Each GKE attached clusters release comes with Kubernetes version notes. These are similar to release notes but are specific to a Kubernetes version and may offer more technical detail.
GKE attached clusters supports the following Kubernetes versions:
Kubernetes 1.31
1.31.0-gke.1
- Breaking Change: GKE attached clusters validate that the following required services are enabled when creating or updating attached clusters:
anthos.googleapis.com
. For details, see Google Cloud requirements. - Feature: The
gcloud beta container fleet memberships get-credentials
command uses a preview feature of the Connect gateway that lets you run thekubectl port-forward
command. For more information, see Limitations in the Connect gateway documentation. - Feature: Added the option to disable Cloud Monitoring. In the API, set
cluster.monitoring_config.cloud_monitoring_config.enabled
tofalse
to disable Cloud Monitoring. Note that you can't use the Metrics Explorer when Cloud Monitoring is disabled. - Security Fixes
- Fixed CVE-2019-18276
- Fixed CVE-2020-1751
- Fixed CVE-2023-39318
- Fixed CVE-2023-39319
- Fixed CVE-2023-39323
- Fixed CVE-2023-39325
- Fixed CVE-2023-39326
- Fixed CVE-2023-3978
- Fixed CVE-2023-40577
- Fixed CVE-2023-44487
- Fixed CVE-2023-45142
- Fixed CVE-2023-45285
- Fixed CVE-2023-45288
- Fixed CVE-2023-45918
- Fixed CVE-2023-48795
- Fixed CVE-2024-24557
- Fixed CVE-2024-24786
- Fixed CVE-2024-24789
- Fixed CVE-2024-24790
- Fixed CVE-2024-29018
- Fixed CVE-2024-33599
- Fixed CVE-2024-33600
- Fixed CVE-2024-33601
- Fixed CVE-2024-33602
- Fixed CVE-2024-41110
- Fixed CVE-2024-6104
- Fixed GHSA-jq35-85cj-fj4p
- Fixed GHSA-m425-mq94-257g
Kubernetes 1.30
1.30.0-gke.4
- Breaking Change: GKE attached clusters validate that the following required services are enabled when creating or updating attached clusters:
cloudresourcemanager.googleapis.com
,monitoring.googleapis.com
. For details, see Google Cloud requirements.
1.30.0-gke.3
- Breaking Change: GKE attached clusters validate that the following required services are enabled when creating
or updating attached clusters:
gkeconnect.googleapis.com
,gkehub.googleapis.com
,kubernetesmetadata.googleapis.com
,logging.googleapis.com
. For details, see Google Cloud requirements. - Security Fixes:
- Fixed CVE-2023-47108
- Fixed CVE-2024-28834
- Fixed CVE-2024-28835
- Fixed CVE-2024-9143
- Fixed GHSA-87m9-rv8p-rgmg
- Fixed GHSA-mh55-gqvf-xfwm
1.30.0-gke.2
- Security Fixes:
- Fixed CVE-2023-47108
- Fixed CVE-2024-7348
1.30.0-gke.1
- Security Fixes:
- Fixed CVE-2024-0553
- Fixed CVE-2024-0567
- Fixed CVE-2024-37370
- Fixed CVE-2024-37371
Kubernetes 1.29
1.29.0-gke.7
- Breaking Change: GKE attached clusters validate that the following required services are enabled when creating or updating attached clusters:
cloudresourcemanager.googleapis.com
,monitoring.googleapis.com
. For details, see Google Cloud requirements.
1.29.0-gke.6
- Breaking Change: GKE attached clusters validate that the following required services are enabled when creating
or updating attached clusters:
gkeconnect.googleapis.com
,gkehub.googleapis.com
,kubernetesmetadata.googleapis.com
,logging.googleapis.com
. For details, see Google Cloud requirements. - Security Fixes:
- Fixed CVE-2023-47108
- Fixed CVE-2024-28834
- Fixed CVE-2024-28835
- Fixed CVE-2024-9143
- Fixed GHSA-87m9-rv8p-rgmg
- Fixed GHSA-mh55-gqvf-xfwm
1.29.0-gke.5
- Security Fixes:
- Fixed CVE-2023-47108
- Fixed CVE-2024-7348
1.29.0-gke.4
- Security Fixes:
- Fixed CVE-2024-0553
- Fixed CVE-2024-0567
- Fixed CVE-2024-37370
- Fixed CVE-2024-37371
1.29.0-gke.3
- Security Fixes:
- Fixed CVE-2023-5981
- Fixed CVE-2024-0985
- Fixed CVE-2024-2961
- Fixed CVE-2024-33599
- Fixed CVE-2024-33600
- Fixed CVE-2024-33601
- Fixed CVE-2024-33602
1.29.0-gke.2
Breaking Change: Starting from Kubernetes 1.29, clusters require outbound HTTPS connectivity to the domain
kubernetesmetadata.googleapis.com
. Please ensure that your proxy server and/or firewall configuration allows this traffic. You also need to enable the Kubernetes Metadata API, which can be enabled in the Google Cloud console.Feature: Removed the requirement for connectivity to the domain
opsconfigmonitoring.googleapis.com
. This domain was previously required for logging and monitoring but is no longer needed for Kubernetes 1.29 and later. You should remove this domain from your firewall and/or proxy server configuration.Bug Fix: Fixed an issue where the Fluentbit agent can become unresponsive and stop ingesting logs into Cloud Logging. Added a mechanism to detect and automatically restart the agent when this occurs.
1.29.0-gke.1
Breaking Change: Starting from Kubernetes 1.29, clusters require outbound HTTPS connectivity to the domain
kubernetesmetadata.googleapis.com
. Please ensure that your proxy server and/or firewall configuration allows this traffic. You also need to enable the Kubernetes Metadata API, which can be enabled in the Google Cloud console.Feature: Removed the requirement for connectivity to the domain
opsconfigmonitoring.googleapis.com
. This domain was previously required for logging and monitoring but is no longer needed for Kubernetes 1.29 and later. You should remove this domain from your firewall and/or proxy server configuration.Bug Fix: Fixed an issue where the Fluentbit agent can become unresponsive and stop ingesting logs into Cloud Logging. Added a mechanism to detect and automatically restart the agent when this occurs.
Kubernetes 1.28
1.28.0-gke.9
- Security Fixes:
- Fixed CVE-2023-47108
- Fixed CVE-2024-28834
- Fixed CVE-2024-28835
- Fixed CVE-2024-9143
- Fixed GHSA-87m9-rv8p-rgmg
- Fixed GHSA-mh55-gqvf-xfwm
1.28.0-gke.8
- Security Fixes:
- Fixed CVE-2023-47108
- Fixed CVE-2024-7348
1.28.0-gke.7
- Security Fixes:
- Fixed CVE-2024-0553
- Fixed CVE-2024-0567
- Fixed CVE-2024-37370
- Fixed CVE-2024-37371
1.28.0-gke.6
- Security Fixes:
- Fixed CVE-2023-5981
- Fixed CVE-2024-0985
- Fixed CVE-2024-2961
- Fixed CVE-2024-33599
- Fixed CVE-2024-33600
- Fixed CVE-2024-33601
- Fixed CVE-2024-33602
1.28.0-gke.5
- Security Fixes:
1.28.0-gke.4
- Security Fixes:
1.28.0-gke.3
- Security Fixes:
- Fixed CVE-2023-39326.
- Fixed CVE-2023-44487.
- Fixed CVE-2023-45142.
- Fixed CVE-2023-45285.
- Fixed CVE-2023-48795.
1.28.0-gke.2
- Bug Fix: Fixed an intermittent authorization failure when using Google Groups.
1.28.0-gke.1
Breaking Change: Starting from 1.28, clusters require outbound HTTPS connectivity to
{GCP_LOCATION}-gkemulticloud.googleapis.com
. Ensure your proxy server and/or firewall allows for this traffic.Feature: Removed the need to explicitly add Google IAM bindings for most features.
- No longer need to add any bindings for
gke-system/gke-telemetry-agent
when creating a cluster. - No longer need to add any bindings for
gmp-system/collector
orgmp-system/rule-evaluator
when enabling managed data collection for Google Managed Service for Prometheus. - No longer need to add any bindings for
gke-system/binauthz-agent
when enabling binary authorization.
- No longer need to add any bindings for
Bug Fix: Enhanced Cloud Logging's ingestion of logs from Anthos attached clusters:
- Fixed an issue in timestamp parsing.
- Assigned the correct severity level to the
anthos-metadata-agent
's error logs.
Kubernetes 1.27
1.27.0-gke.9
- Security Fixes:
- Fixed CVE-2023-5981
- Fixed CVE-2024-0985
- Fixed CVE-2024-2961
- Fixed CVE-2024-33599
- Fixed CVE-2024-33600
- Fixed CVE-2024-33601
- Fixed CVE-2024-33602
1.27.0-gke.8
- Security Fixes:
1.27.0-gke.7
- Security Fixes:
1.27.0-gke.6
- Security Fixes:
- Fixed CVE-2023-39323.
- Fixed CVE-2023-39325.
- Fixed CVE-2023-39326.
- Fixed CVE-2023-3978.
- Fixed CVE-2023-44487.
- Fixed CVE-2023-45142.
- Fixed CVE-2023-45285.
- Fixed CVE-2023-48795.
1.27.0-gke.5
- Bug Fix: Fixed an intermittent authorization failure when using Google Groups.
1.27.0-gke.4
- Bug Fix: Enhanced Cloud Logging's ingestion of logs from Anthos attached clusters:
- Fixed an issue in timestamp parsing.
- Assigned the correct severity level to the
anthos-metadata-agent
's error logs.
1.27.0-gke.3
- Feature: Added support for attaching any CNCF-conformant Kubernetes cluster, in addition to EKS and AKS clusters. To attach a cluster, specify the distribution type as "generic".
- Bug Fix: Removed deployment of Fluent Bit when logging is disabled.
1.27.0-gke.2
- Bug Fix: Fixed a problem where Kubernetes resource metrics might not be successfully scraped from Kubelet for EKS if the node's name did not match the node's hostname.
1.27.0-gke.1
- Feature: Added the
authorization.admin_groups
field. This allows users to specify google groups as cluster-admins through the management plane. - Feature: Added Binary Authorization support.
- Feature: Enabled gzip compression for
fluent-bit
(a log processor and forwarder) andgke-metrics-agent
(a metrics collector).fluent-bit
compresses log data before sending it to Cloud Logging, andgke-metrics-agent
compresses metrics data before sending the data to Cloud Monitoring. This reduces network bandwidth and costs. Feature: Added proxy support for attaching AKS/EKS clusters. For details, see Connect to your EKS cluster and Connect to your AKS cluster.
Security Fixes
- Fixed CVE-2021-43565
- Fixed CVE-2022-21698
- Fixed CVE-2023-0464
- Fixed CVE-2023-0465
- Fixed CVE-2023-0466
- Fixed CVE-2023-2454
- Fixed CVE-2023-2455
- Fixed CVE-2023-2650
- Fixed CVE-2023-24539
- Fixed CVE-2023-24540
- Fixed CVE-2023-29400
Kubernetes 1.26
1.26.0-gke.9
- Security Fixes:
- Fixed CVE-2023-0464.
- Fixed CVE-2023-0465.
- Fixed CVE-2023-0466.
- Fixed CVE-2023-2454.
- Fixed CVE-2023-2455.
- Fixed CVE-2023-2650.
- Fixed CVE-2023-3446.
- Fixed CVE-2023-36054.
- Fixed CVE-2023-3817.
- Fixed CVE-2023-39318.
- Fixed CVE-2023-39319.
- Fixed CVE-2023-39323.
- Fixed CVE-2023-39325.
- Fixed CVE-2023-39326.
- Fixed CVE-2023-39417.
- Fixed CVE-2023-45285.
- Fixed CVE-2023-4911.
- Fixed CVE-2023-5868.
- Fixed CVE-2023-5869.
- Fixed CVE-2023-5870.
- Fixed CVE-2024-0985.
1.26.0-gke.8
- Bug Fix: Fixed an intermittent authorization failure when using Google Groups.
1.26.0-gke.7
- Bug Fix: Enhanced Cloud Logging's ingestion of logs from Anthos attached clusters:
- Fixed an issue in timestamp parsing.
- Assigned the correct severity level to the
anthos-metadata-agent
's error logs.
1.26.0-gke.6
- Feature: Added support for attaching any CNCF-conformant Kubernetes cluster, in addition to EKS and AKS clusters. To attach a cluster, specify the distribution type as "generic".
1.26.0-gke.5
- Bug Fix: Fixed a problem where Kubernetes resource metrics might not be successfully scraped from Kubelet for EKS if the node's name did not match the node's hostname.
- Security Fixes
- Fixed CVE-2023-24539
- Fixed CVE-2023-24540
- Fixed CVE-2023-29400
1.26.0-gke.4
1.26.0-gke.3
- Security Fixes
- Fixed CVE-2022-27664
- Fixed CVE-2022-32149
- Fixed CVE-2022-41723
- Fixed CVE-2023-24534
- Fixed CVE-2023-24536
- Fixed CVE-2023-24537
- Fixed CVE-2023-24538
1.26.0-gke.2
- Bug Fixes
- Fixed an issue in which the logging agent consumed increasingly high amounts of memory.
1.26.0-gke.1
Feature: Added support for Kubernetes 1.26.
Feature: Enabled connecting to an Anthos attached cluster as a member of a Google group. For details, see Connect to your EKS cluster and Connect to your AKS cluster.
Feature: Fixed a regression which breaks scraping from authenticated Kubelet port.
Feature: Added day 2 operations for Anthos attached clusters in the Google Cloud console, allowing you to easily view, update, and detach EKS clusters. From the Google Cloud Console, you can also view, update, and detach AKS clusters.
Feature: Enabled sending Kubernetes resource metadata to Google Cloud Platform, improving both the user interface and cluster metrics. For the metadata to be ingested properly, customers need to enable the
Config Monitoring for Ops
API. This API can be enabled either in the Google Cloud Console , or by manually enabling theopsconfigmonitoring.googleapis.com
API in the gcloud CLI. Additionally, customers must follow the steps outlined in the Authorize Cloud Logging/Monitoring documentation to add the necessary IAM bindings.
Kubernetes 1.25
1.25.0-gke.8
- Feature: Added support for attaching any CNCF-conformant Kubernetes cluster, in addition to EKS and AKS clusters. To attach a cluster, specify the distribution type as "generic".
1.25.0-gke.7
- Bug Fix: Fixed a problem where Kubernetes resource metrics might not be successfully scraped from Kubelet for EKS if the node's name did not match the node's hostname.
- Security Fixes
- Fixed CVE-2023-24539
- Fixed CVE-2023-24540
- Fixed CVE-2023-29400
1.25.0-gke.6
1.25.0-gke.5
- Security Fixes
- Fixed CVE-2022-27664
- Fixed CVE-2022-32149
- Fixed CVE-2022-41723
- Fixed CVE-2023-24534
- Fixed CVE-2023-24536
- Fixed CVE-2023-24537
- Fixed CVE-2023-24538
1.25.0-gke.4
- Bug Fixes
- Fixed an issue in which the logging agent consumed increasingly high amounts of memory.
1.25.0-gke.3
Feature: Added day 2 operations for Anthos attached clusters in the Google Cloud console, allowing you to easily view, update, and detach EKS clusters. From the Google Cloud Console, you can also view, update, and detach AKS clusters.
Feature: Enabled sending Kubernetes resource metadata to Google Cloud Platform, improving both the user interface and cluster metrics. For the metadata to be ingested properly, customers need to enable the
Config Monitoring for Ops
API. This API can be enabled either in the Google Cloud Console , or by manually enabling theopsconfigmonitoring.googleapis.com
API in the gcloud CLI. Additionally, customers must follow the steps outlined in the Authorize Cloud Logging/Monitoring documentation to add the necessary IAM bindings.Bug Fix: Fixed a regression which breaks scraping from authenticated Kubelet port.
1.25.0-gke.2
- Security Fixes
- Fixed CVE-2021-46848
- Fixed CVE-2022-42898
1.25.0-gke.1
- Feature: Added support for Kubernetes 1.25.
Kubernetes 1.24
1.24.0-gke.5
- Security Fixes
- Fixed CVE-2022-27664
- Fixed CVE-2022-32149
- Fixed CVE-2022-41723
- Fixed CVE-2023-24534
- Fixed CVE-2023-24536
- Fixed CVE-2023-24537
- Fixed CVE-2023-24538
1.24.0-gke.4
- Bug Fixes
- Fixed an issue in which the logging agent consumed increasingly high amounts of memory.
1.24.0-gke.3
Feature: Added day 2 operations for Anthos attached clusters in the Google Cloud console, allowing you to easily view, update, and detach EKS clusters. From the Google Cloud Console, you can also view, update, and detach AKS clusters.
Bug Fix: Fixed a regression which breaks scraping from authenticated Kubelet port.
1.24.0-gke.2
- Security Fixes
- Fixed CVE-2021-46848
- Fixed CVE-2022-42898
1.24.0-gke.1
- Feature: Added support for Kubernetes 1.24.
Kubernetes 1.23
1.23.0-gke.3
- Security Fixes
- Fixed CVE-2021-46848
- Fixed CVE-2022-42898
1.23.0-gke.2
1.23.0-gke.1
- Feature: Added support for Kubernetes 1.23.
Kubernetes 1.22
1.22.0-gke.1
- Feature: Added support for Kubernetes 1.22.
Kubernetes 1.21
1.21.0-gke.1
- Feature: Added support for Kubernetes 1.21.