Release notes

This page documents production updates to Google Kubernetes Engine (GKE). You can periodically check this page for announcements about new or updated features, bug fixes, known issues, and deprecated functionality.

This page includes release notes for all channels and releases.

Current versions

The following table lists the latest minor versions available in GKE and the latest patch and Container-Optimized OS version for each minor version.

Kubernetes minor versions	1.17	1.17	1.18	1.19
GKE release channel	Static^* (no channel)	Stable	Regular	Rapid
Default patch version	1.17.17-gke.1101	1.17.17-gke.1101	1.18.12-gke.1210	1.19.7-gke.2503
COS version available	cos-81	cos-81	cos-85	cos-85

^*Other versions may be available for static version clusters.

Other resources

For more detailed information about security-related known issues, see the security bulletin page.

To view release notes for versions prior to 2020, see the Release notes archive.

You can see the latest product updates for all of Google Cloud on the Google Cloud release notes page.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly: https://cloud.google.com/feeds/kubernetes-engine-release-notes.xml

March 5, 2021 (2021-R8)

Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.

No channel

Version 1.17.17-gke.1101 is now available. This version is now the default.

Version 1.17.17-gke.3000 is now available.

Version 1.18.15-gke.1501 is now available.

Version 1.18.16-gke.500 is now available.

Auto-upgrading nodes and control planes upgrade from versions 1.17 and earlier to version 1.17.17-gke.1100 with this release.

Stable channel

Version 1.17.17-gke.1101 is now available in the Stable channel. This version is now the default.

Auto-upgrading nodes and control planes in the Stable channel upgrade from versions 1.17 and earlier to version 1.17.17-gke.1100 with this release.

Version 1.15.12-gke.6002 is no longer available in the Stable channel.

Version 1.16.15-gke.7800 is no longer available in the Stable channel.

Version 1.17.15-gke.800 is no longer available in the Stable channel.

Regular channel

Version 1.18.15-gke.1501 is now available in the Regular channel.

Version 1.18.15-gke.1102 is no longer available in the Regular channel.

Rapid channel

Version 1.19.7-gke.2503 is now available in the Rapid channel. This version is now the default.

Version 1.19.8-gke.1000 is now available in the Rapid channel.

Version 1.20.4-gke.400 is now available in the Rapid channel.

Auto-upgrading nodes and control planes in the Rapid channel upgrade from version 1.19 to version 1.19.7-gke.2503 with this release.

Auto-upgrading nodes and control planes in the Rapid channel upgrade from version 1.20 to version 1.20.4-gke.400 with this release.

Version 1.19.7-gke.1500 is no longer available in the Rapid channel.

Version 1.20.2-gke.2500 is no longer available in the Rapid channel.

March 2, 2021

Starting with GKE version 1.19.7-gke.2000 (minimum GKE node version: 1.18.12-gke.1203, 1.19.6-gke.800), the Compute Engine persistent disk Container Storage Interface (CSI) Driver for Windows (Preview) is available in GKE. This feature allows you to take advantage of the latest persistent disk features without having to manually manage the CSI driver lifecycle. The CSI driver provides access to features such as volume snapshot and volume expansion. For more information, see Using the Compute Engine persistent disk CSI Driver.

The GKE Service Level Agreement now covers the Regular channel for both Standard and Autopilot modes of operation.

February 25, 2021 (2021-R7)

Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

No channel

Version 1.16.15-gke.7801 is now available.

Version 1.16.15-gke.12500 is now available.

Version 1.17.17-gke.1101 is now available.

Version 1.17.17-gke.2800 is now available.

Version 1.18.16-gke.300 is now available.

Version 1.18.12-gke.1206 is no longer available.

Auto-upgrading control planes automatically upgrade from version 1.18 to version 1.18.12-gke.1210 with this release.

Auto-upgrading nodes automatically upgrade from version 1.18 to version 1.18.12-gke.1210 with this release.

Stable channel

Version 1.16.15-gke.7801 is now available in the Stable channel.

Version 1.17.17-gke.1100 is now available in the Stable channel.

Version 1.17.17-gke.1101 is now available in the Stable channel.

Regular channel

Version 1.18.15-gke.1102 is now available in the Regular channel.

Version 1.18.12-gke-1206 is no longer available in the Regular channel.

Auto-upgrading control planes in the Regular channel automatically upgrade from version 1.18 to version 1.18.12-gke.1210 with this release.

Auto-upgrading nodes in the Regular channel automatically upgrade from version 1.18 to version 1.18.12-gke.1210 with this release.

Rapid channel

Version 1.19.7-gke.1500 is the new default version in the Rapid channel.

Version 1.19.7-gke.2503 is now available in the Rapid channel.

Version 1.20.2-gke.2500 is now available in the Rapid channel.

Before upgrading to 1.20.2-gke.2500, read the 1.20 available in the Rapid channel section in the release notes.

Version 1.19.7-gke.1302 is no longer available in the Rapid channel.

Auto-upgrading control planes in the Rapid channel automatically upgrade from version 1.19 to version 1.19.7-gke.1500 with this release.

Auto-upgrading control planes in the Rapid channel automatically upgrade from version 1.20 to version 1.20.2-gke.2500 with this release.

Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.19 to version 1.19.7-gke.1500 with this release.

Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.20 to version 1.20.2-gke.2500 with this release.

1.20 available in the Rapid channel

Kubernetes 1.20 is now available in the Rapid channel. Before upgrading to 1.20.2-gke.2500, read the Kubernetes 1.20 Release Notes especially the Urgent upgrade notes and Deprecations sections.

RuntimeClass graduated to GA in version 1.20

The node.k8s.io/v1beta1 RuntimeClass API has graduated to node.k8s.io/v1 with no changes. API clients and manifests should switch to using the node.k8s.io/v1 API after version 1.20. The node.k8s.io/v1beta1 API is deprecated and will no longer be served starting in version 1.25.

Important changes and bug fixes in version 1.20

As of version 1.20, the kubelet no longer creates the target_path for NodePublishVolume in accordance with the CSI spec. If you have self-managed CSI drivers deployed in your cluster, ensure that they are idempotent and do any necessary mount creation or verification. For more information, see Kubernetes issue #88759.
Starting in version 1.20, timeouts on exec probes are honored, and default to 1 second if unspecified. If you have Pods using exec probes, ensure that they can easily complete in 1 second or explicitly set an appropriate timeout. For more information, see Configure Probes.
Non-deterministic treatment of objects with invalid ownerReferences was fixed in version 1.20. Run the kubectl-check-ownerreferences tool prior to upgrade to locate existing objects with invalid ownerReferences.
- A namespaced object with an ownerReference to another namespaced object which does not exist in the same namespace is now consistently treated as having a missing owner and is deleted.
- A cluster-scoped object with an ownerReference to a namespaced object is now consistently treated as having an unresolvable owner, and is ignored by the garbage collector.
- Starting in version 1.20, when a namespace mismatch between a child and owner object is detected, an event with a reason code of OwnerRefInvalidNamespace is recorded.
The metadata.selfLink field, deprecated since version 1.16, is no longer populated in version 1.20. See Kubernetes issue #1164 for details. A related bug in the k8s.io/client-go library in the GetReference function was fixed in versions 0.15.9 or later, 0.16.4 or later, and 0.17.0 or later. Clients using the GetReference function should upgrade to one of those versions of client-go or newer in order to work correctly against an API Server running version 1.20 or later.

New features

You can now create clusters using the Autopilot mode. Autopilot is a new mode of operation in GKE that is designed to reduce the operational cost of managing clusters, optimize your clusters for production, and yield higher workload availability. For more information, see the Autopilot overview and blog post.

February 22, 2021

This note was updated on March 2, 2021. The issue with the Config Connector add-on with private clusters is a known issue, not a fixed issue.

New features

GKE Node System Config is now GA.

Fixed issues

GKE version 1.19.7-gke.1500 contains a fix for a performance issue in NodeLocal DNSCache. For more information, see NodeLocalDNS timeout errors.

Known issues

Customers using the Config Connector add-on with private clusters might see an issue with all resource requests timing out. Affected customers must manually create a firewall rule that allows your cluster control plane to initiate TCP connections to your nodes on port 9443. For more information, see Adding firewall rules for specific use cases. This issue will be fixed in a future release.

February 17, 2021 (2021-R6)

This note was updated on March 3, 2021. Version 1.15.12-gke.6002 is still available in the Stable channel for R6.

Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

No channel

Version 1.16.15-gke.11800 is now available.

Version 1.17.17-gke.1500 is now available.

Version 1.18.15-gke.1500 is now available.

Version 1.15.12-gke.6002 is no longer available.

Version 1.16.15-gke.6000 is no longer available.

Version 1.16.15-gke.6900 is no longer available.

Version 1.16.15-gke.7300 is no longer available.

Version 1.17.14-gke.1600 is no longer available.

Version 1.17.15-gke.300 is no longer available.

Version 1.18.12-gke.1205 is no longer available.

Version 1.18.15-gke.800 is no longer available.

Auto-upgrading control planes automatically upgrade from version 1.15 to version 1.16.15-gke.7800 with this release.

Stable channel

Version 1.16.15-gke.6000 is no longer available in the Stable channel.

Auto-upgrading control planes in the Stable channel automatically upgrade from version 1.0.0 to version 1.16.15-gke.7800 with this release.

Regular channel

Version 1.18.12-gke.1206 is now available in the Regular channel. This version is now the default.

Version 1.17.14-gke.1600 is no longer available in the Regular channel.

Version 1.17.15-gke.800 is no longer available in the Regular channel.

Auto-upgrading control planes in the Regular channel automatically upgrade from version 1.17 to version 1.18.12-gke.1206 with this release.

Auto-upgrading nodes in the Regular channel automatically upgrade from version 1.17 to version 1.18.12-gke.1206 with this release.

Rapid channel

Version 1.19.7-gke.1302 is now available in the Rapid channel. This version is now the default.

Version 1.19.7-gke.1500 is now available in the Rapid channel.

Version 1.18.12-gke.1206 is no longer available in the Rapid channel.

Version 1.19.7-gke.800 is no longer available in the Rapid channel.

Auto-upgrading control planes in the Rapid channel automatically upgrade from version 1.18 to version 1.19.7-gke.1302 with this release.

Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.18 to version 1.19.7-gke.1302 with this release.

Features

Multi-cluster Services (MCS) is now Generally Available (GA) for GKE versions 1.17 and later. MCS provides a Kubernetes-native interface to build Kubernetes applications that span multiple clusters.

MCS enables existing Services to be discoverable and accessible across clusters with a virtual IP, matching the behavior of a ClusterIP Service accessible in a cluster.

The COS image for GKE 1.16 clusters is now cos-77-12371-1109-0.

Fixed issues

GKE version 1.16.15-gke.11800 contains a fix for the certificate update issue in Internal Ingress.

February 16, 2021

Fixed issues

For clusters using a 1.19 version, with the Container-Optimized OS with Containerd (cos_containerd) node image, the issue where dockerd (the Docker Daemon) is not running at boot is now fixed.

February 9, 2021 (2021-R5)

February 23, 2021 updates: The control plane auto-upgrade from 1.15 to 1.16.15-gke.6000 was added to the Stable and No channels. The control plane auto-upgrade from 1.16 and 1.17 to 1.17.15-gke.800 was added to the Stable and No channels. The node upgrades from 1.15, 1.16, and 1.17 to version 1.17.15-gke.800 were added to the Stable and No channels.

February 10, 2021 updates: The node auto-upgrade from 1.15 to version 1.16.15-gke.6000 was removed from the Stable channel. The version 1.17.14-gke.1600 is no longer available in the Stable channel.

Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

No channel

Version 1.17.15-gke.800 is now available. This version is now the default.

Version 1.16.15-gke.11000 is now available.

Version 1.17.17-gke.1100 is now available.

Version 1.18.12-gke.1210 is now available.

Version 1.18.15-gke.1100 is now available.

Version 1.16.15-gke.4901 is no longer available.

Version 1.17.14-gke.400 is no longer available.

Auto-upgrading control planes automatically upgrade from version 1.15 to version 1.16.15-gke.6000 with this release.

Auto-upgrading control planes automatically upgrade from version 1.16 to version 1.17.15-gke.800 with this release.

Auto-upgrading control planes automatically upgrade from version 1.17 to version 1.17.15-gke.800 with this release.

Auto-upgrading nodes automatically upgrade from version 1.15 to version 1.17.15-gke.800 with this release.

Auto-upgrading nodes automatically upgrade from version 1.16 to version 1.17.15-gke.800 with this release.

Auto-upgrading nodes automatically upgrade from version 1.17 to version 1.17.15-gke.800 with this release.

Auto-upgrading nodes automatically upgrade from version 1.18 to version 1.18.12-gke.1206 with this release.

Stable channel

Version 1.17.15-gke.800 is now available in the Stable channel. This version is now the default.

Version 1.17.14-gke.1600 is no longer available in the Stable channel.

Auto-upgrading control planes in the Stable channel automatically upgrade from version 1.15 to version 1.16.15-gke.6000 with this release.

Auto-upgrading control planes in the Stable channel automatically upgrade from version 1.16 to version 1.17.15-gke.800 with this release.

Auto-upgrading control planes in the Stable channel automatically upgrade from version 1.17 to version 1.17.15-gke.800 with this release.

Auto-upgrading nodes in the Stable channel automatically upgrade from version 1.15 to version 1.17.15-gke.800 with this release.

Auto-upgrading nodes in the Stable channel automatically upgrade from version 1.16 to version 1.17.15-gke.800 with this release.

Auto-upgrading nodes in the Stable channel automatically upgrade from version 1.17 to version 1.17.15-gke.800 with this release.

Regular channel

Version 1.17.15-gke.800 is now available in the Regular channel. This version is now the default.

Version 1.18.12-gke.1210 is now available in the Regular channel.

Version 1.18.12-gke.1205 is no longer available in the Regular channel.

Auto-upgrading nodes in the Regular channel automatically upgrade from version 1.17 to version 1.17.15-gke.800 with this release.

Auto-upgrading nodes in the Regular channel automatically upgrade from version 1.18 to version 1.18.12-gke.1206 with this release.

Rapid channel

Version 1.18.12-gke.1210 is now available in the Rapid channel. This version is now the default.

Version 1.19.7-gke.1302 is now available in the Rapid channel.

Version 1.18.12-gke.1205 is no longer available in the Rapid channel.

Version 1.19.6-gke.1700 is no longer available in the Rapid channel.

Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.18 to version 1.18.12-gke.1206 with this release.

Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.19 to version 1.19.7-gke.800 with this release.

February 5, 2021

Cluster Autoscaler now scales from 0 node pools, if Pods require ephemeral storage. However, scaling from 0 node pools remains unsupported for node pools that use ephemeral storage on local SSDs , as opposed to the boot disk. Node auto-provisioning scales up for Pods that explicitly require ephemeral storage. This change applies to clusters using a 1.19 version.

By default, newly created clusters are enrolled in the Regular release channel when the following flags are not specified: --cluster-version, --release-channel, --no-enable-autoupgrade, and --no-enable-autorepair.

Node auto-provisioning supports the machine-family toleration by choosing the custom machine family for creating the node pool. This change applies to clusters using a 1.19 version.

E2 is now the default machine type for node auto-provisioning. To continue using the N1 machine type, use the cloud.google.com/machine-family node selector. This change applies to clusters using a 1.19 version.

February 2, 2021 (2021-R4)

This note was updated on February 10, 2021. The node auto-upgrade from 1.15 to version 1.16.15-gke.6000 was removed from the No channel and Stable channel.

Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

No channel

Version 1.16.15-gke.10600 is now available.

Version 1.17.17-gke.600 is now available.

Version 1.18.15-gke.800 is now available.

Version 1.17.14-gke.1200 is no longer available.

Auto-upgrading nodes in the no channel automatically upgrade from version 1.18 to version 1.18.12-gke.1205 with this release.

Stable channel

Version 1.16.15-gke.7800 is now available in the Stable channel.

Version 1.17.15-gke.800 is now available in the Stable channel.

Regular channel

Version 1.17.15-gke.800 is now available in the Regular channel.

Version 1.18.12-gke.1206 is now available in the Regular channel.

Rapid channel

Version 1.18.12-gke.1206 is now available in the Rapid channel.

Version 1.19.7-gke.800 is now available in the Rapid channel.

Version 1.19.6-gke.600 is no longer available in the Rapid channel.

Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.19 to version 1.19.6-gke.1700 with this release.

January 28, 2021

For clusters using a 1.19 version, with the Container-Optimized OS with Containerd (cos_containerd) node image, dockerd (the Docker Daemon) is not running at boot. It needs to be started manually. This issue will be fixed in a future release.

January 25, 2021 (2021-R3)

Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

No channel

Version 1.17.16-gke.1600 is now available.

Version 1.18.14-gke.1600 is now available.

Version 1.17.13-gke.2600 is no longer available.

Auto-upgrading nodes in the no channel automatically upgrade from version 1.17 to version 1.17.14-gke.1600 with this release.

Stable channel

There are no new releases in the Stable release channel.

Regular channel

Version 1.17.14-gke.1600 is now available in the Regular channel. This version is now the default.

Version 1.17.14-gke.400 is no longer available in the Regular channel.

Auto-upgrading nodes in the Regular channel automatically upgrade from version 1.17 to version 1.17.14-gke.1600 with this release.

Rapid channel

Version 1.19.6-gke.1700 is now available in the Rapid channel.

January 22, 2021

Multidimensional Pod autoscaling is now available in beta in the Rapid release channel. With this feature, you can use horizontal scaling based on CPU and vertical scaling based on memory at the same time. To learn more, see Configuring multidimensional Pod autoscaling.

Support for Legacy Logging and Legacy Monitoring for GKE is extended to GKE versions 1.16 and 1.17. Cloud Operations for GKE remains the default configuration for GKE 1.16 and 1.17. Both existing and new 1.16 and 1.17 clusters can use either of the two logging options.

GKE will gradually begin using the Konnectivity service for versions 1.19.4-gke.200 and later. Konnectivity replaces SSH tunnels between the control plane and nodes with a more secure TCP proxy. The change will first be introduced for non-private clusters.

The Ubuntu image for GKE 1.16 clusters is now ubuntu-gke-1804-1-16-v20201116.

This version includes the following improvements:

USN-4627-1 CVEs is fixed
A patch for the GPU driver installer for Ubuntu with containerd

January 19, 2021 (2021-R2)

Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

No channel

Version 1.17.16-gke.1300 is now available.

Version 1.18.12-gke.1201 is now available.

Version 1.18.12-gke.1205 is now available.

Version 1.18.14-gke.1200 is now available.

Auto-upgrading nodes in the no channel automatically upgrade from version 1.15 to version 1.16.15-gke.6000 with this release.

Stable channel

Version 1.17.14-gke.1600 is now available in the Stable channel.

Version 1.17.14-gke.1200 is no longer available in the Stable channel.

Auto-upgrading nodes in the Stable channel automatically upgrade from version 1.15 to version 1.16.15-gke.6000 with this release.

Auto-upgrading nodes in the Stable channel automatically upgrade from version 1.17 to version 1.17.14-gke.1600 with this release.

Regular channel

Version 1.17.14-gke.1600 is now available in the Regular channel.

Version 1.18.12-gke.1205 is now available in the Regular channel.

Version 1.17.14-gke.1200 is no longer available in the Regular channel.

Auto-upgrading nodes in the Regular channel automatically upgrade from version 1.18 to version 1.18.12-gke.1205 with this release.

Rapid channel

Version 1.18.12-gke.1205 is now available in the Rapid channel. This version is now the default.

Version 1.19.6-gke.600 is now available in the Rapid channel.

Before upgrading to 1.19.6-gke.600, read the 1.19 available in the Rapid channel section in the release notes.

Version 1.18.12-gke.1200 is no longer available in the Rapid channel.

Version 1.18.12-gke.1202 is no longer available in the Rapid channel.

Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.18 to version 1.18.12-gke.1205 with this release.

Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.19 to version 1.19.6-gke.600 with this release.

1.19 available in the Rapid channel

Kubernetes 1.19 is now available in Rapid channel. Before upgrading to 1.19.6-gke.600, read Kubernetes 1.19 Release Notes especially the Urgent upgrade notes section.

Changes

Basic authentication with a password has been removed in Kubernetes 1.19. Clusters upgraded to 1.19 can no longer use basic authentication to authenticate users to the control plane.

Features

Seccomp (secure computing mode) support for Kubernetes has graduated to General Availability (GA). This feature can be used to increase the workload security by restricting the system calls for a Pod (applies to all containers) or individual containers.

A new seccompProfile field is added to Pod and Container securityContext objects, starting in Kubernetes 1.19.

securityContext:
  seccompProfile:
    # "Unconfined", "RuntimeDefault", or "Localhost"
    type: Localhost
    # only necessary if type == Localhost
    localhostProfile: my-profiles/profile-allow.json

The alpha seccomp annotations seccomp.security.alpha.kubernetes.io/pod and container.seccomp.security.alpha.kubernetes.io/…are deprecated in favor of the GA API field. The alpha annotations will not be honored in Kubernetes 1.22+.

If you are currently using Seccomp annotations on Pods or Containers, you should identify and transition workloads using the annotations to set the API fields before 1.21 is released on GKE (approximately in June 2021). No change on PodSecurityPolicy is required, as it supports both annotation and field seccomp profiles. You can follow the recommended steps below:

Locate Seccomp annotation usages. In your Kubernetes manifest files, search for "seccomp.security.alpha.kubernetes.io/pod" and "container.seccomp.security.alpha.kubernetes.io/"".

Add or update securityContext fields. Based on your annotation usage, add or update (if securityContext already exists) the securityContext field in Pod or Container spec. The annotations can be left in place, but must match the securityContext API field.

Current annotation usage	Add or update securityContext
`seccomp.security.alpha.kubernetes.io/pod`	In Pod's securityContext, add seccompProfile field.
`container.seccomp.security.alpha.kubernetes.io/CONTAINER_NAME`	In `CONTAINER_NAME`'s securityContext, add seccompProfile field.

Set values for seccompProfile. The type field of seccompProfile corresponds to the annotation value, and localhostProfile field corresponds to the path following localhost annotation value.

Current annotation value	seccompProfile value
`unconfined`	`seccompProfile: type: Unconfined`
`runtime/default` or `docker/default`	`seccompProfile: type: RuntimeDefault`
`localhost/path/to/profile.json`	`seccompProfile: type: Localhost localhostProfile: path/to/profile.json`

For more details, see the following pages:

The widely used Ingress API has graduated to general availability in Kubernetes 1.19. The v1beta1 Ingress API is deprecated, and will no longer be served in 1.22+. Before 1.21, identify and transition clients and manifests using the v1beta1 Ingress API to use networking.k8s.io/v1.

Clusters with Google Cloud's operations suite enabled can use the following query to identify clients that access the Ingress v1beta1 APIs:

resource.type="k8s_cluster"
resource.labels.cluster_name="$CLUSTER_NAME"
protoPayload.authenticationInfo.principalEmail:("system:serviceaccount" OR "@")
protoPayload.request.apiVersion=("extensions/v1beta1" OR "networking.k8s.io/v1beta1")
protoPayload.request.kind="Ingress"
NOT ("kube-system")

Identify and transition clients and manifests using the v1beta1 Ingress APIs to use networking.k8s.io/v1 before 1.21 is released on GKE (approximately in June 2021), then verify no clients are using the v1beta1 API during the 1.21 timeframe. Workloads using the v1beta1 APIs need to be upgraded before your cluster is upgraded to GKE 1.22.

To migrate manifests to networking.k8s.io/v1:

Rename the spec.backend field (if specified) to spec.defaultBackend
Rename each backend.serviceName field to backend.service.name
Rename each numeric backend.servicePort field to backend.service.port.number
Rename each string backend.servicePort field to backend.service.port.name
Specify a pathType field for each defined path. Options are Prefix, Exact, and ImplementationSpecific. To match the undefined v1beta1 behavior, use ImplementationSpecific.

As an example, to migrate this v1beta1 manifest to v1:

v1beta1 manifest

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: example
spec:
  backend:
    serviceName: default-backend
    servicePort: 80
  rules:
  - http:
      paths:
      - path: /testpath
        backend:
          serviceName: test
          servicePort: 80

v1 manifest

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: example
spec:
  defaultBackend:
    service:
      name: default-backend
      port:
        number: 80
  rules:
  - http:
      paths:
      - path: /testpath
        pathType: ImplementationSpecific
        backend:
          service:
            name: test
            port:
              number: 80

The CertificateSigningRequest API has graduated to certificates.k8s.io/v1 in Kubernetes 1.19. The v1beta1 CertificateSigningRequest API is deprecated and will no longer be served in 1.22+.

Clusters with Google Cloud's operations suite enabled can use the following query to identify clients that access the CertificateSigningRequest v1beta1 APIs:

resource.type="k8s_cluster"
resource.labels.cluster_name="$CLUSTER_NAME"
protoPayload.authenticationInfo.principalEmail:("system:serviceaccount" OR "@")
protoPayload.request.apiVersion="certificates.k8s.io/v1beta1"
NOT ("kube-system")

Identify and transition clients and manifests using the v1beta1 CertificateSigningRequest API to use certificates.k8s.io/v1 before 1.21 is released on GKE (approximately in June 2021), then verifying no clients are using the v1beta1 API during the 1.21 timeframe. Workloads using the v1beta1 API need to be upgraded before your cluster is upgraded to GKE 1.22.

Differences between the v1beta1 and v1 API are as follows:

For API clients requesting certificates:
- spec.signerName is now required, and requests for kubernetes.io/legacy-unknown are not allowed to be created using the certificates.k8s.io/v1 API
- spec.usages is now required, cannot contain duplicate values, and must only contain known usages
For API clients approving or signing certificates:
- status.conditions cannot contain duplicate types
- status.conditions[*].status is now required
- status.certificate must be PEM-encoded, and must contain only CERTIFICATE blocks

January 11, 2021

The Compute Engine persistent disk Container Storage Interface (CSI) Driver is now generally available in GKE. It allows you to take advantage of the latest persistent disk features without having to manually manage the CSI driver lifecycle.

For newly created clusters, the Compute Engine persistent disk CSI Driver is installed by default for the following cluster versions:

1.18.10-gke.2101 and later
1.19.3-gke.2100 and later

For all clusters, PersistentVolumeClaims created without specifying a StorageClass will continue to trigger volume provisioning using the in-tree gcePersistentDisk volume plugin. Only StorageClasses that reference the provisioner name pd.csi.storage.gke.io will provision using the CSI driver. For details, refer to Using the Compute Engine persistent disk CSI Driver.

In all GKE versions 1.14 or later, Google Cloud's operations suite for GKE adds two new options for configuring which logs and metrics are collected:

System and workload logging only (Monitoring disabled).
System monitoring only (Logging disabled).

January 8, 2021 (2021-R1)

Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

No channel

Version 1.16.15-gke.6000 is now available. This version is now the default.

Version 1.17.14-gke.400 is now available.

Version 1.14.10-gke.50 is no longer available.

Version 1.14.10-gke.902 is no longer available.

Version 1.14.10-gke.1504 is no longer available.

Version 1.15.12-gke.20 is no longer available.

Version 1.15.12-gke.4000 is no longer available.

Version 1.15.12-gke.4002 is no longer available.

Version 1.15.12-gke.5000 is no longer available.

Version 1.15.12-gke.6001 is no longer available.

Version 1.16.15-gke.4300 is no longer available.

Version 1.16.15-gke.4301 is no longer available.

Version 1.16.15-gke.5500 is no longer available.

Version 1.17.13-gke.2001 is no longer available.

Auto-upgrading nodes in the no channel automatically upgrade from version 1.14 to version 1.15.12-gke.6002 with this release.

Auto-upgrading nodes in the no channel automatically upgrade from version 1.16 to version 1.16.15-gke.6000 with this release.

Auto-upgrading nodes in the no channel automatically upgrade from version 1.17 to version 1.17.14-gke.400 with this release.

Stable channel

Version 1.16.15-gke.6000 is now available in the Stable channel. This version is now the default.

Version 1.17.14-gke.1200 is now available in the Stable channel.

Version 1.15.12-gke.20 is no longer available in the Stable channel.

Version 1.15.12-gke.6001 is no longer available in the Stable channel.

Version 1.16.15-gke.4300 is no longer available in the Stable channel.

Version 1.16.15-gke.4301 is no longer available in the Stable channel.

Version 1.16.15-gke.4901 is no longer available in the Stable channel.

Version 1.16.15-gke.5500 is no longer available in the Stable channel.

Auto-upgrading nodes in the Stable channel automatically upgrade from version 1.16 to version 1.16.15-gke.6000 with this release.

Regular channel

Version 1.17.14-gke.400 is now available in the Regular channel. This version is now the default.

Version 1.17.13-gke.2600 is no longer available in the Regular channel.

Auto-upgrading nodes in the Regular channel automatically upgrade from version 1.17 to version 1.17.14-gke.400 with this release.

Rapid channel

Version 1.18.12-gke.1201 is now available in the Rapid channel. This version is now the default.

Version 1.18.12-gke.1205 is now available in the Rapid channel.

Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.18 to version 1.18.12-gke.1201 with this release.

Known issues

We have discovered an issue with Internal Ingress on GKE that may require your action if you have HTTPS enabled (either through pre-shared certificates or Kubernetes Secrets). This issue does not affect External Ingress resources or MultiClusterIngress resources.

What do I need to know?

For internal Ingress on GKE versions 1.17.x and earlier, there is a known issue concerning SSL Certificate Updates on internal Ingress resources. Updating the certificate is not possible for pre-shared or Secrets-based certificates (which includes Kubernetes certificate managers). Updates to existing certificates on internal Ingress resources will not complete if attempting to update the Ingress resource.

In order to replace the certificate on an existing Ingress, the Ingress must be deleted and re-deployed. Manual updates using the gcloud compute target-https-proxies update allow a certificate to be updated on an existing Ingress without recreation, but any manual updates are overwritten by the Ingress controller if the Ingress is updated again.

What do I need to do?

If you intend to update your TLS Spec or Pre-shared Cert Spec on your Internal Ingress, you must do so by deleting your Ingress and recreating it as soon as possible, until you are able to upgrade to a patched version. Versions 1.16 are expected to be patched this month.

December 17, 2020

Internal Ingress for Internal HTTP(S) Load Balancing is now GA for 1.17.13-gke.2600+ and 1.18.10-gke.800+. Note that the certificate update issue is now patched in these GA versions. Internal Ingress for GKE 1.16 will be patched in an upcoming release.

December 14, 2020 (R41)

Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

No channel

Version 1.16.15-gke.7300 is now available.

Version 1.17.14-gke.1600 is now available.

Auto-upgrading nodes in the no channel automatically upgrade from version 1.14 to version 1.15.12-gke.6001 with this release.

Auto-upgrading nodes in the no channel automatically upgrade from version 1.16 to version 1.16.15-gke.4300 with this release.

Auto-upgrading nodes in the no channel automatically upgrade from version 1.17 to version 1.17.13-gke.2600 with this release.

Stable channel

Version 1.16.15-gke.4901 is now available in the Stable channel. This version is now the default.

Auto-upgrading nodes in the Stable channel automatically upgrade from version 1.16 to version 1.16.15-gke.4300 with this release.

Regular channel

Version 1.17.13-gke.2600 is now available in the Regular channel. This version is now the default.

Auto-upgrading nodes in the Regular channel automatically upgrade from version 1.17 to version 1.17.13-gke.2600 with this release.

Rapid channel

Version 1.18.12-gke.1201 is now available in the Rapid channel.

Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.18 to version 1.18.12-gke.1200 with this release.

Node image changes

The Ubuntu image for GKE stable channel and 1.16 clusters is ubuntu-gke-1804-1-16-v20201020a.

The Ubuntu image for GKE regular channel and 1.17 clusters is ubuntu-gke-1804-1-17-v20201116.

Fixed issues

When using ephemeral storage on local SSDs, reserved space is now calculated from the number of SSDs, instead of the size of the boot disk. Learn more at Allocatable local ephemeral storage resources.

December 8, 2020

Other updates

With the release of GKE node version 1.19, the Container-Optimized OS with Docker (cos) variant is deprecated. Please migrate to the Container-Optimized OS with Containerd (cos_containerd) variant, which is now the default GKE node image. For instructions, see Containerd images.

December 7, 2020 (R40)

Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

No channel

Version 1.15.12-gke.6002 is now available.

Version 1.16.15-gke.6900 is now available.

Version 1.17.14-gke.1200 is now available.

Version 1.18.12-gke.1200 is now available.

This version is available in preview.

Version 1.19.4-gke.1200 is now available.

This version is available in preview. Before creating GKE v1.19 clusters, you must review the known issues and urgent upgrade notes.

Auto-upgrading nodes automatically upgrade from version 1.14 to version 1.15.12-gke.6001 with this release.

Auto-upgrading nodes automatically upgrade from version 1.16 to version 1.16.15-gke.4300 with this release.

Auto-upgrading nodes automatically upgrade from version 1.17 to version 1.17.13-gke.2001 with this release.

Version 1.19.4-gke.700 is no longer available.

Stable channel

Version 1.15.12-gke.6002 is now available in the Stable channel.

Auto-upgrading nodes in the Stable channel automatically upgrade from version 1.16 to version 1.16.15-gke.4300 with this release.

Regular channel

Auto-upgrading nodes in the Regular channel automatically upgrade from version 1.17 to version 1.17.13-gke.2001 with this release.

Rapid channel

Version 1.18.12-gke.1200 is now available in the Rapid channel.

Version 1.18.12-gke.300 is now the default in the Rapid channel.

Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.18 to version 1.18.12-gke.300 with this release.

Version 1.18.10-gke.2701 is no longer available in the Rapid channel.

December 1, 2020 (R39)

Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

No channel

Version 1.16.15-gke.4301 is now available.

Version 1.16.15-gke.6000 is now available.

Version 1.17.13-gke.1401 is now available.

Version 1.17.14-gke.400 is now available.

This release sets sysctl net.netfilter.nf_conntrack_tcp_be_liberal=1 on the node image. This discourages netfilter from resetting TCP connections.

Version 1.19.4-gke.700 is now available.

This version is available in preview. Before creating GKE v1.19 clusters, you must review the known issues and urgent upgrade notes.

Version 1.19.3-gke.2100 is no longer available.

Version 1.19.3-gke.2700 is no longer available.

Auto-upgrading nodes in the no channel automatically upgrade from version 1.17 to version 1.17.13-gke.1401 with this release.

Stable channel

Version 1.16.15-gke.4901 is now available in the Stable channel.

Version 1.16.15-gke.4301 is now available in the Stable channel.

Auto-upgrading nodes in the Stable channel automatically upgrade from version 1.16 to version 1.16.13-gke.404 with this release.

Regular channel

Version 1.17.13-gke.1401 is now available in the Regular channel.

Version 1.17.13-gke.1400 is no longer available in the Regular channel.

Auto-upgrading nodes in the Regular channel automatically upgrade from version 1.17 to version 1.17.13-gke.1401 with this release.

1.17.13-gke.2001 is now the default version in the Regular channel.

Rapid channel

Version 1.18.12-gke.300 is now available in the Rapid channel. This version is now the default.

1.18.10-gke.2701 is now the default version in the Rapid channel.

Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.18 to version 1.18.10-gke.2701 with this release.

Version 1.18.10-gke.2101 is no longer available in the Rapid channel.

November 24, 2020

The November 17, 2020 release removed the following GKE versions.

Version 1.16.13-gke.401 is no longer available.

Version 1.19.3-gke.1500 is no longer available.

Version 1.16.13-gke.401 is no longer available in the Stable channel.

Version 1.17.12-gke.1504 is no longer available in the Regular channel.

Version 1.18.10-gke.1500 is no longer available in the Rapid channel.

November 17, 2020 (R38)

This note was updated on November 24, 2020.

Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

No channel

Version 1.16.15-gke.5500 is now available.

Version 1.17.13-gke.2600 is now available.

Version 1.19.3-gke.2700 is now available.

This version is available in preview. Before creating GKE v1.19 clusters, you must review the known issues and urgent upgrade notes.

Stable channel

1.16.15-gke.4300 is now the default version in the Stable.

Auto-upgrading nodes in the Stable channel automatically upgrade from version 1.16 to version 1.16.13-gke.404 with this release.

Regular channel

Version 1.17.13-gke.2001 is now available in the Regular channel.

Auto-upgrading nodes in the Regular channel automatically upgrade from version 1.17 to version 1.17.13-gke.1400 with this release.

Rapid channel

Version 1.18.10-gke.2701 is now available in the Rapid channel. This version is now the default.

Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.18 to version 1.18.10-gke.2101 with this release.

The issue from September 28, 2020 with Container Threat Detection on GKE 1.18 is resolved in GKE versions versions 1.18.9-gke.1300 and later and 1.19.2-gke.2000 and later.

Changes

You can now use balanced persistent disks (pd-balanced) as a GKE node boot disk type. You create node pools with pd-balanced boot disks using the Cloud SDK and Google Cloud API.

November 13, 2020

The following GKE features are now available.

New features

SSL policies for GKE external Ingress for 1.17.6-gke.11+ are now generally available. SSL policies allow you to specify a set of TLS versions and ciphers that the load balancer uses to terminate HTTPS traffic from clients.

Custom health checks across all Ingress types for 1.17.12-gke.500+ are now generally available. With custom health checks, you specify parameters in a Kubernetes BackendConfig.

You can now specify custom network endpoint group (NEG) names. This feature is in beta.

HTTPS redirects for Ingress are now in beta. An external HTTP load balancer can redirect unencrypted HTTP requests to an HTTPS load balancer that uses the same IP address.

Static IP addressing for internal Ingress is now in beta.

Known issues

For internal Ingress on GKE versions earlier than 1.18.10-gke.600 there is a known issue concerning SSL Certificate Updates on internal Ingress resources. Updating the certificate is not possible for pre-shared or Secrets-based certificates (which includes Kubernetes certificate managers). In order to replace the certificate on an existing Ingress, the Ingress must be deleted and re-deployed. Manual updates using the gcloud compute target-https-proxies update allow a certificate to be updated, but any manual updates are overwritten by the Ingress controller if the Ingress is updated again.

The GKE release notes will be updated when the patch is available.

November 12, 2020 (R37)

Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

No channel

Version 1.16.15-gke.4901 is now available.

Version 1.17.13-gke.2001 is now available.

Version 1.19.3-gke.2100 is now available.

This version is available in preview. Before creating GKE v1.19 clusters, you must review the known issues and urgent upgrade notes.

Version 1.16.13-gke.404 is the new default version.

Stable channel

There are no new releases in the Stable release channel.

Auto-upgrading nodes in the Stable channel automatically upgrade from version 1.15 to version 1.16.13-gke.401 with this release.

Regular channel

Version 1.17.13-gke.1400 is now available in the Regular channel.

Rapid channel

Version 1.18.10-gke.2101 is now available in the Rapid channel.

Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.18 to version 1.18.10-gke.1500 with this release.

Version 1.18.10-gke.1500 is the new default version in the Rapid channel.

Changes

New clusters created with the v1alpha1 and v1beta1 APIs install the Compute Engine persistent disk Container Storage Interface by default (CSI) Driver for the following cluster versions:

1.18.10-gke.2101 and higher
1.19.3-gke.2100 and higher

November 6, 2020

The following GKE features are now available.

Node pools running GKE 1.18 and higher can now be configured to use local SSD for ephemeral storage with emptyDir volumes. For more information, see Using local SSDs. This feature is in beta.

November 4, 2020 (R36)

Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

No channel

Version 1.16.13-gke.404 is now available.

Version 1.16.15-gke.4300 is now available.

Version 1.17.13-gke.1400 is now available.

Version 1.19.3-gke.1500 is now available.

This version is available in preview. Before creating GKE v1.19 clusters, you must review the known issues and urgent upgrade notes.

Stable channel

Version 1.15.12-gke.6001 is now available in the Stable channel.

Regular channel

Version 1.17.12-gke.1504 is now available in the Regular channel.

Version 1.17.13-gke.600 is now available in the Regular channel.

Rapid channel

Version 1.18.10-gke.1500 is now available in the Rapid channel.

This release sets sysctl net.netfilter.nf_conntrack_tcp_be_liberal=1 on the node image. This discourages netfilter from resetting TCP connections.

Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.18 to version 1.18.10-gke.601 with this release.

Changes

Support for Legacy Logging and Monitoring for Google Kubernetes Engine is extended to GKE 1.15. Google Cloud's operations suite remains the default configuration for GKE 1.15. Both existing and new GKE 1.15 clusters can use either of the two logging options.

October 28, 2020 (R35)

Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

No channel

Version 1.16.15-gke.3500 is now available.

Version 1.17.13-gke.600 is now available.

Version 1.19.3-gke.2 is now available.

Auto-upgrading nodes and control planes upgrade from version 1.14 to version 1.15.12-gke.20 during this release.

Auto-upgrading nodes and control planes upgrade from version 1.17 to version 1.17.12-gke.1504 during this release.

Stable channel

There are no new releases in the Stable release channel.

Regular channel

There are no new releases in the Regular release channel.

Rapid channel

Version 1.18.10-gke.601 is now available in the Rapid channel.

Version 1.18.9-gke.1501 is no longer available in the Rapid channel.

Versions no longer available

The following versions are no longer available for new clusters or cluster upgrades:

1.17.12-gke.1501
1.18.9-gke.1501

Known issues

There is a known issue with Config Connector component versions 1.24.0 and 1.25.0. Clusters with many resources being managed might fail with error code 413 while communicating with Google Cloud.

The following GKE versions are affected:

1.15.12-gke.6001 (R34)
1.16.15-gke.2601 (R34)
1.16.15-gke.3500 (R35)
1.17.12-gke.2502 (R34)
1.17.13-gke.600 (R35)
1.18.9-gke.2501 (R34)

October 20, 2020 (R34)

Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

No channel

Version 1.14.10-gke.1504 is now available.

Version 1.15.12-gke.4002 is now available.

Version 1.15.12-gke.6001 is now available.

Version 1.16.13-gke.403 is now available.

Version 1.16.15-gke.2601 is now available.

Version 1.17.12-gke.1504 is now available.

Version 1.17.12-gke.2502 is now available.

Auto-upgrading nodes and control planes upgrade from version 1.14 to version 1.15.12-gke.20 during this release.

Auto-upgrading control planes upgrade from version 1.15 to version 1.16.13-gke.401 during this release.

Stable channel

Version 1.16.13-gke.403 is now available in the Stable channel.

Auto-upgrading control planes from version 1.15 to version 1.16.13-gke.401 during this release.

Regular channel

Version 1.17.12-gke.1501 is now available in the Regular channel.

Version 1.17.12-gke.1504 is now available in the Regular channel.

Version 1.17.12-gke.1504 is the new default version in the Regular channel.

Version 1.17.9-gke.1504 is no longer available in the Regular channel.

Version 1.17.9-gke.6300 is no longer available in the Regular channel.

Rapid channel

Version 1.18.9-gke.2501 is now available in the Rapid channel.

Version 1.18.9-gke.2501 is the new default version for clusters in the Rapid channel.

Version 1.18.9-gke.801 is no longer available in the Rapid channel.

Versions no longer available

The following versions are no longer available for new clusters or cluster upgrades:

1.17.9-gke.1504
1.17.9-gke.6300

October 19, 2020

Fixed issues

A fix for the issue reported on September 16, 2020 where custom resources in the istio-system namespace were deleted when upgrading from GKE 1.16 to 1.17 and 1.18 is now available.

Upgrade to one of the following unaffected versions to avoid having to manually recreate these resources:

1.17.12-gke.1501 and higher
1.18.9-gke.1501 and higher

The issue only occurs during upgrades, so new clusters created in earlier versions are unaffected.

October 16, 2020

Known issue

There is a known issue impacting both LTSC and SAC Windows Server images on GKE versions 1.17.x and 1.18.x. New Windows nodes take longer to join the cluster which may cause node pool creation, auto-scaling, and auto-repair operations to time out.

We recommend not upgrading clusters with Windows Server nodes pools to the following versions:

1.17.12-gke.1501
1.18.9-gke.1501

GKE versions beyond the affected versions will not have the startup time regression. Upgrade to versions greater than 1.17.12-gke.1501 and 1.18.9-gke.1501 when they become available.

October 12, 2020 (R33)

Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

No channel

Version 1.14.10-gke.901 is now available.

Version 1.15.12-gke.5000 is now available.

Version 1.16.15-gke.1600 is now available.

Version 1.17.12-gke.1501 is now available.

Auto-upgrading nodes and control planes upgrade from version 1.14 to version 1.15.12-gke.20 during this release.

Stable channel

Auto-upgrading nodes and control planes upgrade from 1.14 to version 1.15.12-gke.20 during this release.

Auto-upgrading control planes from version 1.15 to version 1.16.13-gke.401 during this release.

Regular channel

There are no new releases in the Regular release channel.

Rapid channel

Version 1.18.9-gke.1501 is now available in the Rapid channel.

Version 1.18.9-gke.801 is the new default version for clusters in the Rapid channel.

Version 1.17.9-gke.1504 is no longer available in the Rapid channel.

Version 1.18.6-gke.4801 is no longer available in the Rapid channel.

Auto-upgrading nodes and control planes upgrade from version 1.17, 1.18 to version 1.18.9-gke.801 during this release.

Fixes

A new Windows node image version that fixes CVE-2020-1472 is now available. For more information, see the GCP-2020-013 security bulletin.

October 06, 2020

Known issues

There is a known issue with the upgrade from GKE 1.16 to 1.17. Any custom resources you created in the istio-system namespace are deleted during an upgrade to 1.17. These resources must be manually recreated. We recommend not upgrading clusters with the Istio addon to 1.17 until the fix is rolled out. The issue only occurs during upgrades, so new clusters are not affected.

The fix was not included in release R31 as previously reported.

October 02, 2020 (R32)

Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

No channel

Version 1.15.12-gke.4000 is now available.

Version 1.16.15-gke.500 is now available.

Version 1.17.12-gke.500 is now available.

Version 1.16.13-gke.401 is the new default version for clusters with no channel.

Auto-upgrading control planes upgrade from version 1.14 to version 1.14.10-gke.50 during this release.

Auto-upgrading control planes upgrade from version 1.15 to version 1.15.12-gke.20 during this release.

Auto-upgrading nodes control planes upgrade from version 1.16 to version 1.16.13-gke.401 during this release.

Stable channel

Version 1.16.13-gke.401 is the new default version in the Stable channel.

Auto-upgrading nodes and control planes upgrade from version 1.15 to version 1.15.12-gke.20 during this release.

Auto-upgrading nodes and control planes upgrade from version 1.16 to version 1.16.13-gke.401 during this release.

Regular channel

Version 1.17.9-gke.6300 is now available in the Regular channel.

Version 1.17.9-gke.1504 is the new default version in the Regular channel.

Auto-upgrading control planes upgrade from versions 1.16 and 1.17 to version 1.17.9-gke.1504 during this release.

Rapid channel

Version 1.18.9-gke.801 is now available in the Rapid channel.

Versions no longer available

The following versions are no longer available for new clusters or cluster upgrades:

1.15.12-gke.2
1.15.12-gke.9
1.15.12-gke.13
1.15.12-gke.16
1.15.12-gke.17
1.16.13-gke.1
1.16.13-gke.400

New features

In GKE 1.18 and later, for clusters using an optimize-utilization autoscaling profile, the scheduler name in the Pod spec is set to gke.io/optimize-utilization-scheduler.

September 28, 2020

If Container Threat Detection is enabled on GKE clusters that have a version of 1.18.6-gke.2100 or later, it causes all Linux nodes to go into a reboot loop.

September 25, 2020 (R31)

Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

No channel

Version 1.17.9-gke.6300 is now available.

Auto-upgrading control planes upgrade from version 1.16 to version 1.16.13-gke.401 during this release.

Auto-upgrading control planes upgrade from version 1.17 to version 1.17.9-gke.1504 during this release.

Stable channel

Version 1.16.13-gke.1 is now available in the Stable channel.

Version 1.16.13-gke.401 is now available in the Stable channel.

Regular channel

There are no new releases in the Regular release channel.

Rapid channel

Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.18.6-gke.3504 to version 1.18.6-gke.4801 with this release.

Version 1.18.6-gke.3504 is no longer available in the Rapid channel.

Changes

For clusters not using Legacy Logging and Monitoring, upgrades from 1.14 to 1.15 are now scheduled to start in mid October. This is a change from the details announced in R29.

New features

Node Auto-Provisioning now lets you set default values for the following features:

Customer-managed encryption keys (CMEK)
Secure Boot and Integrity Monitoring
Boot disk type and size

The default value will be used by all newly created node pools.

Coming soon

We expect the following changes in the coming weeks. This information is not a guarantee, but is provided to help you plan for upcoming changes.

GKE will gradually upgrade clusters' control planes only to Kubernetes 1.16, beginning on or after October 6, 2020.

Node pools will not be auto-upgraded to 1.16 at this time, but can be manually upgraded completing the following instructions.

Once rolled out, 1.16 will become the most mature control plane version in the Kubernetes fleet, with newer versions available on the Rapid and Regular channels. In turn, older control plane versions will be deprecated and eventually removed from the fleet. Periodically deprecating and eventually removing beta APIs is part of a standard process to ensure that all Kubernetes fleets evolve and all APIs continue to be up-to-date.

More information is available in the GKE documentation and from the Kubernetes project.

What do I need to do?

Test and qualify 1.16 in a pre-production environment. We highly recommend testing upgrades in a staging or testing environment before rolling them out to production.
Migrate to use the current API versions before your clusters are upgraded to Kubernetes 1.16 to ensure your API clients and resource manifests can access and update API resources without interruption.

You can manually upgrade node pools to 1.16:

The same method is available for auto-upgrade enabled clusters as GKE will not automatically upgrade node pools to 1.16 at this time.

If you are concerned about disruption, use maintenance windows and exclusions to control when the upgrade will occur.

Known issues

If you have the Istio on GKE add-on enabled on a cluster, there is a known issue with the upgrade from GKE 1.16 to 1.17 versions lower than 1.17.9-gke.6300 (R30 or earlier). Any custom resources you created in the istio-system namespace are deleted during an upgrade to 1.17 (R30 or earlier). These resources must be manually recreated. We recommend that Istio on GKE users upgrade only to R31 or a later version that doesn't have the issue. The issue only occurs during upgrades, so new clusters are not affected.

September 16, 2020

If you have the Istio on GKE add-on enabled on a cluster, there is a known issue with the upgrade from GKE 1.16 to 1.17. Any custom resources you created in the istio-system namespace are deleted during an upgrade to 1.17 (R30 or earlier). These resources must be manually recreated. We recommend that Istio on GKE users do not upgrade to GKE 1.17 until a patch release fixes the issue. The fix will be rolled out in GKE release R31.

September 15, 2020 (R30)

Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

No channel

Version 1.15.12-gke.20 is the new default version for clusters with no channel.

Stable channel

Version 1.15.12-gke.20 is the new default version in the Stable channel.

Version 1.15.12-gke.2 is no longer available in the Stable channel.

Regular channel

Version 1.16.13-gke.401 is the new default version in the Regular channel.

Auto-upgrading control planes upgrade from version 1.16 to version 1.16.13-gke.401 during this release.

Version 1.17.9-gke.1504 is now available in the Regular channel.

This version is not yet the default version or an upgrade target.

To learn more about the changes contained in 1.17, see the following GKE and Kubernetes release notes:

Rapid channel

Version 1.18.6-gke.4801 is now available in the Rapid channel.

Version 1.18.6-gke.3504 is the new default version in the Rapid channel.

Version 1.17.9-gke.1503 is no longer available in the Rapid channel.

Version 1.18.6-gke.3503 is no longer available in the Rapid channel.

Auto-upgrading nodes and control planes upgrade from version 1.17 to version 1.17.9-gke.1504 during this release.

September 14, 2020 (R29.1)

Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

No channel

Version 1.14.10-gke.50 is now available.

Version 1.15.12-gke.20 is now available.

Version 1.16.13-gke.401 is now available.

Stable channel

Version 1.16.13-gke.401 is now available in the Stable channel.

Regular channel

Version 1.16.13-gke.401 is now available in the Regular channel.

Rapid channel

Version 1.17.9-gke.1504 is now available in the Rapid channel. This version is now the default.

There is a known issue that prevents creating Rapid channel clusters on 1.18. To create a cluster on the Rapid channel, create a Rapid channel cluster on 1.17, and then manually upgrade to 1.18.

Security bulletin

A vulnerability was recently discovered in the Linux kernel, described in CVE-2020-14386, that may allow container escape to obtain root privileges on the host node. All GKE nodes are affected. For more information, see the GCP-2020-012 security bulletin.

A fix is available in all versions included in this release.

September 8, 2020

Google Kubernetes Engine changes

GKE clusters in the ERROR state will be automatically deleted.

This change applies to all GKE versions.

Kubernetes 1.18 available on GKE

Kubernetes 1.18 is now available in the Rapid channel. See the Kubernetes 1.18 release notes. In particular, see the Urgent Upgrade Notes before upgrading to 1.18.

Features

TaintBasedEvictions are generally available in GKE in 1.18 clusters.

Consumers of the certificatesigningrequests/approval API must now have permission to approve certificate signing requests (CSRs) for the specific signer requested by the CSR. More information on the new signerName field and the required authorization can be found in the CSR documentation.

Changes

GKE now allows clusters of up to 15,000 nodes when using GKE 1.18. To scale a cluster beyond 5,000 nodes, you must contact support to raise your quota.

In GKE 1.18, Shielded Nodes are enabled by default for newly created clusters. Clusters upgrading to 1.18 are unaffected by this change.

Shielded Nodes are only compatible with Container-Optimized OS and Ubuntu images. If you are using a custom image or Windows images you should disable Shielded Nodes.

Known issues

While the GKE API does support the use of the ingressClassName and ingressClass resources, the Compute Engine ingress controller does not.

Cluster Autoscaler for GKE 1.18 could have problems with very large clusters or scale ups where there are over 5,000 nodes in the cluster or over 1,000 nodes being added at the same time. A fix is coming soon.

September 3, 2020 (R29)

Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

No channel

Version 1.15.12-gke.17 is now available.

Version 1.16.13-gke.400 is now available.

Auto-upgrading nodes upgrade from version 1.14 to version 1.15.12-gke.2 during this release if they have not already done so.

Stable channel

Version 1.16.13-gke.1 is now available in the Stable channel.

Version 1.15.12-gke.9 is no longer available in the Stable channel.

Coming soon

Google Kubernetes Engine will begin gradually upgrading clusters in the Stable channel to GKE 1.16 in an upcoming release. To read about API deprecations in 1.16, see Kubernetes 1.16 deprecated APIs.

Regular channel

There are no version changes in the Regular channel in this release.

Rapid channel

Version 1.18.6-gke.3503 is now available in the Rapid channel.

August 28, 2020

New features

Master global access for private clusters is now generally available. With master global access, you can access the master's private endpoint from any Google Cloud region or on-premises environment no matter what the private cluster's region is.

Coming soon

We expect the following changes in the coming weeks. This information is not a guarantee, but is provided to help you plan for upcoming changes.

Google Kubernetes Engine will begin gradually upgrading clusters in the Stable channel to GKE 1.16 in an upcoming release. To read about API deprecations in 1.16, see Kubernetes 1.16 deprecated APIs.

August 27, 2020 (R28)

Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

No channel

Auto-upgrading nodes begin upgrading from version 1.14 to version 1.15.12-gke.2 in this release. The auto-upgrades will continue gradually over the course of several releases.

Stable channel

Auto-upgrading nodes in the Stable channel continue upgrading from version 1.14 to 1.15.12-gke.2 during this release. All auto-upgrading nodes that have not yet upgraded to 1.15.12-gke.2 will upgrade during the R28 rollout.

Regular channel

There are no version changes in the Regular channel in this release.

Rapid channel

Version 1.17.9-gke.1703 is no longer available.

Versions no longer available

The following versions are no longer available for new clusters or cluster upgrades:

1.14

August 21, 2020

New features

OpenID Connect Discovery Documents are now published for all clusters, which allows you to configure other software to understand the service account tokens issued by GKE clusters. For more information, see the getOpenid-configuration and getJwks in the API reference documentation.

Google canonical error codes are now available in beta. GKE operations now use the canonical error model to report errors.

The internal load balancer Service type is now generally available for GKE 1.17.9-gke.600 and later.

Global access and configurable subnets for the internal load balancer Service are now generally available for GKE 1.17.9-gke.600 and later.

Dataplane V2 is now available in beta in newly created clusters using GKE versions 1.17.9-gke.600 and later or 1.18 and later. See New GKE Dataplane V2 increases security and visibility for containers on the Google Cloud Blog for more details.

Network policy logging is now available in beta. Network policy logging requires a cluster with Dataplane V2.

The use of private IP address ranges outside of the RFC 1918 ranges is now generally available. These addresses can be used for master nodes, nodes, Pods, and Services.

Fixes

In some cases, certain networking kernel sysctls which were previously set to static defaults are now calculated dynamically based upon machine size. The networking sysctls affected include:

net.ipv4.tcp_mem
net.ipv4.tcp_max_tw_buckets
net.ipv4.udp_mem
net.ipv4.tcp_max_orphans
net.ipv4.tcp_max_syn_backlog

The issue has been fixed in GKE 1.17 in versions 1.17.6-gke.7 and later and in 1.16 in 1.16.13-gke.1 and later.

August 20, 2020 (R27)

Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

No channel

Version 1.18.6-gke.2100 is now available.

This version is available in preview. Before creating GKE 1.18 clusters, you must review the known issues and urgent upgrade notes.

Version 1.16.11-gke.5 is no longer available.

Auto-upgrading nodes using versions 1.15.12-gke.3 or 1.15.12-gke.6 upgrade to 1.15.12-gke.9 with this release.

Auto-upgrading nodes using versions 1.16.9-gke.6 or 1.16.11-gke.5 upgrade to 1.16.13-gke.1 with this release.

Stable channel

There are no version changes in the Stable channel in this release.

Regular channel

Auto-upgrading nodes in the Regular channel automatically upgrade from version 1.16.11-gke.5 to version 1.16.13-gke.1 with this release.

Version 1.16.11-gke.5 is no longer available.

Rapid channel

Version 1.17.9-gke.1703 is now available in the Rapid channel.

Version 1.17.9-gke.1503 is now available in the Rapid channel. This version is now the default.

Version 1.17.9-gke.600 is no longer available.

August 06, 2020 (R26)

Version updates

GKE cluster versions have been updated.

Scheduled automatic upgrades

Masters and nodes with auto-upgrade enabled will be upgraded:

Current version	Upgrade version
1.14	1.15.12-gke.2
1.15.12-gke.3	1.15.12-gke.9
1.15.12-gke.6	1.15.12-gke.9
1.16.9-gke.6	1.16.11-gke.5
1.16.10-gke.8	1.16.11-gke.5
1.17.8-gke.17	1.17.9-gke.600

Rollouts are phased across multiple weeks, to ensure cluster and fleet stability.

New versions available for upgrades and new clusters

No channel

Version 1.15.12-gke.16 is now available.

Version 1.18.6-gke.1500 is now available.

This version is available in preview. Before creating GKE 1.18 clusters, you must review the known issues and urgent upgrade notes.

Stable channel

There are no new releases in the Stable release channel.

Regular channel

Version 1.16.3-gke.1 is now available in the Regular channel.

The COS image for GKE 1.16.3-gke.1 is cos-81-12871-181-0.

Rapid channel

Version 1.17.9-gke.1500 is now available in the Rapid channel.

Version 1.17.9-gke.600 is now available in the Rapid channel. This version is now the default.

Versions no longer available

The following versions are no longer available for new clusters or cluster upgrades:

1.15.12-gke.3
1.15.12-gke.6
1.16.9-gke.6
1.16.10-gke.8
1.17.6-gke.11
1.17.6-gke.15

July 28, 2020 (R25)

Change default machine type to E2

GKE is changing the default machine type for new clusters and node pools from n1-standard-1 to e2-medium. This change impacts new node pools created using versions 1.17.6 and higher. If you do not specify a machine type during your cluster or node pool creation workflow from node pool version 1.17.6 onwards, the newly provisioned clusters and node pools will default to e2-medium VMs. Note that this change does not impact your existing node pools that are auto-upgraded or manually upgraded to version 1.17.6 or higher. What do I need to do?

Use the following interface(s) of your choice to explicitly configure your machine type setting for newly provisioned machines to be anything other than the new e2-medium default:

gcloud
- Specify --machine-type
API
- Specify machineType in NodeConfig
Cloud Console
- Specify machine type in for node pools
Terraform
- Specify machine_type in node_config
- Specify machine_type for node_pools in the module "gke" section of your Terraform configuration code
We strongly recommend explicitly setting the machine type to n1-standard-1 or any other suitable VM type if one or more of these situations apply to you: You are concerned about your single threaded application's performance on the new shared-core e2-medium default machine type. You use GPUs or local SSDs or sole tenancy, all of which are unsupported by the new default machine type e2-medium.

Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

No channel

Version 1.15.12-gke.13 is now available.

Version 1.16.13-gke.1 is now available.

This version includes node image upgrades for Ubuntu (ubuntu-gke-1804-1-16-v20200610).

Version 1.18.6-gke.500 is now available.

This version is available in preview. Before creating GKE 1.18 clusters, you must review the known issues and urgent upgrade notes.

Stable channel

GKE continues to upgrade control planes in clusters on the Stable channel to 1.15.12-gke.2. Upgrades will proceed gradually over several GKE releases.

GKE begins to upgrade nodes in clusters on the Stable channel to 1.15.12-gke.2. Upgrades will proceed gradually over several GKE releases.

Regular channel

Version 1.16.13-gke.1 is now available in the Regular channel.

Auto-upgrading nodes in the Regular channel automatically upgrade from version 1.16.9-gke.6 to version 1.16.11-gke.5 with this release.

Rapid channel

Version 1.17.9-gke.600 is now available in the Rapid channel.

Version 1.17.8-gke.17 is now available in the Rapid channel.

This version is now the default.

Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.17.7-gke.15 to version 1.17.8-gke.17 with this release.

Versions no longer available

The following versions are no longer available for new clusters or cluster upgrades:

1.17.7-gke.15

Changes

GKE nodes now have the label cloud.google.com/machine-family applied. The value of this label is the Compute Engine instance family.

Coming soon

We expect the following changes in the coming weeks. This information is not a guarantee, but is provided to help you plan for upcoming changes.

In the next release (R26), GKE will begin to upgrade control planes in clusters not enrolled in a channel to 1.15. Upgrades will proceed gradually over several GKE releases.

July 22, 2020 (R24)

Version updates

GKE cluster versions have been updated.

New default version

The default version for new clusters is now 1.15.12-gke.2 (previously 1.14.10-gke.36).

Scheduled automatic upgrades

Masters and nodes with auto-upgrade enabled will be upgraded:

Current version	Upgrade version
1.14.0 to 1.14.10-gke.41	1.14.10-gke.42
1.15.0 to 1.15.12-gke.1	1.15.12-gke.2
1.16.0 to 1.16.9-gke.5	1.16.9-gke.6

Rollouts are phased across multiple weeks, to ensure cluster and fleet stability.

New versions available for upgrades and new clusters

No channel

Version 1.18.4-gke.1201 is now available.

This version is available in preview. Before creating GKE 1.18 clusters, you must review the known issues and urgent upgrade notes.

Stable channel

Version 1.15.12-gke.9 is now available in the Stable channel.

Auto-upgrading nodes in the Stable channel automatically upgrade from version 1.14 to version 1.15.12-gke.2 with this release.

Regular channel

Version 1.16.12-gke.3 is now available in the Regular channel.

Version 1.16.11-gke.5 is now available in the Regular channel.

This version is now the default.

Rapid channel

Version 1.17.8-gke.17 is now available in the Rapid channel.

This version includes node image upgrades for Ubuntu (ubuntu-gke-1804-1-17-v20200610) and Windows Server (windows-server-1909-dc-core-uefi-gke-v1592940889 and windows-server-2019-dc-core-uefi-gke-v1592939281).

Version 1.17.7-gke.15 is now available in the Rapid channel.

This version is now the default.

Auto-upgrading nodes in the Rapid channel automatically upgrade from version 1.17.6-gke.11 to version 1.17.7-gke.15 with this release.

Versions no longer available

The following versions are no longer available for new clusters or cluster upgrades:

1.16.8-gke.15
1.16.9-gke.2
1.15.9-gke.24
1.15.11-gke.15
1.15.11-gke.17
1.14.10-gke.36
1.14.10-gke.37
1.14.10-gke.40
1.14.10-gke.41

Security bulletin

A privilege escalation vulnerability was recently discovered in Kubernetes. This vulnerability allows an attacker that has already compromised a node to execute a command in any Pod in the cluster. For more information, see the GCP-2020-009 security bulletin.

Coming soon

We expect the following changes in the coming weeks. This information is not a guarantee, but is provided to help you plan for upcoming changes.

In the next release (R25), GKE will begin to upgrade nodes in clusters on the Stable channel to 1.15.12-gke.2. Upgrades will proceed gradually over several GKE releases.
In the next release (R25), GKE will begin to upgrade nodes in clusters on the Regular channel to 1.16.11-gke.5. Upgrades will proceed gradually over several GKE releases.
In the next release (R25), GKE will begin to upgrade nodes in 1.16 clusters not on a release channel to 1.16.9-gke.5. Upgrades will proceed gradually over several GKE releases.
GKE version 1.14 will be deprecated in R26.

Changes

Starting September 1, 2020, we will automatically delete Google Kubernetes Engine (GKE) clusters that have ERROR status.

What do I need to know?

GKE clusters might end up with ERROR status (red exclamation mark in the cluster status page) in rare cases when cluster creation or deletion operation encounters an unexpected error. Previously, such clusters remained in your accounts and could have been partially usable. ERROR status clusters are excluded from the GKE cluster management fee.

Starting September 1, 2020, we will begin blocking access to such ERROR status clusters and deleting them automatically.

What do I need to do?

If you are relying on any of the clusters with ERROR status in your projects, stop using them by September 1, 2020.

July 17, 2020

New features

Up to 50 TCP/UDP ports are supported per internal TCP/UDP load balancer IP when deploying through GKE Services with shared IP addresses. This also permits multi-protocol TCP and UDP support for the same Service IP. Shared IP is now available in Beta for all existing GKE versions.

SSL Policies which allow policy-enforced TLS and cipher settings are available in Beta for external Ingress and multi-cluster Ingress. Custom health checks, which allow users to declaratively customize parameters of the load balancer health check, are also now available for external, internal, and multi-cluster Ingress. For feature support status and version compatibility see Ingress Features.

The BackendConfig CRD is now GA in GKE 1.16-gke.3+ clusters which promotes most BackendConfig features (IAP, timeouts, affinity, user-defined request headers, and so on) to GA across internal, external, and multi-cluster Ingress. See Ingress Features for detail on explicit version support.

Container-native Ingress using Network Endpoint Groups (NEGs) is now default (with some exceptions) for new Services deployed in GKE 1.17.6-gke.7+ clusters. The cloud.google.com/neg: '{"ingress": true}' annotation will be automatically applied to any Services deployed in these clusters without any explicit action from users to enable container-native Ingress.

Customer Managed Encryption Keys (CMEK) are now generally available for GKE. CMEK for GKE lets you secure your node boot disks as well as attached persistent storage by encrypting the data encryption keys that encrypt your data. To learn more, see Using customer-managed encryption keys.

Changes

The Kubernetes Engine Monitoring feature has been renamed in the Google Cloud Console and documentation to Cloud Operations for GKE. No functional changes were made with this change. Enabling Cloud Operations for GKE continues to collect logs and metrics for your cluster and workloads as it did before.

Known issues

If you have node pools with kubernetes.io or k8s.io labels and want to upgrade to 1.16, you must remove the labels before upgrading.

For more information on this change, see the Kubernetes Node Restriction enhancement.

July 13, 2020 (R23)

Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

No channel

Version 1.14.10-gke.46 is now available.

Version 1.15.12-gke.9 is now available.

Version 1.16.11-gke.5 is now available.

Stable channel

Version 1.14.10-gke.46 is now available in the Stable channel.

Version 1.15.12-gke.2 is now available in the Stable channel.

Regular channel

Version 1.16.11-gke.5 is now available in the Regular channel.

Auto-upgrading nodes in the Regular channel automatically upgrade from version 1.16.8-gke.15 to version 1.16.9-gke.6 with this release.

Rapid channel

Version 1.17.7-gke.15 is now available in the Rapid channel.

Fixed issues

A bug in gVisor has been fixed. Default gVisor node labels are now applied when user-specified labels.

Other updates

Beginning with this release, GKE releases also include a release number to reference changes. This release is R23 for 2020.

Coming soon

We expect the following changes in the coming weeks. This information is not a guarantee, but is provided to help you plan for upcoming changes.

In the next release (R24), GKE will begin to upgrade control planes in clusters on the Stable channel to 1.15.12-gke.2. Upgrades will proceed gradually over several GKE releases.
In an upcoming release, GKE will begin to upgrade nodes in clusters on the Stable channel to 1.15.12-gke.2. Upgrades will proceed gradually over several GKE releases.

July 2, 2020

New features

NodeLocal DNSCache is now generally available.

GKE Node System Configuration is now beta. With this feature you can specify custom configurations for Kubelet and Kernel settings on your node pools.

Starting with GKE 1.17.6, Vertical Pod Autoscaler recommendations are more fine-grained, starting from 1 mCPU and 1 MiB.

June 29, 2020

Version updates

GKE cluster versions have been updated.

Scheduled automatic upgrades

Nodes with auto-upgrade enabled will be upgraded:

Current version	Upgrade version
1.15.x	1.15.11-gke.15

Rollouts are phased across multiple weeks, to ensure cluster and fleet stability.

New versions available for upgrades and new clusters

No channel

1.14.10-gke.45 is now available.

1.15.12-gke.6 is now available.

1.16.10-gke.8 is now available.

Stable channel

There are no new releases in the Stable release channel.

Regular channel

1.16.9-gke.6 is now available.

Rapid channel

1.17.6-gke.11 is now available.

Node image changes

GKE 1.14

The COS image for GKE 1.14.10-gke.45 clusters is cos-73-11647-534-0.

GKE 1.15

The COS image for GKE 1.15.12-gke.6 clusters is cos-77-12371-251-0.

June 24, 2020

Known issue

There is a known that may cause multiple Pods on the same node to be allocated with the same IPv4 address leading to possible service disruption. We will automatically upgrade your cluster master to the next available patch version which will include a fix to the issue.

What do I need to know?

Ensure your cluster(s) are subscribed to a release channel, or you have node auto-upgrade enabled. If so, your cluster(s) will be automatically upgraded as described below.
If you are experiencing any issues or do not want to use auto-upgrade you can manually initiate an upgrade at your earliest convenience.

What do I need to do?

If you are experiencing issues and wish to update proactively:

Follow the steps in the Manually upgrading a cluster page to upgrade the cluster master.
Upgrade your node pool by applying the latest patch available for your node version.
Consider using surge upgrade for your nodepool upgrade. Surge upgrade allows you to set the number of additional nodes to be created temporarily for the upgrade process which the disruption to running workloads.
Use the following table to determine which patch version is applicable for your cluster(s):

Channel	Action required	Upgrade target	Date available
No channel	Upgrade to the recommended patch version available	1.15: Node pool 1.15.12-gke.3 or higher	June 23, 2020
No channel	Upgrade to the recommended patch version available	1.16: Node pool 1.16.9-gke.6 or higher	June 30, 2020
Rapid	Patch will be applied automatically	Master and node pool 1.17.6.gke-4 or higher	June 16, 2020
Regular	Patch will be applied automatically	Node pool 1.16.9-gke.6 or higher	June 30, 2020
Stable	No action is required	Patch is not required	N/A

June 23, 2020

Version updates

GKE cluster versions have been updated.

Scheduled automatic upgrades

Masters and nodes with auto-upgrade enabled will be upgraded:

Current version	Upgrade version
1.15.x	1.15.11-gke.15

Rollouts are phased across multiple weeks, to ensure cluster and fleet stability.

New versions available for upgrades and new clusters

No channel

1.14.10-gke.42 is now available.

1.15.12-gke.3 is now available.

Stable channel

There are no new releases in the Stable release channel.

Regular channel

There are no new releases in the Regular release channel.

Rapid channel

1.17.6-gke.7 is now available.

Node image changes

GKE 1.14

The COS image for GKE 1.14.10-gke-43 clusters and is cos-73-11647-459-0.

June 15, 2020

New features

Node auto-repair is now enabled by default by the Google Kubernetes Engine API for new node pools.

June 8, 2020

Version updates

GKE cluster versions have been updated.

Scheduled automatic upgrades

Rollouts are phased across multiple weeks, to ensure cluster and fleet stability.

New versions available for upgrades and new clusters

No channel

1.14.10-gke.41 is now available.

1.15.11-gke.17 is now available.

1.15.12-gke.2 is now available.

1.16.9-gke.6 is now available.

Stable channel

There are no new releases in the Stable release channel.

Regular channel

There are no new releases in the Regular release channel.

Rapid channel

1.17.6-gke.4 is now available.

Versions no longer available

1.15.11-gke.3
1.15.11-gke.5
1.15.11-gke.9
1.15.11-gke.11
1.15.11-gke.12

Node image changes

GKE 1.15

The COS image for GKE 1.15.12-gke.2 clusters and up is now cos-77-12371-227-0.

The Ubuntu image for GKE 1.15.11-gke.17 clusters and up is ubuntu-gke-1804-1-15-v20200330.

GKE release channels

The COS image for GKE clusters in the Rapid release channel is now cos-81-12871-119-0.

New features

The region asia-southeast2 in Jakarta is now available.

June 2, 2020

Known issue

As part of ensuring better representation of available resources on the node for e2 burstable node types, GKE has decided to reduce the allocatable CPU resources available to schedule user workloads (known as the node allocatable resources) on e2-micro, e2-small, and e2-medium machine types.

What do I need to know?

Today, e2-micro, e2-small, and e2-medium have 1930 mCPU of allocatable resources for Kubernetes to schedule Pods on per node, and following this change it will be 940m CPU. Kubernetes uses the node allocatable resources during scheduling to decide how many Pods it should place on the node. If your workloads are currently requesting more CPU resources than what will be available after upgrading, they may become unscheduled after upgrade.

We are making this change in order to more accurately represent the resources available in these machine types. These machine types can temporarily burst to 2 vCPUs, but this is not sustained. The underlying compute capabilities and resources are not changing, the machines retain the ability to temporarily burst to 2 vCPU, this change only affects how many resources the Kubernetes scheduler considers when allocating Pods to nodes.

When your cluster is upgraded to 1.14.10-gke.42, 1.15.11-gke.18, 1.16.8-gke.17, or 1.17.5-gke.5 (whether you perform this manually or you are automatically upgraded), your workloads may become unscheduled if there are not enough allocatable resources in the cluster.

What do I need to do?

Prior to upgrading your nodes to version 1.16.8-gke.17 and 1.17.5-gke.5 or later

Take a moment to review your Pod resource requests. To see the allocated resources on your node, you can open Kubernetes Engine in the Google Cloud Console and select your cluster. On the Nodes tab for your cluster, the column CPU requested shows the total CPU requests on the node.

Alternatively, from the command line:

Run kubectl get nodes to get a list of node names.
Run kubectl describe node node-name and look at the Allocated resources section. Under the column Requests, find the row for cpu.

If you have nodes of type e2-micro, e2-small, and e2-medium where more than 940mCPU is requested, Pods will be rescheduled onto other nodes after upgrade. You must have enough allocatable capacity on other nodes.

To ensure you have enough allocatable capacity, you can:

Enable auto-scaling on your node pool. Auto-scaling will automatically provision the right number of nodes automatically, provided the Pod requests do not exceed that of the entire node
Increase the number of nodes in the cluster, or add larger node types if you have Pods that make CPU requests which exceed the capacity of existing nodes
Decrease the resource requests made by your workloads on these nodes so that they will still fit after the upgrade, by modifying the CPU resource requests of the PodSpec. Pods will be able to burst to the original CPU capacity for short periods as long as resource limits are not changed.

After you have upgraded your nodes to versions 1.14.10-gke.42, 1.15.11-gke.18, 1.16.8-gke.17, or 1.17.5-gke.5 or later:

Review the status of your Pods by running kubectl get pods.

If any are indicated as Pending, it may indicate that there were not enough resources available to schedule them. Follow the steps above to either add more nodes, or reduce the CPU resource requests in the PodSpec.

June 1, 2020

Version updates

GKE cluster versions have been updated.

Scheduled automatic upgrades

Rollouts are phased across multiple weeks, to ensure cluster and fleet stability.

New versions available for upgrades and new clusters

No channel

1.14.10-gke.40 is now available.

1.15.11-gke.15 is now available.

1.16.9-gke.2 is now available.

Stable channel

There are no new releases in the Stable release channel.

Regular channel

Auto-upgrading nodes in the Regular release channel automatically upgrade to version 1.16.8-gke.15 in this release.

Rapid channel

1.17.5-gke.9 is now available.

Node image changes

GKE 1.14

The Ubuntu image for GKE 1.14.10-gke.40 clusters is ubuntu-gke-1804-1-14-v20200219.

May 27, 2020

Known issue

Due to a newly discovered issue, the following versions are no longer available:

1.17.5-gke.6
1.16.8-gke.17
1.15.11-gke.14

May 19, 2020

Version updates

GKE cluster versions have been updated.

Scheduled automatic upgrades

Nodes with auto-upgrade enabled will be upgraded:

Current version	Upgrade version
1.14.x	1.14.10-gke.36

Rollouts are phased across multiple weeks, to ensure cluster and fleet stability.

New versions available for upgrades and new clusters

No channel

1.16.8-gke.17 is now available.

1.15.11-gke.14 is now available. In clusters using version 1.15.11-gke.14, NodeLocal DNSCache now reaches out to custom stubDomains using UDP. For more information, see Setting up NodeLocal DNSCache.

Stable channel

There are no new releases in the Stable release channel.

Regular channel

Existing clusters in the Regular release channel automatically upgrade to version 1.16.8-gke.15 in this release.

Rapid channel

1.17.5-gke.6 is now available. In clusters using version 1.17.5-gke.6, NodeLocal DNSCache now reaches out to custom stubDomains using UDP. For more information, see Setting up NodeLocal DNSCache.

Node image changes

GKE 1.17

The COS image for GKE 1.17 clusters is now cos-81-12871-96-0.

etcd version changes

In the Rapid release channel, all GKE clusters running 1.17.3-gke.3 and up will have etcd upgraded to 3.4.7-0-gke.1. All new GKE clusters with 1.17.3-gke.3 and up will be created with etcd 3.4.7-0-gke.1.

New features

Google Kubernetes Engine now supports the use of non-RFC 1918 private address ranges and the private reuse of public IP addresses in VPC-native clusters. For details and caveats about enabling these addresses, see Enabling non-RFC 1918 reserved IP address ranges.

May 15, 2020

New features

Container Threat Detection is now available in Beta. Container Threat Detection can detect the most common container runtime attacks and alert you in Security Command Center and optionally in Cloud Logging. Container Threat Detection includes several detection capabilities, an analysis tool, and an API.

Container Threat Detection currently supports the following versions on the Regular and Rapid channels:

1.15.9-gke.12 and higher
1.16.5-gke.2 and higher
1.17 and higher

In a future update, Container Threat Detection will support version 1.14 and the Stable channel.

May 13, 2020

Version updates

GKE cluster versions have been updated.

New default version

The default version for new clusters is now 1.14.10-gke.36.

Scheduled automatic upgrades

Masters with auto-upgrade enabled will be upgraded:

Current version	Upgrade version
1.14.10-gke.27	1.14.10-gke.36

New versions available for upgrades and new clusters

No channel

1.15.11-gke.13 is now available.

1.16.8-gke.15 is now generally available for new clusters. Existing clusters and nodes will not automatically upgrade in this release.

Important

Before you migrate to GKE 1.16, you must review:

Stable channel

1.14.10-gke.36 is now available in the Stable release channel.

Regular channel

1.16.8-gke.15 is now generally available for new clusters. Existing clusters and nodes will not automatically upgrade in this release.

Important

Before you migrate to GKE 1.16, you must review:

Rapid channel

1.17.5-gke.0 is now available in the Rapid release channel.

Node image changes

GKE 1.16

The COS image for GKE 1.16 clusters is now cos-77-12371-251-0.

GKE 1.17

The COS image for GKE 1.17 clusters is now cos-81-12871-69-0.

Versions no longer available

1.14.10-gke.27
1.14.10-gke31
1.14.10-gke.32
1.14.10-gke.34

Coming soon

We expect the following changes in the coming weeks. This information is not a guarantee, but is provided to help you plan for upcoming changes.

Google Kubernetes Engine will gradually upgrade clusters in the Regular channel to GKE 1.16 beginning in an upcoming release. To read more about API deprecations in 1.16, see Kubernetes 1.16 deprecated APIs.

May 08, 2020

New features

Specifying a VPC subnet for internal Load Balancer Service IPs is now supported as a per-Service annotation in GKE clusters 1.16.8-gke.10+ and 1.17+.

May 04, 2020

Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

No channel

1.15.11-gke.12 is now available.

Stable channel

There are no new releases in the Stable release channel.

Regular channel

There are no new releases in the Regular release channel.

Rapid channel

There are no new releases in the Rapid release channel.

Node image changes

GKE 1.16

The Ubuntu image for GKE 1.16 clusters is now ubuntu-gke-1804-1-16-v20200330.

The COS image for GKE 1.16 clusters is now cos-77-12371-227-0.

GKE 1.17

The COS image for GKE 1.17 clusters is now cos-81-12871-69-0.

etcd default version changes

The default etcd version for new GKE 1.13 and 1.14 clusters is etcd 3.2.27-0-gke.6
The default etcd version for new GKE 1.15 and 1.16 clusters is etcd 3.3.18-0-gke.4
The default etcd version for new GKE 1.17 and higher clusters is etcd 3.4.7-0-gke.1

Autoupgrades in existing clusters will occur at a later date.

Coming soon

We expect the following changes in the coming weeks. This information is not a guarantee, but is provided to help you plan for upcoming changes.

Google Kubernetes Engine will gradually upgrade clusters in the regular channel to GKE 1.16 beginning in an upcoming release. Read more about API deprecations in 1.16, see Kubernetes 1.16 deprecated APIs.

April 29, 2020

New features

Multi-cluster Ingress is now Generally Available (GA) for all GKE versions 1.14 and up. Multi-cluster Ingress provides a Kubernetes-native interface to deploy Ingress resources for internet traffic across multiple clusters and multiple regions.

Ingress is helpful for use cases including:

A global and stable anycast VIP, independent of cluster backends.
Multi-regional and multi-cluster high availability.
Low latency serving of traffic to the closest cluster.
Intelligent and safe traffic management across many clusters.

April 27, 2020

Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

No channel

1.14.10-gke.37 is now available.

1.15.11-gke.11 is now available.

Stable channel

There are no new releases in the Stable release channel.

Regular channel

There are no new releases in the Regular release channel.

Rapid channel

1.17.4-gke.10 is now available in the Rapid release channel.

Upgrading

Although clusters in the Rapid channel upgrade automatically, you should still review:

Changes

To improve the safety of upgrades and reduce disruption, all new node pools have surge upgrades turned on by default with the configuration: maxSurge=1 maxUnavailable=0. For more information, see Determining your optimal surge configuration.

GKE is also gradually reconfiguring existing node pools to use surge upgrades with the same configuration. Node pools that already have upgrade_settings defined remain unaffected.

1.17 Changes

The following notable changes are coming in 1.17:

The RunAsUsername feature in 1.17 is now beta and allows specifying the username when running a Windows container.

The RuntimeClass scheduler in 1.17 simplifies scheduling Windows Pods to appropriate nodes

The following node labels are deprecated in 1.17:

Cluster Versions	Deprecated Label	New Label
1.14+	beta.kubernetes.io/os	kubernetes.io/os
1.14+	beta.kubernetes.io/arch	kubernetes.io/arch
1.17+	beta.kubernetes.io/instance-type	node.kubernetes.io/instance-type
1.17+	failure-domain.beta.kubernetes.io/zone	topology.kubernetes.io/zone
1.17+	failure-domain.beta.kubernetes.io/region	topology.kubernetes.io/region

You must identify any node selectors using beta labels and modify them to use GA labels.

RBAC in the apps/v1alpha1 and apps/v1beta1 API versions are deprecated in 1.17 and will no longer be served in 1.20. Update your manifests and API clients to use the rbac.authorization.k8s.io/v1 APIs before 1.20 to avoid any issues.

Known issues with 1.15 and higher

A known kernel bug in Linux kernel 4.18, 4.19, 4.20 and 5.0 may cause softlockup when running eBPF workloads. This may affect nodes with GKE version 1.15 or higher using cos-77-*, and GKE version 1.15 using Ubuntu. Before the fix is released, please avoid upgrading nodes to these affected versions if you run eBPF workloads.

Coming soon

Google Kubernetes Engine will gradually upgrade clusters in the regular channel to GKE 1.16.

Versions no longer available

1.15.9-gke.24
1.15.9-gke.26
1.15.11-gke.1

April 24, 2020

New features

The ability to create new GKE clusters or update existing GKE clusters with node pools running Windows Server is now generally available.

Master global access for private clusters is now available in beta. With master global access, you can access the master's private endpoint from any Google Cloud region or on-premises environment no matter what the private cluster's region is.

Issues

April 20, 2020

New features

The region us-west4 in Las Vegas is now available.

April 15, 2020

Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

No channel

1.14.10-gke.36 is now available.

1.15.11-gke.9 is now available. This version updates Calico to 3.8.7. This version fixes an issue where Calico Pods would fail to initialize after restarting. The issue occurred because the Calico CNI script tried to overwrite a file which was referenced by Kubelet at the same time. For more information on the fix, see the open source documentation.

1.17.4-gke.6 is now available in alpha clusters.

Stable channel

There are no new releases in the Stable release channel.

Regular channel

There are no new releases in the Regular release channel.

Rapid channel

1.16.8-gke.9 is now available in the Rapid release channel.

Coming soon

Google Kubernetes Engine will gradually upgrade clusters in the regular channel to GKE 1.16.

April 10, 2020

New features

Ingress access logging is now a configurable feature called logging in versions 1.16.8-gke.10 and later. This allows Ingress access logging to be toggled on or off through the BackendConfig resource.

Changes

HTTP access logging for newly created Ingress resources is being deprecated across various GKE versions on May 12th, 2020. Any new Ingress resources created with the following versions after May 12th will have access logging disabled for that Ingress resource and will not record Ingress HTTP requests in Cloud Logging. Note that existing Ingress resources will continue to log HTTP requests unless the Ingress resource is redeployed. The following GKE versions are affected:

1.12
1.13
1.14 clusters less than 1.14.10-gke.30
1.15 clusters less than 1.15.9-gke.22
1.16 clusters less than 1.16.6-gke.12

Clusters whose masters are on 1.14.10-gke.30, 1.15.9-gke.22, 1.16.6-gke.12 or later versions are not impacted and HTTP access logging remains defaulted to "on" for all new and existing Ingress resources. If you're currently using access logging for GKE Ingress, we highly recommend upgrading to these versions or higher before May 12th to avoid loss of HTTP access logs for new Ingress resources.

In GKE 1.18, access logging will be changed to default to "off" for the GKE Ingress. Enabling access logging through the logging parameter is required to enable it for Ingress resources.

Coming soon

Google Kubernetes Engine will gradually upgrade clusters in the regular channel to GKE 1.16 beginning on or after April 13, 2020.

April 07, 2020

Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

No channel

1.15.11-gke.5 is now available.

Stable channel

There are no new releases in the Stable release channel.

Regular channel

There are no new releases in the Regular release channel.

Rapid channel

1.16.8-gke.8 is now available in the Rapid release channel. The node image for Container-Optimized OS is updated to cos-77-12371-208-0.

Known issues

Due to the recent Windows Server security update provided by Microsoft in February 2020, a container incompatibility issue was introduced. To avoid disruption to your workloads, we have turned off Google Kubernetes Engine (GKE) auto-upgrade for the impacted clusters.

What do I need to know?

As a consequence of Microsoft's security update, your workloads may end up in a failed state due to broken compatibility if the host Windows Server image has the security update and the container base image does not have the update.

We have turned off auto-upgrade on the impacted GKE clusters to prevent this compatibility issue from affecting your workloads.

The security update will be available in the rapid channel in GKE starting April 6, 2020. Beginning April 20, 2020, Windows Server container support in GKE, along with the security update will be available on the regular channel.

What do I need to do?

We strongly recommend you to rebuild your container images with the base Windows images that include Windows Updates from March 2020, then manually upgrade your node pool to the latest GKE version. Please follow the following steps:

Disable auto-upgrade on the Windows node pool(s).
When the first step is complete, Google will restart the cluster auto-upgrade. Please note that this could take a few days. The cluster's master and the Linux node pool(s) will be upgraded. The Windows node pool will not get upgraded as auto-upgrade is disabled in step number one.
After the cluster master upgrade is complete and you have rebuilt your container images, manually upgrade your Windows node pool.
After completing step number three, you can turn back on the auto-upgrade option. If you choose to turn the auto-upgrade option back on, please use multi-arch (or multi-platform) images to take advantage of the auto-upgrade feature.

Incompatibility issues such as this one are a rare occurrence as it is against Microsoft's typical guidance for the security updates. Rest assured that if such issues occur again, we will keep you posted. Please stay up to date with GKE's release notes for the latest info.

If you have any questions or require assistance, please email us or contact Google Cloud Support.

April 1, 2020

Version updates

GKE cluster versions have been updated.

Scheduled automatic upgrades

Masters and nodes with auto-upgrade enabled will be upgraded:

Current version	Upgrade version
1.15.9-gke.22	1.15.9-gke.24

Rollouts are phased across multiple weeks, to ensure cluster and fleet stability.

New versions available for upgrades and new clusters

No channel

1.14.10-gke.34 is now available.

1.15.11-gke.3 is now available.

1.17.4-gke.2 preview is now available.

Before creating GKE 1.17 clusters, you must review the known issues and urgent upgrade notes.

Stable channel

There are no new releases in the Stable release channel.

Regular channel

1.15.9-gke.24 is now available in the Regular release channel.

Rapid channel

1.16.8-gke.4 is now available in the Rapid release channel.

Versions no longer available

1.15.9-gke.22

Security bulletin

A vulnerability was recently discovered in Kubernetes that allows any user authorized to make POST requests to execute a remote Denial-of-Service attack on a Kubernetes API server. For more information, see the GCP-2020-003 security bulletin.

March 26, 2020

Version updates

GKE cluster versions have been updated.

New default version

The default version for new clusters is now 1.14.10-gke.27.

Scheduled automatic upgrades

Masters and nodes with auto-upgrade enabled will be upgraded:

Current version	Upgrade version
1.14.0 to 1.14.10-gke.26	1.14.10-gke.27
1.15.0 to 1.15.9-gke.21	1.15.9-gke.22

Rollouts are phased across multiple weeks, to ensure cluster and fleet stability.

New versions available for upgrades and new clusters

No channel

1.15.11-gke.1 is now available. The node image for Container-Optimized OS is updated to cos-77-12371-183-0.

Stable channel

1.14.10-gke.27 is now available in the Stable release channel.

Regular channel

There are no new releases in the Regular release channel.

Rapid channel

1.16.8-gke.3 is now available in the Rapid release channel.

Versions no longer available

1.14.10-gke.17
1.14.10-gke.21
1.14.10-gke.22
1.14.10-gke.24
1.15.8-gke.3
1.15.9-gke.12

March 23, 2020

Changes

You can no longer apply the labels of kubernetes.io or k8s.io to node pools. Existing node pools with these labels aren't affected. For more information on this change, see the Kubernetes Node Restriction enhancement.

March 20, 2020

Version updates

GKE cluster versions have been updated.

Scheduled automatic upgrades

Masters and nodes with auto-upgrade enabled will be upgraded:

Current version	Upgrade version
1.13.0 to 1.13.12-gke.25	1.14.10-gke.17

Rollouts are phased across multiple weeks, to ensure cluster and fleet stability.

New versions available for upgrades and new clusters

No channel

1.14.10-gke.32 is now available.

1.15.9-gke.26 is now available.

1.17.3-gke.7 is now available to preview. is now available.

Before creating GKE 1.17 clusters, you must review the known issues and urgent upgrade notes.

Stable channel

There are no new releases in the Stable release channel.

Regular channel

There are no new releases in the Regular release channel.

Rapid channel

1.16.6-gke.18 is now available in the Rapid release channel.

Versions no longer available

1.15.9-gke.8
1.15.9-gke.9

March 16, 2020

New features

Workload Identity is now generally available in versions 1.14.10-gke.27 and above, 1.15.9-gke.22 and above, and 1.16.6-gke.12 and above. Workload Identity is the recommended way to access Google Cloud services from within GKE clusters.

You can now use node auto-provisioning to create node pools with preemptible VMs from clusters running in the Regular release channel.

Enabling TPUs on existing clusters is now in Beta. With this feature you can toggle Cloud TPU support instead of creating new clusters and migrating your workloads.

Version updates

GKE cluster versions have been updated.

New default version

The default version for new clusters is now 1.14.10-gke.24

Scheduled automatic upgrades

Masters and nodes with auto-upgrade enabled will be upgraded:

Current version	Upgrade version
1.13.12 or lower	1.14.10-gke.17

Rollouts are phased across multiple weeks, to ensure cluster and fleet stability.

New versions available for upgrades and new clusters

No channel

1.14.10-gke.30 is now available.

1.15.9-gke.24 is now available.

1.17.3-gke.4 is now available for preview.

Before creating GKE 1.17 clusters, you must review the known issues and urgent upgrade notes.

Stable channel

1.14.10-gke.24 is now available in the Stable release channel.

Regular channel

1.15.9-gke.22 is now available in the Regular release channel.

Rapid channel

1.16.6-gke.13 is now available in the Rapid release channel.

Versions no longer available

The following version is no longer available to create a new cluster:

1.13.12-gke.30

Fixed issues

The issue reported February 14 with private clusters with VPC peering reuse enabled has been resolved.

March 6, 2020

New features

The user interface for creating clusters in Google Cloud Console has been redesigned. The new design makes it easier to follow GKE best practices.

You can now configure automated deployment for your existing GKE workloads with Cloud Build.

Version updates

GKE cluster versions have been updated.

Scheduled automatic upgrades

Masters and nodes with auto-upgrade enabled will be upgraded:

Current version	Upgrade version
1.13.12-gke.25	1.14.10-gke.17
1.14.8, 1.14.9	1.14.10-gke.17
1.15.7, 1.15.8-gke.2	1.15.8-gke.3

Rollouts are phased across multiple weeks, to ensure cluster and fleet stability.

New versions available for upgrades and new clusters

No channel

v.1.13.x

There are no new 1.13 versions this week.

v.1.14.x

1.14.10-gke.27

v.1.15.x

1.15.9-gke.22

Stable channel

There are no new versions in the Stable channel this week.

Regular channel

1.15.9-gke.8

Rapid channel

1.16.6-gke.12

Coming Soon

1.16 will be moving to the regular channel.

The 1.16 release stops serving the following API versions in favor of newer and more stable API versions:

NetworkPolicy in the extensions/v1beta1 API version, deprecated since 1.9, is no longer served. Migrate to the networking.k8s.io/v1 API version, available since 1.8.
PodSecurityPolicy in the extensions/v1beta1 API version, deprecated since 1.10, is no longer served. Migrate to the policy/v1beta1 API version, available since 1.10.
DaemonSet in the extensions/v1beta1, apps/v1beta1, and apps/v1beta2 API versions, deprecated since 1.9, is no longer served. Migrate to the apps/v1 API version, available since 1.9. Notable changes:

spec.templateGeneration is removed.
spec.selector is now required and immutable after creation; use the existing template labels as the selector for seamless upgrades.
spec.updateStrategy.type now defaults to RollingUpdate.

Deployment in the extensions/v1beta1, apps/v1beta1, and apps/v1beta2 API versions, deprecated since 1.9, is no longer served. Migrate to the apps/v1 API version, available since 1.9. Notable changes:

spec.rollbackTo is removed.
spec.selector is now required and immutable after creation; use the existing template labels as the selector for seamless upgrades.
spec.progressDeadlineSeconds now defaults to 600 seconds.
spec.revisionHistoryLimit now defaults to 10.
maxSurge and maxUnavailable now default to 25%.

StatefulSet in the apps/v1beta1 and apps/v1beta2 API versions, deprecated since 1.9, is no longer served. Migrate to the apps/v1 API version, available since 1.9. Notable changes:

spec.selector is now required and immutable after creation; use the existing template labels as the selector for seamless upgrades.
spec.updateStrategy.type now defaults to RollingUpdate.

ReplicaSet in the extensions/v1beta1, apps/v1beta1, and apps/v1beta2 API versions, deprecated since 1.9, is no longer served. Migrate to the apps/v1 API version, available since 1.9. Notable changes:

spec.selector is now required and immutable after creation; use the existing template labels as the selector for seamless upgrades.

February 27, 2020

New features

Container-native load balancing with standalone network endpoint groups (NEGs) is generally available. You can use Standalone NEGs to create load balancers for several use cases including backends composed of Kubernetes and non-Kubernetes workloads.

Ingress for Anthos is now Beta for GKE versions 1.14.x+ and in the Rapid and Regular release channels. Ingress for Anthos supports Internet-facing Ingress shared across multiple backend GKE clusters and multiple Google Cloud regions. Ingress can now support use cases such as multi-regional and multi-cluster availability, low backend to user latency, and seamless cluster migrations.

February 25, 2020

Version updates

GKE cluster versions have been updated.

Scheduled automatic upgrades

Masters and nodes with auto-upgrade enabled will be upgraded:

Current version	Upgrade version
1.13.12-gke.25	1.14.10-gke.17
1.14.8	1.14.10-gke.17

Rollouts are phased across multiple weeks, to ensure cluster and fleet stability.

New versions available for upgrades and new clusters

No channel

v.1.13.x

There are no new 1.13 versions this week.

v.1.14.x

1.14.10-gke.17

v.1.15.x

1.15.9-gke.12

Stable channel

There are no new versions in the Stable channel this week.

Regular channel

1.15.8-gke.3

Rapid channel

1.16.6-gke.4

Versions no longer available

The following versions are no longer available for new clusters or upgrades.

1.13.12-gke.25
1.14.8-gke.33

Coming Soon

1.16 will be moving to the regular channel.

The v1.16 release stops serving the following API versions in favor of newer and more stable API versions:

NetworkPolicy in the extensions/v1beta1 API version, deprecated since 1.9, is no longer served. Migrate to the networking.k8s.io/v1 API version, available since 1.8.
PodSecurityPolicy in the extensions/v1beta1 API version, deprecated since 1.10, is no longer served. Migrate to the policy/v1beta1 API version, available since 1.10.
DaemonSet in the extensions/v1beta1, apps/v1beta1, and apps/v1beta2 API versions, deprecated since 1.9, is no longer served. Migrate to the apps/v1 API version, available since 1.9. Notable changes:

spec.templateGeneration is removed.
spec.selector is now required and immutable after creation; use the existing template labels as the selector for seamless upgrades.
spec.updateStrategy.type now defaults to RollingUpdate.

Deployment in the extensions/v1beta1, apps/v1beta1, and apps/v1beta2 API versions, deprecated since 1.9, is no longer served. Migrate to the apps/v1 API version, available since 1.9. Notable changes:

spec.rollbackTo is removed.
spec.selector is now required and immutable after creation; use the existing template labels as the selector for seamless upgrades.
spec.progressDeadlineSeconds now defaults to 600 seconds.
spec.revisionHistoryLimit now defaults to 10.
maxSurge and maxUnavailable now default to 25%.

StatefulSet in the apps/v1beta1 and apps/v1beta2 API versions, deprecated since 1.9, is no longer served. Migrate to the apps/v1 API version, available since 1.9. Notable changes:

spec.selector is now required and immutable after creation; use the existing template labels as the selector for seamless upgrades.
spec.updateStrategy.type now defaults to RollingUpdate.

ReplicaSet in the extensions/v1beta1, apps/v1beta1, and apps/v1beta2 API versions, deprecated since 1.9, is no longer served. Migrate to the apps/v1 API version, available since 1.9. Notable changes:

spec.selector is now required and immutable after creation; use the existing template labels as the selector for seamless upgrades.

February 24, 2020

New features

The region us-west3 in Salt Lake City is now available.

The ability to use the Google Cloud Compute Engine Persistent Disk CSI driver in GKE is now in Beta. This feature provides a simple mechanism for users to enable the driver in GKE.

Ingress for Internal HTTP(S) Load Balancing is now available in Beta in the Rapid release channel. This enables private L7 load balancing inside the VPC that can be deployed with Ingress resources.

February 21, 2020

Starting February 24, 2020, GKE will gradually enable Node Auto Upgrade on all nodepools running on version 1.10.x and older to ensure reliability and supportability of these clusters.

February 18, 2020

Version updates

GKE cluster versions have been updated.

Rollouts are phased across multiple weeks, to ensure cluster and fleet stability.

New versions available for upgrades and new clusters

No channel

v.1.13.x

1.13.12-gke.30

v.1.14.x

1.14.10-gke.24

v.1.15.x

1.15.9-gke.9

Node image for Container-Optimized OS updated to cos-77-12371-141-0.

Stable channel

There are no new versions in the Stable channel this week.

Regular channel

There are no new versions in the Regular channel this week.

Rapid channel

1.16.5-gke.2

Node image for Container-Optimized OS updated to cos-77-12371-141-0.

New features

The --node-locations flag is now generally available. This flag enables you to specify zones for your node pools independently of setting the zone for a cluster.

February 14, 2020

Known Issues

Private clusters created on and after January 15, 2020 that use VPC peering reuse might experience an issue where VPC peering is removed after attempting to reschedule a cluster for deletion after the first attempt fails.

To mitigate this issue, create a private cluster in the same location as your existing private clusters. Creating a new cluster recreates the required VPC peering. You can delete the new cluster after VPC peering is recreated.

February 11, 2020

Version updates

GKE cluster versions have been updated.

New default version

The default version for new clusters is now 1.14.10-gke.17.

Scheduled automatic upgrades

Masters and nodes with auto-upgrade enabled will be upgraded:

Current version	Upgrade version
1.13.x	1.13.12-gke.25

Rollouts are phased across multiple weeks, to ensure cluster and fleet stability.

New versions available for upgrades and new clusters

No channel

v.1.13.x

1.13.12-gke.25

v.1.14.x

1.14.10-gke.17

v.1.15.x

1.15.9-gke.8

Stable channel

1.14.10-gke.17

Regular channel

1.15.7-gke.23

Rapid channel

1.16.4-gke.30

Versions no longer available

The following versions are no longer available for new clusters or upgrades.

1.13.11-gke.14
1.13.11-gke.15
1.13.11-gke.23 (moved to LEGACY version)
1.13.12-gke.8
1.13.12-gke.13
1.13.12-gke.14
1.13.12-gke.16
1.13.12-gke.17

New features

Surge upgrades are generally available. Surge upgrades allow you to configure speed and disruption of node upgrades.

February 4, 2020

Version updates

GKE cluster versions have been updated.

Scheduled automatic upgrades

Masters and nodes with auto-upgrade enabled will be upgraded:

Current version	Upgrade version
1.12.x	1.13.12-gke.13

Rollouts are phased across multiple weeks, to ensure cluster and fleet stability.

New versions available for upgrades and new clusters

No channel

v.1.13.x

There are no new 1.13 versions this week.

v.1.14.x

1.14.10-gke.21

v.1.15.x

1.15.8-gke.3

Stable channel

There are no new versions in the Stable channel this week.

Regular channel

1.15.7-gke.23

Rapid channel

1.16.4-gke.27

Features

Autoscaling profiles for GKE are now available in Beta. Autoscaling profiles let you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster.

Changes

All GKE clusters running 1.15 and up will have etcd upgraded to etcd 3.3.18-0-gke.1, and all new GKE clusters with 1.15 and up will be created with etcd 3.3.18-0-gke.1.

January 29, 2020

Version updates

GKE cluster versions have been updated.

Scheduled automatic upgrades

Masters and nodes with auto-upgrade enabled will be upgraded:

Current version	Upgrade version
1.12.x	1.13.12-gke.13
1.14.0.x to 1.14.8-gke.32	1.14.8-gke.33
1.14.9.x to 1.14.9-gke.22	1.14.9-gke.23
1.14.10.x to 1.14.10-gke.16	1.14.10-gke.17

Rollouts are phased across multiple weeks, to ensure cluster and fleet stability.

New versions available for upgrades and new clusters

No channel

v.1.13.x

There are no new 1.13 versions this week.

v.1.14.x

There are no new 1.14 versions this week.

v.1.15.x

1.15.8-gke.2

Stable channel

There are no new versions in the Stable channel this week.

Regular channel

There are no new versions in the Regular channel this week.

Rapid channel

1.16.4-gke.25

Versions no longer available

The following version is no longer available for new clusters or upgrades.

1.14.7-gke.40

New features

Config Connector is now generally available. Config Connector is a GKE addon that allows you to manage your Google Cloud resources through Kubernetes configuration.

Config Sync is now generally available. Config Sync allows you to manage Kubernetes deployments using files stored in a Git repository

GKE Sandbox is now generally available. GKE Sandbox protects the host kernel on your nodes when containers in the Pod execute unknown or untrusted code.

January 27, 2020

The ability to create clusters with node pools running Microsoft Windows Server is now in Beta. This feature is currently only available in the Rapid release channel.

January 24, 2020

This issue was resolved January 27, 2020.

Do not create a cluster with versions 1.15.7-gke.23, 1.14.10-gke.17, or 1.14.9-gke.23 if you depend on Workload Identity. Workload Identity is not working for newly created clusters in these versions due to a recently-discovered issue. Clusters upgraded to one of these versions are not affected. A fix will be released in the next GKE release. As workaround, you can create a cluster at a lower version, then upgrade.

The region asia-northeast3 in Seoul is now available.

January 22, 2020

Version updates

GKE cluster versions have been updated.

New default version

The default version for new clusters is now 1.13.11-gke.23.

Scheduled automatic upgrades

Masters and nodes with auto-upgrade enabled will be upgraded:

Current version	Upgrade version
1.12.x	1.13.12-gke.13
1.15.x	1.15.7-gke.23

Rollouts are phased across multiple weeks, to ensure cluster and fleet stability.

New versions available for upgrades and new clusters

No channel

v.1.13.x

1.13.11-gke.23
1.13.12-gke.25

v.1.14.x

1.14.7-gke.40
1.14.8-gke.33
1.14.9-gke.23
1.14.10-gke.17

v.1.15.x

1.15.7-gke.23

Stable channel
and 1.13.x

Stable channel

1.13.11-gke.23

No channel

1.13.11-gke.23
1.13.12-gke.25

Regular channel
and 1.14.x

Regular channel

1.14.8-gke.33

No channel

1.14.7-gke.40
1.14.8-gke.33
1.14.9-gke.23
1.14.10-gke.17

Rapid channel
and 1.16.x

Rapid channel

1.16.4-gke.22

Versions no longer available

The following versions are no longer available for new clusters or upgrades.

1.14.7-gke.23
1.14.7-gke.25
1.14.8-gke.12
1.14.8-gke.14
1.14.8-gke.17
1.14.8-gke.18
1.14.8-gke.21
1.14.9-gke.2
1.14.10-gke.0
1.15.4-gke.22
1.15.7-gke.2
1.16.0-gke.11 (preview)
1.16.0-gke.20 (preview)
1.16.4-gke.3 (preview)

Node image changes

The COS kernel previously reported on November 22nd, 2019, was discovered to cause kernel panics in certain workloads. The 1.13 and 1.14 versions available in this release were rolled back to a known stable version of COS. GKE 1.13 and 1.14 will continue to use cos-u-73-11647-293-0 while our team works to develop a permanent fix.

New features

Application Delivery is now in Beta. This feature manages configurations for your GKE workloads declaratively with Git. For more information, see Application Delivery.

NodeLocal DNSCache is now in Beta for GKE clusters 1.15 and above. NodeLocal DNS is an optional feature for local DNS resolution to every GKE node for enhanced DNS scale and capacity.

Object Browser is now available to inspect resources on GKE clusters in Google Cloud Console. For more information, go to Dashboards.

Changes

All private clusters you create now reuse VPC Network Peering connections.

January 8, 2020

Do not update to version 1.16.0-gke.20 if you depend on HPA. Horizontal Pod Autoscaling is not working in this version due to a recently discovered issue. A fix will be released with GKE 1.16.3+.

January 7, 2020

Version updates

GKE cluster versions have been updated.

New default version

The default version for new clusters is now 1.14.8-gke.12 (previously 1.13.11-gke.14).

Scheduled automatic upgrades

Masters and nodes with auto-upgrade enabled will be upgraded:

Current version	Upgrade version
1.12.x	1.13.12-gke.13

Rollouts are phased across multiple weeks, to ensure cluster and fleet stability.

New versions available for upgrades and new clusters

No channel

v.1.13.x

1.13.12-gke.17

v.1.14.x

1.14.10-gke.0

v.1.15.x

1.15.7-gke.2

Stable channel
and 1.13.x

Stable channel

There are no changes to the Stable channel this week.

No channel

1.13.12-gke.17

Regular channel
and 1.14.x

Regular channel

There are no changes to the Regular channel this week.

No channel

1.14.10-gke.0

Rapid channel
and 1.16.x

Rapid channel

There are no changes to the Rapid channel this week.

Versions no longer available

The following versions are no longer available for new clusters or upgrades.

1.12.10-gke.17
1.12.10-gke.20
1.12.10-gke.22

New features

You can now use Customer-managed encryption keys (beta) to control the encryption used for node boot disks as well as attached persistent disks in your clusters.

Consuming reservations in GKE is now generally available. Reservations allow you to reserve resources in a specific zone to ensure sufficient capacity is available for your workloads.

Changes

New clusters and node-pools created with the GKE API will have node auto-upgrade enabled by default. This change ensures that your clusters have the most recent default Kubernetes version, bug fixes, and security patches. Existing scripts running against the gcloud CLI or integrating with the GKE API will follow this new default behavior.

Node autoupgrades keep the nodes in your cluster up to date with the cluster master version when your master is updated on your behalf. To disable it explicitly, set autoUpgrade to false in the NodeManagement object.