24.8-gke.401
    • 1.25.5-gke.1500
    • 1.26.0-gke.2000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.14-gke.15800 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.16-gke.2000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.15-gke.1400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.8-gke.2000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.8-gke.2000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.25.5-gke.2000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.26.1-gke.200 with this release.

January 27, 2023

If containerd restarts on a node that has existing running Pods that use Workload Identity, those specific Pods might fail to access Google Cloud APIs and might return POD_FINDER_IP_MISMATCH errors. This affects nodes with the following GKE versions:

  • 1.22.16-gke.2100 and later
  • 1.23.14-gke.1900 and later
  • 1.24.7-gke.700 and later
  • 1.25.0 and later
  • 1.26.0 and later

This issue will be fixed in a future release

Starting from GKE control plane versions 1.26.0-gke.2200, 1.25.5-gke.2200, 1.24.9-gke.2200 or later, SingleStack IPv6 and DualStack (IPv4/IPv6) services, stub domains, and upstream nameservers are supported with Cloud DNS for GKE.

A known issue with kube-dns receiving a DNS response from an upstream DNS resolver with a large TTL has been fixed. For more information, see Large TTL from DNS upstream servers

Public zonal clusters upgraded to GKE versions 1.24 and later will eventually be migrated to use Private Service Connect (PSC) for private control plane communication. There is no price increase for using GKE public clusters running on PSC.

January 26, 2023

The Balanced compute class is now generally available in Autopilot clusters running GKE version 1.25 and later.

You can now specify a minimum CPU platform in the Balanced compute class in Autopilot clusters running GKE version 1.25 and later if your workloads have specialized CPU requirements such as a high base frequency or optimized power management functionality. For instructions, refer to Choose a minimum CPU platform.

January 24, 2023

You can now expose randomly assigned host ports in Pods on GKE Autopilot running version 1.24.7-gke.1200 and later or 1.25.3-gke.1100 and later.

January 17, 2023

You can now attach ephemeral and block devices backed by Local NVMe SSDs during GKE node pool creation, using the Ephemeral Storage Local SSD API and the Local NVMe SSD Block API respectively, with node version 1.25.3-gke.1800 or later.

January 13, 2023

(2023-R02) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • Version 1.23.14-gke.1800 is now the default version in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to version 1.23.14-gke.1800 with this release.

Regular channel

  • Version 1.24.8-gke.2000 is now the default version in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.23.14-gke.401 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.24.8-gke.2000 with this release.

Rapid channel

  • Version 1.25.5-gke.1500 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.21.14-gke.14100
    • 1.22.15-gke.2500
    • 1.23.14-gke.401
    • 1.24.7-gke.900
    • 1.25.4-gke.2100
    • 1.26.0-gke.1500
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.14-gke.14600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.16-gke.1300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.14-gke.1800 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.8-gke.401 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.8-gke.401 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.25.5-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.26.0-gke.2000 with this release.

January 12, 2023

Two new vulnerabilities (CVE-2022-3786 and CVE-2022-3602) have been discovered in OpenSSL v3.0.6 that can potentially cause a crash. While this has been rated a High in the NVD database, GKE endpoints use boringSSL or an older version of OpenSSL that is not affected, so the rating has been reduced to a Medium for GKE. For more information, refer to the GCP-2022-026 security bulletin.

January 09, 2023

The release notes for 1.26 available in the Rapid channel were modified with an additional notable change:

Windows Server 2022 OS image is generally available on GKE. You can now create Windows Node pools with Windows Server 2022 OS images using the command line. For more information, see Creating a cluster using Windows Server node pools.

January 05, 2023

2023-01-09 update: Added an additional Notable change to 1.26 for this release note.

(2023-R01) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • The following control plane and node versions are now available:
  • The following control plane versions are no longer available:
    • 1.22.15-gke.100
    • 1.25.3-gke.800
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.22.15-gke.1000 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to version 1.22.15-gke.1000 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.25 to version 1.25.4-gke.2100 with this release.

Stable channel

  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.22.15-gke.100
    • 1.23.11-gke.300
    • 1.24.7-gke.900
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.22.15-gke.2500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.22.15-gke.2500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.24 to version 1.24.8-gke.401 with this release.

Regular channel

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.22.15-gke.100
    • 1.23.13-gke.900
    • 1.24.5-gke.600
    • 1.25.3-gke.800
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.15-gke.1000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.23.14-gke.401 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.23.14-gke.401 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.25.4-gke.2100 with this release.

Rapid channel

  • Version 1.25.4-gke.2100 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.21.14-gke.8500
    • 1.22.15-gke.1000
    • 1.23.13-gke.900
    • 1.24.6-gke.1500
    • 1.25.4-gke.1600
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.14-gke.14100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.15-gke.2500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.14-gke.401 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.7-gke.900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.7-gke.900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.25.4-gke.2100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.26.0-gke.1500 with this release.

1.26 is now available in the Rapid channel

Kubernetes 1.26 is now available in the Rapid channel. Before upgrading, read the Kubernetes 1.26 Release Notes, especially the action required and deprecation sections.

Notable changes

New API versions

  • flowcontrol.apiserver.k8s.io/v1beta3 FlowSchema, PriorityLevelConfiguration
    • The PriorityLevelConfiguration spec.limited.assuredConcurrencyShares field is renamed to spec.limited.nominalConcurrencyShares

Deprecated API versions

These APIs are still served in version 1.26 but are in a deprecation period:

  • The following Beta versions of graduated APIs will be removed in 1.27 in favor of newer versions:
    • storage.k8s.io/v1beta1 CSIStorageCapacity
    • deprecated since 1.24
    • use storage.k8s.io/v1 instead, available since 1.24
  • The following Beta versions of graduated APIs will be removed in 1.29 in favor of newer versions:
    • flowcontrol.apiserver.k8s.io/v1beta2 FlowSchema, PriorityLevelConfiguration
    • deprecated since 1.26
    • use flowcontrol.apiserver.k8s.io/v1beta3 instead, available since 1.26

Removed API versions

The following Beta versions of graduated APIs will be removed in 1.26 in favor of newer versions:

  • flowcontrol.apiserver.k8s.io/v1beta1 FlowSchema, PriorityLevelConfiguration
    • deprecated since 1.23
    • use flowcontrol.apiserver.k8s.io/v1beta2 instead, available since 1.23
  • autoscaling/v2beta2 HorizontalPodAutoscaler
    • deprecated since 1.23
    • use autoscaling/v2 instead, available since 1.23 (or autoscaling/v1)

January 04, 2023

You can now run GPU-based workloads in GA in Autopilot clusters that use GKE version 1.24.2-gke.1800 and later.

December 22, 2022

Dual-stack clusters in GKE are now generally available. Dual-stack networking is supported on both Standard and Autopilot clusters. To learn more, see Use an IPv4/IPv6 dual-stack network to create a dual-stack cluster.

December 21, 2022

A new vulnerability (CVE-2022-2602) has been discovered in the io_uring subsystem in the Linux kernel that can allow an attacker to potentially execute arbitrary code. For more information, see the GCP-2022-025 security bulletin.

You can now enable NCCL Fast Socket on your multi-GPU workloads. NCCL Fast Socket is a transport layer plugin designed to improve NVIDIA Collective Communication Library (NCCL) performance on Google Cloud. To enable NCCL Fast Socket, you must be using a GKE Standard cluster with control plane version 1.25.2-gke.1700 or later. For more information, see Improve workload efficiency using NCCL Fast Socket.

December 19, 2022

CVE-2022-37434, CVE-2022-40674, CVE-2022-1586, CVE-2022-1587 have been patched in the PD CSI driver in 1.22, 1.23, 1.24 for newly created clusters. CVE-2022-37434, CVE-2021-3999, CVE-2022-40674, CVE-2022-1586, CVE-2022-1587 have been patched in the PD CSI driver in 1.25 for newly created clusters.

December 16, 2022

Global external HTTP(S) load balancer is now supported with the GKE Gateway controller in Preview. You can now configure GKE clusters with control plane version 1.24 or later in Rapid channel to use a global external HTTP(S) load balancer to expose web services to the Internet, in a single cluster or multi-cluster architecture. You can benefit from many advanced traffic management capabilities offered by the new generation of Google Cloud global external HTTP(S) load balancers natively in GKE by using the Kubernetes Gateway API and specifying a new Gateway class. To see the difference between Gateway classes compatible with our GKE Gateway controller, see here.

December 14, 2022

(2022-R28) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • Version 1.23.13-gke.900 is now the default version in the Stable channel
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to version 1.23.13-gke.900 with this release.

Regular channel

  • Version 1.24.7-gke.900 is now the default version in the Regular channel
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.22.13-gke.1000
    • 1.23.12-gke.1600
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.15-gke.100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.23.13-gke.900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.23.13-gke.900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.24.7-gke.900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.25.3-gke.800 with this release.

Rapid channel

  • Version 1.25.4-gke.1600 is now the default version in the Rapid channel
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.22.15-gke.100
    • 1.23.12-gke.1600
    • 1.24.5-gke.600
    • 1.25.3-gke.800
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.15-gke.1000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.13-gke.900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.23.13-gke.900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.25.4-gke.1600 with this release.

Cloud DNS for GKE (cluster scope) is now Generally Available. You can now configure GKE clusters with control plane version 1.24.7-gke.800, 1.25.3-gke.700 or later to use Cloud DNS as the DNS provider for in-cluster name resolution, and replace the existing DNS service based on kube-dns.

10/06/2023 update: This migration is currently paused.

GKE Autopilot clusters may now migrate the cluster's datapath provider to Dataplane V2. Migration is triggered during a control plane upgrade (see version requirements below). The migration is complete once all nodes running the legacy datapath have been recreated. Node pools created after the control plane upgrade will be created using Dataplane V2.

  • For clusters running 1.24 without Dataplane V2, upgrading to 1.24.7-gke.300 or a higher 1.24 version will begin the migration to Dataplane V2.

  • For clusters running 1.25 without Dataplane V2, upgrading to 1.25.3-gke.200 or a higher 1.25 version will begin the migration to Dataplane V2.

To determine whether you are in the process of migrating the datapath, run:

gcloud container clusters describe <CLUSTER> --region <REGION> --project <PROJECT> --format="value(networkConfig.datapathProvider)"

Clusters migrating to Dataplane V2 will have the datapath provider field of the cluster set to MIGRATE_TO_ADVANCED_DATAPATH.

Clusters that have migrated to Dataplane V2 will have the datapath provider field of the cluster set to ADVANCED_DATAPATH.

December 13, 2022

Compact placement policy is now generally available. Set up a compact placement policy to specify that nodes within the node pool should be placed in closer physical proximity to each other within a zone. Having nodes closer to each other can reduce network latency between nodes, which can be useful for tightly-coupled batch workloads.

December 12, 2022

Public clusters upgraded to GKE versions 1.25 and later will eventually be migrated to use Private Service Connect (PSC) for private control plane communication. There is no price increase for using GKE public clusters running on PSC.

December 05, 2022

(2022-R27) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.24.5-gke.600 is now the default version.
  • The following control plane and node versions are now available:
  • The following control plane versions are no longer available:
    • 1.21.14-gke.3000
    • 1.21.14-gke.9500
    • 1.22.12-gke.2300
    • 1.23.8-gke.1900
    • 1.23.9-gke.900
    • 1.23.9-gke.2100
    • 1.23.10-gke.1000
    • 1.24.4-gke.800
  • The following node version is no longer available: 1.21.14-gke.9500
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.21.14-gke.4300 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.22.15-gke.100 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.23 to version 1.23.11-gke.300 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.24.5-gke.600 with this release.

Stable channel

  • Version 1.23.11-gke.300 is now the default version in the Stable channel
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.21.14-gke.3000
    • 1.22.12-gke.2300
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.14-gke.4300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.22.15-gke.100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.24 to version 1.24.7-gke.900 with this release.

Regular channel

  • Version 1.24.5-gke.600 is now the default version in the Regular channel
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.22.12-gke.2300
    • 1.23.12-gke.100
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.13-gke.1000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.23.12-gke.1600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.23.12-gke.1600 with this release.

Rapid channel

  • Version 1.25.3-gke.800 is now the default version in the Rapid channel
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.21.14-gke.7100
    • 1.21.14-gke.9500
    • 1.22.14-gke.300
    • 1.23.12-gke.100
    • 1.24.4-gke.800
    • 1.25.2-gke.1700
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.14-gke.8500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.15-gke.100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.12-gke.1600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.6-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.6-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.25.3-gke.800 with this release.

November 29, 2022

Kubernetes control plane logs are now Generally Available. You can now configure GKE clusters with control plane version 1.22.0 or later to export to Cloud Logging logs emitted by the Kubernetes API server, Scheduler, and Controller Manager.

These logs are stored in Cloud Logging and can be queried in the Cloud Logging Log Explorer or Cloud Logging API. These logs can also be sent to Google Cloud Storage, BigQuery, or Pub/Sub using the Log Router.

You can now use deprecation insights to identify clusters on versions 1.23 and earlier that use Docker-based node images, which are unsupported on GKE version 1.24 and later.

November 22, 2022

GKE version 1.21.14-gke.9500 has an issue where Pods in certain conditions might get stuck terminating indefinitely, due to a Linux kernel bug. The version has been removed and is no longer available for new clusters. If your node pools are running 1.21.14-gke.9500 and experience the issue, we recommend downgrading the node pool to 1.21.14-gke.8500.

November 21, 2022

The Logs tab available for each cluster on the Kubernetes Engine > Clusters page now includes suggested queries for your logs. For more information about using your GKE logs, see Viewing your GKE logs.

November 18, 2022

GKE Autopilot clusters support compact placement policies in version 1.25 and later.

November 17, 2022

GKE Autopilot clusters support signaling to GKE that a particular node is problematic in version 1.24 and later.

November 11, 2022

The Filestore CSI driver has patched the following CVEs for newly created clusters running GKE version 1.23 and later:

  • CVE-2022-37434
  • CVE-2019-19126
  • CVE-2019-25013
  • CVE-2022-23219
  • CVE-2021-35942
  • CVE-2020-10029
  • CVE-2021-3326
  • CVE-2022-23218
  • CVE-2020-1752
  • CVE-2021-3999
  • CVE-2020-27618
  • CVE-2021-27645
  • CVE-2016-10228
  • CVE-2020-6096
  • CVE-2021-33574
  • CVE-2022-29458

November 10, 2022

You can now use use compact placement for node auto-provisioning in Standard clusters with GKE version 1.25 and later. To learn more, see Use compact placement for node auto-provisioning.

November 09, 2022

GKE Gateway for Single Cluster is now generally available in GKE version 1.24 and later. Use the Gateway API to express the intent of your inbound HTTP(S) traffic into your GKE cluster and the Gateway controller will instrument and fully manage the external and/or internal HTTP(S) load balancer(s) that forwards traffic to your applications. For complete details about the GKE Gateway controller, refer to the following documentation.

November 08, 2022

A security vulnerability, CVE-2022-39278, has been discovered in Istio, which is used in Anthos Service Mesh, that allows a malicious attacker to crash the control plane. GKE doesn't ship with Istio and isn't affected by this vulnerability. However, if you separately installed Anthos Service Mesh or Istio in your GKE cluster, refer to the Anthos Service Mesh security bulletin for more information.

November 07, 2022

When you create a LoadBalancer service in GKE, the Google Cloud controllers automatically create the following firewall rules and apply them to the GKE nodes to allow inbound connections on the Service port:

  • Internal load balancer with GKE subsetting or external load balancer with regional backend services (RBS): k8s2-[cluster-id]-[namespace]-[service-name]-[suffixhash]
  • Internal load balancer without GKE subsetting or external load balancer with target pool: k8s-fw-[loadbalancer-hash]

These rules now include the load balancer IP address in the destination ranges field to further control the inbound connections to the nodes. You can use the gcloud compute firewall-rules describe command to check a relevant firewall. The new field in the output is similar to the following:

destinationRanges:
- [LOADBALANCER_VIRTUAL_IP_ADDRESS]

November 04, 2022

(2022-R26) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.23.12-gke.100 is now the default version.
  • The following control plane and node versions are now available:
  • The following control plane versions are no longer available:
    • 1.22.12-gke.500
    • 1.22.12-gke.1200
    • 1.24.3-gke.2100
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to 1.22.15-gke.100 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to 1.22.15-gke.100 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to 1.24.4-gke.800 with this release.

Stable channel

  • Version 1.22.15-gke.100 is now the default version in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to 1.22.15-gke.100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to 1.22.15-gke.100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.24 to 1.24.5-gke.600 with this release.

Regular channel

  • Version 1.23.12-gke.100 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.21.14-gke.4300
    • 1.22.12-gke.500
    • 1.23.8-gke.1900
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.21.14-gke.5300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to 1.21.14-gke.5300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to 1.23.12-gke.100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to 1.23.12-gke.100 with this release.

Rapid channel

  • Version 1.24.5-gke.600 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.21.14-gke.5300
    • 1.22.13-gke.1000
    • 1.23.11-gke.300
    • 1.24.3-gke.2100
    • 1.25.1-gke.500
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.14-gke.7100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.22.14-gke.300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to 1.23.12-gke.100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to 1.24.5-gke.600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to 1.24.5-gke.600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to 1.25.2-gke.1700 with this release.

November 03, 2022

You can now easily identify clusters that use certificates incompatible with Kubernetes version 1.23. Kubernetes 1.23 deprecation insights are now available in Preview for clusters of at least version 1.22.6-gke.1000.

October 28, 2022

A new vulnerability, CVE-2022-20409, has been discovered in the Linux kernel that could allow an unprivileged user to escalate to system execution privilege. For instructions and more details, see the GKE security bulletin.

October 27, 2022

A new vulnerability, CVE-2022-3176, has been discovered in the Linux kernel that can lead to local privilege escalation. This vulnerability allows an unprivileged user to achieve full container breakout to root on the node. For instructions and more details, see the GKE security bulletin.

October 19, 2022

(2022-R25) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.23.8-gke.1900 is now the default version.
  • The following control plane and node versions are now available:
  • The following control plane versions are no longer available:
    • 1.21.14-gke.2700
    • 1.22.12-gke.300
    • 1.24.2-gke.1900
    • 1.24.3-gke.200
    • 1.24.3-gke.900
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to 1.21.14-gke.3000 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to 1.22.12-gke.2300 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to 1.22.12-gke.2300 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to 1.24.3-gke.2100 with this release.

Stable channel

  • Version 1.22.12-gke.2300 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.21.14-gke.2700
    • 1.22.12-gke.1200
    • 1.23.8-gke.1900
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to 1.21.14-gke.3000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to 1.22.12-gke.2300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to 1.22.12-gke.2300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to 1.23.11-gke.300 with this release.

Regular channel

  • Version 1.23.8-gke.1900 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.21.14-gke.2700
    • 1.22.12-gke.300
    • 1.24.2-gke.1900
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.21.14-gke.4300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to 1.21.14-gke.4300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to 1.23.8-gke.1900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to 1.24.5-gke.600 with this release.

Rapid channel

  • Version 1.24.4-gke.800 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.21.14-gke.4300
    • 1.22.12-gke.2300
    • 1.23.10-gke.1000
    • 1.24.3-gke.900
    • 1.25.0-gke.1100
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.14-gke.5300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.22.13-gke.1000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to 1.23.11-gke.300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to 1.24.4-gke.800 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to 1.24.4-gke.800 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to 1.25.1-gke.500 with this release.

October 14, 2022

GKE Cost Allocation has been released for general availability. With GKE Cost Allocation, you can see cost breakdowns in clusters for namespaces, and pod labels for utilized CPU and MEM. For complete details, refer to View detailed breakdown of cluster costs.

October 12, 2022

Creating public clusters on GKE versions 1.23 or later might fail with the following error due to a missing API permission in certain compliance regimes (FedRAMP High, US Regions and Support, EU Regions and Support, EU Regions and Support with Sovereign Controls):

ManagedResourceService.AddServiceBundle, PERMISSION_DENIED'/> APPLICATION_ERROR;google.cloud.servicedirectory.v1beta1/ManagedResourceService.AddServiceBundle;Request is disallowed by organization's constraints/gcp.restrictServiceUsage constraint for 'projects/<projectID> attempting to use service 'servicedirectory.googleapis.com'

To fix this issue, refer to the October 5, 2022 Assured Workloads release note.

October 05, 2022

(2022-R24) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • The following versions are now available in the Stable channel:

Regular channel

Rapid channel

September 30, 2022

You can now run GPU-based workloads in Preview in Autopilot clusters that use GKE version 1.24.2-gke.1800 and later. For more information, see the Google Cloud blog post.

In Autopilot clusters running GKE version 1.24.1-gke.1400 and later, you can now use the Balanced compute class to schedule your workloads that require very high memory or CPU requests.

September 28, 2022

The Calico CNI authentication errors that caused pods to get stuck in Terminating or Pending state (see August 19, 2022 release notes) are fixed in the following GKE versions in the Rapid release channel:

  • 1.24.4-gke.500 or later
  • 1.23.11-gke.300 or later
  • 1.22.14-gke.300 or later

To fix the issue, upgrade your control plane to any of these versions. If you prefer not to use the Rapid channel, open a Google Cloud Support ticket to have your cluster patched internally.

GKE control plane metrics is now available for clusters running Kubernetes control plane version 1.22.13 or later.

September 23, 2022

(2022-R23) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.22.12-gke.2300 is now the default version.
  • The following control plane and node versions are now available:

  • The following control plane versions are no longer available:

    • 1.21.14-gke.700
    • 1.21.14-gke.2100
    • 1.22.11-gke.400
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.21.14-gke.2700 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.22.12-gke.1200 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to version 1.22.12-gke.1200 with this release.

Stable channel

  • Version 1.22.12-gke.1200 is now the default version in the Stable channel.

  • The following versions are now available in the Stable channel:

  • The following versions are no longer available in the Stable channel:

    • 1.21.14-gke.700
    • 1.22.12-gke.500
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.14-gke.2700 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.22.12-gke.1200 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.22.12-gke.1200 with this release.

Regular channel

  • Version 1.22.12-gke.2300 is now the default version in the Regular channel.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.12-gke.2300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.22.12-gke.2300 with this release.

Rapid channel

  • Version 1.24.3-gke.2100 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.12-gke.2300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.3-gke.2100 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.3-gke.2100 with this release.

2022-09-22 update: Updated new default versions for the 2022-R22 release in the Stable channel.

September 22, 2022

The a2-ultragpu machine family is available in Preview for node pools in clusters running GKE version 1.24 and later. To select the machine family, use the --machine-type flag in your create command.

September 15, 2022

CVE-2022-2068 has been patched in the Filestore CSI driver for GKE clusters running version 1.23 or later.

Starting from GKE version 1.25 and gke-metrics-agent version 1.0.0, we increase the memory request and limit of gke-metrics-agent to 100 MiB. This change makes the system metrics collection more stable and reliable.

September 14, 2022

1.25 is now available in the Rapid channel

Kubernetes 1.25 is now available in the Rapid channel. Before upgrading, read the Kubernetes 1.25 Release Notes, especially the action required and deprecation sections.

Notable changes

Support for the deprecated quobyte and storageOS volume types is removed in 1.25.

Deprecated API versions

These APIs are still served in version 1.25 but are in a deprecation period:

  • The following Beta versions of graduated APIs will be removed in 1.26 in favor of newer versions:
    • flowcontrol.apiserver.k8s.io/v1beta1 FlowSchema, PriorityLevelConfiguration
      • deprecated since 1.23
      • use flowcontrol.apiserver.k8s.io/v1beta2 instead, available since 1.23
    • autoscaling/v2beta2 HorizontalPodAutoscaler
      • deprecated since 1.23
      • use autoscaling/v2 instead, available since 1.23 (or autoscaling/v1)
  • The following Beta versions of graduated APIs will be removed in 1.27 in favor of newer versions:
    • storage.k8s.io/v1beta1 CSIStorageCapacity, deprecated since 1.24

Removed API versions

  • PodSecurityPolicy
    • policy/v1beta1 PodSecurityPolicy
    • Deprecated in 1.21 and removed in 1.25.
    • 1.24 is the last version supporting the beta PodSecurityPolicy feature. Use of this feature must be discontinued before clusters will upgrade to 1.25. See PodSecurityPolicy deprecation for more information.
  • The following Beta versions of graduated APIs are removed in 1.25 in favor of their newer versions:
    • discovery.k8s.io/v1beta1 EndpointSlice, deprecated since 1.21
    • policy/v1beta1 PodDisruptionBudget, deprecated since 1.21
    • batch/v1beta1 CronJob, deprecated since 1.21
    • node.k8s.io/v1beta1 RuntimeClass
    • autoscaling/v2beta1 HorizontalPodAutoscaler

September 13, 2022

(2022-R22) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.22.12-gke.300 is now the default version.
  • The following control plane and node versions are now available:
  • The following control plane versions are no longer available:

    • 1.20.15-gke.11400
    • 1.20.15-gke.12800
    • 1.20.15-gke.13400
    • 1.20.15-gke.13700
    • 1.21.13-gke.900
    • 1.22.10-gke.600
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.22.12-gke.500 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to version 1.22.12-gke.500 with this release.

Stable channel

  • Version 1.22.12-gke.500 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:

  • The following versions are no longer available in the Stable channel:

    • 1.20.15-gke.11400
    • 1.21.13-gke.900
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.22.12-gke.500 with this release.

Regular channel

  • Version 1.22.12-gke.300 is now the default version in the Regular channel.

  • The following versions are now available in the Regular channel:

  • The following versions are no longer available in the Regular channel:

    • 1.20.15-gke.12800
    • 1.21.14-gke.2100
    • 1.22.11-gke.400
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.14-gke.2700 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.12-gke.300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.22.12-gke.300 with this release.

Rapid channel

  • Version 1.24.3-gke.900 is now the default version in the Rapid channel
  • The following versions are now available in the Rapid channel:

  • The following versions are no longer available in the Rapid channel:

    • 1.20.15-gke.13700
    • 1.21.14-gke.3000
    • 1.22.12-gke.1200
    • 1.23.9-gke.2100
    • 1.24.3-gke.200
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.14-gke.4300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.12-gke.2300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.10-gke.1000 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.3-gke.900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.3-gke.900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.25.0-gke.1100 with this release.

The me-west1 region in Tel Aviv, Israel is now available.

On GKE Standard clusters using control plane version 1.24.2-gke.300 or later, you can configure the cluster and node pools to deploy an alternative version of the Logging agent designed to maximize logging throughput. The default Logging agent running in each GKE cluster guarantees at least 100 KB per second log throughput per node for system and workload logs. This Logging agent variant provides a 100x improvement, allowing for throughput as high as 10 MB per second on nodes that have at least 2 unused CPU cores.

Additionally, all GKE clusters with system metrics enabled now export a new metric (kubernetes.io/node/logs/input_bytes), which indicates the number of log bytes generated on a node. Using this metric can help you decide which variant of the logging agent makes sense to deploy in your cluster or node pools.

September 08, 2022

The Calico issue link included in the August 19, 2022 release notes issue was updated to the Calico issue #4857.

September 07, 2022

The ip-masq-agent is not able to boot up on Arm nodes in GKE clusters with control planes running the following versions:

  • 2022-R18: 1.23.8-gke.1900, 1.24.2-gke.1900

  • 2022-R19: 1.24.3-gke.200

  • 2022-R20: 1.23.9-gke.900, 1.24.3-gke.900

This regression has been fixed. Please upgrade your control plane to versions included in the 2022-R21 release.

CVE-2021-4160, CVE-2022-1664, CVE-2022-1292, and CVE-2022-29155 have been patched in the Filestore CSI driver for newly created clusters.

September 02, 2022

(2022-R21) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • The following control plane and node versions are now available:

  • The following control plane versions are no longer available:

    • 1.21.12-gke.2200
    • 1.23.7-gke.1400
    • 1.23.8-gke.400
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.21.14-gke.700 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.21.14-gke.700 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.23 to version 1.23.8-gke.1900 with this release.

Stable channel

  • The following versions are now available in the Stable channel:

  • Version 1.21.14-gke.700 is now the default version in the Stable channel.

  • The following versions are no longer available in the Stable channel:

    • 1.21.12-gke.2200
    • 1.22.10-gke.600
    • 1.23.7-gke.1400
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.14-gke.700 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.14-gke.700 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.22.12-gke.500 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to version 1.23.8-gke.1900 with this release.

Regular channel

  • The following versions are now available in the Regular channel:

  • The following versions are no longer available in the Regular channel:

    • 1.21.14-gke.700
    • 1.23.7-gke.1400
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.14-gke.2100 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.11-gke.400 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.23.8-gke.1900 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:

  • Version 1.24.3-gke.200 is now the default version in the Rapid channel.

  • The following versions are no longer available in the Rapid channel:

    • 1.21.14-gke.2700
    • 1.22.12-gke.500
    • 1.23.9-gke.900
    • 1.24.2-gke.1900
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.14-gke.3000 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.12-gke.1200 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.9-gke.2100 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.3-gke.200 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.3-gke.200 with this release.

August 23, 2022

CVE-2022-24675 CVE-2022-2068 CVE-2022-28327 have been patched in the PD CSI driver in 1.23 for newly created clusters.

For VPC-native clusters, the user-managed secondary range for Services can now be shared among clusters in the same subnet. The Services range no longer needs to be unique for clusters on the same subnet. Shared Services ranges are backwards-compatible with all GKE versions.

August 19, 2022

GKE clusters that run versions 1.22 or later and use Calico Network Policy might experience issues with terminating Pods. The Calico CNI plugin shows error terminating Pods, and eviction takes too long.

Pods that experience this issue display an error message similar to the following:

Warning FailedKillPod 36m (x389 over 121m) kubelet error killing pod: failed to "KillPodSandbox" for "af9ab8f9-d6d6-4828-9b8c-a58441dd1f86" with KillPodSandboxError: "rpc error: code = Unknown desc = networkPlugin cni failed to teardown pod "myclient-pod-6474c76996" network: error getting ClusterInformation: connection is unauthorized: Unauthorized"

To resolve this issue, restart the calico-node pods or restart kubelet.

This link was updated on September 8, 2022: For more information about this issue, see Calico issue #4857.

August 18, 2022

(2022-R20) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.22.11-gke.400 is now the default version.
  • The following control plane and node versions are now available:
  • The following control plane versions are no longer available:
    • 1.20.15-gke.9900
    • 1.21.12-gke.1700
    • 1.22.8-gke.201
    • 1.22.8-gke.202
    • 1.22.8-gke.2200
    • 1.22.9-gke.1300
    • 1.22.9-gke.1500
    • 1.22.9-gke.2000
    • 1.23.5-gke.1503
    • 1.23.5-gke.2400
    • 1.23.6-gke.1500
    • 1.23.6-gke.1501
    • 1.23.6-gke.1700
    • 1.23.6-gke.2200
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to version 1.20.15-gke.11400 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.21.13-gke.900 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.21.13-gke.900 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to version 1.22.10-gke.600 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.23 to version 1.23.7-gke.1400 with this release.

Stable channel

  • Version 1.21.13-gke.900 is now the default version in the Stable channel.
  • Version 1.20.15-gke.11400 is now available in the Stable channel.
  • Version 1.20.15-gke.9900 is no longer available in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to version 1.20.15-gke.11400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.13-gke.900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.13-gke.900 with this release.

Regular channel

  • Version 1.22.11-gke.400 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.20.15-gke.11400
    • 1.21.13-gke.900
    • 1.22.10-gke.600
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to version 1.20.15-gke.12800 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.14-gke.700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.21.14-gke.700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.22.11-gke.400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.24.2-gke.1900 with this release.

Rapid channel

  • Version 1.24.2-gke.1900 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.20.15-gke.13400
    • 1.21.14-gke.2100
    • 1.22.12-gke.300
    • 1.23.8-gke.1900
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.20.15-gke.13700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.14-gke.2700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.21.14-gke.2700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.9-gke.900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.2-gke.1900 with this release.

August 15, 2022

The GKE Clusters List page now includes a new Observability tab. This tab shows infrastructure health metric trends such as CPU, Memory, container restarts and Control Plane metrics. It also provides visibility into ingestion into Google Cloud Managed Service for Prometheus and Cloud Logging. For more information, see View observability metrics.

August 08, 2022

Newly created GKE Clusters on version 1.24 or later using Services without .spec.ports field defined will cause a crash-loop of the ingress-gce controller (l7lbcontroller pod). This will result in not being able to provide L7 Ingress, L4 Internal LoadBalancer Service with Subsetting turned on, and L4 Network LoadBalancer based on Regional Backend Services in the cluster.

To recover from this situation, delete the Service without a port specified or recreate the cluster without any Service with .spec.ports undefined.

August 04, 2022

(2022-R19) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • The following control plane and node versions are now available:

  • The following control plane versions are no longer available:

    • 1.21.12-gke.1500
    • 1.24.2-gke.300
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.21.12-gke.2200 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.21.12-gke.2200 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.24.2-gke.1900 with this release.

Stable channel

  • The following versions are now available in the Stable channel:

  • Version 1.21.12-gke.2200 is now the default version in the Stable channel.

  • The following versions are no longer available in the Stable channel:

    • 1.21.12-gke.1700
    • 1.22.8-gke.201
    • 1.22.8-gke.202
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.12-gke.2200 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.12-gke.2200 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.22.10-gke.600 with this release.

Regular channel

  • The following versions are now available in the Regular channel:

  • The following versions are no longer available in the Regular channel:

    • 1.20.15-gke.9900
    • 1.21.12-gke.2200
    • 1.22.8-gke.202
    • 1.23.5-gke.1503
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to version 1.20.15-gke.11400 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.13-gke.900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.21.13-gke.900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.23.7-gke.1400 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:

  • Version 1.23.8-gke.1900 is now the default version in the Rapid channel.

  • The following versions are no longer available in the Rapid channel:

    • 1.21.14-gke.700
    • 1.22.10-gke.600
    • 1.22.11-gke.400
    • 1.23.6-gke.2200
    • 1.23.7-gke.1400
    • 1.23.8-gke.400
    • 1.24.2-gke.300
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.20.15-gke.13400 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.14-gke.2100 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.12-gke.300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.8-gke.1900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.23.8-gke.1900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.2-gke.1900 with this release.

August 03, 2022

GKE total size control is now available in GKE version 1.24 clusters. For autoscaled node pools you can now set the minimum and maximum number of the total number of nodes across all zones, rather than specify a per zone limit. To learn more, see Cluster autoscaler.

The maximum number of Pods that can run on each node has increased from 110 to 256 with GKE version 1.23.5-gke.1300 or later. To learn more, see Optimizing IP address allocation.

July 27, 2022

GKE node system configuration now supports setting the cgroup mode to use the cgroupv2 resource management subsystem.

July 26, 2022

(2022-R18) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • The following control plane and node versions are now available:
  • Version 1.22.10-gke.600 is now the default version
  • The following control plane versions are no longer available:
    • 1.20.15-gke.8700
    • 1.21.11-gke.1100
    • 1.21.11-gke.1900
    • 1.22.8-gke.200
    • 1.23.5-gke.1501
    • 1.24.1-gke.1800
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to version 1.20.15-gke.9900 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.21.12-gke.1700 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.21.12-gke.1700 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.24.2-gke.300 with this release.

Stable channel

  • The following versions are now available in the Stable channel:
  • Version 1.21.12-gke.1700 is now the default version in the Stable channel
  • The following versions are no longer available in the Stable channel:
    • 1.20.15-gke.8700
    • 1.21.12-gke.1500
    • 1.22.8-gke.200
    • 1.23.6-gke.2200
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to version 1.20.15-gke.9900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.12-gke.1700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.12-gke.1700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to version 1.23.7-gke.1400 with this release.

Regular channel

  • The following versions are now available in the Regular channel:
  • Version 1.22.10-gke.600 is now the default version in the Regular channel
  • The following versions are no longer available in the Regular channel:
    • 1.23.5-gke.1501
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to version 1.20.15-gke.9900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.10-gke.600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.22.10-gke.600 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • Version 1.23.8-gke.400 is now the default version in the Rapid channel
  • The following versions are no longer available in the Rapid channel:
    • 1.21.13-gke.900
    • 1.22.9-gke.2000
    • 1.23.6-gke.1700
    • 1.24.1-gke.1800
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.20.15-gke.9900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.14-gke.700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.21.14-gke.700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.8-gke.400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.23.8-gke.400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.2-gke.300 with this release.

July 22, 2022

GKE Gateway integration with Cloud Certificate Manager is now available as Public Preview in GKE versions 1.20 and later. Use the new TLS features and high scale offered by Cloud Certificate Manager with GKE Gateway. For more information, see Gateway Security.

July 21, 2022

If you start a credential rotation or an IP address rotation, ensure that you manually complete the rotation. If an operation causes a control plane re-creation while the rotation remains incomplete, your cluster might enter a broken state.

Kubernetes control plane metrics are now Generally Available. You can now configure GKE clusters with control plane version 1.23.6-gke.1500 or later to export to Cloud Monitoring certain metrics emitted by the Kubernetes API server, scheduler, and controller manager.

These metrics are stored in Cloud Monitoring in a Prometheus-compatible format. They can be queried by sending either a PromQL or MQL query to the Cloud Monitoring API. They can also be used anywhere within Cloud Monitoring, including in custom dashboards or alerting rules.

July 19, 2022

(2022-R17) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.20.15-gke.8200
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.12-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to version 1.23.6-gke.2200 with this release.

Regular channel

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.20.15-gke.8700
    • 1.21.12-gke.1700
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.12-gke.2200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.21.12-gke.2200 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.21.12-gke.2200
    • 1.22.9-gke.1500
    • 1.23.6-gke.1501
    • 1.24.1-gke.1400
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.13-gke.900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.21.13-gke.900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.1-gke.1800 with this release.

July 15, 2022

Clusters that are using custom or manually created EndpointSlices (EPS) can cause Ingresses and NEGs to stop syncing if missing the service label kubernetes.io/service-name: <service-name>. This issue affects clusters running GKE 1.21, 1.22, and 1.23. Users should add the service label to all custom-made EndpointSlices to ensure that their Ingresses and NEGs continue to be synced.

Cluster autoscaler Location Policy is now generally available in GKE version 1.24.1-gke.800. This change allows users to pick one of two different spreading policies. For more information see Location policy.

July 13, 2022

You can now run Arm-based workloads in Preview in Standard clusters with GKE version 1.24 and later, and in Autopilot clusters with GKE version 1.24.1-gke.1400 and later.

You can now select compute classes to run GKE Autopilot workloads that have specialized hardware requirements, such as Arm architecture. The Scale-Out compute class is available in Preview in Autopilot clusters running GKE version 1.24.1-gke.1400 and later.

July 06, 2022

The blue-green upgrade mechanism is now available to upgrade your GKE node pools, and can be selected per node pool instead of the default surge upgrade mechanism.

June 30, 2022

(2022-R16) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Control plane and node version 1.24.1-gke.1800 is now available.
  • The following control plane versions are no longer available:
    • 1.19.16-gke.9400
    • 1.19.16-gke.11000
    • 1.19.16-gke.11800
    • 1.19.16-gke.13800
    • 1.19.16-gke.14000
    • 1.19.16-gke.14500
    • 1.19.16-gke.15700
    • 1.20.15-gke.6000
    • 1.20.15-gke.8000
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.21.12-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.21.12-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.24.1-gke.1400 with this release.

Stable channel

  • Version 1.21.12-gke.1500 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.19.16-gke.11800
    • 1.19.16-gke.13800
    • 1.20.15-gke.8000
    • 1.21.11-gke.1900
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.12-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.12-gke.1500 with this release.

Regular channel

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.20.15-gke.8200
    • 1.21.12-gke.1500
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.12-gke.1700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.21.12-gke.1700 with this release.

Rapid channel

  • Version 1.23.7-gke.1400 is now the default version in the Rapid channel.
  • Version 1.24.1-gke.1800 is now available in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.20.15-gke.9900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.7-gke.1400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.23.7-gke.1400 with this release.

A new vulnerability (CVE-2022-1786) has been discovered in the Linux kernel versions 5.10 and 5.11. This vulnerability allows an unprivileged user with local access to the cluster to achieve a full container breakout to root on the node. Only clusters that run Container-Optimized OS are affected. GKE Ubuntu versions use either version 5.4 or 5.15 of the kernel and are not affected. For more information, refer to the GCP-2022-017 security bulletin.

GKE Cost Allocation has been released for public preview. With GKE Cost Allocation public preview, you will be able to see cost breakdowns in clusters for namespaces, and pod labels for utilized CPU and MEM. For complete details, refer to View detailed breakdown of cluster costs.

June 29, 2022

You can now give multiple containers time-shared access to the full compute resources of a single NVIDIA GPU accelerator. Time-sharing GPUs is generally available in GKE version 1.23.7-gke.1400 and later. For more information, refer to Time-sharing GPUs on GKE.

June 24, 2022

Three new memory corruption vulnerabilities (CVE-2022-29581, CVE-2022-29582, CVE-2022-1116) have been discovered in the Linux kernel. These vulnerabilities allow an unprivileged user with local access to the cluster to achieve a full container breakout to root on the node. All Linux clusters (Container-Optimized OS and Ubuntu) are affected. For more information, refer to the GCP-2022-016 security bulletin.

You can now create dual-stack clusters in Alpha Compute Engine API-enabled projects with GKE versions 1.24.1-gke.1000 and later. With dual-stack networking, GKE assigns an IPv4 and an IPv6 address to the cluster nodes and Pods. You can create dual-stack Services of type ClusterIP or NodePort. This feature is now available in Preview. For more information, see the Dual-stack networking.

June 23, 2022

(2022-R15) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.19.16-gke.11000
    • 1.20.15-gke.6000
    • 1.21.11-gke.1100
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to version 1.20.15-gke.8000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.20.15-gke.8000 with this release.

Regular channel

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.20.15-gke.8000
    • 1.21.11-gke.1900
    • 1.22.8-gke.201
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to version 1.20.15-gke.8200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.12-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.21.12-gke.1500 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.21.12-gke.1700
    • 1.22.9-gke.1300
    • 1.23.6-gke.1500
    • 1.24.0-gke.1801
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.19.16-gke.11800 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.12-gke.2200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.10-gke.600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.22.10-gke.600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.1-gke.1400 with this release.

June 22, 2022

To deliver a better default price-performance for applications, all GKE clusters created with control plane version 1.24 and later have the Balanced Persistent Disk (PD) by default for attached volumes. Additionally, the node boot disk default has also been changed to Balanced Persistent Disk (PD).

The new default for attached volumes is applied to all clusters running control plane version 1.24 and later. The new default node boot disk is applied to all new node pools of any node pool version created in a cluster with control plane version 1.24 and later. Existing preferences will not be changed.

For more information on boot disks, see Configuring a custom boot disk.

For more information on attached volumes see Persistent volumes and dynamic provisioning.

June 15, 2022

Confidential GKE Nodes is now generally available in GKE version 1.22 and later for stateful workloads using persistent disks, and in all GKE versions for stateless workloads. Use Confidential GKE Nodes to encrypt your workload data in-use through Compute Engine Confidential VMs.

June 13, 2022

(2022-R14) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • Version 1.21.11-gke.1900 is now the default version in the Stable channel.
  • Version 1.22.8-gke.202 is now available in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.11-gke.1900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.11-gke.1900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.22.8-gke.202 with this release.

Regular channel

  • Version 1.22.8-gke.202 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.20.15-gke.6000
    • 1.21.11-gke.1100
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to version 1.20.15-gke.8000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.11-gke.1900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.8-gke.202 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.22.8-gke.202 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.23.5-gke.1503 with this release.

Rapid channel

  • Version 1.23.6-gke.1501 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.21.12-gke.1500
    • 1.22.8-gke.2200
    • 1.23.5-gke.2400
    • 1.24.0-gke.1000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.19.16-gke.11000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.12-gke.1700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.9-gke.1300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.6-gke.1501 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.23.6-gke.1501 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.0-gke.1801 with this release.

CVE-2022-25235 has been patched in the PD CSI driver in 1.22 and 1.23 clusters. If your cluster is not configured for auto-upgrade, please manually upgrade to eliminate this vulnerability.

GKE Node System Configuration now supports setting pod pid limits.

June 10, 2022

You can now easily identify clusters that use deprecated Kubernetes APIs removed in version 1.22. Kubernetes deprecation insights are now available in Preview.

June 07, 2022

The us-south1 region in Dallas, Texas is now available.

May 26, 2022

1.24 is now available in the Rapid channel

Kubernetes 1.24 is now available in the Rapid channel. Before upgrading, read the Kubernetes 1.24 Release Notes, especially the action required and deprecation sections.

(2022-R13) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.22.8-gke.201 is now the default version.
  • The following control plane and node version are now available:

  • The following control plane versions are no longer available:

    • 1.19.16-gke.10800
    • 1.20.15-gke.3400
    • 1.20.15-gke.3600
    • 1.20.15-gke.4100
    • 1.20.15-gke.5000
    • 1.20.15-gke.5200
    • 1.21.10-gke.400
    • 1.21.10-gke.1300
    • 1.21.10-gke.1500
    • 1.21.10-gke.2000
    • 1.22.6-gke.300
    • 1.22.6-gke.1000
    • 1.22.7-gke.300
    • 1.22.7-gke.900
    • 1.22.7-gke.1300
    • 1.22.7-gke.1500
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to 1.20.15-gke.6000 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to 1.21.11-gke.1100 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to 1.21.11-gke.1100 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to 1.22.8-gke.201 with this release.

Stable channel

  • Version 1.21.11-gke.1100 is now the default version in the Stable channel.

  • The following versions are now available in the Stable channel:

  • The following versions are no longer available in the Stable channel:

    • 1.19.16-gke.10800
    • 1.20.15-gke.5200
    • 1.21.11-gke.900
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to version 1.20.15-gke.6000 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.11-gke.1100 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.11-gke.1100 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.22.8-gke.201 with this release.

Regular channel

  • Version 1.22.8-gke.201 is now the default version in the Regular channel.
  • Version 1.22.8-gke.200 is no longer available in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to 1.22.8-gke.201 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to 1.22.8-gke.201 with this release.

Rapid channel

  • Version 1.23.5-gke.2400 is now the default version in the Rapid channel.

  • The following versions are now available in the Rapid channel:

  • The following versions are no longer available in the Rapid channel:

    • 1.21.11-gke.1900
    • 1.22.8-gke.201
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to 1.20.15-gke.6000 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.12-gke.1500 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.12-gke.1500 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to 1.23.5-gke.2400 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to 1.24.0-gke.1000 with this release.

New API versions

  • storage.k8s.io/v1 CSIStorageCapacity

Notable changes

  • GKE does not support node images that use Docker as the runtime in GKE version 1.24 and later. For more information, see migrating from Docker to containerd.
  • Secret API objects containing service account tokens are not automatically created in 1.24.
    • This change improves security by reducing readable, permanent, Secret-based tokens to ones that have been explicitly requested, and improves performance by reducing the amount of persisted Secret data and avoiding unnecessary utilization of application-layer secrets encryption.
    • Existing Secret-based tokens from previous versions remain valid on upgrade.
    • Secret-based tokens are not used by nodes or pods on version 1.21 and later.
    • Only node versions 1.22 and later are supported running against 1.24 clusters.
    • Clients retrieving tokens directly from the API can still obtain a token using these methods supported in all available GKE versions:
    • Examples of incorrect ways to obtain Secret-based tokens from the API include:
      • Scanning the secrets[*].name field of a ServiceAccount object; this field lists secrets usable by pods running as that service account, not for other purposes, and secrets in that list have never been guaranteed to be service account token secrets.
      • Looking for existing Secret objects of type kubernetes.io/service-account-token created by other clients; a Secret created by another client is owned by that client, and cannot be assumed to be stable for use by other clients.
  • Kubernetes 1.24 deprecates support for insecure serving certificates signed with a SHA-1 hash. Aggregated API servers, admission webhooks, and custom resource conversion webhooks using TLS certificates that are signed by SHA-1 should replace the serving certificates as soon as possible.

    • At cluster version 1.24.0 and later, GKE provides a Cloud Audit log to check if your cluster contains an affected service. You can use the following filter to search for the logs of a 1.24+ cluster:

      logName: "projects/$PROJECT/logs/cloudaudit.googleapis.com%2Factivity"
      resource.type = "k8s_cluster"
      operation.producer = "k8s.io"
      "invalid-cert.kubernetes.io"
      ```
      
    • If you are not affected you won't see any logs. If you do see such an audit log, it will include the name of the service (whether webhook or aggregated API).

Deprecated API versions

These APIs are still served in version 1.24 but are in a deprecation period:

  • PodSecurityPolicy

    • policy/v1beta1 PodSecurityPolicy
    • Deprecated in 1.21 with removal targeted for version 1.25.
    • 1.24 is the last version supporting the beta PodSecurityPolicy feature. Use of this feature must be discontinued before clusters will upgrade to 1.25. For more information, see PodSecurityPolicy deprecation.
  • The following Beta versions of graduated APIs will be removed in 1.25 in favor of their newer versions:

    • discovery.k8s.io/v1beta1 EndpointSlice, deprecated since 1.21
    • policy/v1beta1 PodDisruptionBudget, deprecated since 1.21
    • batch/v1beta1 CronJob, deprecated since 1.21
    • node.k8s.io/v1beta1 RuntimeClass
    • autoscaling/v2beta1 HorizontalPodAutoscaler
  • The following Beta versions of graduated APIs will be removed in 1.26 in favor of newer versions:

    • flowcontrol.apiserver.k8s.io/v1beta1 FlowSchema, PriorityLevelConfiguration
      • deprecated since 1.23
      • use flowcontrol.apiserver.k8s.io/v1beta2 instead, available since 1.23
    • autoscaling/v2beta2 HorizontalPodAutoscaler
      • deprecated since 1.23
      • use autoscaling/v2 instead, available since 1.23 (or autoscaling/v1)
  • The following Beta versions of graduated APIs will be removed in 1.27 in favor of new versions:

    • storage.k8s.io/v1beta1 CSIStorageCapacity, deprecated since 1.24

Nodes on version 1.24.0-gke.1000 with more than 80GB of memory will fail to start successfully due to a known bug, which will be resolved in future 1.24 versions.

May 25, 2022

You can now easily assess the running cost implications at cluster creation time. The GKE cluster cost widget lets you get an estimated cost range when you are creating a cluster.

This information can help you get a better understanding of the upper and lower monthly cost to expect based on your cluster autoscaling setup. This feature is now available in Preview.

For more information, see Introducing GKE cost estimator, built right into the Google Cloud console.

GKE clusters that run control plane versions 1.21 or later and node versions 1.16 or earlier might experience:

  • Readiness check failures.
  • Network endpoint groups (NEGs) and load balancers (LBs) not created or synced.

This occurs because the Ingress controllers running in GKE cluster control plane versions 1.21 or later are not compatible with node versions 1.16 and earlier. To resolve this issue, upgrade your node pools.

For more information, see Node version not compatible with control plane version.

May 24, 2022

The us-east5 region in Columbus, Ohio is now available.

May 20, 2022

You can now quickly identify which of your workloads are underutilized in the Cost Optimization tab. You can also quickly apply suggested values for resource requests and limits (or your own preferred values).

This feature is now available in Preview. For more information, see GKE workload rightsizing.

May 19, 2022

(2022-R12) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • Version 1.21.11-gke.900 is now the default version in the Stable channel.

  • The following versions are now available in the Stable channel:

  • The following versions are no longer available in the Stable channel:

    • 1.19.16-gke.9900
    • 1.20.15-gke.3400
    • 1.20.15-gke.3600
    • 1.20.15-gke.4100
    • 1.21.10-gke.2000
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to 1.19.16-gke.10800 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to 1.21.11-gke.900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to 1.21.11-gke.900 with this release.

Regular channel

  • Version 1.21.11-gke.1100 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:

  • The following versions are no longer available in the Regular channel:

    • 1.20.15-gke.5200
    • 1.21.9-gke.1002
    • 1.21.10-gke.400
    • 1.21.10-gke.2000
    • 1.21.11-gke.900
    • 1.22.6-gke.300
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to 1.20.15-gke.6000 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.21.11-gke.1100 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to 1.21.11-gke.1100 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:

  • The following versions are no longer available in the Rapid channel:

    • 1.21.11-gke.1100
    • 1.22.7-gke.1500
    • 1.22.8-gke.200
    • 1.23.5-gke.1500
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.11-gke.1900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.11-gke.1900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to 1.23.5-gke.2400 with this release.

May 13, 2022

Tags are now available. You can use tags to group or organize your clusters according to custom business dimensions. This is in addition to the hierarchical resource organization provided by Google Cloud's resource manager. The integration of tags with policy engines (via conditional rules) such as IAM or Organization Policy, also allows you to apply centralized policies to custom security perimeters defined through tag bindings.

May 11, 2022

(2022-R11) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.21.11-gke.900 is now the default version.
  • The following control plane versions are no longer available:
    • 1.21.6-gke.1503
    • 1.21.9-gke.300
    • 1.21.9-gke.1001
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.18 to 1.19.16-gke.9900 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to 1.19.16-gke.9900 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.23 to 1.23.5-gke.1501 with this release.

Stable channel

  • The following versions are now available in the Stable channel:

  • Version 1.19.16-gke.9400 is no longer available in the Stable channel.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.18 to 1.19.16-gke.9900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to 1.19.16-gke.9900 with this release.

Regular channel

  • Version 1.21.11-gke.900 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:

  • The following versions are no longer available in the Regular channel:

    • 1.20.15-gke.5000
    • 1.21.6-gke.1503
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to 1.20.15-gke.5200 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.21.11-gke.900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to 1.21.11-gke.900 with this release.

Rapid channel

  • Version 1.22.8-gke.2200 is now the default version in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.22.8-gke.2200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to 1.22.8-gke.2200 with this release.

May 10, 2022

The europe-southwest1 region in Madrid is now available.

May 04, 2022

Spot Pods for GKE Autopilot clusters is now generally available. Use Spot Pods to run your fault-tolerant workloads at reduced costs.

Spot VMs on GKE is now generally available. Spot VMs let you run fault-tolerant workloads at lower costs.

May 03, 2022

(2022-R10) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • Version 1.21.10-gke.2000 is now the default version in the Stable channel.

  • The following versions are now available in the Stable channel:

  • The following versions are no longer available in the Stable channel:

    • 1.19.16-gke.9200
    • 1.20.15-gke.2500
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.18 to 1.19.16-gke.9400 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to 1.19.16-gke.9400 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to 1.21.10-gke.2000 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to 1.22.8-gke.200 with this release.

Regular channel

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.20.15-gke.4100
    • 1.21.5-gke.1805
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.18 to 1.19.16-gke.9400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to 1.20.15-gke.5000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.20.15-gke.5000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to 1.23.5-gke.1501 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.21.11-gke.900
    • 1.22.7-gke.1300
    • 1.23.5-gke.200
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.18 to 1.19.16-gke.9400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to 1.20.15-gke.4100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.11-gke.1100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.11-gke.1100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to 1.23.5-gke.1500 with this release.

The europe-west9 region in Paris is now available.

April 27, 2022

Two security vulnerabilities, CVE-2022-1055 and CVE-2022-27666 have been discovered in the Linux kernel. Each can lead to a local attacker being able to perform a container breakout, privilege escalation on the host, or both. These vulnerabilities affect all GKE node operating systems (Container-Optimized OS and Ubuntu). For instructions and more details, see the GCP-2022-014 security bulletin.

April 21, 2022

(2022-R9) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.21.10-gke.2000 is now the default version.
  • The following control plane and node versions are now available:
  • The following control plane versions are no longer available:
    • 1.19.16-gke.8300
    • 1.20.15-gke.1000
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.18 to version 1.19.16-gke.9200 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to version 1.20.15-gke.3400 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.20.15-gke.3400 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.21.10-gke.2000 with this release.

Stable channel

Note: Your clusters might not have these versions available. Rollouts begin on the day of the note and take four or more business days to be completed across all Google Cloud zones.

  • Version 1.21.10-gke.2000 is now the default version in the Stable channel.

  • The following versions are now available in the Stable channel:

  • The following versions are no longer available in the Stable channel:

    • 1.19.16-gke.9200
    • 1.20.15-gke.2500
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.18 to 1.19.16-gke.9400 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to 1.19.16-gke.9400 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to 1.21.10-gke.2000 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to 1.22.8-gke.200 with this release.

Regular channel

  • Version 1.21.10-gke.2000 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • Version 1.20.15-gke.3600 is no longer available in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.18 to version 1.19.16-gke.9200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to version 1.20.15-gke.4100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.10-gke.2000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.21.10-gke.2000 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.21.10-gke.2000
    • 1.22.7-gke.900
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.18 to version 1.19.16-gke.9200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.20.15-gke.2500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.11-gke.900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.21.11-gke.900 with this release.

April 20, 2022

The europe-west8 region in Milan is now available.

April 13, 2022

A security vulnerability, CVE-2022-23648, has been discovered in containerd's handling of path traversal in the OCI image volume specification. Containers launched through containerd's CRI implementation with a specially-crafted image configuration could gain full read access to arbitrary files and directories on the host. This vulnerability may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy). This vulnerability affects all GKE node operating systems (Container-Optimized OS and Ubuntu) which use containerd by default. All GKE, Autopilot, and GKE Sandbox nodes are affected.

For more information, see the GCP-2022-013 security bulletin.

Egress NAT policy to configure IP masquerade is now generally available on GKE Autopilot clusters with Dataplane v2 in versions 1.22.7-gke.1500+ or 1.23.4-gke.1600+. For configuration examples of Egress NAT policy, see Egress NAT Policy documentation.

April 11, 2022

(2022-R8) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • The following control plane and node versions are now available:
  • The following control plane versions are no longer available:
    • 1.19.16-gke.6800
    • 1.20.15-gke.300
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.18 to version 1.19.16-gke.8300 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to version 1.20.15-gke.2500 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.20.15-gke.2500 with this release.

Stable channel

  • Version 1.20.15-gke.2500 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.19.16-gke.6800
    • 1.20.15-gke.300
    • 1.21.5-gke.1805
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.18 to version 1.19.16-gke.8300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to version 1.20.15-gke.2500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.20.15-gke.2500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.10-gke.2000 with this release.

Regular channel

  • Version 1.20.15-gke.3600 is now available in the Regular channel.
  • Version 1.20.15-gke.2500 is no longer available in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.18 to version 1.19.16-gke.8300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to version 1.20.15-gke.3600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.6-gke.1503 with this release.

Rapid channel

  • Version 1.22.8-gke.200 is now the default version in the Rapid channel.
  • Version 1.21.11-gke.900 is now available in the Rapid channel.
  • The following versions are no longer available in the Rapid channel:
    • 1.21.10-gke.1500
    • 1.22.7-gke.300
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.18 to version 1.19.16-gke.8300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.20.15-gke.1000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.10-gke.2000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.8-gke.200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.22.8-gke.200 with this release.

April 08, 2022

A security vulnerability, CVE-2022-0847, has been discovered in the Linux kernel version 5.8 and later that can potentially escalate container privileges to root.

For more information, see the GCP-2022-012 security bulletin.

March 31, 2022

(2022-R7) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • The following versions are now available in the Stable channel:

  • The following versions are no longer available in the Stable channel:

    • 1.19.16-gke.6100
    • 1.20.12-gke.1500
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.18 to 1.19.16-gke.6800 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to 1.19.16-gke.6800 with this release.

Regular channel

  • Version 1.21.6-gke.1503 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.21.6-gke.1503 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to 1.21.6-gke.1503 with this release.

Rapid channel

  • Version 1.22.7-gke.1500 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.21.10-gke.1300
    • 1.23.4-gke.1600
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.10-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.10-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to 1.23.5-gke.200 with this release.

March 22, 2022

There is a misconfiguration with Simultaneous Multi-Threading (SMT), also known as Hyper-threading, on GKE Sandbox images. The misconfiguration leaves nodes potentially exposed to side channel attacks such as Microarchitectural Data Sampling (MDS) (for more context, see GKE Sandbox documentation). We do not recommend using the following affected versions:

  • 1.22.4-gke.1501
  • 1.22.6-gke.300
  • 1.23.2-gke.300
  • 1.23.3-gke.600

For instructions and more details, see the GKE security bulletin.

March 21, 2022

(2022-R6) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • Version 1.20.15-gke.1000 is now the default version in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to 1.20.15-gke.1000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to 1.20.15-gke.1000 with this release.

Regular channel

  • The following versions are now available in the Regular channel:

  • The following versions are no longer available in the Regular channel:

    • 1.20.15-gke.1000
    • 1.21.6-gke.1503
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to 1.20.15-gke.2500 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.20.15-gke.2500 with this release.

Rapid channel

  • Version 1.22.7-gke.900 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:

  • The following versions are no longer available in the Rapid channel:

    • 1.21.10-gke.400
    • 1.22.6-gke.1500
    • 1.23.4-gke.1300
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.10-gke.1300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.10-gke.1300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to 1.22.7-gke.300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to 1.23.4-gke.1600 with this release.

March 16, 2022

Starting in GKE version 1.22, the Compute Engine persistent disk CSI driver is generally available for Windows clusters.

March 15, 2022

The following GKE versions fix a known issue in which random TCP connection resets might happen for GKE nodes that use Container-Optimized OS with Docker (cos). To fix the issue, upgrade your nodes to any of these versions:

  • 1.20.15-gke.3400 and later
  • 1.21.10-gke.1300 and later
  • 1.22.7-gke.1300 and later
  • 1.23.4-gke.1300 and later

March 14, 2022

(2022-R5) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.21.9-gke.1002 is now the default version.
  • The following control plane and node versions are now available:

  • The following control plane versions are no longer available:

    • 1.19.16-gke.3600
    • 1.20.11-gke.1300
    • 1.20.11-gke.1801
    • 1.22.4-gke.1501
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.18 to 1.19.16-gke.6100 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to 1.20.15-gke.300 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to 1.20.15-gke.300 with this release.

Stable channel

  • Version 1.20.15-gke.300 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:

  • The following versions are no longer available in the Stable channel:

    • 1.19.16-gke.3600
    • 1.20.11-gke.1801
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.18 to 1.19.16-gke.6100 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to 1.20.15-gke.300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to 1.20.15-gke.300 with this release.

Regular channel

  • Version 1.21.9-gke.1002 is now the default version in the Regular channel.
  • Version 1.20.15-gke.1000 is now available in the Regular channel.
  • Version 1.20.15-gke.300 is no longer available in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to 1.20.15-gke.1000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.21.9-gke.1002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to 1.21.9-gke.1002 with this release.

Rapid channel

  • Version 1.22.7-gke.300 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:

  • The following versions are no longer available in the Rapid channel:

    • 1.21.9-gke.1002
    • 1.22.6-gke.1000
    • 1.23.4-gke.300
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.10-gke.400 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.10-gke.400 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to 1.22.6-gke.1500 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to 1.23.4-gke.1300 with this release.

If you specify --enable-dataplane-v2 in a Windows LTSC node pool running GKE version 1.22.7-gke.1300, Windows nodes cannot join the cluster.

March 10, 2022

In GKE version 1.23.2-gke.300 and later, you can now use network tags to dynamically apply firewall rules to nodes in your GKE Autopilot clusters and auto-provisioned GKE Standard node pools without disrupting running workloads.

March 09, 2022

The following GKE versions fix a known issue in which the CAP_NET_BIND_SERVICE file capability was dropped from the metrics-server. To fix the issue, upgrade your control plane to any of these versions:

  • 1.21.9-gke.1002 and later
  • 1.21.10-gke.400 and later
  • 1.22.6-gke.300 and later
  • 1.22.7-gke.300 and later
  • 1.22.7-gke.900 and later
  • 1.23.4-gke.300 and later

March 08, 2022

Setting a minimum CPU platform for node pools created by node auto-provisioning using the autoscaling.autoprovisioning_node_pool_defaults.min_cpu_platform field is deprecated. This field will be removed in a future release. In GKE versions 1.23 and later, you can request a minimum CPU platform at the workload level using a node selector or node affinity rule for cloud.google.com/requested-min-cpu-platform. For instructions, refer to Minimum CPU platform.

March 07, 2022

(2022-R4) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • The following versions are now available in the Stable channel:

  • The following versions are no longer available in the Stable channel:

    • 1.19.16-gke.1500
    • 1.20.11-gke.1300
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.18 to 1.19.16-gke.3600 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to 1.19.16-gke.3600 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to 1.21.5-gke.1805 with this release.

Regular channel

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:

    • 1.20.12-gke.1500
    • 1.21.5-gke.1805
    • 1.22.3-gke.1500
    • 1.22.4-gke.1501
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to 1.20.15-gke.300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.21.6-gke.1503 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to 1.21.6-gke.1503 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to 1.22.6-gke.300 with this release.

Rapid channel

  • Version 1.22.6-gke.1500 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:

  • The following versions are no longer available in the Rapid channel:

    • 1.21.9-gke.300
    • 1.21.9-gke.1001
    • 1.22.4-gke.1501
    • 1.22.6-gke.300
    • 1.23.3-gke.1100
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.9-gke.1002 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.9-gke.1002 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to 1.22.6-gke.1000 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to 1.23.4-gke.300 with this release.

Identity Service for GKE is now generally available. You can authenticate to GKE clusters with external identity providers that use OpenID Connect (OIDC).

March 04, 2022

Some unexpected paths to access the node VM on GKE Autopilot clusters could have been used to escalate privileges in the cluster. These issues have been fixed and no further action is required. The fixes address issues reported through our Vulnerability Reward Program.

For instructions and more details, see the GCP-2022-009 security bulletin.

Public clusters created on GKE versions 1.22 and later, and created between October 28, 2021 and February 17, 2022 use Private Service Connect (PSC). Therefore, each control plane is assigned to a private IP address from the cluster node subnet.

For public clusters created outside of this time frame or with a different GKE version, the control plane has a public IP address by default.

February 25, 2022

The Envoy project recently discovered a set of vulnerabilities. All issues listed below are fixed in Envoy release 1.21.1.

For more information, see the GCP-2022-008 security bulletin.

February 24, 2022

(2022-R3) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • Version 1.19.16-gke.3600 is now available in the Stable channel.
  • Version 1.21.5-gke.1805 is now available in the Stable channel.
  • The following versions are no longer available in the Stable channel:
    • 1.19.15-gke.1801
    • 1.21.5-gke.1802
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to 1.21.5-gke.1805 with this release.

Regular channel

  • Version 1.21.6-gke.1503 is now the default version in the Regular channel.
  • Version 1.21.5-gke.1805 is now available in the Regular channel.
  • Version 1.21.6-gke.1503 is now available in the Regular channel.
  • Version 1.22.4-gke.1501 is now available in the Regular channel.
  • The following versions are no longer available in the Regular channel:
    • 1.20.11-gke.1801
    • 1.21.5-gke.1802
    • 1.21.6-gke.1500
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.21.6-gke.1503 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to 1.21.6-gke.1503 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to 1.22.4-gke.1501 with this release.

Rapid channel

  • Version 1.22.6-gke.300 is now the default version in the Rapid channel.
  • Version 1.21.9-gke.1001 is now available in the Rapid channel.
  • Version 1.22.6-gke.1000 is now available in the Rapid channel.
  • Version 1.22.6-gke.1500 is now available in the Rapid channel.
  • Version 1.23.3-gke.1100 is now available in the Rapid channel.
  • The following versions are no longer available in the Rapid channel:
    • 1.21.6-gke.1500
    • 1.22.3-gke.700
    • 1.22.3-gke.1500
    • 1.23.2-gke.300
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.9-gke.1001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.9-gke.1001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to 1.23.3-gke.1100 with this release.

GKE nodes that use Container-Optimized OS with Docker (cos) may experience random TCP connection resets when two pods on the same node communicate using a Kubernetes ClusterIP Service.

For more information, see GKE Node images known issues.

February 22, 2022

GKE Gateway traffic management is now in Preview for GKE 1.22 and later version clusters. You can now autoscale Pods or dynamically shift traffic between clusters based on Service traffic capacity.

February 17, 2022

Kubernetes Network Policy API allows specifying range of ports (see KEP on port ranges) on which the policy is enforced in GKE 1.22 and later versions. If you specify endPort field in a Network Policy, it might not take effect in Dataplane V2 based on the cluster configuration. This API will be supported in Calico Network Policy enabled clusters but not in Dataplane V2 clusters.

For more information, see GKE Dataplane V2 known issues.

February 15, 2022

A security vulnerability, CVE-2022-0492, has been discovered in the Linux kernel's cgroup_release_agent_write function. The attack uses unprivileged user namespaces, and under certain circumstances, this vulnerability can be exploitable for container breakout.

For more information, see the GCP-2022-006 security bulletin.

February 14, 2022

Kubernetes 1.23 is now available in the Rapid channel. Before upgrading, read the Kubernetes 1.23 Release Notes, especially the action required and deprecation sections. Also, read the guide for ensuring compatibility of webhook and aggregated API server certificates before the upgrade.

February 11, 2022

A security vulnerability, CVE-2021-43527, has been discovered in any binary that links to the vulnerable versions of libnss3 found in NSS (Network Security Services) versions prior to 3.73 or 3.68.1.

Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS.

For more information, see the GCP-2022-005 security bulletin.

February 10, 2022

Versions 1.21.9-gke.300, 1.22.6-gke.300, and 1.23.2-gke.300 contain a fix for a race condition which could result in erroneously detaching all endpoints from network endpoint groups for a short period.

February 04, 2022

A security vulnerability, CVE-2021-4034, has been discovered in pkexec, a part of the Linux policy kit package (polkit), that allows an authenticated user to perform a privilege escalation attack. PolicyKit is generally used only on Linux desktop systems to allow non-root users to perform actions such as rebooting the system, installing packages, restarting services etc, as governed by a policy. GKE clusters are not affected.

For instructions and more details, see the GCP-2022-004 security bulletin.

You will not be able to create new node pools that use a Docker node image starting with GKE v1.23 when:

  • Creating a new cluster,
  • Adding a node pool to an existing cluster, or
  • Using Node Auto-provisioning (NAP) with --autoprovisioning-image-type set to Docker node images.
  • For existing clusters, you will also not be able to change the value of --autoprovisioning-image-type to Docker node images.

If you are upgrading your GKE clusters from GKE v1.22 to v1.23, then you will be able to continue using:

  • Docker node pools that were configured before the upgrade.
  • Cluster Autoscaler on Docker node pools.
  • Node Auto-provisioning (NAP) with --autoprovisioning-image-type set to Docker node images if it was configured before upgrading to v1.23. However, we highly recommend you to migrate to GKE node images that use the Containerd container runtime.

For your reference, below are the GKE node images for the Containerd and Docker container runtimes:

  • Containerd container runtime (recommended): cos_containerd, ubuntu_containerd, windows_ltsc_containerd, windows_sac_containerd
  • Docker container runtime (unsupported starting with v1.24): cos, ubuntu, windows_ltsc, windows_sac

Containerd is the default runtime on GKE. Most user workloads do not have dependencies on the container runtime. Support for Docker as a container runtime on Kubernetes nodes will be removed from OSS Kubernetes and GKE starting with v1.24. If you use a node image based on Docker container runtime, please migrate your GKE workloads to a Containerd node image as soon as possible. For more details, see Containerd node images.

February 03, 2022

(2022-R02) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Control plane and node version 1.19.16-gke.6100 is now available.
  • Control plane and node version 1.20.15-gke.300 is now available.
  • Control plane and node version 1.21.9-gke.300 is now available.
  • Control plane and node version 1.22.6-gke.300 is now available.
  • Control plane version 1.21.5-gke.1302 is no longer available.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.18 to 1.19.16-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to 1.19.16-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to 1.21.6-gke.1500 with this release.

Stable channel

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.18 to 1.19.16-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to 1.19.16-gke.1500 with this release.

Regular channel

  • Version 1.22.3-gke.1500 is now available in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to 1.20.12-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.21.6-gke.1500 with this release.

Rapid channel

  • Version 1.22.4-gke.1501 is now the default version in the Rapid channel.
  • Version 1.21.9-gke.300 is now available in the Rapid channel.
  • Version 1.22.6-gke.300 is now available in the Rapid channel.
  • Version 1.23.2-gke.300 is now available in the Rapid channel.
  • Version 1.21.5-gke.1802 is no longer available in the Rapid channel.
  • Version 1.23.1-gke.500 is no longer available in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.6-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.6-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to 1.22.4-gke.1501 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to 1.23.2-gke.300 with this release.

February 02, 2022

Three security vulnerabilities, CVE-2021-4154, CVE-2021-22600, and CVE-2022-0185 have been discovered in the Linux kernel, each of which can lead to either a container breakout, privilege escalation on the host, or both. These vulnerabilities affect all GKE node operating systems and Anthos clusters on VMware node operating systems (COS and Ubuntu).

Pods using GKE Sandbox are not vulnerable to these vulnerabilities. For more information, see the GCP-2022-002 security bulletin.

January 31, 2022

In GKE, you can now filter Pub/Sub cluster notifications by notification type. For more information, see Receive cluster notifications.

When creating a maintenance exclusion window, you can restrict the exclusion to specify types of maintenance. For example, during a specific time period you can exclude minor upgrades from occurring on your cluster. For more information, see Maintenance exclusions documentation.

January 27, 2022

Starting with GKE version 1.23.0, if a Kubernetes event is created using k8s.io/api/core/v1, the LastTimestamp field is used as the timestamp of the corresponding event log if the field is non-empty. Otherwise, the timestamp field will be unset and will be determined by Cloud Logging.

If a Kubernetes event is created using k8s.io/api/events/v1, the Series.LastObservedTime field is used as the timestamp of the corresponding event log if the field is non-empty. Otherwise, the timestamp field will be unset and will be determined by Cloud Logging. An event created with k8s.io/api/events/v1 will be converted to k8s.io/api/core/v1 before exporting to Cloud Logging.

Log payload of an event log will contain the LastTimestamp field from k8s.io/api/core/v1 Event API. If an event is created using k8s.io/api/events/v1, the value of this field will be null. Instead, use the Series.LastObservedTime field in the log payload.

January 21, 2022

(2022-R01) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.21.6-gke.1500 is now the default version.
  • Control plane and node version 1.19.16-gke.3600 is now available.
  • The following control plane versions are no longer available:
    • 1.19.15-gke.1300
    • 1.20.10-gke.1600
    • 1.20.10-gke.2100
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.18 to 1.19.15-gke.1801 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to 1.20.12-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to 1.20.12-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to 1.21.5-gke.1802 with this release.

Stable channel

  • Version 1.20.12-gke.1500 is now the default version in the Stable channel.
  • Version 1.21.5-gke.1802 is now available in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to 1.20.12-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to 1.20.12-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to 1.21.5-gke.1802 with this release.

Regular channel

  • Version 1.21.6-gke.1500 is now the default version in the Regular channel.
  • Version 1.21.6-gke.1500 is now available in the Regular channel.
  • Version 1.21.5-gke.1302 is no longer available in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.21.6-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to 1.21.6-gke.1500 with this release.

Rapid channel

  • Version 1.22.3-gke.1500 is now the default version in the Rapid channel.
  • Version 1.22.4-gke.1501 is now available in the Rapid channel.
  • Version 1.23.1-gke.500 is now available in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.5-gke.1802 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.5-gke.1802 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to 1.22.3-gke.1500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to 1.23.1-gke.500 with this release.

1.23 is now available in the Rapid channel

Kubernetes 1.23 is now available in the Rapid channel. Before upgrading, read the Kubernetes 1.23 Release Notes, especially the action required and deprecation sections.

Notable features

Beta: PodSecurity admission

PodSecurity replaces the deprecated PodSecurityPolicy admission controller (which will be removed in 1.25). PodSecurity is an admission controller that enforces Pod Security Standards on Pods in a Namespace based on specific namespace labels that set the enforcement level. In 1.23, the PodSecurity feature is enabled by default, and applies to namespaces that opt into enforcement. Refer to the PodSecurity documentation and PodSecurityPolicy migration guide for more information.

Notable changes and bug fixes

Kubernetes 1.23 is built with go1.17, which requires aggregated API servers, admission webhooks, and custom resource conversion webhooks to use TLS certificates that include the service DNS name as a subjectAltName.

  • Before upgrading to 1.23, ensure any non-local aggregated API servers, admission webhooks, and custom resource conversion webhooks in your cluster are served using valid TLS certificates.
  • At cluster version 1.22.3-gke.700 or higher, GKE provides a Cloud Audit log to check if your cluster contains an affected service. You can use the following filter to search for the logs:

    logName: "projects/$PROJECT/logs/cloudaudit.googleapis.com%2Factivity"
    resource.type = "k8s_cluster"
    operation.producer = "k8s.io"
    "invalid-cert.webhook.gke.io"
    
  • If you are not affected you won't see any logs. If you do see such an audit log, it will include the name of the service (whether webhook or aggregated API).

New API versions

  • flowcontrol.apiserver.k8s.io/v1beta2 FlowSchema, PriorityLevelConfiguration
  • autoscaling/v2 HorizontalPodAutoscaler

Deprecated API versions

These APIs are still served in version 1.23 but are in a deprecation period:

  • PodSecurityPolicy
    • policy/v1beta1 PodSecurityPolicy
    • Deprecated in 1.21 with removal targeted for version 1.25.
  • The following Beta versions of graduated APIs will be removed in 1.25 in favor of their GA versions:
    • discovery.k8s.io/v1beta1 EndpointSlice, deprecated since 1.21
    • policy/v1beta1 PodDisruptionBudget, deprecated since 1.21
    • batch/v1beta1 CronJob, deprecated since 1.21
    • node.k8s.io/v1beta RuntimeClass
    • autoscaling/v2beta1 HorizontalPodAutoscaler
  • The following Beta versions of graduated APIs will be removed in 1.26 in favor of newer versions:
    • flowcontrol.apiserver.k8s.io/v1beta1 FlowSchema, PriorityLevelConfiguration
      • deprecated since 1.23
      • use flowcontrol.apiserver.k8s.io/v1beta2 instead, available since 1.23
    • autoscaling/v2beta2 HorizontalPodAutoscaler
      • deprecated since 1.23
    • use autoscaling/v2 instead, available since 1.23 (or autoscaling/v1)

Clusters running GKE node versions 1.19.16-gke.1500 and 1.19.16-gke.3600 will be unstable if Container Threat Detection (KTD) is enabled. To use KTD, create the cluster with the most recent 1.19.15 version or any GKE version 1.20 or later. If you require GKE version 1.19.16-gke.1500 or 1.19.16-gke.3600, you should disable KTD on the cluster using the Cloud Security Command Center Advanced Settings before creating or upgrading nodes to these versions

January 20, 2022

VPC-scoped DNS for GKE using Cloud DNS is now generally available for GKE versions 1.21 and later. This allows for seamless VPC-wide DNS resolution of GKE Services. Note that cluster-scoped DNS using Cloud DNS is still in public preview.

A new kubernetes metric, Network policy event count (kubernetes.io/pod/network/policy_event_count), is available (beta) for GKE Dataplane V2 clusters in GKE versions 1.22.3-gke.700 and later.

This metric can be viewed in the Metrics Explorer in Cloud Monitoring for resource type, Kubernetes Pod.

This metric provides visibility into network policy events and shows the Change in the number of network policy events seen in the dataplane, each event has the following metric labels:

  • verdict: Policy verdict, possible values: [allow, deny].
  • workload_kind: Kind of the workload, policy-enforced-pod belongs to, for example, "Deployment", "Replicaset", "StatefulSet", "DaemonSet", "Job", or "CronJob".
  • workload_name: Name of the workload, policy-enforced-pod belongs to.
  • direction: Direction of the traffic from the point of view of policy-enforced-pod, possible values: [ingress, egress].

In addition to these metric labels, customers can also see usual resource labels for resource type, Kubernetes Pod: project_id, location, cluster_name, namespace_name, and pod_name.

This metric can be used for setting up automated alerts for specific behaviors (denials higher than a threshold), identifying security issues, gaining better understanding of traffic flow, and troubleshooting.

January 17, 2022

Now available in Preview: Use a compact placement policy to specify that nodes within the node pool should be placed in closer physical proximity to each other within a zone. Having nodes closer to each other can reduce network latency between nodes, which can be useful for tightly-coupled batch workloads.

December 20, 2021

For GKE versions 1.21 and later, newly created clusters will have the DenyServiceExternalIPs admission controller enabled by default, disabling the use of ExternalIPs Services.

For existing clusters, when you upgrade the cluster to GKE version 1.21 or later, the DenyServiceExternalIPs admission controller will not be enabled. Since ExternalIPs Services are not widely used, we recommend manually auditing any external IP usage. You can choose to block ExternalIPs by using the following command:

gcloud container clusters update --no-enable-service-externalips

For more information, refer to Hardening your cluster's security.

A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs.

This issue is fixed in the following GKE versions:

  • 1.22.3-gke.1100 or above
  • 1.21.6-gke.700 or above
  • 1.20.12-gke.700 or above
  • 1.19.16-gke.700 or above

For more information about the CVE, refer to CVE-2021-41103.

December 14, 2021

File capability CAP_NET_BIND_SERVICE required by metrics-server to bind privileged port 443 is dropped in clusters that enable PodSecurityPolicy and use the Ubuntu with Docker container runtime in node pools. As a result, metrics-server fails to bootstrap and autoscaling functionality fails to function. All 1.21 and 1.22 node versions are impacted. This issue will be fixed in a future release. Automatic node upgrades from GKE version 1.20 to 1.21 will be halted until this issue is fixed.

December 09, 2021

GKE version 1.22.3-gke.1500 and later support user impersonation for all user-defined users and groups. System users and groups such as the kube-apiserver user and the system:masters group cannot be impersonated.

December 06, 2021

(2021-R34) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • The following control plane versions are no longer available:
    • 1.19.13-gke.1900, 1.19.14-gke.301, 1.19.14-gke.1900, 1.19.14-gke.2300, 1.19.15-gke.500
    • 1.21.3-gke.2003, 1.21.4-gke.2300, 1.21.4-gke.2302, 1.21.5-gke.1300
  • The following control planes and nodes with auto-upgrade enabled will be upgraded with this release:

Stable channel

Regular channel

  • The following control plane and node versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.20.10-gke.2100, 1.21.3-gke.2003
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to 1.20.11-gke.1801 with this release.

Rapid channel

  • Version 1.22.3-gke.700 is now the default version in the Rapid channel.
  • The following control plane and node versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.21.5-gke.1302, 1.22.2-gke.1901

PodSecurityPolicy (beta) was deprecated in Kubernetes 1.21 and is scheduled for shutdown in 1.25. For alternatives, refer to PodSecurityPolicy deprecation.

The following GKE versions fix Calico issue #4710 and Calico issue #4518, related to Pod graceful termination, in GKE clusters with Calico Network Policy enabled:

  • 1.19.16-gke.100 and later
  • 1.20.11-gke.1300 and later
  • 1.21.4-gke.1500 and later

For more information about the resolved issue, see the known issues page.

December 03, 2021

The 2021-R32 release notes from October 29, 2021 were updated on December 03, 2021 with revisions to the upgrade versions for control plane and nodes in Rapid, Regular, Stable, and No Channel.

See the revision note for further details.

December 02, 2021

The following GKE versions contain an issue that might affect workloads that use GKE Sandbox:

  • 1.19.14-gke.301, 1.19.14-gke.1900, 1.19.14-gke.2300, 1.19.15-gke.500, 1.19.15-gke.1300, 1.19.15-gke.1801
  • 1.20.10-gke.301, 1.20.10-gke.1600, 1.20.10-gke.2100, 1.20.11-gke.1300, 1.20.11-gke.1801
  • 1.21.4-gke.2300, 1.21.4-gke.2302, 1.21.5-gke.1300, 1.21.5-gke.1302, 1.21.5-gke.1802
  • 1.22.2-gke.1901

What do I need to know?

Applications that use the xmm15 register and receive a signal or hit a page fault while the register is in use might have the register corrupted, leading to unpredictable application behavior. The security of the sandbox is not compromised.

What do I need to do?

Upgrade to one of the following GKE versions that fix the issue:

  • 1.19.16-gke.1500 or later
  • 1.20.12-gke.1500 or later
  • 1.21.6-gke.1500 or later
  • 1.22.3-gke.700 or later

November 19, 2021

The 2021-R33 release notes for No channel were updated with the following additions:

  • The following control plane and node versions are now available:
    • 1.19.16-gke.1500
    • 1.20.12-gke.1500
    • 1.21.6-gke.1500

November 16, 2021

The southamerica-west1 region in Santiago, Chile is now available.

November 15, 2021

2021-11-19 update: Added new control plane and node versions for the 2021-R33 release in No channel.

(2021-R33) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • The following control plane and node versions are now available:
  • Version 1.19.14-gke.1900 is no longer available in the Stable channel.
  • The following control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded with this release:

Regular channel

  • Version 1.21.5-gke.1302 is now the default version in the Regular channel.
  • Version 1.20.11-gke.1801 is now available in the Regular channel.
  • Version 1.20.10-gke.1600 is no longer available in the Regular channel.
  • The following control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded with this release:

Rapid channel

  • Version 1.21.5-gke.1802 is now the default version in the Rapid channel.
  • Version 1.22.3-gke.700 is now available in the Rapid channel.
  • The following control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded with this release:

November 12, 2021

The release on September 17, 2021 (2021-R29) fixed CVEs in the Compute Engine PD CSI driver for the cluster minor version 1.18. The fixes are available in GKE version 1.18.20-gke.5900 and later.

The following CVEs were fixed: CVE-2021-3712, CVE-2021-3580, CVE-2021-33910, CVE-2020-29361, CVE-2020-29362, CVE-2021-24031, CVE-2021-3711, CVE-2021-20305, CVE-2020-24659, CVE-2021-24032, CVE-2021-20231, CVE-2021-20232, CVE-2021-33560, CVE-2020-29363, CVE-2021-3520, and CVE-2020-27350.

Legacy networks that contain GKE clusters can be converted to VPC networks, if the required control plane and node pool upgrades are performed. This feature is available in Preview. For more information, see Single-region conversion tool.

November 09, 2021

For GKE Autopilot clusters, Spot Pods are now available in Preview. Spot Pods let you run fault-tolerant workloads at lower costs.

November 04, 2021

You can now use image streaming in GKE to reduce image pull time and improve overall application startup and autoscaling performance. For more information, see Use image streaming to pull container images.

October 29, 2021

Revisions for 2021-R32

2021-12-03 update: Revised upgrade versions. Control planes and nodes with auto-upgrade enabled will be upgraded in the following channels:

(2021-R32) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • Version 1.20.10-gke.1600 is now the default version in the Stable channel.
  • Version 1.19.15-gke.500 is now available in the Stable channel.
  • The following versions are no longer available in the Stable channel:
    • 1.19.13-gke.1900
    • 1.20.10-gke.301
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.18 to 1.19.14-gke.1900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to 1.20.10-gke.1600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to 1.20.10-gke.1600 with this release.

Regular channel

  • Version 1.20.10-gke.1600 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.20.9-gke.1001
    • 1.20.10-gke.301
    • 1.21.3-gke.2001
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to 1.20.10-gke.1600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.20.10-gke.1600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to 1.21.3-gke.2003 with this release.

Rapid channel

  • Version 1.21.5-gke.1302 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.21.4-gke.2300
    • 1.21.5-gke.1300
    • 1.22.2-gke.1300
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.5-gke.1302 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.5-gke.1302 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to 1.22.2-gke.1901 with this release.

October 28, 2021

GKE public clusters versions 1.22 and later created on or after October 28, 2021, will move to using Private Service Connect (PSC) for private control plane communication. There is no price increase for using GKE public clusters running on PSC, however, there will be a SKU change. This change does not apply to public clusters using legacy networks.

In clusters running GKE version 1.21.0-gke.1000 and later, the destination IP address and port of the GKE metadata server has changed. If you have a cluster network policy and you use Workload Identity, you should update your network policy to allow access to the following destination IP addresses and ports. To avoid disruptions during auto-upgrades, allow access to all these destination address and destination port combinations in your network policy. For more information, see Understanding the GKE metadata server.

GKE version GKE metadata server address
Prior to 1.21.0-gke.1000 127.0.0.1:987 and 127.0.0.1:988
1.21.0-gke.1000 and later 169.254.169.252:987 and 169.254.169.252:988

October 27, 2021

In GKE version 1.22 and later, GKE cluster autoscaler and node auto-provisioning will support working on empty (zero node) clusters, and will support scaling down nodes with pods requesting local storage.

October 21, 2021

For GKE Autopilot clusters, CMEK for boot disks and CMEK for application-layer encryption is now generally available.

For GKE Autopilot clusters, Google Groups for RBAC is now generally available.

A security issue was discovered in the Kubernetes ingress-nginx controller, CVE-2021-25742. Ingress-nginx custom snippets allows retrieval of ingress-nginx service account tokens and secrets across all namespaces. For more information, see the GCP-2021-024 security bulletin.

October 15, 2021

(2021-R31) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.20.10-gke.1600 is now the default version.
  • The following control plane and node versions are now available:

  • Control plane version 1.19.13-gke.701 is no longer available.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to 1.19.13-gke.1900 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to 1.20.10-gke.1600 with this release.

Stable channel

  • Version 1.19.13-gke.1900 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:

  • Version 1.19.13-gke.1200 is no longer available in the Stable channel.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to 1.19.13-gke.1900 with this release.

Regular channel

Rapid channel

  • Version 1.21.4-gke.2300 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:

  • The following versions are no longer available in the Rapid channel:

    • 1.21.4-gke.1801
    • 1.22.1-gke.1602
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.4-gke.2300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to 1.22.2-gke.1300 with this release.

GKE Windows clusters using the persistent disk CSI driver ​might experience volume mount issues with existing PersistentVolumeClaim or PersistentVolume resources if upgraded to one the following versions. Please do not upgrade your Windows node pools to the following versions in the Rapid channel:

  • 1.22.1-gke.1602 or later

The fix will be available in a future GKE 1.22 release.

October 14, 2021

StatefulSet Pods in Calico Network Policy enabled GKE clusters might experience connectivity issues in a Terminating state in the following GKE versions:

  • 1.18
  • 1.19
  • 1.20 to 1.20.11-gke.1299
  • 1.21 to 1.21.4-gke.1499

To mitigate this issue, upgrade your GKE control plane to GKE version 1.21.4-gke.1500 or later.
For more information, see the known issue and Calico issue #4710.

October 13, 2021

The following GKE versions fix containerd issue #5438. This issue caused pod IP address leaks which exhaust the IP addresses of containerd based nodes.

  • 1.19.14-gke.1500 or later
  • 1.20.10-gke.1500 or later
  • 1.21.4-gke.1600 or later

For more information, see the Containerd node images known issues.

October 12, 2021

Spot VMs on GKE is now available in Preview.

With GKE version 1.19 and later, the CPU and memory usage of gke-metrics-agent have been optimized. With this change, Out Of Memory (OOM) crashes are reduced significantly.

If you are on GKE version 1.18 and earlier, you will need to upgrade your clusters to version 1.19 or later.

October 04, 2021

GKE version 1.20.8-gke.2100 or later offers a Preview of a fully managed metric collection pipeline to scrape Prometheus-style metrics exposed by any GKE workload and send those metrics to Cloud Monitoring for dashboards, alerts, and SLOs. Compared to the Prometheus Stackdriver sidecar, this new pipeline is easy to set up, allows filtering to control cost, supports larger clusters, is fully managed, supports Autopilot and horizontal Pod autoscaling, and offers better pricing. Get started with GKE workload metrics.

October 01, 2021

(2021-R30) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.20.10-gke.301 is now the default version.
  • The following control plane and node versions are now available:
  • The following control plane versions are no longer available:
    • 1.18.20-gke.3001
    • 1.18.20-gke.3300
    • 1.18.20-gke.4100
    • 1.18.20-gke.4501
    • 1.18.20-gke.6000
    • 1.19.12-gke.2101
    • 1.20.8-gke.2101
    • 1.20.9-gke.701
    • 1.20.9-gke.1000
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to 1.19.13-gke.1200 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to 1.20.10-gke.301 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to 1.21.3-gke.2001 with this release.

Stable channel

  • Version 1.19.13-gke.1200 is now the default version.
  • The following control plane and node versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.19.13-gke.701
    • 1.20.9-gke.1000
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to 1.19.13-gke.1200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to 1.20.9-gke.1001 with this release.

Regular channel

  • Version 1.20.10-gke.301 is now the default version in the Regular channel.
  • Version 1.21.3-gke.2001 is now available in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.20.10-gke.301 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to 1.21.3-gke.2001 with this release.

Rapid channel

  • Version 1.21.4-gke.1801 is now the default version in the Rapid channel.
  • The following control plane and node versions are now available in the Rapid channel:
  • Version 1.21.4-gke.301 is no longer available in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.4-gke.1801 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to 1.22.1-gke.1602 with this release.

1.20 clusters with legacy ABAC authorization enabled should not upgrade to 1.21 until 1.21.4-gke.2500+ is available.

1.21 is now generally available

Kubernetes version 1.21 is now generally available. Before upgrading, read the Kubernetes 1.21 Release Notes, especially the action required and deprecation sections.

The following features are introduced in version 1.21:

CronJob (GA)

The CronJob API has graduated to General Availability (GA), bringing performance improvements and allowing scheduled jobs to be run using a stable API.

  • This resource is now available in the batch/v1 group/version.
  • The batch/v1beta1 group/version is deprecated, and will be removed in version 1.25. See the migration guide for details.

PodDisruptionBudget (GA)

The PodDisruptionBudget has graduated to GA, allowing Pod evictions to be controlled using a stable API.

  • This resource is now available in the policy/v1 group/version.
  • The policy/v1beta1 group/version is deprecated, and will be removed in version 1.25. See the migration guide for details.

EndpointSlice (GA)

The EndpointSlice API has graduated to GA, bringing performance improvements over the v1 Endpoints API.

  • This more scalable API for service discovery is now enabled on all clusters and is promoted to discovery.k8s.io/v1.
  • The discovery.k8s.io/v1beta1 group/version is deprecated, and will be removed in version 1.25. See the migration guide for details.

Default namespace label (Beta)

Namespace API objects now have a kubernetes.io/metadata.name label matching their metadata.name field to allow selecting any namespace by its name using a label selector. This can be used for objects which select namespaces by label, such as admission webhooks and network policies.

Bound service account token volumes (Beta)

  • The API credentials injected into containers at /var/run/secrets/kubernetes.io/serviceaccount/token are now time-limited, auto-refreshed, and invalidated when the containing pod is deleted.
  • By default, injected tokens are given an extended lifetime so they remain valid even after a new refreshed token is provided. The metric serviceaccount_stale_tokens_total and the audit annotation authentication.k8s.io/stale-token can be used to monitor for workloads that depend on the extended lifetime and are continuing to use tokens even after a refreshed token is provided to the container.
  • Clients should reload the token from disk periodically (once per minute is recommended) to ensure they use the refreshed token. k8s.io/client-go version 11.0.0+ and 0.15.0+ reload tokens automatically.

In Kubernetes 1.21, newly provisioned PersistentVolumes by gce-pd will use the topology.kubernetes.io/zone GA label instead of the failure-domain.beta.kubernetes.io/zone beta label.

New Beta and Stable APIs

The following Stable APIs are new in 1.21:

  • batch/v1 CronJob
  • policy/v1 PodDisruptionBudget
  • discovery.k8s.io/v1 EndpointSlice

The following Beta APIs are new in 1.21:

  • storage.k8s.io/v1beta1 CSIStorageCapacity

Deprecated APIs

The following APIs are deprecated in the 1.21 release:

  • PodSecurityPolicy
    • policy/v1beta1 PodSecurityPolicy
    • Deprecated in 1.21 with removal targeted for version 1.25.
  • The following Beta versions of newly graduated APIs will be removed in 1.25 in favor of GA versions:
    • discovery.k8s.io/v1beta1 EndpointSlice
    • policy/v1beta1 PodDisruptionBudget
    • batch/v1beta1 CronJob
  • The following Beta versions of previously graduated APIs will be removed in 1.22 in favor of GA versions:
    • admissionregistration.k8s.io/v1beta1, MutatingWebhookConfiguration
    • admissionregistration.k8s.io/v1beta1, ValidatingWebhookConfiguration
    • apiextensions.k8s.io/v1beta1, CustomResourceDefinition
    • apiregistration.k8s.io/v1beta1, APIService
    • authentication.k8s.io/v1beta1, TokenReview
    • authorization.k8s.io/v1beta1, LocalSubjectAccessReview
    • authorization.k8s.io/v1beta1, SelfSubjectAccessReview
    • authorization.k8s.io/v1beta1, SubjectAccessReview
    • certificates.k8s.io/v1beta1, CertificateSigningRequest
    • coordination.k8s.io/v1beta1, Lease
    • extensions/v1beta1, Ingress
    • networking.k8s.io/v1beta1, Ingress
    • networking.k8s.io/v1beta1, IngressClass
    • rbac.authorization.k8s.io/v1beta1, ClusterRole
    • rbac.authorization.k8s.io/v1beta1, ClusterRoleBinding
    • rbac.authorization.k8s.io/v1beta1, Role
    • rbac.authorization.k8s.io/v1beta1, RoleBinding
    • scheduling.k8s.io/v1beta1, PriorityClass
    • storage.k8s.io/v1beta1, CSIDriver
    • storage.k8s.io/v1beta1, CSINode
    • storage.k8s.io/v1beta1, StorageClass
    • storage.k8s.io/v1beta1, VolumeAttachment

1.22 is now available in the Rapid channel

Kubernetes 1.22 is now available in the Rapid channel. Before upgrading, read the Kubernetes 1.22 Release Notes, especially the action required and deprecation sections.

Removed API versions in 1.22

The following Beta versions of previously graduated APIs are removed in 1.22 in favor of the GA versions. All existing objects can be interacted with via the stable APIs. Update API clients and manifests to use the GA APIs before upgrading. For more information, see the Kubernetes 1.22 deprecated APIs guide.

  • admissionregistration.k8s.io/v1beta1, MutatingWebhookConfiguration
  • admissionregistration.k8s.io/v1beta1, ValidatingWebhookConfiguration
  • apiextensions.k8s.io/v1beta1, CustomResourceDefinition
  • apiregistration.k8s.io/v1beta1, APIService
  • authentication.k8s.io/v1beta1, TokenReview
  • authorization.k8s.io/v1beta1, LocalSubjectAccessReview
  • authorization.k8s.io/v1beta1, SelfSubjectAccessReview
  • authorization.k8s.io/v1beta1, SubjectAccessReview
  • certificates.k8s.io/v1beta1, CertificateSigningRequest
  • coordination.k8s.io/v1beta1, Lease
  • extensions/v1beta1, Ingress
  • networking.k8s.io/v1beta1, Ingress
  • networking.k8s.io/v1beta1, IngressClass
  • rbac.authorization.k8s.io/v1beta1, ClusterRole
  • rbac.authorization.k8s.io/v1beta1, ClusterRoleBinding
  • rbac.authorization.k8s.io/v1beta1, Role
  • rbac.authorization.k8s.io/v1beta1, RoleBinding
  • scheduling.k8s.io/v1beta1, PriorityClass
  • storage.k8s.io/v1beta1, CSIDriver
  • storage.k8s.io/v1beta1, CSINode
  • storage.k8s.io/v1beta1, StorageClass
  • storage.k8s.io/v1beta1, VolumeAttachment

Deprecated API versions

These APIs are still served in version 1.22 but are in a deprecation period, and will be removed in 1.25:

  • PodSecurityPolicy
    • policy/v1beta1 PodSecurityPolicy
    • Deprecated in 1.21 with removal targeted for version 1.25.
  • The following Beta versions of graduated APIs will be removed in 1.25 in favor of their GA versions:
    • discovery.k8s.io/v1beta1 EndpointSlice, deprecated since 1.21
    • policy/v1beta1 PodDisruptionBudget, deprecated since 1.21
    • batch/v1beta1 CronJob, deprecated since 1.21

New API versions in 1.22

The pods/eviction subresource now accepts policy/v1 eviction requests in addition to policy/v1beta1 eviction requests (#100724)

Notable features in 1.22

GA: Server-side Apply

Server-side Apply is a new object merge algorithm, as well as tracking of field ownership, running on the Kubernetes API server. Server-side Apply helps users and controllers create and modify their resources via declarative configurations by sending their fully specified intent. Refer to server-side apply documentation for more information. Improvements in 1.22 include:

  • scale subresource ownership is tracked correctly (#98377)
  • label selector fields are applied atomically (#97989)
Beta: DaemonSet maxSurge

DaemonSet objects now support a maxSurge rollout parameter, which allows running updated pods for the DaemonSet on nodes before removing old pods. Refer to the DaemonSet API documentation for more information.

Beta: Suspended jobs

Job objects can now be created or placed in a suspended state, to allow higher-level control over ordering and scheduling of batch workloads. Refer to the Job documentation for more information.

Beta: podAffinity namespace selection

Pod affinity rules can now specify namespaced using a label selector, in addition to a fixed list of namespace names. Refer to the pod affinity documentation for more information.

Notable changes and bug fixes in 1.22

  • The terminationGracePeriodSeconds field on pod specs and container probes should not be negative. Negative values of terminationGracePeriodSeconds will be treated as the value 1 on the delete path. Immutable field validation will be relaxed in order to update negative values. In a future release, negative values will not be permitted. (#98866)

  • As a mitigation for CVE-2021-25740, newly created Kubernetes 1.22 clusters no longer include write access to the Endpoints API in the edit and admin roles by default. Existing clusters upgraded to Kubernetes 1.22 retain previous permissions in those roles. For instructions to re-add Endpoints write access to the edit and admin roles in newly created 1.22 clusters, refer to the RBAC documentation.

September 30, 2021

A security issue was discovered in Kubernetes, CVE-2021-25741, where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem. For more information, see the GCP-2021-018 security bulletin.

A security vulnerability, CVE-2020-8561, has been discovered in Kubernetes where certain webhooks can be made to redirect kube-apiserver requests to private networks of that API server. For more information, see the GCP-2021-021 security bulletin.

There is a known issue where updating a BackendConfig resource using the v1beta1 API that removes an active Google Cloud Armor security policy from its service. For more information, see the GCP-2021-019 security bulletin.

Now you can see how effectively your GKE clusters and workloads are utilizing your available compute resources. The new Cost Optimization tab lets you view, filter, and learn more about the CPU and memory usage, requests, allocation, and limit amounts of each of your clusters and workloads. This information can help you identify opportunities to optimize your clusters or workloads for more cost effective resource utilization. This feature is now available in Preview. For more information, see View cost-related optimization metrics.

September 24, 2021

GKE versions 1.18.20-gke.5100 and later fix the issue with v1beta1 of the Backendconfig API, where a Cloud Armor security policy was inadvertently deleted from the backend Service of an Ingress resource.

For more information, see Kubernetes issue #1508 and the Ingress Known issues page.

GKE clusters running node pools that use Docker might experience containers restarting every time Docker restarts.

The following versions are affected:

  • GKE 1.20 versions lower than 1.20.9-gke.2100
  • GKE 1.21 versions lower than 1.21.3-gke.1600

To fix this issue, either use Containerd or upgrade your nodes to version:

  • For GKE 1.20: 1.20.9-gke.2100 or higher
  • For GKE 1.21: 1.21.3-gke.1600 or higher

September 17, 2021

(2021-R29) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • Version 1.19.13-gke.701 is now the default version in the Stable channel.
  • Version 1.19.13-gke.1200 is now available in the Stable channel.
  • Version 1.20.9-gke.1000 is now available in the Stable channel.
  • The following versions are no longer available in the Stable channel:
    • 1.18.20-gke.901
    • 1.18.20-gke.3001
    • 1.19.12-gke.2101
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to 1.19.13-gke.701 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to 1.20.9-gke.1000 with this release.

Regular channel

  • Version 1.20.9-gke.1001 is now the default version in the Regular channel.
  • Version 1.20.10-gke.301 is now available in the Regular channel.
  • Version 1.20.9-gke.701 is no longer available in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.20.9-gke.1001 with this release.

Rapid channel

  • Version 1.21.4-gke.301 is now the default version in the Rapid channel.
  • Version 1.21.4-gke.1801 is now available in the Rapid channel.
  • Version 1.21.3-gke.2001 is no longer available in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.4-gke.301 with this release.

September 16, 2021

In GKE versions 1.21.0-gke.1500 and later, VPC-native is the default network mode during cluster creation. To create a routes-based cluster, you can use the --no-enable-ip-alias flag:

gcloud container clusters create CLUSTER_NAME --no-enable-ip-alias

For Autopilot clusters, starting with GKE version 1.21.3-gke.900:

  • Users can also create mutating webhooks. However, Autopilot modifies the mutating webhooks objects to add a namespace selector which excludes the resources in managed namespaces (currently, kube-system) from being intercepted. Additionally, webhooks which specify one or more of following resources (and any of their sub-resources) in the rules, will be rejected:

    - group: ""
      resource: nodes
    - group: ""
      resource: persistentvolumes
    - group: certificates.k8s.io
      resource: certificatesigningrequests
    - group: authentication.k8s.io
      resource: tokenreviews
    
  • The SYS_PTRACE capability is allowed in user workloads.

  • Gatekeeper is no longer used in Autopilot policy enforcement, letting users install their own Gatekeeper instances.

When downgrading Autopilot clusters versions 1.21 to the older minor versions, the cluster might intermittently become unavailable. Once the downgrade is complete, the cluster will be available.

September 14, 2021

With GKE versions 1.21.4-gke.30 and later, users can create ServiceAttachment resources to provision Private Service Connect (PSC) for internal LoadBalancer Services. This feature is available in Preview.

Multi-cluster Ingress now supports SSL policies and HTTPS redirects using the FrontendConfig resource. This feature is generally available in GKE versions 1.17.13-gke.2600 and later.

September 13, 2021

GKE versions 1.19.14-gke.301 and later fix the issue with v1beta1 of the Backendconfig API, where a Cloud Armor security policy was inadvertently deleted from the backend Service of an Ingress resource.

For more information, see Kubernetes issue #1508 and the Ingress Known issues page.

September 09, 2021

The managed Filestore CSI driver for GKE is now available in GKE versions 1.21 and later to provision and manage Filestore instances for GKE workloads.

September 08, 2021

Several gcloud flags used to configure which logs and metrics are collected are deprecated and replaced with new flags. See Deprecated Configuration Parameters for a list of the deprecated logging and monitoring flags as well as the equivalent values for the new --logging and --monitoring flags.

September 07, 2021

The R28 release notes were updated on September 24, 2021 with the following additions:

No channel

Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.18 to 1.19.12-gke.2101 with this release.

Stable channel

Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.18 to 1.19.12-gke.2101 with this release.

(2021-R28) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • Version 1.19.12-gke.2101 is now the default version in the Stable channel.
  • The following control plane and node versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.18.20-gke.3000
    • 1.19.12-gke.2100
    • 1.19.13-gke.700
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.18 to 1.19.12-gke.2101 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to 1.19.12-gke.2101 with this release.

Regular channel

  • Version 1.20.9-gke.701 is now the default version in the Regular channel.
  • The following control plane and node versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.20.9-gke.700
    • 1.20.9-gke.1000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.20.9-gke.701 with this release.

Rapid channel

  • Version 1.21.3-gke.2001 is now the default version in the Rapid channel.
  • The following control plane and node versions are now available in the Rapid channel:
  • Version 1.21.3-gke.2000 is no longer available in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.3-gke.2001 with this release.

Two security vulnerabilities, CVE-2021-33909 and CVE-2021-33910, have been discovered in the Linux kernel that can lead to an OS crash or an escalation to root by an unprivileged user. This vulnerability affects all GKE node operating systems (COS and Ubuntu).

For more information, see the GCP-2021-017 security bulletin.

September 02, 2021

Multi-Instance GPU on GKE is is now generally available.

August 30, 2021

GKE Autoscaling profiles are now generally available.

August 24, 2021

Identity Service for GKE (Preview) is available. Identity Service for GKE extends existing identity solutions for authentication into GKE clusters by supporting OpenID Connect (OIDC). For more information, see Authenticating with Identity Service for GKE.

You can now enable Google Virtual NIC in a new GKE cluster on GPU nodes. For more information, see Using Google Virtual NIC.

August 20, 2021

(2021-R27) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.20.8-gke.2100 is now the default version.
  • The following control plane and node versions are now available:
  • The following control plane versions are no longer available:
    • 1.18.20-gke.501
    • 1.19.9-gke.1900
    • 1.19.10-gke.1000
    • 1.19.10-gke.1001
    • 1.19.10-gke.1601
    • 1.19.10-gke.1701
    • 1.19.11-gke.1701
    • 1.19.11-gke.2101
    • 1.19.12-gke.700
    • 1.19.12-gke.900
    • 1.19.12-gke.1100
    • 1.20.8-gke.700
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.18 to 1.18.20-gke.901 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to 1.19.12-gke.2100 with this release.

Stable channel

There are no new releases in the Stable channel.

Regular channel

  • Version 1.20.8-gke.2100 is now the default version in the Regular channel.
  • Version 1.20.9-gke.700 is now available in the Regular channel.
  • Version 1.20.8-gke.900 is no longer available in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.20.8-gke.2100 with this release.

Rapid channel

  • Version 1.20.8-gke.2100 is now the default version in the Rapid channel.
  • The following control plane and node versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.20.8-gke.2100
    • 1.21.3-gke.900
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.20.8-gke.2100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.3-gke.901 with this release.

For GKE clusters running Windows Server node pools, you can proactively receive updates about new GKE versions and the Windows OS versions they use by subscribing to UpgradeAvailableEvent notifications. This feature is now available in Preview.

August 19, 2021

A simplified GKE API for configuring which logs and metrics are collected and sent to Cloud Logging and Cloud Monitoring is now available. The gcloud container clusters create and gcloud container clusters update commands now support the --logging and --monitoring flags.

For example, to collect both system and workload logs in an existing cluster, use gcloud container clusters update --logging=SYSTEM,WORKLOAD. Or, to create a new cluster with no metrics collected, use gcloud container clusters create --monitoring=NONE.

See a complete list of available logs and available metrics.

These flags are available in Google Cloud SDK version 352.0.0 and later.

August 18, 2021

GKE clusters running node pools that use containerd might experience IP leak issues and exhaust all Pod IPs on a node. A Pod scheduled on an affected node shows an error message similar to the following:

failed to allocate for range 0: no IP addresses available in range set: 10.48.131.1-10.48.131.62

For more information about the issue, see containerd issue #5438 and issue #5768.

For workarounds to mitigate this issue, see the Known issues section in containerd node images.

August 17, 2021

An issue was identified with v1beta1 of the BackendConfig API, where a Cloud Armor security policy was inadvertently deleted from the backend Service of an Ingress resource on the following affected GKE versions:

  • 1.18.19-gke.1400 and later
  • 1.19.10-gke.700 and later
  • 1.20.6-gke.700 and later

To fix this issue, use v1 of the BackendConfig API, or update your clusters to one of the following GKE versions:

  • 1.20.9-gke.900 and later
  • 1.21.1-gke.2700 and later

For more information, see Kubernetes issue #1508 and the Ingress Known issues page.

August 12, 2021

(2021-R26) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • The following control plane and node versions are now available:
  • The following control plane versions are no longer available:
    • 1.17.17-gke.3700
    • 1.17.17-gke.4400
    • 1.17.17-gke.4900
    • 1.17.17-gke.5400
    • 1.17.17-gke.6000
    • 1.17.17-gke.6700
    • 1.17.17-gke.7200
    • 1.17.17-gke.7800
    • 1.17.17-gke.8200
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to 1.20.8-gke.900 with this release.

Stable channel

  • Version 1.19.12-gke.2100 is now the default version in the Stable channel.
  • Version 1.18.20-gke.901 is now available in the Stable channel.
  • Version 1.19.11-gke.2101 is no longer available in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.18 and version 1.19 to 1.19.12-gke.2100 with this release.

Regular channel

Version 1.20.8-gke.2100 is now available in the Regular channel.

Rapid channel

  • The following control plane and node versions are now available in the Rapid channel:
  • The following control plane and node versions are no longer available in the Rapid channel:
    • 1.20.9-gke.700
    • 1.21.3-gke.100
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.3-gke.900 with this release.

August 05, 2021

GKE Multi Cluster Ingress is now available through standalone per-Pod pricing in addition to Anthos licensing for all GKE release channels.

August 03, 2021

The northamerica-northeast2 region in Toronto is now available.

(2021-R25) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • The following control plane and node versions are now available:
  • The following control plane versions are no longer available:
    • 1.18.17-gke.1901
    • 1.18.19-gke.1701
    • 1.18.19-gke.2101
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.18 to version 1.18.20-gke.501 with this release.

Stable channel

  • Version 1.18.20-gke.900 is now the default version in the Stable channel.
  • Version 1.18.20-gke.501 is no longer available in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.18 to version 1.18.20-gke.900 with this release.

Regular channel

There are no new releases in the Regular release channel.

Rapid channel

  • Version 1.20.8-gke.900 is now the default version in the Rapid channel.
  • Version 1.20.9-gke.700 is now available in the Rapid channel.
  • Version 1.21.3-gke.900 is now available in the Rapid channel.
  • Version 1.20.8-gke.700 is no longer available in the Rapid channel.
  • Version 1.21.2-gke.600 is no longer available in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.20.8-gke.900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.21.3-gke.100 with this release.

July 27, 2021

(2021-R24) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.20.8-gke.900 is now the default version.
  • The following control plane and node versions are now available:
  • The following control plane versions are no longer available:
    • 1.18.18-gke.1101
    • 1.18.18-gke.1701
    • 1.20.7-gke.1800
    • 1.20.7-gke.2200
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.20.8-gke.700 with this release.

Stable channel

  • Version 1.18.20-gke.501 is now the default version in the Stable channel.
  • Version 1.18.20-gke.900 is now available in the Stable channel.
  • Version 1.19.12-gke.2100 is now available in the Stable channel.
  • Version 1.18.19-gke.1701 is no longer available in the Stable channel.
  • Version 1.19.10-gke.1000 is no longer available in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.18 to version 1.18.20-gke.501 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to version 1.19.11-gke.2101 with this release.

Regular channel

  • Version 1.20.8-gke.900 is now the default version in the Regular channel.
  • The following versions are no longer available in the Regular channel:
    • 1.19.9-gke.1900
    • 1.19.11-gke.1701
    • 1.19.12-gke.1100
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to 1.20.8-gke.900 with this release.

Rapid channel

July 21, 2021

Google Groups for RBAC is now generally available.

July 20, 2021

(2021-R23) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • The following control plane and node versions are now available:
  • The following control plane versions are no longer available:
    • 1.18.17-gke.1900
    • 1.19.9-gke.1400
    • 1.20.6-gke.1000
    • 1.20.6-gke.1400
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.18 to version 1.18.17-gke.1901 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to version 1.19.9-gke.1900 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.20.7-gke.1800 with this release.

Stable channel

  • Version 1.18.19-gke.1701 is now the default version in the Stable channel.
  • Version 1.18.20-gke.501 is now available in the Stable channel.
  • Version 1.18.17-gke.1901 is no longer available in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.18 to version 1.18.19-gke.1701 with this release.

Regular channel

  • Version 1.19.12-gke.1100 is now available in the Regular channel.
  • Version 1.20.8-gke.900 is now available in the Regular channel.
  • Version 1.20.7-gke.1800 is no longer available in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.20.8-gke.900 with this release.

Rapid channel

  • Version 1.20.8-gke.700 is now the default version in the Rapid channel.
  • Version 1.20.8-gke.900 is now available in the Rapid channel.
  • Version 1.20.7-gke.2200 is no longer available in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.20.8-gke.700 with this release.

Legacy Logging and Monitoring was deprecated December 12, 2019 and was decommissioned March 31, 2021. As described in the guide for Migrating to Cloud Operations for GKE all clusters still using Legacy Logging and Monitoring are being automatically and gradually migrated to Cloud Operations for GKE during the coming weeks.

July 14, 2021

A new security vulnerability, CVE-2021-22555, has been discovered where a malicious actor with CAP_NET_ADMIN privileges can potentially cause a container breakout to root on the host. This vulnerability affects all GKE clusters and Anthos clusters on VMware running Linux version 2.6.19 or later.

For more information, see the GCP-2021-015 security bulletin.

July 13, 2021

There is a known issue that prevents the gcloud client from interacting with multi-cluster Ingress that was introduced in gcloud version 346.0.0 and was fixed in version 348.0.0. It is recommended that you do not use gcloud versions 346.0.0 and 347.0.0 when using multi-cluster Ingress.

July 09, 2021

(2021-R22) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • Version 1.18.19-gke.1701 is now available in the Stable channel.
  • Version 1.19.11-gke.2101 is now available in the Stable channel.
  • Version 1.18.18-gke.1700 is no longer available in the Stable channel.

Regular channel

  • Version 1.19.11-gke.1701 is now available in the Regular channel.
  • Version 1.20.7-gke.1800 is now available in the Regular channel.
  • Version 1.19.10-gke.1700 is no longer available in the Regular channel.
  • Version 1.20.6-gke.1000 is no longer available in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.20.7-gke.1800 with this release.

Rapid channel

  • Version 1.20.7-gke.2200 is now the default version.
  • Version 1.20.8-gke.700 is now available in the Rapid channel.
  • Version 1.21.2-gke.600 is now available in the Rapid channel.
  • Version 1.20.6-gke.1400 is no longer available in the Rapid channel.
  • Version 1.20.7-gke.1800 is no longer available in the Rapid channel.
  • Version 1.21.1-gke.2200 is no longer available in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.20.7-gke.2200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.2-gke.600 with this release.

July 08, 2021

Microsoft published a security bulletin on a Remote code execution (RCE) vulnerability, CVE-2021-34527, that affects the print spooler in Windows servers. The CERT Coordination Center (CERT/CC) published an update note on a related vulnerability, dubbed "PrintNightmare" that also affects Windows print spoolers - PrintNightmare, Critical Windows Print Spooler Vulnerability.

For more information, see the GCP-2021-014 security bulletin.

July 02, 2021

The Istio project recently disclosed a new security vulnerability, CVE-2021-34824, affecting Istio. Istio contains a remotely exploitable vulnerability where credentials specified in the Gateway and DestinationRule credentialName field can be accessed from different namespaces.

For more information, see the GCP-2021-012 security bulletin.

Config Management is now available on GKE. Config Management provides you with the following benefits:

  • You can now use Policy Controller. Policy Controller enables the enforcement of fully programmable policies for your clusters. To learn more, see Policy Controller overview.
  • You can now install Config Sync using the Cloud Console or the gcloud command line tool. To learn more, see Installing Config Sync.

June 29, 2021

The asia-south2 region in Delhi is now available.

June 28, 2021

In GKE node version 1.21.1-gke.2200 and later, Containerd is available as a runtime for Windows Server LTSC and SAC node images. Containerd is the recommended container runtime for GKE. For more information, see Node images.

June 25, 2021

GKE clusters on some 1.18.18+ and 1.19.10+ versions might fail to create or apply CustomResourceDefinitions containing integer validation rules using server-side apply. The following error occurs: failed to convert new object to proper version: unable to convert unstructured object to apiextensions.k8s.io/v1, Kind=CustomResourceDefinition: cannot convert int64 to float64.

The following versions are affected:

  • 1.19.11-gke.1700
  • 1.19.10-gke.1700
  • 1.19.10-gke.1600
  • 1.19.10-gke.1000
  • 1.18.19-gke.1700
  • 1.18.18-gke.1700
  • 1.18.18-gke.1100

To resolve this issue, upgrade to a newer version or downgrade to one of the following versions:

  • 1.19.9-gke.1900
  • 1.18.17-gke.1901

(2021-R21) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • Version 1.18.18-gke.1700 is now available in the Stable channel.
  • Version 1.18.17-gke.1900 is no longer available in the Stable channel.
  • Version 1.18.18-gke.1100 is no longer available in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.17 to version 1.18.17-gke.1901 with this release.

Regular channel

  • Version 1.19.9-gke.1900 is now the default version in the Regular channel.
  • Version 1.19.9-gke.1900 is now available in the Regular channel.
  • Version 1.19.10-gke.1600 is no longer available in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.18 to 1.19.10-gke.1700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to 1.19.10-gke.1700 with this release.

Rapid channel

  • Version 1.20.7-gke.2200 is now available in the Rapid channel.
  • Version 1.21.1-gke.2200 is now available in the Rapid channel.
  • Version 1.21.1-gke.1800 is no longer available in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to 1.20.7-gke.1800 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.20.7-gke.1800 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.1-gke.2200 with this release.

June 24, 2021

Internal load balancer subsetting for GKE is now generally available in GKE versions 1.18.19-gke.1400 and later.

June 21, 2021

The australia-southeast2 region in Melbourne is now available.

June 16, 2021

(2021-R20) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.19.10-gke.1600 is now the default version.
  • The following versions are now available:
  • The following versions are no longer available:
    • 1.18.17-gke.1200
    • 1.18.17-gke.1201
    • 1.19.9-gke.1400
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.18 to version 1.18.17-gke.1901 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to version 1.19.9-gke.1900 with this release.

Stable channel

  • Version 1.18.17-gke.1901 is now the default version in the Stable channel.
  • Version 1.18.18-gke.1100 is now available in the Stable channel.
  • Version 1.18.17-gke.1200 is no longer available in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.18 to version 1.18.17-gke.1901 with this release.

Regular channel

  • Version 1.19.10-gke.1600 is now the default version in the Regular channel.
  • Version 1.19.10-gke.1700 is now available in the Regular channel.
  • Version 1.19.9-gke.1900 is no longer available in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.18 to 1.19.10-gke.1600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to 1.19.10-gke.1600 with this release.

Rapid channel

  • Version 1.20.7-gke.1800 is now available in the Rapid channel.
  • Version 1.21.1-gke.1800 is now available in the Rapid channel.
  • Version 1.21.1-gke.400 is no longer available in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.1-gke.1800 with this release.

June 15, 2021

The issue affecting the Datadog Agent on Autopilot has been resolved in Datadog version 2.13.1.

June 11, 2021

GKE Multi-cluster Services support for pod-specific addressing is now generally available.

June 10, 2021

Volume snapshots is now generally available. Starting in GKE version 1.21 and later, you can now use v1 snapshots; v1beta1 snapshots will continue to operate as expected until further notice.

Committed use discounts are now generally available to purchase for Google Kubernetes Engine (Autopilot Mode).

Google Kubernetes Engine (Autopilot Mode) committed use discounts apply to all Autopilot Pod workload vCPU, memory, and ephemeral storage usage in the region in which you have committed. Google Kubernetes Engine (Autopilot Mode) committed use discounts do not apply to the cluster management fee or to GKE Standard mode compute nodes.

See the documentation for more details.

For GKE clusters running Windows Server node pools, you can see the version mapping between GKE versions and Windows Server versions for all available GKE versions by using a gcloud command. This feature is now available in preview.

For more details, see Use gcloud tool to get version mapping.

June 09, 2021

(2021-R19) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • Version 1.18.17-gke.1900 is now the default version in the Stable channel.
  • Version 1.18.17-gke.1901 is now available in the Stable channel.
  • Version 1.19.10-gke.1000 is now available in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.18 to version 1.18.17-gke.1900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to version 1.19.10-gke.1000 with this release.

Regular channel

  • Version 1.19.10-gke.1600 is now available in the Regular channel.
  • Version 1.20.6-gke.1000 is now available in the Regular channel.
  • Version 1.19.9-gke.1400 is no longer available in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to 1.19.9-gke.1900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.20.6-gke.1000 with this release.

Rapid channel

  • Version 1.20.6-gke.1400 is now the default version in the Rapid channel.
  • Version 1.21.1-gke.400 is now available in the Rapid channel.
  • Version 1.20.6-gke.1000 is no longer available in the Rapid channel.
  • Version 1.21.1-gke.100 is no longer available in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.20.6-gke.1400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.1-gke.400 with this release.

If you manually upgrade your cluster from 1.18 to 1.19 and the network tier configuration on an existing external network load balancer does not match the network tier annotation in the service spec (if unspecified, defaults to Premium), the load balancer will be deleted and recreated, and the network tier configuration will be enforced.

A domain-scoped project is not supported in GKE version 1.20. The cluster's CertificateSigningRequest will be denied when validating the DNS name and the nodes cannot join the cluster.

1.20 is now generally available

Kubernetes 1.20 is now generally available (GA). Before upgrading, read the Kubernetes 1.20 Release Notes especially the Urgent upgrade notes and Deprecations sections.

The node.k8s.io/v1beta1 RuntimeClass API has graduated to node.k8s.io/v1 with no changes. API clients and manifests should switch to using the node.k8s.io/v1 API after version 1.20. The node.k8s.io/v1beta1 API is deprecated and will no longer be served starting in version 1.25.

As of version 1.20, the kubelet no longer creates the target_path for NodePublishVolume in accordance with the CSI spec. If you have self-managed CSI drivers deployed in your cluster, ensure that they are idempotent and do any necessary mount creation or verification. For more information, see Kubernetes issue #88759.

Starting in version 1.20, timeouts on exec probes are honored, and default to 1 second if unspecified. If you have Pods using exec probes, ensure that they can easily complete in 1 second or explicitly set an appropriate timeout. For more information, see ConfigureProbes.

Non-deterministic treatment of objects with invalid ownerReferences was fixed in version 1.20. Run the kubectl-check-ownerreferences tool prior to upgrade to locate existing objects with invalid ownerReferences.

  • A namespaced object with an ownerReference to another namespaced object which does not exist in the same namespace is now consistently treated as having a missing owner and is deleted.

  • A cluster-scoped object with an ownerReference to a namespaced object is now consistently treated as having an unresolvable owner, and is ignored by the garbage collector.

  • Starting in version 1.20, when a namespace mismatch between a child and owner object is detected, an event with a reason code of OwnerRefInvalidNamespace is recorded.

The metadata.selfLink field, deprecated since version 1.16, is no longer populated in version 1.20. See Kubernetes issue #1164 for details. A related bug in the k8s.io/client-golibrary in the GetReference function was fixed in versions 0.15.9 or later, 0.16.4 or later, and 0.17.0 or later. Clients using the GetReference function should upgrade to one of those versions of client-go or newer in order to work correctly against an API Server running version 1.20 or later.

Reminder: Future beta API removals in versions 1.22 and 1.25

Kubernetes versions 1.22 and 1.25 will stop serving several deprecated beta APIs. It is recommended to begin migrating your clients and manifests to the stable replacement APIs now. More information is available in the OSS Kubernetes documentation.

June 07, 2021

You can now specify the default image type to use for new auto-provisioning node pools. See Using node auto-provisioning for more details.

June 04, 2021

The security community recently disclosed a new security vulnerability CVE-2021-30465 found in runc that has the potential to allow full access to a node filesystem.

For more information, see the GCP-2021-011 security bulletin.

May 28, 2021

(2021-R18) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.19.9-gke.1900 is now the default version.
  • Version 1.18.18-gke.1700 is now available.
  • Version 1.19.10-gke.1700 is now available.
  • Version 1.18.17-gke.100 is no longer available.
  • Version 1.19.8-gke.1600 is no longer available.

Stable channel

  • Version 1.18.17-gke.1200 is now the default version in the Stable channel.
  • Version 1.18.17-gke.1900 is now available in the Stable channel.
  • Version 1.17.17-gke.4900 is no longer available in the Stable channel.
  • Version 1.17.17-gke.5400 is no longer available in the Stable channel.
  • Version 1.18.17-gke.700 is no longer available in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.18 to version 1.18.17-gke.1200 with this release.

Regular channel

  • Version 1.19.9-gke.1900 is now the default version in the Regular channel.

Rapid channel

  • Version 1.20.6-gke.1400 is now available in the Rapid channel.
  • Version 1.21.1-gke.100 is now available in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.1-gke.100 with this release.

1.21 available in the Rapid channel

Kubernetes version 1.21 is now available in the Rapid channel. Before upgrading, read the Kubernetes 1.21 Release Notes, especially the action required and deprecation sections.

1.21 Features

The following features are introduced in version 1.21:

CronJob (GA)

The CronJob API has graduated to General Availability (GA), bringing performance improvements and allowing scheduled jobs to be run using a stable API.

  • This resource is now available in the batch/v1 group/version.
  • The batch/v1beta1 group/version is deprecated, and will be removed in version 1.25. See the migration guide for details.

PodDisruptionBudget (GA)

The PodDisruptionBudget has graduated to GA, allowing pod evictions to be controlled using a stable API.

  • This resource is now available in the policy/v1 group/version.
  • The policy/v1beta1 group/version is deprecated, and will be removed in version 1.25. See the migration guide for details.

EndpointSlice (GA)

The EndpointSlice API has graduated to GA, bringing performance improvements over the v1 Endpoints API.

  • This more scalable API for service discovery is now enabled on all clusters and is promoted to discovery.k8s.io/v1.
  • The discovery.k8s.io/v1beta1 group/version is deprecated, and will be removed in version 1.25. See the migration guide for details.

Default namespace label (Beta)

Namespace API objects now have a kubernetes.io/metadata.name label matching their metadata.name field to allow selecting any namespace by its name using a label selector. This can be used for objects which select namespaces by label, such as admission webhooks and network policies.

Bound service account token volumes (Beta)

  • The API credentials injected into containers at /var/run/secrets/kubernetes.io/serviceaccount/token are now time-limited, auto-refreshed, and invalidated when the containing pod is deleted.
  • By default, injected tokens are given an extended lifetime so they remain valid even after a new refreshed token is provided. The metric serviceaccount_stale_tokens_total and the audit annotation authentication.k8s.io/stale-token can be used to monitor for workloads that depend on the extended lifetime and are continuing to use tokens even after a refreshed token is provided to the container.
  • Clients should reload the token from disk periodically (once per minute is recommended) to ensure they use the refreshed token. k8s.io/client-go version 11.0.0+ and 0.15.0+ reload tokens automatically.

In Kubernetes 1.21, newly provisioned PersistentVolumes by gce-pd will use the topology.kubernetes.io/zone GA label instead of the failure-domain.beta.kubernetes.io/zone beta label.

1.21 New Beta and Stable APIs

The following Stable APIs are new in 1.21:

  • batch/v1 CronJob
  • policy/v1 PodDisruptionBudget
  • discovery.k8s.io/v1 EndpointSlice

The following Beta APIs are new in 1.21:

  • storage.k8s.io/v1beta1 CSIStorageCapacity

1.21 Deprecated APIs

The following APIs are deprecated in the 1.21 release:

  • PodSecurityPolicy
    • policy/v1beta1 PodSecurityPolicy
    • Deprecated in 1.21 with removal targeted for version 1.25.
  • The following Beta versions of newly graduated APIs will be removed in 1.25 in favor of GA versions:
    • discovery.k8s.io/v1beta1 EndpointSlice
    • policy/v1beta1 PodDisruptionBudget
    • batch/v1beta1 CronJob
  • The following Beta versions of previously graduated APIs will be removed in 1.22 in favor of GA versions:
    • admissionregistration.k8s.io/v1beta1, MutatingWebhookConfiguration
    • admissionregistration.k8s.io/v1beta1, ValidatingWebhookConfiguration
    • apiextensions.k8s.io/v1beta1, CustomResourceDefinition
    • apiregistration.k8s.io/v1beta1, APIService
    • authentication.k8s.io/v1beta1, TokenReview
    • authorization.k8s.io/v1beta1, LocalSubjectAccessReview
    • authorization.k8s.io/v1beta1, SelfSubjectAccessReview
    • authorization.k8s.io/v1beta1, SubjectAccessReview
    • certificates.k8s.io/v1beta1, CertificateSigningRequest
    • coordination.k8s.io/v1beta1, Lease
    • extensions/v1beta1, Ingress
    • networking.k8s.io/v1beta1, Ingress
    • networking.k8s.io/v1beta1, IngressClass
    • rbac.authorization.k8s.io/v1beta1, ClusterRole
    • rbac.authorization.k8s.io/v1beta1, ClusterRoleBinding
    • rbac.authorization.k8s.io/v1beta1, Role
    • rbac.authorization.k8s.io/v1beta1, RoleBinding
    • scheduling.k8s.io/v1beta1, PriorityClass
    • storage.k8s.io/v1beta1, CSIDriver
    • storage.k8s.io/v1beta1, CSINode
    • storage.k8s.io/v1beta1, StorageClass
    • storage.k8s.io/v1beta1, VolumeAttachment

GKE clusters running version 1.18 or later now support container native Cloud DNS (available in Preview). Cloud DNS can be used as the in-cluster DNS provider instead of kube-dns.

May 21, 2021

Network Policy Logging is generally available (GA). Note that Network Policy Logging requires Dataplane V2.

May 20, 2021

In GKE version 1.20 and later, audit logging does not occur for Binary Authorization fail open events.

May 19, 2021

(2021-R17) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

  • Version 1.17.17-gke.8200 is now available.
  • Version 1.18.18-gke.1100 is now available.
  • Version 1.19.10-gke.1600 is now available.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.17 to version 1.18.17-gke.700 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.18 to version 1.18.17-gke.700 with this release.

Stable channel

  • Version 1.18.17-gke.700 is now the default version in the Stable channel.
  • Version 1.18.17-gke.1200 is now available in the Stable channel.
  • Version 1.18.17-gke.100 is no longer available in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.17 to version 1.18.17-gke.700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.18 to version 1.18.17-gke.700 with this release.

Regular channel

  • Version 1.19.9-gke.1900 is now available in the Regular channel.
  • Version 1.18.17-gke.700 is no longer available in the Regular channel.

Rapid channel

  • Version 1.20.6-gke.1000 is now the default version in the Rapid channel.
  • Version 1.19.9-gke.1900 is no longer available in the Rapid channel.
  • Version 1.19.10-gke.1000 is no longer available in the Rapid channel.
  • The following control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded with this release:

For GKE clusters running 1.18.18-gke.1200 or later, Ingress Controller only syncs NEGs that were created by the controller. Custom named NEGs that were created outside of the controller will no longer be synced.

May 17, 2021

The UpgradeAvailableEvent notification is now generally available.

May 12, 2021

(2021-R16) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

  • Version 1.19.9-gke.1400 is now the default version.
  • Version 1.17.17-gke.7800 is now available.
  • Version 1.19.10-gke.1000 is now available.
  • The following versions are no longer available:
    • 1.18.15-gke.1501
    • 1.18.15-gke.1502
    • 1.18.16-gke.1201
    • 1.18.16-gke.2100
    • 1.18.16-gke.300
    • 1.18.16-gke.302
    • 1.18.16-gke.502
  • The following control planes and nodes with auto-upgrade enabled will be upgraded with this release:

Stable channel

  • Version 1.18.17-gke.700 is now available in the Stable channel.
  • The following control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded with this release:

Regular channel

  • Version 1.19.9-gke.1400 is now the default version in the Regular channel.
  • Version 1.18.17-gke.100 is no longer available in the Regular channel.
  • Version 1.19.8-gke.1600 is no longer available in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.18 to version 1.19.9-gke.1400 with this release.

Rapid channel

  • Version 1.19.10-gke.1000 is now available in the Rapid channel.
  • Version 1.20.6-gke.1000 is now available in the Rapid channel.
  • Version 1.20.5-gke.2000 is no longer available in the Rapid channel.
  • The following control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded with this release:

Dataplane V2 is generally available in newly created clusters using GKE versions 1.20.6-gke.700 and later.

The GKE Gateway controller, Google Cloud's implementation of the Gateway API, is available in Preview in GKE version 1.20 and later. See Deploying Gateways for how to expose applications using Gateway.

In GKE version 1.20 and later, the GKE Gateway controller introduces the new gateway.networking.x-k8s.io resource. This is similar but different from the gateway.networking.istio.io resource. This may cause the kubectl get gateway command to return the incorrect Gateway resource unless the fully qualified resource name is used. To avoid seeing unexpected results when using kubectl, see Kubernetes Gateways and Istio Gateways.

The Istio project recently disclosed a new security vulnerability (CVE-2021-31920) affecting Istio. For more information, see the GCP-2021-006 security bulletin.

May 06, 2021

You can now enable and configure OS Login for private GKE clusters and nodes. This feature is enabled for private GKE clusters running node pool versions 1.20.5 or later.

The Envoy and Istio projects recently announced several new security vulnerabilities ( CVE-2021-28683, CVE-2021-28682, and CVE-2021-29258) that could allow an attacker to crash Envoy.

For more information, see the GCP-2021-004 security bulletin.

May 04, 2021

(2021-R15) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

  • Version 1.18.17-gke.100 is now the default version.
  • Version 1.17.17-gke.7200 is now available.
  • The following versions are no longer available:
    • 1.16.15-gke.12500
    • 1.16.15-gke.14800
    • 1.17.17-gke.1101
    • 1.17.17-gke.1500
    • 1.17.17-gke.2800
    • 1.17.17-gke.3000
  • The following control planes and nodes with auto-upgrade enabled will be upgraded with this release:

Stable channel

  • Version 1.18.17-gke.100 is now the default version in the Stable channel.
  • Version 1.17.17-gke.5400 is now available in the Stable channel.
  • The following versions are no longer available in the Stable channel:
    • 1.17.17-gke.3700
    • 1.18.16-gke.2100
  • The following control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded with this release:

Regular channel

  • Version 1.18.17-gke.100 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • Version 1.18.16-gke.2100 is no longer available in the Regular channel.
  • The following control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded with this release:

Rapid channel

  • Version 1.19.9-gke.1900 is now the default version in the Rapid channel.
  • Version 1.19.9-gke.1400 is no longer available in the Rapid channel.
  • The following control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded with this release:

May 03, 2021

The kubelet graceful node shutdown feature is now enabled on preemptible and GPU accelerator nodes running versions 1.20.5-gke.500 or later.

April 29, 2021

For GKE clusters with Windows Server nodes, node names will now be limited to 15-characters to allow for Active Directory joining.

Fixes for the following GKE Autopilot clusters issues are rolling out to the Rapid release channel:

  • Pods with a priority lower than -10 would not trigger scale up.
  • Pod anti-affinity might cause overscaling.

April 27, 2021

(2021-R14) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

Stable channel

  • Version 1.17.17-gke.4900 is now available in the Stable channel.
  • Version 1.18.17-gke.100 is now available in the Stable channel
  • Version 1.18.16-gke.302 is no longer available in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.18 to version 1.18.16-gke.2100 with this release.

Regular channel

  • Version 1.18.16-gke.2100 is now the default version in the Regular channel.
  • Version 1.18.17-gke.100 is now available in the Regular channel.
  • Version 1.18.16-gke.502 is no longer available in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.17 to version 1.18.16-gke.2100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.18 to version 1.18.16-gke.2100 with this release.

Rapid channel

  • Version 1.19.9-gke.1400 is now the default version in the Rapid channel.
  • Version 1.19.9-gke.1900 is now available in the Rapid channel.
  • Version 1.20.5-gke.2000 is now available in the Rapid channel.
  • Version 1.19.9-gke.700 is no longer available in the Rapid channel.
  • Version 1.20.5-gke.1300 is no longer available in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.18 to version 1.19.9-gke.1400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.19.9-gke.1400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.20.5-gke.2000 with this release.

Multi-Instance GPU on GKE is available in Preview.

April 21, 2021

See GKE release schedule for information on the current versions rollout and support schedule. See Versioning for details on the GKE version suppport and life cycle.

April 20, 2021

(2021-R13) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

Stable channel

  • Version 1.17.17-gke.3700 is now the default version in the Stable channel.
  • Version 1.18.16-gke.2100 is now available in the Stable channel.
  • Version 1.17.17-gke.3000 is no longer available in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.16 to version 1.17.17-gke.3700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.17 to version 1.17.17-gke.3700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.18 to version 1.18.16-gke.302 with this release.

Regular channel

  • Version 1.18.16-gke.2100 is now available in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to version 1.19.8-gke.1600 with this release.

Rapid channel

  • Version 1.19.9-gke.700 is now the default version in the Rapid channel.
  • Version 1.19.9-gke.1400 is now available in the Rapid channel.
  • Version 1.20.5-gke.1300 is now available in the Rapid channel.
  • Version 1.19.9-gke.100 is no longer available in the Rapid channel.
  • Version 1.20.5-gke.800 is no longer available in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.18 to version 1.19.9-gke.700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.19.9-gke.700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.20.5-gke.1300 with this release.

The Kubernetes project recently announced a new security vulnerability, CVE-2021-25735, that could allow node updates to bypass a Validating Admission Webhook. For more details, see the GCP-2021-003 security bulletin.

April 19, 2021

Due to GKE Autopilot restrictions on the kubelet API surface, the Datadog Agent is not operating correctly on Autopilot mode clusters.

April 14, 2021

(2021-R12) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

Stable channel

  • Version 1.17.17-gke.3000 is now the default version in the Stable channel.
  • Version 1.17.17-gke.3700 is now available in the Stable channel.
  • Version 1.17.17-gke.2800 is no longer available in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.16 to version 1.17.17-gke.3000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.17 to version 1.17.17-gke.3000 with this release.

Regular channel

  • Version 1.19.8-gke.1600 is now available in the Regular channel.
  • Version 1.18.16-gke.302 is no longer available in the Regular channel.

Rapid channel

  • Version 1.19.9-gke.100 is now the default version in the Rapid channel.
  • Version 1.19.9-gke.700 is now available in the Rapid channel.
  • Version 1.20.5-gke.800 is now available in the Rapid channel.
  • Version 1.19.8-gke.2000 is no longer available in the Rapid channel.
  • Version 1.20.5-gke.101 is no longer available in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.18 to version 1.19.9-gke.100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.19.9-gke.100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.20.5-gke.800 with this release.

1.19 GA

GKE version 1.19 is now generally available (GA).

Before upgrading to 1.19, read the Kubernetes 1.19 Release Notes especially the Urgent upgrade notes.

See below for notable changes and features in version 1.19.

The basic authentication method is no longer available starting with Kubernetes version 1.19. GKE clusters also no longer support basic authentication as they gradually upgrade to Kubernetes version 1.19. Basic authentication has been disabled by default for new GKE clusters since GKE version 1.12 and its usage has been discouraged in the Hardening your cluster's security guide. Migrate away from basic authentication before your cluster control planes are upgraded to Kubernetes version 1.19 to ensure your API clients can continue accessing the API server. To learn more about recommended authentication methods in GKE, see Authenticating to the Kubernetes API Server.

Admission webhooks and custom resource conversion webhooks must use serving certificates that contain the server name in a subjectAltName extension. Server names in the certificate CommonName will not be honored in future versions.

kube-proxy now uses EndpointSlices by default.

With the release of GKE node version 1.19, the Container-Optimized OS with Docker (cos) variant is deprecated. Please migrate to the Container-Optimized OS with Containerd (cos_containerd) variant, which is now the default GKE node image. For instructions, see Containerd images.

Seccomp General Availability (GA)

Seccomp (secure computing mode) support for Kubernetes has graduated to General Availability (GA). This feature can be used to increase the workload security by restricting the system calls for a Pod (applies to all containers) or individual containers.

A new seccompProfile field is added to Pod and Container securityContext objects, starting in Kubernetes version 1.19.

securityContext:
  seccompProfile:
    # "Unconfined", "RuntimeDefault", or "Localhost"
    type: Localhost
    # only necessary if type == Localhost
    localhostProfile: my-profiles/profile-allow.json

The alpha seccomp annotations seccomp.security.alpha.kubernetes.io/pod and container.seccomp.security.alpha.kubernetes.io/... are deprecated in favor of the GA API field. The alpha annotations will not be honored in Kubernetes versions 1.22 and later.

Prepare for transition

If you are currently using Seccomp annotations on Pods or Containers, you should identify and transition workloads using the annotations to set the API fields before version 1.21 is released on GKE (approximately in June 2021). No change on PodSecurityPolicy is required, as it supports both annotation and field seccomp profiles. You can perform the following recommended steps:

Locate Seccomp annotation usages

In your Kubernetes manifest files, search for "seccomp.security.alpha.kubernetes.io/pod" and "container.seccomp.security.alpha.kubernetes.io/".

Add or update securityContext fields

Based on your annotation usage, add or update (if securityContext already exists) the securityContext field in the Pod or Container spec. The annotations can be left in place, but must match the securityContext API field.

Current annotation usage Add or update securityContext
seccomp.security.alpha.kubernetes.io/pod In the Pod's securityContext, add the seccompProfile field.
container.seccomp.security.alpha.kubernetes.io/container-name In the container-name container's securityContext, add the seccompProfile field.

Set values for seccompProfile

The type field of seccompProfile corresponds to the annotation value, and localhostProfile field corresponds to the path following localhost annotation value.

Current annotation value seccompProfile value
unconfined
seccompProfile:
 type: Unconfined
runtime/default or docker/default
seccompProfile:
 type: RuntimeDefault
localhost/path/to/profile.json
seccompProfile:
 type: Localhost
 localhostProfile: path/to/profile.json

More resources

The widely used Ingress API has graduated to general availability in Kubernetes 1.19. The v1beta1 Ingress API is deprecated, and will no longer be served in versions 1.22 and later. Before version 1.21, identify and transition clients and manifests using the v1beta1 Ingress API to use networking.k8s.io/v1.

Clusters with Google Cloud's operations suite enabled can use the following query to identify clients that access the Ingress v1beta1 APIs:

resource.type="k8s_cluster"
resource.labels.cluster_name="$CLUSTER_NAME"
protoPayload.authenticationInfo.principalEmail:("system:serviceaccount" OR "@")
protoPayload.request.apiVersion=("extensions/v1beta1" OR "networking.k8s.io/v1beta1")
protoPayload.request.kind="Ingress"
NOT ("kube-system")

Identify and transition clients and manifests using the v1beta1 Ingress APIs to use networking.k8s.io/v1 before version 1.21 is released on GKE (approximately in June 2021), then verify no clients are using the v1beta1 API during the version 1.21 timeframe. Workloads using the v1beta1 APIs need to be upgraded before your cluster is upgraded to GKE 1.22.

To migrate manifests to networking.k8s.io/v1, perform the following:

  1. Rename the spec.backend field (if specified) to spec.defaultBackend.
  2. Rename each backend.serviceName field to backend.service.name.
  3. Rename each numeric backend.servicePort field to backend.service.port.number.
  4. Rename each string backend.servicePort field to backend.service.port.name.
  5. Specify a pathType field for each defined path. Options are Prefix, Exact, and ImplementationSpecific. To match the undefined v1beta1 behavior, use ImplementationSpecific.

As an example, to migrate this v1beta1 manifest to v1:

Original v1beta1 manifest Equivalent networking.k8s.io/v1 manifest
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: example
spec:
  backend:
    serviceName: default-backend
    servicePort: 80
  rules:
  - http:
      paths:
      - path: /testpath
        backend:
          serviceName: test
          servicePort: 80
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: example
spec:
  defaultBackend:
    service:
      name: default-backend
      port:
        number: 80
  rules:
  - http:
      paths:
      - path: /testpath
        pathType: ImplementationSpecific
        backend:
          service:
            name: test
            port:
              number: 80

CertificateSigningRequest v1 API

The CertificateSigningRequest API has graduated to certificates.k8s.io/v1 in Kubernetes 1.19. The v1beta1 CertificateSigningRequest API is deprecated and will no longer be served in version 1.22 and later.

Clusters with Google Cloud's operations suite enabled can use the following query to identify clients that access the CertificateSigningRequest v1beta1 APIs:

resource.type="k8s_cluster"
resource.labels.cluster_name="$CLUSTER_NAME"
protoPayload.authenticationInfo.principalEmail:("system:serviceaccount" OR "@")
protoPayload.request.apiVersion="certificates.k8s.io/v1beta1"
NOT ("kube-system")

Identify and transition clients and manifests using the v1beta1 CertificateSigningRequest API to use certificates.k8s.io/v1 before version 1.21 is released on GKE (approximately in June 2021), then verify no clients are using the v1beta1 API during the version 1.21 timeframe. Workloads using the v1beta1 API need to be upgraded before your cluster is upgraded to GKE version 1.22.

Differences between the v1beta1 and v1 API are as follows:

  • For API clients requesting certificates:
    • spec.signerName is now required, and requests for kubernetes.io/legacy-unknown are not allowed to be created via the certificates.k8s.io/v1 API.
    • spec.usages is now required, may not contain duplicate values, and must only contain known usages.
  • For API clients approving or signing certificates:
    • status.conditions may not contain duplicate types.
    • status.conditions[*].status is now required.
    • status.certificate must be PEM-encoded, and must contain only CERTIFICATE blocks.

Admission webhooks and custom resource conversion webhooks using invalid serving certificates that do not contain the server name in a subjectAltName extension cannot be contacted by the Kubernetes API server in 1.19 prior to version 1.19.9-gke.400. This will be resolved in version 1.19.9-gke.400, and automatic upgrades from 1.18 to 1.19 will not begin until this issue is resolved. However, affected webhooks should work to correct their serving certificates in order to work correctly with Kubernetes version 1.22 and later.

Service API objects with more than 100 ports do not work correctly with EndpointSlices (https://issue.k8s.io/99382). This will be resolved in version 1.19.9-gke.600, and automatic upgrades from 1.18 to 1.19 will not begin until this issue is resolved.

April 06, 2021

(2021-R11) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

Stable channel

Regular channel

  • Version 1.18.16-gke.502 is now the default version.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.17 to version 1.18.16-gke.502 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.18 to version 1.18.16-gke.502 with this release.

Rapid channel

  • Version 1.19.8-gke.2000 is now the default version.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.19.8-gke.1600
    • 1.20.4-gke.2200
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.18 to version 1.19.8-gke.2000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.19.8-gke.2000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.20.5-gke.100 with this release.

Versions no longer available

The following versions are no longer available for new clusters or upgrades:

  • Versions 1.15 and earlier.

March 29, 2021

(2021-R10) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

  • Version 1.17.17-gke.2800 is now the default version.
  • The following versions are now available:
  • The following versions are no longer available:
    • 1.15.12-gke.6002
    • 1.16.15-gke.10600
    • 1.16.15-gke.11800
    • 1.16.15-gke.7801
    • 1.17.15-gke.800
    • 1.17.17-gke.1100
    • 1.18.12-gke.1210
    • 1.18.14-gke.1200
    • 1.18.14-gke.1600
    • 1.18.15-gke.1100
    • 1.18.15-gke.1102
    • 1.18.15-gke.1500
    • 1.18.16-gke.1200
    • 1.18.16-gke.500
  • Control planes and nodes with auto-upgrade enabled will be upgraded from versions 1.17 and earlier to version 1.17.17-gke.2800 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.18 to version 1.18.16-gke.302 with this release.

Stable channel

  • Version 1.17.17-gke.2800 is now the default version in the Stable channel.
  • The following versions are no longer available in the Stable channel:
    • 1.16.15-gke.7801
    • 1.17.17-gke.1101
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from versions 1.17 and earlier to version 1.17.17-gke.2800 with this release.

Regular channel

  • Version 1.18.16-gke.302 is now the default version in the Regular channel.
  • Version 1.18.16-gke.502 is now available in the Regular channel.
  • The following versions are no longer available in the Regular channel:
    • 1.18.15-gke.1501
    • 1.18.15-gke.1502
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.18 to version 1.18.16-gke.302 with this release.

Rapid channel

  • Version 1.19.8-gke.1600 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.19.8-gke.1000
    • 1.20.4-gke.1800
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.19.8-gke.1600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.20.4-gke.2200 with this release.

March 24, 2021

The europe-central2 region in Warsaw is now available.

March 23, 2021

Starting tomorrow, March 24, 2021, the mechanism we use to create GKE release notes will change. Although this change does not affect the content of the notes, it does affect the presentation and underlying syntax. If you subscribe to the XML feed for this page, entries for March 24 and earlier will be updated as a result of changes to formatting and syntax; the content itself did not change.

The feed URL will also change from https://cloud.google.com/feeds/kubernetes-engine-release-notes.xml to https://cloud.google.com/feeds/gke-main-release-notes.xml. We will automatically redirect from the old URL to the new one.

Workload Identity for Windows Server nodes is now available in GKE versions 1.18.16-gke.1200, 1.19.8-gke.1300, 1.20.4-gke.1500, and later.

Windows Server, version 1909 is reaching end of support on May 11, 2021. Newer Windows Server image versions are available in GKE versions 1.19.8-gke.1600+ and 1.20.4-gke.500+.

March 19, 2021

Google canonical error codes are now available in GA. GKE operations now use the canonical error model to report errors.

Added support for multiple pod CIDRs (available in Preview) which allows users to specify a different Pod CIDR for a new node pool than the one specified during cluster creation. This alleviates the problem of running out of Pod IP addresses for under provisioned clusters.

You can dynamically update the network tags, node labels and node taints of an existing GKE node pool. This feature is available in Preview. For more information, see Applying updates to node pool metadata.

March 16, 2021

(2021-R9) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

Stable channel

  • Version 1.17.17-gke.2800 is now available in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from versions 1.17 and earlier to version 1.17.17-gke.1101 with this release.
  • Version 1.17.17-gke.1100 is no longer available in the Stable channel.

Regular channel

  • Version 1.18.15-gke.1501 is now the default version in the Regular channel.
  • Version 1.18.15-gke.1502 is now available in the Regular channel.
  • Version 1.18.16-gke.302 is now available in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.18 to version 1.18.15-gke.1501 with this release.
  • Version 1.18.12-gke.1210 is no longer available in the Regular channel.

Rapid channel

  • Version 1.19.8-gke.1000 is now the default version in the Rapid channel.
  • Version 1.19.8-gke.1600 is now available in the Rapid channel.
  • Version 1.20.4-gke.1800 is now available in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.19.8-gke.1000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.20.4-gke.1800 with this release.
  • Version 1.19.7-gke.2503 is no longer available in the Rapid channel.
  • Version 1.20.4-gke.400 is no longer available in the Rapid channel.

Internal TCP/UDP load balancer subsetting (Preview) is available on GKE. With subsetting, GKE clusters using internal load balancer Services can scale beyond 250 nodes. This feature is in Preview for new GKE clusters on version 1.18 and existing clusters on version 1.19. Subsetting removes the current node scale limitations associated with GKE internal TCP/UDP load balancers.

All ports (Preview) is available for internal load balancer Services on GKE. All ports lets you open more than 5 ports on a TCP/UDP load balancer that is being used with GKE. This feature is in Preview for new GKE clusters on version 1.18 and is automatically enabled when subsetting is enabled on the GKE cluster.

March 10, 2021

40 Kubernetes metrics as part of Cloud Operations for GKE are now generally available.

Starting in version 1.19.8-gke.1000, in the Rapid release channel, the --can-ip-forward flag is disabled for all new clusters. Existing VPC-native clusters when upgraded to 1.19.8-gke.1000 will set the --can-ip-forward flag to disabled.

March 05, 2021

(2021-R8) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

Stable channel

  • Version 1.17.17-gke.1101 is now available in the Stable channel. This version is now the default.
  • Auto-upgrading nodes and control planes in the Stable channel upgrade from versions 1.17 and earlier to version 1.17.17-gke.1100 with this release.
  • Version 1.15.12-gke.6002 is no longer available in the Stable channel.
  • Version 1.16.15-gke.7800 is no longer available in the Stable channel.
  • Version 1.17.15-gke.800 is no longer available in the Stable channel.

Regular channel

  • Version 1.18.15-gke.1501 is now available in the Regular channel.
  • Version 1.18.15-gke.1102 is no longer available in the Regular channel.

Rapid channel

  • Version 1.19.7-gke.2503 is now available in the Rapid channel. This version is now the default.
  • Version 1.19.8-gke.1000 is now available in the Rapid channel.
  • Version 1.20.4-gke.400 is now available in the Rapid channel.
  • Auto-upgrading nodes and control planes in the Rapid channel upgrade from version 1.19 to version 1.19.7-gke.2503 with this release.
  • Auto-upgrading nodes and control planes in the Rapid channel upgrade from version 1.20 to version 1.20.4-gke.400 with this release.
  • Version 1.19.7-gke.1500 is no longer available in the Rapid channel.
  • Version 1.20.2-gke.2500 is no longer available in the Rapid channel.

March 02, 2021

Starting with GKE version 1.19.7-gke.2000 (minimum GKE node version: 1.18.12- gke.1203, 1.19.6-gke.800), the Compute Engine persistent disk Container Storage Interface (CSI) Driver for Windows (Preview) is available in GKE. This feature allows you to take advantage of the latest persistent disk features without having to manually manage the CSI driver lifecycle. The CSI driver provides access to features such as volume snapshot and volume expansion. For more information, see Using the Compute Engine persistent disk CSI Driver.

The GKE Service Level Agreement now covers the Regular channel for both Standard and Autopilot modes of operation.

February 25, 2021

(2021-R7) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

Stable channel

Regular channel

  • Version 1.18.15-gke.1102 is now available in the Regular channel.
  • Version 1.18.12-gke-1206 is no longer available in the Regular channel.
  • Auto-upgrading control planes in the Regular channel automatically upgrade from version 1.18 to version 1.18.12-gke.1210 with this release.
  • Auto-upgrading nodes in the Regular channel automatically upgrade from version 1.18.12-gke.1210 with this release.

Rapid channel

  • Version 1.19.7-gke.1500 is the new default version in the Rapid channel.
  • Version 1.19.7-gke.2503 is now available in the Rapid channel.
  • Version 1.20.2-gke.2500 is now available in the Rapid channel. Before upgrading to 1.20.2-gke.2500, read the 1.20 available in the Rapid channel section in the release notes.
  • Version 1.19.7-gke.1302 is no longer available in the Rapid channel.
  • Auto-upgrading control planes in the Rapid channel automatically upgrade from version 1.19 to version 1.19.7-gke.1500 with this release.
  • Auto-upgrading control planes in the Rapid channel automatically upgrade from version 1.20 to version 1.20.2-gke.2500 with this release.
  • Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.19 to version 1.19.7-gke.1500 with this release.
  • Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.20 to version 1.20.2-gke.2500 with this release.

1.20 available in the Rapid channel

Kubernetes 1.20 is now available in the Rapid channel. Before upgrading to 1.20.2-gke.2500, read the Kubernetes 1.20 ReleaseNotes especially the Urgent upgrade notes and Deprecations sections.

RuntimeClass graduated to GA in version 1.20: The node.k8s.io/v1beta1 RuntimeClass API has graduated to node.k8s.io/v1 with no changes. API clients and manifests should switch to using the node.k8s.io/v1 API after version 1.20. The node.k8s.io/v1beta1 API is deprecated and will no longer be served starting in version 1.25.

As of version 1.20, the kubelet no longer creates the target_path for NodePublishVolume in accordance with the CSI spec. If you have self-managed CSI drivers deployed in your cluster, ensure that they are idempotent and do any necessary mount creation or verification. For more information, see Kubernetes issue #88759.

Starting in version 1.20, timeouts on exec probes are honored, and default to 1 second if unspecified. If you have Pods using exec probes, ensure that they can easily complete in 1 second or explicitly set an appropriate timeout. For more information, see ConfigureProbes.

Non-deterministic treatment of objects with invalid ownerReferences was fixed in version 1.20. Run the kubectl-check-ownerreferences tool prior to upgrade to locate existing objects with invalid ownerReferences.

  • A namespaced object with an ownerReference to another namespaced object which does not exist in the same namespace is now consistently treated as having a missing owner and is deleted.

  • A cluster-scoped object with an ownerReference to a namespaced object is now consistently treated as having an unresolvable owner, and is ignored by the garbage collector.

  • Starting in version 1.20, when a namespace mismatch between a child and owner object is detected, an event with a reason code of OwnerRefInvalidNamespace is recorded.

The metadata.selfLink field, deprecated since version 1.16, is no longer populated in version 1.20. See Kubernetes issue #1164 for details. A related bug in the k8s.io/client-golibrary in the GetReference function was fixed in versions 0.15.9 or later, 0.16.4 or later, and 0.17.0 or later. Clients using the GetReference function should upgrade to one of those versions of client-go or newer in order to work correctly against an API Server running version 1.20 or later.

You can now create clusters using the Autopilot mode. Autopilot is a new mode of operation in GKE that is designed to reduce the operational cost of managing clusters, optimize your clusters for production, and yield higher workload availability. For more information, see the Autopilot overview and blog post.

February 22, 2021

This note was updated on March 2, 2021. The issue with the Config Connector add-on with private clusters is a known issue, not a fixed issue.

GKE version 1.19.7-gke.1500 contains a fix for a performance issue in NodeLocal DNSCache. For more information, see NodeLocalDNS timeout errors.

Customers using the Config Connector add-on with private clusters might see an issue with all resource requests timing out. Affected customers must manually create a firewall rule that allows your cluster control plane to initiate TCP connections to your nodes on port 9443. For more information, see Adding firewall rules for specific use cases. This issue will be fixed in a future release.

February 17, 2021

This note was updated on March 3, 2021. Version 1.15.12-gke.6002 is still available in the Stable channel for R6.

(2021-R6) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

  • Version 1.16.15-gke.11800 is now available.
  • Version 1.17.17-gke.1500 is now available.
  • Version 1.18.15-gke.1500 is now available.
  • Version 1.15.12-gke.6002 is no longer available.
  • Version 1.16.15-gke.6000 is no longer available.
  • Version 1.16.15-gke.6900 is no longer available.
  • Version 1.16.15-gke.7300 is no longer available.
  • Version 1.17.14-gke.1600 is no longer available.
  • Version 1.17.15-gke.300 is no longer available.
  • Version 1.18.12-gke.1205 is no longer available.
  • Version 1.18.15-gke.800 is no longer available.
  • Auto-upgrading control planes automatically upgrade from version 1.15 to version 1.16.15-gke.7800 with this release.

Stable channel

  • Version 1.16.15-gke.6000 is no longer available in the Stable channel.
  • Auto-upgrading control planes in the Stable channel automatically upgrade from version 1.0.0 to version 1.16.15-gke.7800 with this release.

Regular channel

  • Version 1.18.12-gke.1206 is now available in the Regular channel. This version is now the default.
  • Version 1.17.14-gke.1600 is no longer available in the Regular channel.
  • Version 1.17.15-gke.800 is no longer available in the Regular channel.
  • Auto-upgrading control planes in the Regular channel automatically upgrade from version 1.17 to version 1.18.12-gke.1206 with this release.
  • Auto-upgrading nodes in the Regular channel automatically upgrade from version 1.17 to version 1.18.12-gke.1206 with this release.

Rapid channel

  • Version 1.19.7-gke.1302 is now available in the Rapid channel. This version is now the default.
  • Version 1.19.7-gke.1500 is now available in the Rapid channel.
  • Version 1.18.12-gke.1206 is no longer available in the Rapid channel.
  • Version 1.19.7-gke.800 is no longer available in the Rapid channel.
  • Auto-upgrading control planes in the Rapid channel automatically upgrade from version 1.18 to version 1.19.7-gke.1302 with this release.
  • Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.18 to version 1.19.7-gke.1302 with this release.

Multi-cluster Services (MCS) is now Generally Available (GA) for GKE versions 1.17 and later. MCS provides a Kubernetes-native interface to build Kubernetes applications that span multiple clusters.

MCS enables existing Services to be discoverable and accessible across clusters with a virtual IP, matching the behavior of a ClusterIP Service accessible in a cluster.

The COS image for GKE 1.16 clusters is now cos-77-12371-1109-0.

GKE version 1.16.15-gke.11800 contains a fix for the certificate update issue in Internal Ingress.

February 16, 2021

For clusters using a 1.19 version, with the Container-Optimized OS with Containerd (cos_containerd) node image, the issue where dockerd (the Docker Daemon) is not running at boot is now fixed.

February 09, 2021

February 23, 2021 updates: The control plane auto-upgrade from 1.15 to 1.16.15-gke.6000 was added to the Stable and No channels. The control plane auto-upgrade from 1.16 and 1.17 to 1.17.15-gke.800 was added to the Stable and No channels. The node upgrades from 1.15, 1.16, and 1.17 to version 1.17.15-gke.800 were added to the Stable and No channels.

February 10, 2021 updates: The node auto-upgrade from 1.15 to version 1.16.15-gke.6000 was removed from the Stable channel. The version 1.17.14-gke.1600 is no longer available in the Stable channel.

(2021-R5) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

  • Version 1.17.15-gke.800 is now available. This version is now the default.
  • Version 1.16.15-gke.11000 is now available.
  • Version 1.17.17-gke.1100 is now available.
  • Version 1.18.12-gke.1210 is now available.
  • Version 1.18.15-gke.1100 is now available.
  • Version 1.16.15-gke.4901 is no longer available.
  • Version 1.17.14-gke.400 is no longer available.
  • Auto-upgrading control planes automatically upgrade from version 1.15 to version 1.16.15-gke.6000 with this release.
  • Auto-upgrading control planes automatically upgrade from version 1.16 to version 1.17.15-gke.800 with this release.
  • Auto-upgrading control planes automatically upgrade from version 1.17 to version 1.17.15-gke.800 with this release.
  • Auto-upgrading nodes automatically upgrade from version 1.15 to version 1.17.15-gke.800 with this release. version 1.17.15-gke.800 with this release.
  • Auto-upgrading nodes automatically upgrade from version 1.16 to version 1.17.15-gke.800 with this release.
  • Auto-upgrading nodes automatically upgrade from version 1.17 to version 1.17.15-gke.800 with this release.
  • Auto-upgrading nodes automatically upgrade from version 1.18 to version 1.18.12-gke.1206 with this release.

Stable channel

  • Version 1.17.15-gke.800 is now available in the Stable channel. This version is now the default.
  • Version 1.17.14-gke.1600 is no longer available in the Stable channel.
  • Auto-upgrading control planes in the Stable channel automatically upgrade from version 1.15 to version 1.16.15-gke.6000 with this release.
  • Auto-upgrading control planes in the Stable channel automatically upgrade from version 1.16 to version 1.17.15-gke.800 with this release.
  • Auto-upgrading control planes in the Stable channel automatically upgrade from version 1.17 to version 1.17.15-gke.800 with this release.
  • Auto-upgrading nodes in the Stable channel automatically upgrade from version 1.15 to version 1.17.15-gke.800 with this release.
  • Auto-upgrading nodes in the Stable channel automatically upgrade from version 1.16 to version 1.17.15-gke.800 with this release.
  • Auto-upgrading nodes in the Stable channel automatically upgrade from version 1.17 to version 1.17.15-gke.800 with this release.

Regular channel

  • Version 1.17.15-gke.800 is now available in the Regular channel. This version is now the default.
  • Version 1.18.12-gke.1210 is now available in the Regular channel.
  • Version 1.18.12-gke.1205 is no longer available in the Regular channel.
  • Auto-upgrading nodes in the Regular channel automatically upgrade from version 1.17 to version 1.17.15-gke.800 with this release.
  • Auto-upgrading nodes in the Regular channel automatically upgrade from version 1.18 to version 1.18.12-gke.1206 with this release.

Rapid channel

  • Version 1.18.12-gke.1210 is now available in the Rapid channel. This version is now the default.
  • Version 1.19.7-gke.1302 is now available in the Rapid channel.
  • Version 1.18.12-gke.1205 is no longer available in the Rapid channel.
  • Version 1.19.6-gke.1700 is no longer available in the Rapid channel.
  • Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.18 to version 1.18.12-gke.1206 with this release.
  • Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.19 to version 1.19.7-gke.800 with this release.

February 05, 2021

Cluster Autoscaler now scales from 0 node pools, if Pods require ephemeral storage. However, scaling from 0 node pools remains unsupported for node pools that use ephemeral storage on local SSDs, as opposed to the boot disk. Node auto-provisioning scales up for Pods that explicitly require ephemeral storage. This change applies to clusters using a 1.19 version.

By default, newly created clusters are enrolled in the Regular release channel when the following flags are not specified: --cluster-version, --release-channel, --no-enable-autoupgrade, and --no-enable-autorepair.

Node auto-provisioning supports the machine-family toleration by choosing the custom machine family for creating the node pool. This change applies to clusters using a 1.19 version.

E2 is now the default machine type for node auto-provisioning. To continue using the N1 machine type, use the cloud.google.com/machine-family node selector. This change applies to clusters using a 1.19 version.

February 02, 2021

This note was updated on February 10, 2021. The node auto-upgrade from 1.15 to version 1.16.15-gke.6000 was removed from the No channel and Stable channel.

(2021-R4) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

Stable channel

Regular channel

Rapid channel

  • Version 1.18.12-gke.1206 is now available in the Rapid channel.
  • Version 1.19.7-gke.800 is now available in the Rapid channel.
  • Version 1.19.6-gke.600 is no longer available in the Rapid channel.
  • Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.19 to version 1.19.6-gke.1700 with this release.

January 28, 2021

2021-04-07 update: Added a previously reported security bulletin to this releases note.

For clusters using a 1.19 version, with the Container-Optimized OS with Containerd (cos_containerd) node image, dockerd (the Docker Daemon) is not running at boot. It needs to be started manually. This issue will be fixed in a future release.

A vulnerability was recently discovered in the Linux utility sudo, described in CVE-2021-3156, that may allow an attacker with unprivileged local shell access on a system with with sudoinstalled to escalate their privileges to root on the system. GKE clusters are not affected by this vulnerability. For more information, see the GCP-2021-001 security bulletin.

January 25, 2021

(2021-R3) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

  • Version 1.17.16-gke.1600 is now available.
  • Version 1.18.14-gke.1600 is now available.
  • Version 1.17.13-gke.2600 is no longer available.
  • Auto-upgrading nodes in the no channel automatically upgrade from version 1.17 to version 1.17.14-gke.1600 with this release.

Stable channel

There are no new releases in the Stable release channel.

Regular channel

  • Version 1.17.14-gke.1600 is now available in the Regular channel. This version is now the default.
  • Version 1.17.14-gke.400 is no longer available in the Regular channel.
  • Auto-upgrading nodes in the Regular channel automatically upgrade from version 1.17 to version 1.17.14-gke.1600 with this release.

Rapid channel

January 22, 2021

Multidimensional Pod autoscaling is now available in beta in the Rapid release channel. With this feature, you can use horizontal scaling based on CPU and vertical scaling based on memory at the same time. To learn more, see Configuring multidimensional Pod autoscaling.

Support for Legacy Logging and Legacy Monitoring for GKE is extended to GKE versions 1.16 and 1.17. Cloud Operations for GKE remains the default configuration for GKE 1.16 and 1.17. Both existing and new 1.16 and 1.17 clusters can use either of the two logging options.

GKE will gradually begin using the Konnectivity service for versions 1.19.4-gke.200 and later. Konnectivity replaces SSH tunnels between the control plane and nodes with a more secure TCP proxy. The change will first be introduced for non-private clusters.

The Ubuntu image for GKE 1.16 clusters is now ubuntu-gke-1804-1-16-v20201116.

This version includes the following improvements:

  • USN-4627-1 CVEs is fixed
  • A patch for the GPU driver installer for Ubuntu with containerd

January 19, 2021

(2021-R2) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

Stable channel

  • Version 1.17.14-gke.1600 is now available in the Stable channel.
  • Version 1.17.14-gke.1200 is no longer available in the Stable channel.
  • Auto-upgrading nodes in the Stable channel automatically upgrade from version 1.15 to version 1.16.15-gke.6000 with this release.
  • Auto-upgrading nodes in the Stable channel automatically upgrade from version 1.17 to version 1.17.14-gke.1600 with this release.

Regular channel

  • Version 1.17.14-gke.1600 is now available in the Regular channel.
  • Version 1.18.12-gke.1205 is now available in the Regular channel.
  • Version 1.17.14-gke.1200 is no longer available in the Regular channel.
  • Auto-upgrading nodes in the Regular channel automatically upgrade from version 1.18 to version 1.18.12-gke.1205 with this release.

Rapid channel

  • Version 1.18.12-gke.1205 is now available in the Rapid channel. This version is now the default.
  • Version 1.19.6-gke.600 is now available in the Rapid channel. Before upgrading to 1.19.6-gke.600, read the 1.19 available in the Rapid channel section in the release notes.
  • Version 1.18.12-gke.1200 is no longer available in the Rapid channel.
  • Version 1.18.12-gke.1202 is no longer available in the Rapid channel.
  • Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.18 to version 1.18.12-gke.1205 with this release.
  • Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.19 to version 1.19.6-gke.600 with this release.

1.19 available in the Rapid channel

Kubernetes 1.19 is now available in Rapid channel. Before upgrading to 1.19.6-gke.600, read Kubernetes 1.19 Release Notes especially the Urgent upgrade notes section.

Basic authentication with a password has been removed in Kubernetes 1.19. Clusters upgraded to 1.19 can no longer use basic authentication to authenticate users to the control plane.

Seccomp (secure computing mode) support for Kubernetes has graduated to General Availability (GA). This feature can be used to increase the workload security by restricting the system calls for a Pod (applies to all containers) or individual containers.

A new seccompProfile field is added to Pod and Container securityContext objects, starting in Kubernetes 1.19.

securityContext:
  seccompProfile:
    # "Unconfined", "RuntimeDefault", or "Localhost"
    type: Localhost
    # only necessary if type == Localhost
    localhostProfile: my-profiles/profile-allow.json

The alpha seccomp annotations seccomp.security.alpha.kubernetes.io/pod and container.seccomp.security.alpha.kubernetes.io/…are deprecated in favor of the GA API field. The alpha annotations will not be honored in Kubernetes 1.22+.

If you are currently using Seccomp annotations on Pods or Containers, you should identify and transition workloads using the annotations to set the API fields before 1.21 is released on GKE (approximately in June 2021). No change on PodSecurityPolicy is required, as it supports both annotation and field seccomp profiles. You can follow the recommended steps below:

  1. Locate Seccomp annotation usages. In your Kubernetes manifest files, search for "seccomp.security.alpha.kubernetes.io/pod" and "container.seccomp.security.alpha.kubernetes.io/"".

  2. Add or update securityContext fields. Based on your annotation usage, add or update (if securityContext already exists) the securityContext field in Pod or Container spec. The annotations can be left in place, but must match the securityContext API field.

    Current annotation usage Add or update securityContext
    seccomp.security.alpha.kubernetes.io/pod In Pod's securityContext, add seccompProfile field.
    container.seccomp.security.alpha.kubernetes.io/CONTAINER_NAME In CONTAINER_NAME's securityContext, add seccompProfile field.
  3. Set values for seccompProfile. The type field of seccompProfile corresponds to the annotation value, and localhostProfile field corresponds to the path following localhost annotation value.

    Current annotation value seccompProfile value
    unconfined seccompProfile:
    type: Unconfined
    runtime/default
    or docker/default
    seccompProfile:
    type: RuntimeDefault
    localhost/path/to/profile.json seccompProfile:
    type: Localhost
    localhostProfile: path/to/profile.json

For more details, see the following pages:

The widely used Ingress API has graduated to general availability in Kubernetes 1.19. The v1beta1 Ingress API is deprecated, and will no longer be served in 1.22+. Before 1.21, identify and transition clients and manifests using the v1beta1 Ingress API to use networking.k8s.io/v1.

Clusters with Google Cloud's operations suite enabled can use the following query to identify clients that access the Ingress v1beta1 APIs:

resource.type="k8s_cluster"
resource.labels.cluster_name="$CLUSTER_NAME"
protoPayload.authenticationInfo.principalEmail:("system:serviceaccount" OR "@")
protoPayload.request.apiVersion=("extensions/v1beta1" OR "networking.k8s.io/v1beta1")
protoPayload.request.kind="Ingress"
NOT ("kube-system")

Identify and transition clients and manifests using the v1beta1 Ingress APIs to use networking.k8s.io/v1 before 1.21 is released on GKE (approximately in June 2021), then verify no clients are using the v1beta1 API during the 1.21 timeframe. Workloads using the v1beta1 APIs need to be upgraded before your cluster is upgraded to GKE 1.22.

To migrate manifests to networking.k8s.io/v1:

  1. Rename the spec.backend field (if specified) to spec.defaultBackend
  2. Rename each backend.serviceName field to backend.service.name
  3. Rename each numeric backend.servicePort field to backend.service.port.number
  4. Rename each string backend.servicePort field to backend.service.port.name
  5. Specify a pathType field for each defined path. Options are Prefix, Exact, and ImplementationSpecific. To match the undefined v1beta1 behavior, use ImplementationSpecific.

As an example, to migrate this v1beta1 manifest to v1:

v1beta1 manifest

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: example
spec:
  backend:
    serviceName: default-backend
    servicePort: 80
  rules:
  - http:
      paths:
      - path: /testpath
        backend:
          serviceName: test
          servicePort: 80

v1 manifest

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: example
spec:
  defaultBackend:
    service:
      name: default-backend
      port:
        number: 80
  rules:
  - http:
      paths:
      - path: /testpath
        pathType: ImplementationSpecific
        backend:
          service:
            name: test
            port:
              number: 80

The CertificateSigningRequest API has graduated to certificates.k8s.io/v1 in Kubernetes 1.19. The v1beta1 CertificateSigningRequest API is deprecated and will no longer be served in 1.22+.

Clusters with Google Cloud's operations suite enabled can use the following query to identify clients that access the CertificateSigningRequest v1beta1 APIs:

resource.type="k8s_cluster"
resource.labels.cluster_name="$CLUSTER_NAME"
protoPayload.authenticationInfo.principalEmail:("system:serviceaccount" OR "@")
protoPayload.request.apiVersion="certificates.k8s.io/v1beta1"
NOT ("kube-system")

Identify and transition clients and manifests using the v1beta1 CertificateSigningRequest API to use certificates.k8s.io/v1 before 1.21 is released on GKE (approximately in June 2021), then verifying no clients are using the v1beta1 API during the 1.21 timeframe. Workloads using the v1beta1 API need to be upgraded before your cluster is upgraded to GKE 1.22.

Differences between the v1beta1 and v1 API are as follows:

  • For API clients requesting certificates:

    • spec.signerName is now required, and requests for kubernetes.io/legacy-unknown are not allowed to be created using the certificates.k8s.io/v1 API
    • spec.usages is now required, cannot contain duplicate values, and must only contain known usages
  • For API clients approving or signing certificates:

    • status.conditions cannot contain duplicate types
    • status.conditions[*].status is now required
    • status.certificate must be PEM-encoded, and must contain only CERTIFICATE blocks

January 11, 2021

The Compute Engine persistent disk Container Storage Interface (CSI) Driver is now generally available in GKE. It allows you to take advantage of the latest persistent disk features without having to manually manage the CSI driver lifecycle.

For newly created clusters, the Compute Engine persistent disk CSI Driver is installed by default for the following cluster versions:

  • 1.18.10-gke.2101 and later
  • 1.19.3-gke.2100 and later

For all clusters, PersistentVolumeClaims created without specifying a StorageClass will continue to trigger volume provisioning using the in-tree gcePersistentDisk volume plugin. Only StorageClasses that reference the provisioner name pd.csi.storage.gke.io will provision using the CSI driver. For details, refer to Using the Compute Engine persistent disk CSI Driver.

In all GKE versions 1.14 or later, Google Cloud's operations suite for GKE adds two new options for configuring which logs and metrics are collected:

  1. System and workload logging only (Monitoring disabled).
  2. System monitoring only (Logging disabled).

January 08, 2021

(2021-R1) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

  • Version 1.16.15-gke.6000 is now available. This version is now the default.
  • Version 1.17.14-gke.400 is now available.
  • Version 1.14.10-gke.50 is no longer available.
  • Version 1.14.10-gke.902 is no longer available.
  • Version 1.14.10-gke.1504 is no longer available.
  • Version 1.15.12-gke.20 is no longer available.
  • Version 1.15.12-gke.4000 is no longer available.
  • Version 1.15.12-gke.4002 is no longer available.
  • Version 1.15.12-gke.5000 is no longer available.
  • Version 1.15.12-gke.6001 is no longer available.
  • Version 1.16.15-gke.4300 is no longer available.
  • Version 1.16.15-gke.4301 is no longer available.
  • Version 1.16.15-gke.5500 is no longer available.
  • Version 1.17.13-gke.2001 is no longer available.
  • Auto-upgrading nodes in the no channel automatically upgrade from version 1.14 to version 1.15.12-gke.6002 with this release.
  • Auto-upgrading nodes in the no channel automatically upgrade from version 1.16 to version 1.16.15-gke.6000 with this release.
  • Auto-upgrading nodes in the no channel automatically upgrade from version 1.17 to version 1.17.14-gke.400 with this release.

Stable channel

  • Version 1.16.15-gke.6000 is now available in the Stable channel. This version is now the default.
  • Version 1.17.14-gke.1200 is now available in the Stable channel.
  • Version 1.15.12-gke.20 is no longer available in the Stable channel.
  • Version 1.15.12-gke.6001 is no longer available in the Stable channel.
  • Version 1.16.15-gke.4300 is no longer available in the Stable channel.
  • Version 1.16.15-gke.4301 is no longer available in the Stable channel.
  • Version 1.16.15-gke.4901 is no longer available in the Stable channel.
  • Version 1.16.15-gke.5500 is no longer available in the Stable channel.
  • Auto-upgrading nodes in the Stable channel automatically upgrade from version 1.16 to version 1.16.15-gke.6000 with this release.

Regular channel

  • Version 1.17.14-gke.400 is now available in the Regular channel. This version is now the default.
  • Version 1.17.13-gke.2600 is no longer available in the Regular channel.
  • Auto-upgrading nodes in the Regular channel automatically upgrade from version 1.17 to version 1.17.14-gke.400 with this release.

Rapid channel

  • Version 1.18.12-gke.1201 is now available in the Rapid channel. This version is now the default.
  • Version 1.18.12-gke.1205 is now available in the Rapid channel.
  • Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.18 to version 1.18.12-gke.1201 with this release.

We have discovered an issue with Internal Ingress on GKE that may require your action if you have HTTPS enabled (either through pre-shared certificates or Kubernetes Secrets). This issue does not affect External Ingress resources or MultiClusterIngress resources.

What do I need to know?

For internal Ingress on GKE versions 1.17.x and earlier, there is a known issue concerning SSL Certificate Updates on internal Ingress resources. Updating the certificate is not possible for pre-shared or Secrets-based certificates (which includes Kubernetes certificate managers). Updates to existing certificates on internal Ingress resources will not complete if attempting to update the Ingress resource.

In order to replace the certificate on an existing Ingress, the Ingress must be deleted and re-deployed. Manual updates using the gcloud compute target-https-proxies update allow a certificate to be updated on an existing Ingress without recreation, but any manual updates are overwritten by the Ingress controller if the Ingress is updated again.

What do I need to do?

If you intend to update your TLS Spec or Pre-shared Cert Spec on your Internal Ingress, you must do so by deleting your Ingress and recreating it as soon as possible, until you are able to upgrade to a patched version. Versions 1.16 are expected to be patched this month.

December 17, 2020

Internal Ingress for Internal HTTP(S) Load Balancing is now GA for 1.17.13-gke.2600+ and 1.18.10-gke.800+. Note that the certificate update issue is now patched in these GA versions. Internal Ingress for GKE 1.16 will be patched in an upcoming release.

December 14, 2020

(R41) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

  • Version 1.16.15-gke.7300 is now available.
  • Version 1.17.14-gke.1600 is now available.
  • Auto-upgrading nodes in the no channel automatically upgrade from version 1.14 to version 1.15.12-gke.6001 with this release.
  • Auto-upgrading nodes in the no channel automatically upgrade from version 1.16 to version 1.16.15-gke.4300 with this release.
  • Auto-upgrading nodes in the no channel automatically upgrade from version 1.17 to version 1.17.13-gke.2600 with this release.

Stable channel

  • Version 1.16.15-gke.4901 is now available in the Stable channel. This version is now the default.
  • Auto-upgrading nodes in the Stable channel automatically upgrade from version 1.16 to version 1.16.15-gke.4300 with this release.

Regular channel

  • Version 1.17.13-gke.2600 is now available in the Regular channel. This version is now the default.
  • Auto-upgrading nodes in the Regular channel automatically upgrade from version 1.17 to version 1.17.13-gke.2600 with this release.

Rapid channel

  • Version 1.18.12-gke.1201 is now available in the Rapid channel.
  • Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.18 to version 1.18.12-gke.1200 with this release.

Node image changes

When using ephemeral storage on local SSDs, reserved space is now calculated from the number of SSDs, instead of the size of the boot disk. Learn more at Allocatable local ephemeral storage resources.

December 08, 2020

With the release of GKE node version 1.19, the Container-Optimized OS with Docker (cos) variant is deprecated. Please migrate to the Container-Optimized OS with Containerd (cos_containerd) variant, which is now the default GKE node image. For instructions, see Containerd images.

December 07, 2020

(R40) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

Stable channel

  • Version 1.15.12-gke.6002 is now available in the Stable channel.
  • Auto-upgrading nodes in the Stable channel automatically upgrade from version 1.16 to version 1.16.15-gke.4300 with this release.

Regular channel

  • Auto-upgrading nodes in the Regular channel automatically upgrade from version 1.17 to version 1.17.13-gke.2001 with this release.

Rapid channel

  • Version 1.18.12-gke.1200 is now available in the Rapid channel.
  • Version 1.18.12-gke.300 is now the default in the Rapid channel.
  • Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.18 to version 1.18.12-gke.300 with this release.
  • Version 1.18.10-gke.2701 is no longer available in the Rapid channel.

December 01, 2020

(R39) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

  • Version 1.16.15-gke.4301 is now available.
  • Version 1.16.15-gke.6000 is now available.
  • Version 1.17.13-gke.1401 is now available.
  • Version 1.17.14-gke.400 is now available.

    This release sets sysctl net.netfilter.nf_conntrack_tcp_be_liberal=1 on the node image. This discourages netfilter from resetting TCP connections.

  • Version 1.19.4-gke.700 is now available.

    This version is available in preview. Before creating GKE v1.19 clusters, you must review the known issues and urgent upgrade notes.

  • Version 1.19.3-gke.2100 is no longer available.

  • Version 1.19.3-gke.2700 is no longer available.

  • Auto-upgrading nodes in the no channel automatically upgrade from version 1.17 to version 1.17.13-gke.1401 with this release.

Stable channel

  • Version 1.16.15-gke.4901 is now available in the Stable channel.
  • Version 1.16.15-gke.4301 is now available in the Stable channel.
  • Auto-upgrading nodes in the Stable channel automatically upgrade from version 1.16 to version 1.16.13-gke.404 with this release.

Regular channel

  • Version 1.17.13-gke.1401 is now available in the Regular channel.
  • Version 1.17.13-gke.1400 is no longer available in the Regular channel.
  • Auto-upgrading nodes in the Regular channel automatically upgrade from version 1.17 to version 1.17.13-gke.1401 with this release.
  • 1.17.13-gke.2001 is now the default version in the Regular channel.

Rapid channel

  • Version 1.18.12-gke.300 is now available in the Rapid channel. This version is now the default.
  • Version 1.18.10-gke.2701 is now the default version in the Rapid channel.
  • Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.18 to version 1.18.10-gke.2701 with this release.
  • Version 1.18.10-gke.2101 is no longer available in the Rapid channel.

November 24, 2020

The November 17, 2020 release removed the following GKE versions:

  • Version 1.16.13-gke.401 is no longer available.
  • Version 1.19.3-gke.1500 is no longer available.
  • Version 1.16.13-gke.401 is no longer available in the Stable channel.
  • Version 1.17.12-gke.1504 is no longer available in the Regular channel.
  • Version 1.18.10-gke.1500 is no longer available in the Rapid channel.

November 17, 2020

This note was updated on November 24, 2020.

(R38) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

Stable channel

  • 1.16.15-gke.4300 is now the default version in the Stable.
  • Auto-upgrading nodes in the Stable channel automatically upgrade from version 1.16 to version 1.16.13-gke.404 with this release.

Regular channel

  • Version 1.17.13-gke.2001 is now available in the Regular channel.
  • Auto-upgrading nodes in the Regular channel automatically upgrade from version 1.17 to version 1.17.13-gke.1400 with this release.

Rapid channel

  • Version 1.18.10-gke.2701 is now available in the Rapid channel. This version is now the default.
  • Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.18 to version 1.18.10-gke.2101 with this release.

The issue from September 28, 2020 with Container Threat Detection on GKE 1.18 is resolved in GKE versions 1.18.9-gke.1300 and later and 1.19.2-gke.2000 and later.

You can now use balanced persistent disks (pd-balanced) as a GKE node boot disk type. You create node pools with pd-balanced boot disks using the Cloud SDK and Google Cloud API.

November 13, 2020

SSL policies for GKE external Ingress for 1.17.6-gke.11+ are now generally available. SSL policies allow you to specify a set of TLS versions and ciphers that the load balancer uses to terminate HTTPS traffic from clients.

Custom health checks across all Ingress types for 1.17.12-gke.500+ are now generally available. With custom health checks, you specify parameters in a Kubernetes BackendConfig.

You can now specify custom network endpoint group (NEG) names. This feature is in beta.

HTTPS redirects for Ingress are now in beta. An external HTTP load balancer can redirect unencrypted HTTP requests to an HTTPS load balancer that uses the same IP address.

For internal Ingress on GKE versions earlier than 1.18.10-gke.600 there is a known issue concerning SSL Certificate Updates on internal Ingress resources. Updating the certificate is not possible for pre-shared or Secrets-based certificates (which includes Kubernetes certificate managers). In order to replace the certificate on an existing Ingress, the Ingress must be deleted and re-deployed. Manual updates using the gcloud compute target-https-proxies update allow a certificate to be updated, but any manual updates are overwritten by the Ingress controller if the Ingress is updated again.

The GKE release notes will be updated when the patch is available.

November 12, 2020

(R37) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

Stable channel

  • There are no new releases in the Stable release channel.
  • Auto-upgrading nodes in the Stable channel automatically upgrade from version 1.15 to version 1.16.13-gke.401 with this release.

Regular channel

Rapid channel

  • Version 1.18.10-gke.2101 is now available in the Rapid channel.
  • Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.18 to version 1.18.10-gke.1500 with this release.
  • Version 1.18.10-gke.1500 is the new default version in the Rapid channel.

New clusters created with the v1alpha1 and v1beta1 APIs install the Compute Engine persistent disk Container Storage Interface by default (CSI) Driver for the following cluster versions:

  • 1.18.10-gke.2101 and higher
  • 1.19.3-gke.2100 and higher

November 06, 2020

Node pools running GKE 1.18 and higher can now be configured to use local SSD for ephemeral storage with emptyDir volumes. For more information, see Using local SSDs. This feature is in beta.

November 04, 2020

(R36) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

Stable channel

Regular channel

Rapid channel

  • Version 1.18.10-gke.1500 is now available in the Rapid channel.

    This release sets sysctl net.netfilter.nf_conntrack_tcp_be_liberal=1 on the node image. This discourages netfilter from resetting TCP connections.

  • Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.18 to version 1.18.10-gke.601 with this release.

Support for Legacy Logging and Monitoring for Google Kubernetes Engine is extended to GKE 1.15. Google Cloud's operations suite remains the default configuration for GKE 1.15. Both existing and new GKE 1.15 clusters can use either of the two logging options.

October 28, 2020

(R35) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

  • Version 1.16.15-gke.3500 is now available.
  • Version 1.17.13-gke.600 is now available.
  • Version 1.19.3-gke.2 is now available.
  • Auto-upgrading nodes and control planes upgrade from version 1.14 to version 1.15.12-gke.20 during this release.
  • Auto-upgrading nodes and control planes upgrade from version 1.17 to version 1.17.12-gke.1504 during this release.

Stable channel

There are no new releases in the Stable release channel.

Regular channel

There are no new releases in the Regular release channel.

Rapid channel

  • Version 1.18.10-gke.601 is now available in the Rapid channel.
  • Version 1.18.9-gke.1501 is no longer available in the Rapid channel.
Versions no longer available

The following versions are no longer available for new clusters or cluster upgrades:

  • 1.17.12-gke.1501
  • 1.18.9-gke.1501

There is a known issue with Config Connector component versions 1.24.0 and 1.25.0. Clusters with many resources being managed might fail with error code 413 while communicating with Google Cloud.

The following GKE versions are affected:

  • 1.15.12-gke.6001 (R34)
  • 1.16.15-gke.2601 (R34)
  • 1.16.15-gke.3500 (R35)
  • 1.17.12-gke.2502 (R34)
  • 1.17.13-gke.600 (R35)
  • 1.18.9-gke.2501 (R34)

October 20, 2020

(R34) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

Stable channel

  • Version 1.16.13-gke.403 is now available in the Stable channel.
  • Auto-upgrading control planes from version 1.15 to version 1.16.13-gke.401 during this release.

Regular channel

  • Version 1.17.12-gke.1501 is now available in the Regular channel.
  • Version 1.17.12-gke.1504 is now available in the Regular channel.
  • Version 1.17.12-gke.1504 is the new default version in the Regular channel.
  • Version 1.17.9-gke.1504 is no longer available in the Regular channel.
  • Version 1.17.9-gke.6300 is no longer available in the Regular channel.

Rapid channel

  • Version 1.18.9-gke.2501 is now available in the Rapid channel.
  • Version 1.18.9-gke.2501 is the new default version for clusters in the Rapid channel.
  • Version 1.18.9-gke.801 is no longer available in the Rapid channel.
Versions no longer available

The following versions are no longer available for new clusters or cluster upgrades:

  • 1.17.9-gke.1504
  • 1.17.9-gke.6300

October 19, 2020

A fix for the issue reported on September 16, 2020 where custom resources in the istio-system namespace were deleted when upgrading from GKE 1.16 to 1.17 and 1.18 is now available.

Upgrade to one of the following unaffected versions to avoid having to manually recreate these resources:

  • 1.17.12-gke.1501 and higher
  • 1.18.9-gke.1501 and higher

The issue only occurs during upgrades, so new clusters created in earlier versions are unaffected.

October 16, 2020

There is a known issue impacting both LTSC and SAC Windows Server images on GKE versions 1.17.x and 1.18.x. New Windows nodes take longer to join the cluster which may cause node pool creation, auto-scaling, and auto-repair operations to time out.

We recommend not upgrading clusters with Windows Server nodes pools to the following versions:

  • 1.17.12-gke.1501
  • 1.18.9-gke.1501

GKE versions beyond the affected versions will not have the startup time regression. Upgrade to versions greater than 1.17.12-gke.1501 and 1.18.9- gke.1501 when they become available.

October 12, 2020

(R33) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

Stable channel

  • Auto-upgrading nodes and control planes upgrade from 1.14 to version 1.15.12-gke.20 during this release.
  • Auto-upgrading control planes from version 1.15 to version 1.16.13-gke.401 during this release.

Regular channel

There are no new releases in the Regular release channel.

Rapid channel

  • Version 1.18.9-gke.1501 is now available in the Rapid channel.
  • Version 1.18.9-gke.801 is the new default version for clusters in the Rapid channel.
  • Version 1.17.9-gke.1504 is no longer available in the Rapid channel.
  • Version 1.18.6-gke.4801 is no longer available in the Rapid channel.
  • Auto-upgrading nodes and control planes upgrade from version 1.17, 1.18 to version 1.18.9-gke.801 during this release.

A new Windows node image version that fixes CVE-2020-1472 is now available. For more information, see the GCP-2020-013 security bulletin.

October 06, 2020

There is a known issue with the upgrade from GKE 1.16 to 1.17. Any custom resources you created in the istio-system namespace are deleted during an upgrade to 1.17. These resources must be manually recreated. We recommend not upgrading clusters with the Istio addon to 1.17 until the fix is rolled out. The issue only occurs during upgrades, so new clusters are not affected.

The fix was not included in release R31 as previously reported.

October 02, 2020

(R32) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

  • Version 1.15.12-gke.4000 is now available.
  • Version 1.16.15-gke.500 is now available.
  • Version 1.17.12-gke.500 is now available.
  • Version 1.16.13-gke.401 is the new default version for clusters with no channel.
  • Auto-upgrading control planes upgrade from version 1.14 to version 1.14.10-gke.50 during this release.
  • Auto-upgrading control planes upgrade from version 1.15 to version 1.15.12-gke.20 during this release.
  • Auto-upgrading nodes control planes upgrade from version 1.16 to version 1.16.13-gke.401 during this release.

Stable channel

  • Version 1.16.13-gke.401 is the new default version in the Stable channel.
  • Auto-upgrading nodes and control planes upgrade from version 1.15 to version 1.15.12-gke.20 during this release.
  • Auto-upgrading nodes and control planes upgrade from version 1.16 to version 1.16.13-gke.401 during this release.

Regular channel

  • Version 1.17.9-gke.6300 is now available in the Regular channel.
  • Version 1.17.9-gke.1504 is the new default version in the Regular channel.
  • Auto-upgrading control planes upgrade from versions 1.16 and 1.17 to version 1.17.9-gke.1504 during this release.

Rapid channel

Versions no longer available

The following versions are no longer available for new clusters or cluster upgrades:

  • 1.15.12-gke.2
  • 1.15.12-gke.9
  • 1.15.12-gke.13
  • 1.15.12-gke.16
  • 1.15.12-gke.17
  • 1.16.13-gke.1
  • 1.16.13-gke.400

In GKE 1.18 and later, for clusters using an optimize-utilization autoscaling profile, the scheduler name in the Pod spec is set to gke.io/optimize-utilization-scheduler.

September 28, 2020

If Container Threat Detection is enabled on GKE clusters that have a version of 1.18.6-gke.2100 or later, it causes all Linux nodes to go into a reboot loop.

September 25, 2020

(R31) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

  • Version 1.17.9-gke.6300 is now available.
  • Auto-upgrading control planes upgrade from version 1.16 to version 1.16.13-gke.401 during this release.
  • Auto-upgrading control planes upgrade from version 1.17 to version 1.17.9-gke.1504 during this release.

Stable channel

Regular channel

There are no new releases in the Regular release channel.

Rapid channel

  • Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.18.6-gke.3504 to version 1.18.6-gke.4801 with this release.
  • Version 1.18.6-gke.3504 is no longer available in the Rapid channel.

For clusters not using Legacy Logging and Monitoring, upgrades from 1.14 to 1.15 are now scheduled to start in mid October. This is a change from the details announced in R29.

Node Auto-Provisioning now lets you set default values for the following features:

  • Customer-managed encryption keys (CMEK)
  • Secure Boot and Integrity Monitoring
  • Boot disk type and size

The default value will be used by all newly created node pools.

We expect the following changes in the coming weeks. This information is not a guarantee, but is provided to help you plan for upcoming changes.

GKE will gradually upgrade clusters' control planes only to Kubernetes 1.16, beginning on or after October 6, 2020.

Node pools will not be auto-upgraded to 1.16 at this time, but can be manually upgraded completing the following instructions.

Once rolled out, 1.16 will become the most mature control plane version in the Kubernetes fleet, with newer versions available on the Rapid and Regular channels. In turn, older control plane versions will be deprecated and eventually removed from the fleet. Periodically deprecating and eventually removing beta APIs is part of a standard process to ensure that all Kubernetes fleets evolve and all APIs continue to be up-to-date.

More information is available in the GKE documentation and from the Kubernetes project.

What do I need to do?

  1. Test and qualify 1.16 in a pre-production environment. We highly recommend testing upgrades in a staging or testing environment before rolling them out to production.
  2. Migrate to use the current API versions before your clusters are upgraded to Kubernetes 1.16 to ensure your API clients and resource manifests can access and update API resources without interruption.

You can manually upgrade node pools to 1.16:

If you are concerned about disruption, use maintenance windows and exclusions to control when the upgrade will occur.

If you have the Istio on GKE add-on enabled on a cluster, there is a known issue with the upgrade from GKE 1.16 to 1.17 versions lower than 1.17.9-gke.6300 (R30 or earlier). Any custom resources you created in the istio-system namespace are deleted during an upgrade to 1.17 (R30 or earlier). These resources must be manually recreated. We recommend that Istio on GKE users upgrade only to R31 or a later version that doesn't have the issue. The issue only occurs during upgrades, so new clusters are not affected.

September 16, 2020

If you have the Istio on GKE add-on enabled on a cluster, there is a known issue with the upgrade from GKE 1.16 to 1.17. Any custom resources you created in the istio-system namespace are deleted during an upgrade to 1.17 (R30 or earlier). These resources must be manually recreated. We recommend that Istio on GKE users do not upgrade to GKE 1.17 until a patch release fixes the issue. The fix will be rolled out in GKE release R31.

September 15, 2020

(R30) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

  • Version 1.15.12-gke.20 is the new default version for clusters with no channel.

Stable channel

  • Version 1.15.12-gke.20 is the new default version in the Stable channel.
  • Version 1.15.12-gke.2 is no longer available in the Stable channel.

Regular channel

  • Version 1.16.13-gke.401 is the new default version in the Regular channel.
  • Auto-upgrading control planes upgrade from version 1.16 to version 1.16.13-gke.401 during this release.
  • Version 1.17.9-gke.1504 is now available in the Regular channel. This version is not yet the default version or an upgrade target.

    To learn more about the changes contained in 1.17, see the following GKE and Kubernetes release notes:

Rapid channel

  • Version 1.18.6-gke.4801 is now available in the Rapid channel.
  • Version 1.18.6-gke.3504 is the new default version in the Rapid channel.
  • Version 1.17.9-gke.1503 is no longer available in the Rapid channel.
  • Version 1.18.6-gke.3503 is no longer available in the Rapid channel.
  • Auto-upgrading nodes and control planes upgrade from version 1.17 to version 1.17.9-gke.1504 during this release.

September 14, 2020

(R29.1) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

Stable channel

Regular channel

Rapid channel

  • Version 1.17.9-gke.1504 is now available in the Rapid channel. This version is now the default.

There is a known issue that prevents creating Rapid channel clusters on 1.18. To create a cluster on the Rapid channel, create a Rapid channel cluster on 1.17, and then manually upgrade to 1.18.

A vulnerability was recently discovered in the Linux kernel, described in CVE-2020-14386, that may allow container escape to obtain root privileges on the host node. All GKE nodes are affected. For more information, see the GCP-2020-012 security bulletin.

A fix is available in all versions included in this release.

September 08, 2020

GKE clusters in the ERROR state will be automatically deleted.

This change applies to all GKE versions.

Kubernetes 1.18 available on GKE

Kubernetes 1.18 is now available in the Rapid channel. See the Kubernetes 1.18 release notes. In particular, see the Urgent Upgrade Notes before upgrading to 1.18.

TaintBasedEvictions are generally available in GKE in 1.18 clusters.

Consumers of the certificatesigningrequests/approval API must now have permission to approve certificate signing requests (CSRs) for the specific signer requested by the CSR. More information on the new signerName field and the required authorization can be found in the CSR documentation.

GKE now allows clusters of up to 15,000 nodes when using GKE 1.18. To scale a cluster beyond 5,000 nodes, you must contact support to raise your quota.

In GKE 1.18, Shielded Nodes are enabled by default for newly created clusters. Clusters upgrading to 1.18 are unaffected by this change.

Shielded Nodes are only compatible with Container-Optimized OS and Ubuntu images. If you are using a custom image or Windows images you should disable Shielded Nodes.

While the Kubernetes API does support the use of the ingressClassName and ingressClass resources, the Compute Engine ingress controller does not.

Cluster Autoscaler for GKE 1.18 could have problems with very large clusters or scale ups where there are over 5,000 nodes in the cluster or over 1,000 nodes being added at the same time. A fix is coming soon.

September 03, 2020

(R29) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

  • Version 1.15.12-gke.17 is now available.
  • Version 1.16.13-gke.400 is now available.
  • Auto-upgrading nodes upgrade from version 1.14 to version 1.15.12-gke.2 during this release if they have not already done so.

Stable channel

  • Version 1.16.13-gke.1 is now available in the Stable channel.
  • Version 1.15.12-gke.9 is no longer available in the Stable channel.
Coming soon

Google Kubernetes Engine will begin gradually upgrading clusters in the Stable channel to GKE 1.16 in an upcoming release. To read about API deprecations in 1.16, see Kubernetes 1.16 deprecated APIs.

Regular channel

There are no version changes in the Regular channel in this release.

Rapid channel

August 28, 2020

Master global access for private clusters is now generally available. With master global access, you can access the master's private endpoint from any Google Cloud region or on-premises environment no matter what the private cluster's region is.

We expect the following changes in the coming weeks. This information is not a guarantee, but is provided to help you plan for upcoming changes.

Google Kubernetes Engine will begin gradually upgrading clusters in the Stable channel to GKE 1.16 in an upcoming release. To read about API deprecations in 1.16, see Kubernetes 1.16 deprecated APIs.

August 27, 2020

(R28) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

  • Auto-upgrading nodes begin upgrading from version 1.14 to version 1.15.12-gke.2 in this release. The auto-upgrades will continue gradually over the course of several releases.

Stable channel

  • Auto-upgrading nodes in the Stable channel continue upgrading from version 1.14 to 1.15.12-gke.2 during this release. All auto-upgrading nodes that have not yet upgraded to 1.15.12-gke.2 will upgrade during the R28 rollout.

Regular channel

There are no version changes in the Regular channel in this release.

Rapid channel

  • Version 1.17.9-gke.1703 is no longer available.
Versions no longer available

The following versions are no longer available for new clusters or cluster upgrades:

  • 1.14

August 21, 2020

OpenID Connect Discovery Documents are now published for all clusters, which allows you to configure other software to understand the service account tokens issued by GKE clusters. For more information, see the getOpenid-configuration and getJwks in the API reference documentation.

Google canonical error codes are now available in beta. GKE operations now use the canonical error model to report errors.

The internal load balancer Service type is now generally available for GKE 1.17.9-gke.600 and later.

Global access and configurable subnets for the internal load balancer Service are now generally available for GKE 1.17.9-gke.600 and later.

Dataplane V2 is now available in beta in newly created clusters using GKE versions 1.17.9-gke.600 and later or 1.18 and later. See New GKE Dataplane V2 increases security and visibility for containers on the Google Cloud Blog for more details.

Network policy logging is now available in beta. Network policy logging requires a cluster with Dataplane V2.

The use of private IP address ranges outside of the RFC 1918 ranges is now generally available. These addresses can be used for master nodes, nodes, Pods, and Services.

In some cases, certain networking kernel sysctls which were previously set to static defaults are now calculated dynamically based upon machine size. The networking sysctls affected include:

  • net.ipv4.tcp_mem
  • net.ipv4.tcp_max_tw_buckets
  • net.ipv4.udp_mem
  • net.ipv4.tcp_max_orphans
  • net.ipv4.tcp_max_syn_backlog

The issue has been fixed in GKE 1.17 in versions 1.17.6-gke.7 and later and in 1.16 in 1.16.13-gke.1 and later.

August 20, 2020

(R27) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

  • Version 1.18.6-gke.2100 is now available.

    This version is available in preview. Before creating GKE 1.18 clusters, you must review the known issues and urgent upgrade notes.

  • Version 1.16.11-gke.5 is no longer available.

  • Auto-upgrading nodes using versions 1.15.12-gke.3 or 1.15.12-gke.6 upgrade to 1.15.12-gke.9 with this release.

  • Auto-upgrading nodes using versions 1.16.9-gke.6 or 1.16.11-gke.5 upgrade to 1.16.13-gke.1 with this release.

Stable channel

There are no version changes in the Stable channel in this release.

Regular channel

  • Auto-upgrading nodes in the Regular channel automatically upgrade from version 1.16.11-gke.5 to version 1.16.13-gke.1 with this release.
  • Version 1.16.11-gke.5 is no longer available.

Rapid channel

  • Version 1.17.9-gke.1703 is now available in the Rapid channel.
  • Version 1.17.9-gke.1503 is now available in the Rapid channel. This version is now the default.
  • Version 1.17.9-gke.600 is no longer available.

August 06, 2020

(R26) Version updates

GKE cluster versions have been updated.

Scheduled automatic upgrades

Masters and nodes with auto-upgrade enabled will be upgraded:

Current version Upgrade version
1.14 1.15.12-gke.2
1.15.12-gke.3 1.15.12-gke.9
1.15.12-gke.6 1.15.12-gke.9
1.16.9-gke.6 1.16.11-gke.5
1.16.10-gke.8 1.16.11-gke.5
1.17.8-gke.17 1.17.9-gke.600

Rollouts are phased across multiple weeks, to ensure cluster and fleet stability.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

Stable channel

There are no new releases in the Stable release channel.

Regular channel

Rapid channel

  • Version 1.17.9-gke.1500 is now available in the Rapid channel.

  • Version 1.17.9-gke.600 is now available in the Rapid channel. This version is now the default.

Versions no longer available

The following versions are no longer available for new clusters or cluster upgrades:

  • 1.15.12-gke.3
  • 1.15.12-gke.6
  • 1.16.9-gke.6
  • 1.16.10-gke.8
  • 1.17.6-gke.11
  • 1.17.6-gke.15

July 28, 2020

Change default machine type to E2

GKE is changing the default machine type for new clusters and node pools from n1-standard-1 to e2-medium. This change impacts new node pools created using versions 1.17.6 and higher. If you do not specify a machine type during your cluster or node pool creation workflow from node pool version 1.17.6 onwards, the newly provisioned clusters and node pools will default to e2-medium VMs. Note that this change does not impact your existing node pools that are auto-upgraded or manually upgraded to version 1.17.6 or higher.

E2 machine types do not support GPUs, local SSDs or sole tenancy. As such, you will receive an error message advising you to specify a compatible machine type for your workloads if you:

  • Use node pool version 1.17.6+ to provision new worker nodes using the default machine type with either GPUs, local SSDs or Sole tenancy enabled (for example, gcloud container clusters create mycluster --accelerator type=nvidia-tesla-v100, count=2), or
  • Use scripts that provision GPUs or local SSDs and do not specify a specific machine type. Furthermore, these scripts will not work until you specify your desired compatible machine type.

What do I need to do?

Use the following interface(s) of your choice to explicitly configure your machine type setting for newly provisioned machines to be anything other than the new e2-medium default:

(R25) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

Stable channel

  • GKE continues to upgrade control planes in clusters on the Stable channel to 1.15.12-gke.2. Upgrades will proceed gradually over several GKE releases.
  • GKE begins to upgrade nodes in clusters on the Stable channel to 1.15.12-gke.2. Upgrades will proceed gradually over several GKE releases.

Regular channel

  • Version 1.16.13-gke.1 is now available in the Regular channel.
  • Auto-upgrading nodes in the Regular channel automatically upgrade from version 1.16.9-gke.6 to version 1.16.11-gke.5 with this release.

Rapid channel

  • Version 1.17.9-gke.600 is now available in the Rapid channel.

  • Version 1.17.8-gke.17 is now available in the Rapid channel. This version is now the default.

  • Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.17.7-gke.15 to version 1.17.8-gke.17 with this release.

Versions no longer available

The following versions are no longer available for new clusters or cluster upgrades:

  • 1.17.7-gke.15

GKE nodes now have the label cloud.google.com/machine-family applied. The value of this label is the Compute Engine instance family.

We expect the following changes in the coming weeks. This information is not a guarantee, but is provided to help you plan for upcoming changes.

  • In the next release (R26), GKE will begin to upgrade control planes in clusters not enrolled in a channel to 1.15. Upgrades will proceed gradually over several GKE releases.

July 22, 2020

(R24) Version updates

GKE cluster versions have been updated.

New default version

The default version for new clusters is now 1.15.12-gke.2 (previously 1.14.10-gke.36).

Scheduled automatic upgrades

Masters and nodes with auto-upgrade enabled will be upgraded:

Current version Upgrade version
1.14.0 to 1.14.10-gke.41 1.14.10-gke.42
1.15.0 to 1.15.12-gke.1 1.15.12-gke.2
1.16.0 to 1.16.9-gke.5 1.16.9-gke.6

Rollouts are phased across multiple weeks, to ensure cluster and fleet stability.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

Stable channel

  • Version 1.15.12-gke.9 is now available in the Stable channel.
  • Auto-upgrading nodes in the Stable channel automatically upgrade from version 1.14 to version 1.15.12-gke.2 with this release.

Regular channel

  • Version 1.16.12-gke.3 is now available in the Regular channel.
  • Version 1.16.11-gke.5 is now available in the Regular channel. This version is now the default.

Rapid channel

  • Version 1.17.8-gke.17 is now available in the Rapid channel.

    This version includes node image upgrades for Ubuntu (ubuntu-gke-1804-1-17-v20200610) and Windows Server (windows-server-1909-dc-core-uefi-gke-v1592940889 and windows-server-2019-dc-core-uefi-gke-v1592939281).

  • Version 1.17.7-gke.15 is now available in the Rapid channel. This version is now the default.

  • Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.17.6-gke.11 to version 1.17.7-gke.15 with this release.

Versions no longer available

The following versions are no longer available for new clusters or cluster upgrades:

  • 1.16.8-gke.15
  • 1.16.9-gke.2
  • 1.15.9-gke.24
  • 1.15.11-gke.15
  • 1.15.11-gke.17
  • 1.14.10-gke.36
  • 1.14.10-gke.37
  • 1.14.10-gke.40
  • 1.14.10-gke.41

A privilege escalation vulnerability was recently discovered in Kubernetes. This vulnerability allows an attacker that has already compromised a node to execute a command in any Pod in the cluster. For more information, see the GCP-2020-009 security bulletin.

We expect the following changes in the coming weeks. This information is not a guarantee, but is provided to help you plan for upcoming changes.

  • In the next release (R25), GKE will begin to upgrade nodes in clusters on the Stable channel to 1.15.12-gke.2. Upgrades will proceed gradually over several GKE releases.
  • In the next release (R25), GKE will begin to upgrade nodes in clusters on the Regular channel to 1.16.11-gke.5. Upgrades will proceed gradually over several GKE releases.
  • In the next release (R25), GKE will begin to upgrade nodes in 1.16 clusters not on a release channel to 1.16.9-gke.5. Upgrades will proceed gradually over several GKE releases.
  • GKE version 1.14 will be deprecated in R26.

Starting September 1, 2020, we will automatically delete Google Kubernetes Engine (GKE) clusters that have ERROR status.

What do I need to know?

GKE clusters might end up with ERROR status (red exclamation mark in the cluster status page) in rare cases when cluster creation or deletion operation encounters an unexpected error. Previously, such clusters remained in your accounts and could have been partially usable. ERROR status clusters are excluded from the GKE cluster management fee.

Starting September 1, 2020, we will begin blocking access to such ERROR status clusters and deleting them automatically.

What do I need to do?

If you are relying on any of the clusters with ERROR status in your projects, stop using them by September 1, 2020.

July 17, 2020

Up to 50 TCP/UDP ports are supported per internal TCP/UDP load balancer IP when deploying through GKE Services with shared IP addresses. This also permits multi-protocol TCP and UDP support for the same Service IP. Shared IP is now available in Beta for all existing GKE versions.

SSL Policies which allow policy-enforced TLS and cipher settings are available in Beta for external Ingress and multi-cluster Ingress. Custom health checks, which allow users to declaratively customize parameters of the load balancer health check, are also now available for external, internal, and multi-cluster Ingress. For feature support status and version compatibility see Ingress Features.

The BackendConfig CRD is now GA in GKE 1.16-gke.3+ clusters which promotes most BackendConfig features (IAP, timeouts, affinity, user-defined request headers, and so on) to GA across internal, external, and multi-cluster Ingress. See Ingress Features for detail on explicit version support.

Container-native Ingress using Network Endpoint Groups (NEGs) is now default (with some exceptions) for new Services deployed in GKE 1.17.6-gke.7+ clusters. The cloud.google.com/neg: '{"ingress": true}' annotation will be automatically applied to any Services deployed in these clusters without any explicit action from users to enable container-native Ingress.

Customer Managed Encryption Keys (CMEK) are now generally available for GKE. CMEK for GKE lets you secure your node boot disks as well as attached persistent storage by encrypting the data encryption keys that encrypt your data. To learn more, see Using customer-managed encryption keys.

The Kubernetes Engine Monitoring feature has been renamed in the Google Cloud Console and documentation to Cloud Operations for GKE. No functional changes were made with this change. Enabling Cloud Operations for GKE continues to collect logs and metrics for your cluster and workloads as it did before.

If you have node pools with kubernetes.io or k8s.io labels and want to upgrade to 1.16, you must remove the labels before upgrading.

For more information on this change, see the Kubernetes Node Restriction enhancement.

July 13, 2020

(R23) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

Stable channel

Regular channel

  • Version 1.16.11-gke.5 is now available in the Regular channel.

  • Auto-upgrading nodes in the Regular channel automatically upgrade from version 1.16.8-gke.15 to version 1.16.9-gke.6 with this release.

Rapid channel

A bug in gVisor has been fixed. Default gVisor node labels are now applied when user-specified labels.

Beginning with this release, GKE releases also include a release number to reference changes. This release is R23 for 2020.

We expect the following changes in the coming weeks. This information is not a guarantee, but is provided to help you plan for upcoming changes.

  • In the next release (R24), GKE will begin to upgrade control planes in clusters on the Stable channel to 1.15.12-gke.2. Upgrades will proceed gradually over several GKE releases.
  • In an upcoming release, GKE will begin to upgrade nodes in clusters on the Stable channel to 1.15.12-gke.2. Upgrades will proceed gradually over several GKE releases.

July 02, 2020

NodeLocal DNSCache is now generally available.

GKE Node System Configuration is now beta. With this feature you can specify custom configurations for Kubelet and Kernel settings on your node pools.

Starting with GKE 1.17.6, Vertical Pod Autoscaler recommendations are more fine-grained, starting from 1 mCPU and 1 MiB.

June 29, 2020

Version updates

GKE cluster versions have been updated.

Scheduled automatic upgrades

Nodes with auto-upgrade enabled will be upgraded:

Current version Upgrade version
1.15.x 1.15.11-gke.15

Rollouts are phased across multiple weeks, to ensure cluster and fleet stability.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

Stable channel

There are no new releases in the Stable release channel.

Regular channel

Rapid channel

Node image changes

GKE 1.14

The COS image for GKE 1.14.10-gke.45 clusters is cos-73-11647-534-0.

GKE 1.15

The COS image for GKE 1.15.12-gke.6 clusters is cos-77-12371-251-0.

June 24, 2020

There is a known that may cause multiple Pods on the same node to be allocated with the same IPv4 address leading to possible service disruption. We will automatically upgrade your cluster master to the next available patch version which will include a fix to the issue.

What do I need to know?

  • Ensure your cluster(s) are subscribed to a release channel, or you have node auto-upgrade enabled. If so, your cluster(s) will be automatically upgraded as described below.
  • If you are experiencing any issues or do not want to use auto-upgrade you can manually initiate an upgrade at your earliest convenience.

What do I need to do?

If you are experiencing issues and wish to update proactively:

  • Follow the steps in the Manually upgrading a cluster page to upgrade the cluster master.
  • Upgrade your node pool by applying the latest patch available for your node version.
  • Consider using surge upgrade for your nodepool upgrade. Surge upgrade allows you to set the number of additional nodes to be created temporarily for the upgrade process which the disruption to running workloads.
  • Use the following table to determine which patch version is applicable for your cluster(s):
Channel Action required Upgrade target Date available
No channel Upgrade to the recommended patch version available 1.15: Node pool
1.15.12-gke.3 or higher
June 23, 2020
1.16: Node pool
1.16.9-gke.6 or higher
June 30, 2020
Rapid Patch will be applied automatically Master and node pool 1.17.6.gke-4 or higher June 16, 2020
Regular Patch will be applied automatically Node pool 1.16.9-gke.6 or higher June 30, 2020
Stable No action is required Patch is not required N/A

June 23, 2020

Version updates

GKE cluster versions have been updated.

Scheduled automatic upgrades

Masters and nodes with auto-upgrade enabled will be upgraded:

Current version Upgrade version
1.15.x 1.15.11-gke.15

Rollouts are phased across multiple weeks, to ensure cluster and fleet stability.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

Stable channel

There are no new releases in the Stable release channel.

Regular channel

There are no new releases in the Regular release channel.

Rapid channel

Node image changes

GKE 1.14

The COS image for GKE 1.14.10-gke-43 clusters and is cos-73-11647-459-0.

June 15, 2020

Node auto-repair is now enabled by default by the Google Kubernetes Engine API for new node pools.

June 08, 2020

Version updates

GKE cluster versions have been updated.

Scheduled automatic upgrades

Rollouts are phased across multiple weeks, to ensure cluster and fleet stability.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

Stable channel

There are no new releases in the Stable release channel.

Regular channel

There are no new releases in the Regular release channel.

Rapid channel

Versions no longer available
  • 1.15.11-gke.3
  • 1.15.11-gke.5
  • 1.15.11-gke.9
  • 1.15.11-gke.11
  • 1.15.11-gke.12

Node image changes

GKE 1.15

GKE release channels

The COS image for GKE clusters in the Rapid release channel is now cos-81-12871-119-0.

The region asia-southeast2 in Jakarta is now available.

June 02, 2020

As part of ensuring better representation of available resources on the node for e2 burstable node types, GKE has decided to reduce the allocatable CPU resources available to schedule user workloads (known as the node allocatable resources) on e2-micro, e2-small, and e2-medium machine types.

What do I need to know?

Today, e2-micro, e2-small, and e2-medium have 1930 mCPU of allocatable resources for Kubernetes to schedule Pods on per node, and following this change it will be 940m CPU. Kubernetes uses the node allocatable resources during scheduling to decide how many Pods it should place on the node. If your workloads are currently requesting more CPU resources than what will be available after upgrading, they may become unscheduled after upgrade.

We are making this change in order to more accurately represent the resources available in these machine types. These machine types can temporarily burst to 2 vCPUs, but this is not sustained. The underlying compute capabilities and resources are not changing, the machines retain the ability to temporarily burst to 2 vCPU, this change only affects how many resources the Kubernetes scheduler considers when allocating Pods to nodes.

When your cluster is upgraded to 1.14.10-gke.42, 1.15.11-gke.18, 1.16.8- gke.17, or 1.17.5-gke.5 (whether you perform this manually or you are automatically upgraded), your workloads may become unscheduled if there are not enough allocatable resources in the cluster.

What do I need to do?

Prior to upgrading your nodes to version 1.16.8-gke.17 and 1.17.5-gke.5 or later

Take a moment to review your Pod resource requests. To see the allocated resources on your node, you can open Kubernetes Engine in the Google Cloud Console and select your cluster. On the Nodes tab for your cluster, the column CPU requested shows the total CPU requests on the node.

Alternatively, from the command line:

  1. Run kubectl get nodes to get a list of node names.
  2. Run kubectl describe node node-name and look at the Allocated resources section. Under the column Requests, find the row for cpu.

If you have nodes of type e2-micro, e2-small, and e2-medium where more than 940mCPU is requested, Pods will be rescheduled onto other nodes after upgrade. You must have enough allocatable capacity on other nodes.

To ensure you have enough allocatable capacity, you can:

  • Enable auto-scaling on your node pool. Auto-scaling will automatically provision the right number of nodes automatically, provided the Pod requests do not exceed that of the entire node
  • Increase the number of nodes in the cluster, or add larger node types if you have Pods that make CPU requests which exceed the capacity of existing nodes
  • Decrease the resource requests made by your workloads on these nodes so that they will still fit after the upgrade, by modifying the CPU resource requests of the PodSpec. Pods will be able to burst to the original CPU capacity for short periods as long as resource limits are not changed.

After you have upgraded your nodes to versions 1.14.10-gke.42, 1.15.11-gke.18, 1.16.8-gke.17, or 1.17.5-gke.5 or later:

Review the status of your Pods by running kubectl get pods.

If any are indicated as Pending, it may indicate that there were not enough resources available to schedule them. Follow the steps above to either add more nodes, or reduce the CPU resource requests in the PodSpec.

June 01, 2020

Version updates

GKE cluster versions have been updated.

Scheduled automatic upgrades

Rollouts are phased across multiple weeks, to ensure cluster and fleet stability.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

Stable channel

There are no new releases in the Stable release channel.

Regular channel

  • Auto-upgrading nodes in the Regular release channel automatically upgrade to version 1.16.8-gke.15 in this release.

Rapid channel

Node image changes

GKE 1.14: The Ubuntu image for GKE 1.14.10-gke.40 clusters is ubuntu-gke-1804-1-14-v20200219.

May 27, 2020

Due to a newly discovered issue, the following versions are no longer available:

  • 1.17.5-gke.6
  • 1.16.8-gke.17
  • 1.15.11-gke.14

May 19, 2020

Version updates

GKE cluster versions have been updated.

Scheduled automatic upgrades

Nodes with auto-upgrade enabled will be upgraded:

Current version Upgrade version
1.14.x 1.14.10-gke.36

Rollouts are phased across multiple weeks, to ensure cluster and fleet stability.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

Stable channel

There are no new releases in the Stable release channel.

Regular channel

Existing clusters in the Regular release channel automatically upgrade to version 1.16.8-gke.15 in this release.

Rapid channel

Node image changes

GKE 1.17

The COS image for GKE 1.17 clusters is now cos-81-12871-96-0.

etcd version changes

  • In the Rapid release channel, all GKE clusters running 1.17.3-gke.3 and up will have etcd upgraded to 3.4.7-0-gke.1. All new GKE clusters with 1.17.3-gke.3 and up will be created with etcd 3.4.7-0-gke.1.

Google Kubernetes Engine now supports the use of non-RFC 1918 private address ranges and the private reuse of public IP addresses in VPC-native clusters. For details and caveats about enabling these addresses, see Enabling non-RFC 1918 reserved IP address ranges.

May 15, 2020

Container Threat Detection is now available in Beta. Container Threat Detection can detect the most common container runtime attacks and alert you in Security Command Center and optionally in Cloud Logging. Container Threat Detection includes several detection capabilities, an analysis tool, and an API.

Container Threat Detection currently supports the following versions on the Regular and Rapid channels:

  • 1.15.9-gke.12 and higher
  • 1.16.5-gke.2 and higher
  • 1.17 and higher

In a future update, Container Threat Detection will support version 1.14 and the Stable channel.

May 13, 2020

Version updates

GKE cluster versions have been updated.

New default version

The default version for new clusters is now 1.14.10-gke.36.

Scheduled automatic upgrades

Masters with auto-upgrade enabled will be upgraded:

Current version Upgrade version
1.14.10-gke.27 1.14.10-gke.36
New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

  • 1.15.11-gke.13 is now available.
  • 1.16.8-gke.15 is now generally available for new clusters. Existing clusters and nodes will not automatically upgrade in this release.
Important

Before you migrate to GKE 1.16, you must review:

Stable channel

Regular channel

  • 1.16.8-gke.15 is now generally available for new clusters. Existing clusters and nodes will not automatically upgrade in this release.
Important

Before you migrate to GKE 1.16, you must review:

Rapid channel

  • 1.17.5-gke.0 is now available in the Rapid release channel.

Node image changes

GKE 1.16

The COS image for GKE 1.16 clusters is now cos-77-12371-251-0.

GKE 1.17

The COS image for GKE 1.17 clusters is now cos-81-12871-69-0.

Versions no longer available

  • 1.14.10-gke.27
  • 1.14.10-gke31
  • 1.14.10-gke.32
  • 1.14.10-gke.34

We expect the following changes in the coming weeks. This information is not a guarantee, but is provided to help you plan for upcoming changes.

Google Kubernetes Engine will gradually upgrade clusters in the Regular channel to GKE 1.16 beginning in an upcoming release. To read more about API deprecations in 1.16, see Kubernetes 1.16 deprecated APIs.

May 08, 2020

Specifying a VPC subnet for internal Load Balancer Service IPs is now supported as a per-Service annotation in GKE clusters 1.16.8-gke.10+ and 1.17+.

May 04, 2020

Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

Stable channel

There are no new releases in the Stable release channel.

Regular channel

There are no new releases in the Regular release channel.

Rapid channel

There are no new releases in the Rapid release channel.

Node image changes

GKE 1.16

GKE 1.17

The COS image for GKE 1.17 clusters is now cos-81-12871-69-0.

etcd default version changes

  • The default etcd version for new GKE 1.13 and 1.14 clusters is etcd 3.2.27-0-gke.6
  • The default etcd version for new GKE 1.15 and 1.16 clusters is etcd 3.3.18-0-gke.4
  • The default etcd version for new GKE 1.17 and higher clusters is etcd 3.4.7-0-gke.1

Autoupgrades in existing clusters will occur at a later date.

We expect the following changes in the coming weeks. This information is not a guarantee, but is provided to help you plan for upcoming changes.

Google Kubernetes Engine will gradually upgrade clusters in the regular channel to GKE 1.16 beginning in an upcoming release. Read more about API deprecations in 1.16, see Kubernetes 1.16 deprecated APIs.

April 29, 2020

Multi-cluster Ingress is now Generally Available (GA) for all GKE versions 1.14 and up. Multi-cluster Ingress provides a Kubernetes-native interface to deploy Ingress resources for internet traffic across multiple clusters and multiple regions.

Ingress is helpful for use cases including:

  • A global and stable anycast VIP, independent of cluster backends.
  • Multi-regional and multi-cluster high availability.
  • Low latency serving of traffic to the closest cluster.
  • Intelligent and safe traffic management across many clusters.

April 27, 2020

Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

Stable channel

There are no new releases in the Stable release channel.

Regular channel

There are no new releases in the Regular release channel.

Rapid channel

Upgrading

Although clusters in the Rapid channel upgrade automatically, you should still review:

To improve the safety of upgrades and reduce disruption, all new node pools have surge upgrades turned on by default with the configuration: maxSurge=1 maxUnavailable=0. For more information, see Determining your optimal surge configuration.

GKE is also gradually reconfiguring existing node pools to use surge upgrades with the same configuration. Node pools that already have upgrade_settings defined remain unaffected.

1.17 Changes

The following notable changes are coming in 1.17:

The RunAsUsername feature in 1.17 is now beta and allows specifying the username when running a Windows container.

The RuntimeClass scheduler in 1.17 simplifies scheduling Windows Pods to appropriate nodes

The following node labels are deprecated in 1.17:

Cluster Versions Deprecated Label New Label
1.14+ beta.kubernetes.io/os kubernetes.io/os
1.14+ beta.kubernetes.io/arch kubernetes.io/arch
1.17+ beta.kubernetes.io/instance-type node.kubernetes.io/instance-type
1.17+ failure-domain.beta.kubernetes.io/zone topology.kubernetes.io/zone
1.17+ failure-domain.beta.kubernetes.io/region topology.kubernetes.io/region

You must identify any node selectors using beta labels and modify them to use GA labels.

RBAC in the apps/v1alpha1 and apps/v1beta1 API versions are deprecated in 1.17 and will no longer be served in 1.20. Update your manifests and API clients to use the rbac.authorization.k8s.io/v1 APIs before 1.20 to avoid any issues.

Known issues with 1.15 and higher

A known kernel bug in Linux kernel 4.18, 4.19, 4.20 and 5.0 may cause softlockup when running eBPF workloads. This may affect nodes with GKE version 1.15 or higher using cos-77-*, and GKE version 1.15 using Ubuntu. Before the fix is released, please avoid upgrading nodes to these affected versions if you run eBPF workloads.

Google Kubernetes Engine will gradually upgrade clusters in the regular channel to GKE 1.16.

Versions no longer available

  • 1.15.9-gke.24
  • 1.15.9-gke.26
  • 1.15.11-gke.1

April 24, 2020

The ability to create new GKE clusters or update existing GKE clusters with node pools running Windows Server is now generally available.

Master global access for private clusters is now available in beta. With master global access, you can access the master's private endpoint from any Google Cloud region or on-premises environment no matter what the private cluster's region is.

A known kernel bug in Linux kernel 4.18, 4.19, 4.20 and 5.0 may cause softlockup when running eBPF workloads. This may affect nodes with GKE version 1.15 or higher using cos-77-*, and GKE version 1.15 using Ubuntu. Before the fix is released, please avoid upgrading nodes to these affected versions if you run eBPF workloads.

April 20, 2020

The region us-west4 in Las Vegas is now available.

April 15, 2020

Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

  • 1.14.10-gke.36 is now available.
  • 1.15.11-gke.9 is now available. This version updates Calico to 3.8.7. This version fixes an issue where Calico Pods would fail to initialize after restarting. The issue occurred because the Calico CNI script tried to overwrite a file which was referenced by Kubelet at the same time. For more information on the fix, see the open source documentation.
  • 1.17.4-gke.6 is now available in alpha clusters.

Stable channel

There are no new releases in the Stable release channel.

Regular channel

There are no new releases in the Regular release channel.

Rapid channel

  • 1.16.8-gke.9 is now available in the Rapid release channel.

Google Kubernetes Engine will gradually upgrade clusters in the regular channel to GKE 1.16.

April 10, 2020

Ingress access logging is now a configurable feature called logging in versions 1.16.8-gke.10 and later. This allows Ingress access logging to be toggled on or off through the BackendConfig resource.

HTTP access logging for newly created Ingress resources is being deprecated across various GKE versions on May 12th, 2020. Any new Ingress resources created with the following versions after May 12th will have access logging disabled for that Ingress resource and will not record Ingress HTTP requests in Cloud Logging. Note that existing Ingress resources will continue to log HTTP requests unless the Ingress resource is redeployed. The following GKE versions are affected:

  • 1.12
  • 1.13
  • 1.14 clusters less than 1.14.10-gke.30
  • 1.15 clusters less than 1.15.9-gke.22
  • 1.16 clusters less than 1.16.6-gke.12

Clusters whose masters are on 1.14.10-gke.30, 1.15.9-gke.22, 1.16.6-gke.12 or later versions are not impacted and HTTP access logging remains defaulted to "on" for all new and existing Ingress resources. If you're currently using access logging for GKE Ingress, we highly recommend upgrading to these versions or higher before May 12th to avoid loss of HTTP access logs for new Ingress resources.

In GKE 1.18, access logging will be changed to default to "off" for the GKE Ingress. Enabling access logging through the logging parameter is required to enable it for Ingress resources.

Google Kubernetes Engine will gradually upgrade clusters in the regular channel to GKE 1.16 beginning on or after April 13, 2020.

April 07, 2020

Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

Stable channel

There are no new releases in the Stable release channel.

Regular channel

There are no new releases in the Regular release channel.

Rapid channel

Due to the recent Windows Server security update provided by Microsoft in February 2020, a container incompatibility issue was introduced. To avoid disruption to your workloads, we have turned off Google Kubernetes Engine (GKE) auto-upgrade for the impacted clusters.

What do I need to know?

As a consequence of Microsoft's security update, your workloads may end up in a failed state due to broken compatibility if the host Windows Server image has the security update and the container base image does not have the update.

We have turned off auto-upgrade on the impacted GKE clusters to prevent this compatibility issue from affecting your workloads.

The security update will be available in the rapid channel in GKE starting April 6, 2020. Beginning April 20, 2020, Windows Server container support in GKE, along with the security update will be available on the regular channel.

What do I need to do?

We strongly recommend you to rebuild your container images with the base Windows images that include Windows Updates from March 2020, then manually upgrade your node pool to the latest GKE version. Please follow the following steps:

  1. Disable auto-upgrade on the Windows node pool(s).
  2. When the first step is complete, Google will restart the cluster auto-upgrade. Please note that this could take a few days. The cluster's master and the Linux node pool(s) will be upgraded. The Windows node pool will not get upgraded as auto-upgrade is disabled in step number one.
  3. After the cluster master upgrade is complete and you have rebuilt your container images, manually upgrade your Windows node pool.
  4. After completing step number three, you can turn back on the auto-upgrade option. If you choose to turn the auto-upgrade option back on, please use multi-arch (or multi-platform) images to take advantage of the auto-upgrade feature.

Incompatibility issues such as this one are a rare occurrence as it is against Microsoft's typical guidance for the security updates. Rest assured that if such issues occur again, we will keep you posted. Please stay up to date with GKE's release notes for the latest info.

If you have any questions or require assistance, please email us or contact Google Cloud Support.

April 01, 2020

Version updates

GKE cluster versions have been updated.

Scheduled automatic upgrades

Masters and nodes with auto-upgrade enabled will be upgraded:

Current version Upgrade version
1.15.9-gke.22 1.15.9-gke.24

Rollouts are phased across multiple weeks, to ensure cluster and fleet stability.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

Stable channel

There are no new releases in the Stable release channel.

Regular channel

Rapid channel

  • 1.16.8-gke.4 is now available in the Rapid release channel.
Versions no longer available
  • 1.15.9-gke.22

A vulnerability was recently discovered in Kubernetes that allows any user authorized to make POST requests to execute a remote Denial-of-Service attack on a Kubernetes API server. For more information, see the GCP-2020-003 security bulletin.

March 26, 2020

Version updates

GKE cluster versions have been updated.

New default version

The default version for new clusters is now 1.14.10-gke.27.

Scheduled automatic upgrades

Masters and nodes with auto-upgrade enabled will be upgraded:

Current version Upgrade version
1.14.0 to 1.14.10-gke.26 1.14.10-gke.27
1.15.0 to 1.15.9-gke.21 1.15.9-gke.22

Rollouts are phased across multiple weeks, to ensure cluster and fleet stability.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

Stable channel

Regular channel

There are no new releases in the Regular release channel.

Rapid channel

  • 1.16.8-gke.3 is now available in the Rapid release channel.
Versions no longer available
  • 1.14.10-gke.17
  • 1.14.10-gke.21
  • 1.14.10-gke.22
  • 1.14.10-gke.24
  • 1.15.8-gke.3
  • 1.15.9-gke.12

March 23, 2020

You can no longer apply the labels of kubernetes.io or k8s.io to node pools. Existing node pools with these labels aren't affected. For more information on this change, see the Kubernetes Node Restriction enhancement.

March 20, 2020

Version updates

GKE cluster versions have been updated.

Scheduled automatic upgrades

Masters and nodes with auto-upgrade enabled will be upgraded:

Current version Upgrade version
1.13.0 to 1.13.12-gke.25 1.14.10-gke.17

Rollouts are phased across multiple weeks, to ensure cluster and fleet stability.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

Stable channel

There are no new releases in the Stable release channel.

Regular channel

There are no new releases in the Regular release channel.

Rapid channel

Versions no longer available
  • 1.15.9-gke.8
  • 1.15.9-gke.9

March 16, 2020

Workload Identity is now generally available in versions 1.14.10-gke.27 and above, 1.15.9-gke.22 and above, and 1.16.6-gke.12 and above. Workload Identity is the recommended way to access Google Cloud services from within GKE clusters.

You can now use node auto-provisioning to create node pools with preemptible VMs from clusters running in the Regular release channel.

Enabling TPUs on existing clusters is now in Beta. With this feature you can toggle Cloud TPU support instead of creating new clusters and migrating your workloads.

Version updates

GKE cluster versions have been updated.

New default version

The default version for new clusters is now 1.14.10-gke.24

Scheduled automatic upgrades

Masters and nodes with auto-upgrade enabled will be upgraded:

Current version Upgrade version
1.13.12 or lower 1.14.10-gke.17

Rollouts are phased across multiple weeks, to ensure cluster and fleet stability.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

Stable channel

Regular channel

Rapid channel

Versions no longer available

The following version is no longer available to create a new cluster:

  • 1.13.12-gke.30

The issue reported February 14 with private clusters with VPC peering reuse enabled has been resolved.

March 06, 2020

The user interface for creating clusters in Google Cloud Console has been redesigned. The new design makes it easier to follow GKE best practices.

You can now configure automated deployment for your existing GKE workloads with Cloud Build.

Version updates

GKE cluster versions have been updated.

Scheduled automatic upgrades

Masters and nodes with auto-upgrade enabled will be upgraded:

Current version Upgrade version
1.13.12-gke.25 1.14.10-gke.17
1.14.8, 1.14.9 1.14.10-gke.17
1.15.7, 1.15.8-gke.2 1.15.8-gke.3

Rollouts are phased across multiple weeks, to ensure cluster and fleet stability.

New versions available for upgrades and new clusters

No channel

v.1.13.x
  • There are no new 1.13 versions this week.
v.1.14.x
v.1.15.x

Stable channel

  • There are no new versions in the Stable channel this week.

Regular channel

Rapid channel

1.16 will be moving to the Regular channel.

The 1.16 release stops serving the following API versions in favor of newer and more stable API versions:

  • NetworkPolicy in the extensions/v1beta1 API version, deprecated since 1.9, is no longer served. Migrate to the networking.k8s.io/v1 API version, available since 1.8.
  • PodSecurityPolicy in the extensions/v1beta1 API version, deprecated since 1.10, is no longer served. Migrate to the policy/v1beta1 API version, available since 1.10.
  • DaemonSet in the extensions/v1beta1, apps/v1beta1, and apps/v1beta2 API versions, deprecated since 1.9, is no longer served. Migrate to the apps/v1 API version, available since 1.9. Notable changes:
    • spec.templateGeneration is removed.
    • spec.selector is now required and immutable after creation; use the existing template labels as the selector for seamless upgrades.
    • spec.updateStrategy.type now defaults to RollingUpdate.
  • Deployment in the extensions/v1beta1, apps/v1beta1, and apps/v1beta2 API versions, deprecated since 1.9, is no longer served. Migrate to the apps/v1 API version, available since 1.9. Notable changes:
    • spec.rollbackTo is removed.
    • spec.selector is now required and immutable after creation; use the existing template labels as the selector for seamless upgrades.
    • spec.progressDeadlineSeconds now defaults to 600 seconds.
    • spec.revisionHistoryLimit now defaults to 10.
    • maxSurge and maxUnavailable now default to 25%.
  • StatefulSet in the apps/v1beta1 and apps/v1beta2 API versions, deprecated since 1.9, is no longer served. Migrate to the apps/v1 API version, available since 1.9. Notable changes:
    • spec.selector is now required and immutable after creation; use the existing template labels as the selector for seamless upgrades.
    • spec.updateStrategy.type now defaults to RollingUpdate.
  • ReplicaSet in the extensions/v1beta1, apps/v1beta1, and apps/v1beta2 API versions, deprecated since 1.9, is no longer served. Migrate to the apps/v1 API version, available since 1.9. Notable changes:
    • spec.selector is now required and immutable after creation; use the existing template labels as the selector for seamless upgrades.

February 27, 2020

Container-native load balancing with standalone network endpoint groups (NEGs) is generally available. You can use Standalone NEGs to create load balancers for several use cases including backends composed of Kubernetes and non-Kubernetes workloads.

Ingress for Anthos is now Beta for GKE versions 1.14.x+ and in the Rapid and Regular release channels. Ingress for Anthos supports Internet-facing Ingress shared across multiple backend GKE clusters and multiple Google Cloud regions. Ingress can now support use cases such as multi-regional and multi-cluster availability, low backend to user latency, and seamless cluster migrations.

February 25, 2020

Version updates

GKE cluster versions have been updated.

Scheduled automatic upgrades

Masters and nodes with auto-upgrade enabled will be upgraded:

Current version Upgrade version
1.13.12-gke.25 1.14.10-gke.17
1.14.8 1.14.10-gke.17

Rollouts are phased across multiple weeks, to ensure cluster and fleet stability.

New versions available for upgrades and new clusters

No channel

v.1.13.x
  • There are no new 1.13 versions this week.
v.1.14.x
  • 1.14.10-gke.17
v.1.15.x
  • 1.15.9-gke.12

Stable channel

  • There are no new versions in the Stable channel this week.

Regular channel

  • 1.15.8-gke.3

Rapid channel

  • 1.16.6-gke.4
Versions no longer available

The following versions are no longer available for new clusters or upgrades.

  • 1.13.12-gke.25
  • 1.14.8-gke.33

1.16 will be moving to the regular channel.

The v1.16 release stops serving the following API versions in favor of newer and more stable API versions:

  • NetworkPolicy in the extensions/v1beta1 API version, deprecated since 1.9, is no longer served. Migrate to the networking.k8s.io/v1 API version, available since 1.8.
  • PodSecurityPolicy in the extensions/v1beta1 API version, deprecated since 1.10, is no longer served. Migrate to the policy/v1beta1 API version, available since 1.10.
  • DaemonSet in the extensions/v1beta1, apps/v1beta1, and apps/v1beta2 API versions, deprecated since 1.9, is no longer served. Migrate to the apps/v1 API version, available since 1.9. Notable changes:
    • spec.templateGeneration is removed.
    • spec.selector is now required and immutable after creation; use the existing template labels as the selector for seamless upgrades.
    • spec.updateStrategy.type now defaults to RollingUpdate.
  • Deployment in the extensions/v1beta1, apps/v1beta1, and apps/v1beta2 API versions, deprecated since 1.9, is no longer served. Migrate to the apps/v1 API version, available since 1.9. Notable changes:
    • spec.rollbackTo is removed.
    • spec.selector is now required and immutable after creation; use the existing template labels as the selector for seamless upgrades.
    • spec.progressDeadlineSeconds now defaults to 600 seconds.
    • spec.revisionHistoryLimit now defaults to 10.
    • maxSurge and maxUnavailable now default to 25%.
  • StatefulSet in the apps/v1beta1 and apps/v1beta2 API versions, deprecated since 1.9, is no longer served. Migrate to the apps/v1 API version, available since 1.9. Notable changes:
    • spec.selector is now required and immutable after creation; use the existing template labels as the selector for seamless upgrades.
    • spec.updateStrategy.type now defaults to RollingUpdate.
  • ReplicaSet in the extensions/v1beta1, apps/v1beta1, and apps/v1beta2 API versions, deprecated since 1.9, is no longer served. Migrate to the apps/v1 API version, available since 1.9. Notable changes:
    • spec.selector is now required and immutable after creation; use the existing template labels as the selector for seamless upgrades.

February 24, 2020

The region us-west3 in Salt Lake City is now available.

The ability to use the Google Cloud Compute Engine Persistent Disk CSI driver in GKE is now in Beta. This feature provides a simple mechanism for users to enable the driver in GKE.

Ingress for Internal HTTP(S) Load Balancing is now available in Beta in the Rapid release channel. This enables private L7 load balancing inside the VPC that can be deployed with Ingress resources.

February 21, 2020

Starting February 24, 2020, GKE will gradually enable Node Auto Upgrade on all nodepools running on version 1.10.x and older to ensure reliability and supportability of these clusters.

February 18, 2020

Version updates

GKE cluster versions have been updated.

Rollouts are phased across multiple weeks, to ensure cluster and fleet stability.

New versions available for upgrades and new clusters

No channel

v.1.13.x
  • 1.13.12-gke.30
v.1.14.x
  • 1.14.10-gke.24
v.1.15.x
  • 1.15.9-gke.9

Stable channel

  • There are no new versions in the Stable channel this week.

Regular channel

  • There are no new versions in the Regular channel this week.

Rapid channel

  • 1.16.5-gke.2

Node image for Container-Optimized OS updated to cos-77-12371-141-0.

The --node-locations flag is now generally available. This flag enables you to specify zones for your node pools independently of setting the zone for a cluster.

February 14, 2020

Private clusters created on and after January 15, 2020 that use VPC peering reuse might experience an issue where VPC peering is removed after attempting to reschedule a cluster for deletion after the first attempt fails.

To mitigate this issue, create a private cluster in the same location as your existing private clusters. Creating a new cluster recreates the required VPC peering. You can delete the new cluster after VPC peering is recreated.

February 11, 2020

Version updates

GKE cluster versions have been updated.

New default version

The default version for new clusters is now 1.14.10-gke.17.

Scheduled automatic upgrades

Masters and nodes with auto-upgrade enabled will be upgraded:

Current version Upgrade version
1.13.x 1.13.12-gke.25

Rollouts are phased across multiple weeks, to ensure cluster and fleet stability.

New versions available for upgrades and new clusters

No channel

v.1.13.x
  • 1.13.12-gke.25
v.1.14.x
  • 1.14.10-gke.17
v.1.15.x
  • 1.15.9-gke.8

Stable channel

  • 1.14.10-gke.17

Regular channel

  • 1.15.7-gke.23

Rapid channel

  • 1.16.4-gke.30
Versions no longer available

The following versions are no longer available for new clusters or upgrades.

  • 1.13.11-gke.14
  • 1.13.11-gke.15
  • 1.13.11-gke.23 (moved to LEGACY version)
  • 1.13.12-gke.8
  • 1.13.12-gke.13
  • 1.13.12-gke.14
  • 1.13.12-gke.16
  • 1.13.12-gke.17

Surge upgrades are generally available. Surge upgrades allow you to configure speed and disruption of node upgrades.

February 04, 2020

Version updates

GKE cluster versions have been updated.

Scheduled automatic upgrades

Masters and nodes with auto-upgrade enabled will be upgraded:

Current version Upgrade version
1.12.x 1.13.12-gke.13

Rollouts are phased across multiple weeks, to ensure cluster and fleet stability.

New versions available for upgrades and new clusters

No channel

v.1.13.x
  • There are no new 1.13 versions this week.
v.1.14.x
  • 1.14.10-gke.21
v.1.15.x
  • 1.15.8-gke.3

Stable channel

  • There are no new versions in the Stable channel this week.

Regular channel

  • 1.15.7-gke.23

Rapid channel

  • 1.16.4-gke.27

Autoscaling profiles for GKE are now available in Beta. Autoscaling profiles let you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster.

All GKE clusters running 1.15 and up will have etcd upgraded to etcd 3.3.18-0-gke.1, and all new GKE clusters with 1.15 and up will be created with etcd 3.3.18-0-gke.1.

January 29, 2020

Version updates

GKE cluster versions have been updated.

Scheduled automatic upgrades

Masters and nodes with auto-upgrade enabled will be upgraded:

Current version Upgrade version
1.12.x 1.13.12-gke.13
1.14.0.x to 1.14.8-gke.32 1.14.8-gke.33
1.14.9.x to 1.14.9-gke.22 1.14.9-gke.23
1.14.10.x to 1.14.10-gke.16 1.14.10-gke.17

Rollouts are phased across multiple weeks, to ensure cluster and fleet stability.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

v.1.13.x
  • There are no new 1.13 versions this week.
v.1.14.x
  • There are no new 1.14 versions this week.
v.1.15.x
  • 1.15.8-gke.2

Stable channel

  • There are no new versions in the Stable channel this week.

Regular channel

  • There are no new versions in the Regular channel this week.

Rapid channel

  • 1.16.4-gke.25
Versions no longer available

The following version is no longer available for new clusters or upgrades.

  • 1.14.7-gke.40

Config Connector is now generally available. Config Connector is a GKE addon that allows you to manage your Google Cloud resources through Kubernetes configuration.

Config Sync is now generally available. Config Sync allows you to manage Kubernetes deployments using files stored in a Git repository.

GKE Sandbox is now generally available. GKE Sandbox protects the host kernel on your nodes when containers in the Pod execute unknown or untrusted code.

January 27, 2020

The ability to create clusters with node pools running Microsoft Windows Server is now in Beta. This feature is currently only available in the Rapid release channel.

January 24, 2020

This issue was resolved January 27, 2020.

Do not create a cluster with versions 1.15.7-gke.23, 1.14.10-gke.17, or 1.14.9-gke.23 if you depend on Workload Identity. Workload Identity is not working for newly created clusters in these versions due to a recently-discovered issue. Clusters upgraded to one of these versions are not affected. A fix will be released in the next GKE release. As workaround, you can create a cluster at a lower version, then upgrade.

The region asia-northeast3 in Seoul is now available.

January 22, 2020

Version updates

GKE cluster versions have been updated.

New default version

The default version for new clusters is now 1.13.11-gke.23.

Scheduled automatic upgrades

Masters and nodes with auto-upgrade enabled will be upgraded:

Current version Upgrade version
1.12.x 1.13.12-gke.13
1.15.x 1.15.7-gke.23

Rollouts are phased across multiple weeks, to ensure cluster and fleet stability.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

v.1.13.x
  • 1.13.11-gke.23
  • 1.13.12-gke.25
v.1.14.x
  • 1.14.7-gke.40
  • 1.14.8-gke.33
  • 1.14.9-gke.23
  • 1.14.10-gke.17
v.1.15.x
  • 1.15.7-gke.23

Stable channel and 1.13.x

Stable channel

  • 1.13.11-gke.23

No channel

  • 1.13.11-gke.13
  • 1.13.12-gke.25

Regular channel and 1.14.x

Regular channel

  • 1.14.8-gke.33

No channel

  • 1.14.7-gke.40
  • 1.14.8-gke.33
  • 1.14.9-gke.23
  • 1.14.10-gke.17

Rapid channel and 1.16.x

Rapid channel

  • 1.16.4-gke.22
Versions no longer available

The following versions are no longer available for new clusters or upgrades.

  • 1.14.7-gke.23
  • 1.14.7-gke.25
  • 1.14.8-gke.12
  • 1.14.8-gke.14
  • 1.14.8-gke.17
  • 1.14.8-gke.18
  • 1.14.8-gke.21
  • 1.14.9-gke.2
  • 1.14.10-gke.0
  • 1.15.4-gke.22
  • 1.15.7-gke.2
  • 1.16.0-gke.11 (preview)
  • 1.16.0-gke.20 (preview)
  • 1.16.4-gke.3 (preview)

Node image changes

The COS kernel previously reported on November 22nd, 2019, was discovered to cause kernel panics in certain workloads. The 1.13 and 1.14 versions available in this release were rolled back to a known stable version of COS. GKE 1.13 and 1.14 will continue to use cos-u-73-11647-293-0 while our team works to develop a permanent fix.

Application Delivery is now in Beta. This feature manages configurations for your GKE workloads declaratively with Git. For more information, see Application Delivery.

NodeLocal DNSCache is now in Beta for GKE clusters 1.15 and above. NodeLocal DNS is an optional feature for local DNS resolution to every GKE node for enhanced DNS scale and capacity.

Object Browser is now available to inspect resources on GKE clusters in Google Cloud Console. For more information, go to Dashboards.

All private clusters you create now reuse VPC Network Peering connections.

January 08, 2020

Do not update to version 1.16.0-gke.20 if you depend on HPA. Horizontal Pod Autoscaling is not working in this version due to a recently discovered issue. A fix will be released with GKE 1.16.3+.

January 07, 2020

Version updates

GKE cluster versions have been updated.

New default version

The default version for new clusters is now 1.14.8-gke.12 (previously 1.13.11-gke.14).

Scheduled automatic upgrades

Masters and nodes with auto-upgrade enabled will be upgraded:

Current version Upgrade version
1.12.x 1.13.12-gke.13

Rollouts are phased across multiple weeks, to ensure cluster and fleet stability.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

v.1.13.x
  • 1.13.12-gke.17
v.1.14.x
  • 1.14.10-gke.0
v.1.15.x
  • 1.15.7-gke.2

Stable channel and 1.13.x

Stable channel

There are no changes to the Stable channel this week.

No channel

  • 1.13.12-gke.17

Regular channel and 1.14.x

Regular channel

There are no changes to the Regular channel this week.

No channel

  • 1.14.10-gke.0

Rapid channel and 1.16.x

Rapid channel

There are no changes to the Rapid channel this week.

Versions no longer available

The following versions are no longer available for new clusters or upgrades.

  • 1.12.10-gke.17
  • 1.12.10-gke.20
  • 1.12.10-gke.22

You can now use Customer-managed encryption keys (beta) to control the encryption used for node boot disks as well as attached persistent disks in your clusters.

Consuming reservations in GKE is now generally available. Reservations allow you to reserve resources in a specific zone to ensure sufficient capacity is available for your workloads.

New clusters and node-pools created with the GKE API will have node auto-upgrade enabled by default. This change ensures that your clusters have the most recent default Kubernetes version, bug fixes, and security patches. Existing scripts running against the gcloud CLI or integrating with the GKE API will follow this new default behavior.

Node autoupgrades keep the nodes in your cluster up to date with the cluster master version when your master is updated on your behalf. To disable it explicitly, set autoUpgrade to false in the NodeManagement object.