You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or programmatically access release notes in BigQuery.
To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly.
January 26, 2023
Anthos clusters on AWS (previous generation) aws-1.14.1-gke.0 is now available.
You can now launch clusters with the following Kubernetes versions:
- 1.23.15-gke.2000
- 1.24.9-gke.2100
- 1.25.5-gke.2100
Upgraded to containerd 1.6.12.
This release fixes the following vulnerabilities:
December 21, 2022
A new vulnerability (CVE-2022-2602) has been discovered in the io_uring subsystem in the Linux kernel that can allow an attacker to potentially execute arbitrary code. For more information, see the GCP-2022-2025 security bulletin.
December 13, 2022
Anthos clusters on AWS (previous generation) aws-1.14.0-gke.2 is now available.
You can now launch clusters with the following Kubernetes versions:
- 1.23.13-gke.2000
- 1.24.7-gke.2000
- 1.25.3-gke.1900
This release fixes the following vulnerabilities:
Kubernetes version 1.25 deprecates several APIs. See the Kubernetes Deprecated API Migration Guide for details.
November 10, 2022
Two new vulnerabilities (CVE-2022-2585 and CVE-2022-2588) have been discovered in the Linux kernel that can lead to a full container break out to root on the node.
For more information, see the GCP-2022-024 security bulletin.
October 31, 2022
Anthos clusters on AWS (previous generation) aws-1.13.1-gke.1 is now available.
You can now launch clusters with the following Kubernetes versions:
- 1.22.15-gke.1400
- 1.23.12-gke.1400
- 1.24.6-gke.1300
This release fixes the following vulnerabilities:
October 28, 2022
A new vulnerability, CVE-2022-3176, has been discovered in the Linux kernel that can lead to local privilege escalation. This vulnerability allows an unprivileged user to achieve full container breakout to root on the node.
For instructions and more details, see the Anthos clusters on AWS security bulletin.
October 03, 2022
Anthos clusters on AWS (previous generation) aws-1.13.0-gke.5 is now available.
You can now launch clusters with the following Kubernetes versions:
- 1.22.15-gke.300
- 1.23.12-gke.300
- 1.24.6-gke.200
This release fixes the following vulnerabilities:
If you use the deprecated ubuntuRepositoryMirror: 'packages.cloud.google.com'
field in the AWSManagementService resource and are upgrading your node pool, you must upgrade only to the 1.22.15-gke.300 or 1.23.12-gke.300 versions included in this release. Upgrading to any other node pool version will cause your upgrade to hang. If your node pool is already hanging in the upgrading state, you need to delete and re-create the node pool. If you aren't using this field, this issue doesn't affect you and you can upgrade to any supported version.
August 25, 2022
Anthos clusters on AWS (previous generation) aws-1.12.2-gke.1 is now available.
You can now launch clusters with the following Kubernetes versions:
- 1.21.14-gke.2900
- 1.22.12-gke.1100
- 1.23.9-gke.800
This release fixes the following vulnerabilities:
August 08, 2022
Anthos clusters on AWS (previous generation) aws-1.12.1-gke.0 is now available.
You can now launch clusters with the following Kubernetes versions:
- 1.23.8-gke.2000
- 1.22.12-gke.300
- 1.21.14-gke.2100
This release fixes the following vulnerabilities:
August 01, 2022
A new vulnerability (CVE-2022-2327) has been discovered in the Linux kernel that can lead to local privilege escalation. This vulnerability allows an unprivileged user to achieve a full container breakout to root on the node.
For more information, see the GCP-2022-018 security bulletin.
July 07, 2022
Anthos clusters on AWS (previous generation) aws-1.12.0-gke.0 is now available.
This release note has been updated to mark the actual date of release, July 7, 2022. Previously, the release date was mentioned as June 24th.
You can now launch clusters with the following Kubernetes versions:
- 1.23.7-gke.1500
- 1.22.10-gke.1500
- 1.21.13-gke.1600
You can now launch Kubernetes 1.23 clusters.
Kubernetes 1.20 clusters are no longer supported. This version no longer supports creation or maintenance of Kubernetes 1.19 clusters.
This release fixes the following vulnerabilities:
- CVE-2022-1292.
Note: this vulnerability is fixed in 1.23 clusters. It is still present in 1.21 and 1.22 clusters. - CVE-2022-29581
- CVE-2022-29582
- CVE-2022-1116
- CVE-2021-4160
- CVE-2022-0778
- CVE-2021-43618
June 23, 2022
Three new memory corruption vulnerabilities (CVE-2022-29581, CVE-2022-29582, CVE-2022-1116) have been discovered in the Linux kernel. These vulnerabilities allow an unprivileged user with local access to the cluster to achieve a full container breakout to root on the node. For more information, refer to the GCP-2022-016 security bulletin.
June 01, 2022
Anthos Clusters on AWS aws-1.11.1-gke.7 (previous generation) is now available. Clusters in this release support the following Kubernetes versions:
- 1.22.9-gke.800
- 1.21.12-gke.1000
- 1.20.15-gke.7500
This release fixes the following CVEs:
May 02, 2022
Anthos Clusters on AWS aws-1.11.0-gke.6 (previous generation) is now available. Clusters in this release support the following Kubernetes versions:
- 1.22.8-gke.1300
- 1.21.11-gke.1100
- 1.20.15-gke.5200
The issue announced in the April 19th release note regarding the creation of 1.22 clusters has been resolved. You can now create 1.22 clusters.
This release fixes the following CVEs:
This release removes unneeded permissions from the coredns-autoscaler
, calico-typha
, and konnectivity-agent-autoscaler
components.
April 26, 2022
Two security vulnerabilities, CVE-2022-1055 and CVE-2022-27666 have been discovered in the Linux kernel. Each can lead to a local attacker being able to perform a container breakout, privilege escalation on the host, or both. These vulnerabilities affect all GKE node operating systems (Container-Optimized OS and Ubuntu). For instructions and more details, see the GCP-2022-014 security bulletin.
April 19, 2022
An issue has been discovered in Anthos clusters on AWS (previous generation). Do not launch Kubernetes 1.22 clusters at this time.
The Anthos clusters on AWS (previous generation) release 1.11.0-gke.1
has been removed. We are working on a fix.
April 12, 2022
A security vulnerability, CVE-2022-23648, has been discovered in containerd's handling of path traversal in the OCI image volume specification. Containers launched through containerd's CRI implementation with a specially-crafted image configuration could gain full read access to arbitrary files and directories on the host.
For more information, see the GCP-2022-013 security bulletin.
April 07, 2022
A security vulnerability, CVE-2022-0847, has been discovered in the Linux kernel version 5.8 and later that can potentially escalate container privileges to root. This vulnerability affects Anthos Clusters on AWS (previous generation) running Kubernetes version v1.19, v1.20 or v1.21 on Ubuntu.
For more information, see the GCP-2022-012 security bulletin.
April 05, 2022
Anthos Clusters on AWS aws-1.11.0-gke.1 (previous generation) is now available. Clusters in this release support the following Kubernetes versions:
- 1.22.8-gke.300
- 1.21.11-gke.100
- 1.20.15-gke.2200
This version adds support for Kubernetes 1.22 clusters.
Because Kubernetes 1.22 replaces some v1beta
APIs with v1
APIs, your workloads might need to be updated to use 1.22. For more information, see Kubernetes 1.22 Deprecated APIs.
The workload identity webhook is not supported on cluster versions 1.22 and later. Before you upgrade your clusters to version 1.22, you should modify any workloads that depend on the webhook to configure their credentials without it.
To use an Application Load Balancer (ALBs) with version 1.22 clusters, you need to upgrade your ALB controller configuration.
This release includes fixes for the following CVEs:
This version no longer supports creation or maintenance of Kubernetes 1.18 clusters.
February 24, 2022
Anthos Clusters on AWS aws-1.10.2-gke.0 (previous generation) is now available. Clusters in this release support the following Kubernetes versions:
- 1.21.9-gke.1900
- 1.20.15-gke.1900
- 1.19.16-gke.7700
This release includes fixes for the following CVEs:
February 04, 2022
A security vulnerability, CVE-2021-4034, has been discovered in pkexec, a part of the Linux policy kit package (polkit), that allows an authenticated user to perform a privilege escalation attack. PolicyKit is generally used only on Linux desktop systems to allow non-root users to perform actions such as rebooting the system, installing packages, restarting services etc, as governed by a policy.
Anthos clusters on AWS is unaffected.
For instructions and more details, see the GCP-2022-004 security bulletin.
January 27, 2022
Anthos Clusters on AWS aws-1.10.1-gke.0 (previous generation) is now available. Clusters in this release support the following Kubernetes versions:
- 1.21.8-gke.2000
- 1.20.14-gke.2000
- 1.19.16-gke.5300
This release includes fixes for the following CVEs:
The release note from December 14 has been updated to clarify which service account no longer needs the ServiceUsageViewer role. The ServiceUsageViewer role is now required for the user that runs the anthos-gke
command-line tool.
December 14, 2021
Anthos Clusters on AWS aws-1.10.0-gke.5 (previous generation) is now available.
Anthos clusters on AWS aws-1.10.0-gke.5 (previous generation) clusters run the following Kubernetes versions:
- 1.19.16-gke.1000
- 1.20.12-gke.1000
- 1.21.6-gke.1000
This release supports creating instances in the c5a
, c5ad
, i3en
, m5a
, m5ad
, r5a
, r5ad
, and t3a
families.
Kubernetes 1.18 is no longer supported. You can no longer launch Kubernetes 1.17 clusters. Your existing 1.17 clusters will continue to run.
This release fixes the following security issues:
This release fixes an earlier issue with 1.21 clusters that use both OIDC and an HTTP proxy.
To install Anthos Service Mesh, follow the steps in Connecting to your cluster before starting your Anthos Service Mesh installation.
Updated: The management service account no longer needs the ServiceUsageViewer role to install Anthos clusters on AWS. For more information, see Prerequisites.
December 02, 2021
If your cluster uses both a proxy and OIDC authentication, do not upgrade to version 1.21.4 or 1.21.5. If you encounter an issue during an upgrade, contact support for assistance.
October 29, 2021
Anthos Clusters on AWS aws-1.9.1-gke.0 is now available.
Anthos clusters on AWS aws-1.9.1-gke.0 clusters run the following Kubernetes versions:
- 1.18.20-gke.8300
- 1.19.15-gke.1600
- 1.20.11-gke.1600
- 1.21.5-gke.1600
Release aws-1.9.1-gke.0 fixes an issue in release 1.9.0 in which authorization with AWS IAM assumed roles failed.
Release aws-1.9.1-gke.0 of Anthos Clusters on AWS fixes the following security issues:
- CVE-2021-38160
- CVE-2021-3612
- CVE-2021-37576
- CVE-2018-5729
- CVE-2018-5730
- CVE-2020-16119
- CVE-2021-20305
- CVE-2021-22543
- CVE-2021-33624
- CVE-2021-33910
- CVE-2021-3580
- CVE-2021-3653
- CVE-2021-3712
- CVE-2021-37159
- CVE-2021-37750
- CVE-2021-40490
- CVE-2021-42008
For more information, click on the CVE or search for details at https://nvd.nist.gov.
October 25, 2021
The security community recently disclosed a new security vulnerability CVE-2021-30465 found in runc
that has the potential to allow full access to a node filesystem.
For more information, see the GCP-2021-011 security bulletin.
A security issue was discovered in the Kubernetes ingress-nginx controller, CVE-2021-25742. Ingress-nginx custom snippets allows retrieval of ingress-nginx service account tokens and secrets across all namespaces. For more information, see the GCP-2021-024 security bulletin.
September 30, 2021
Anthos Clusters on AWS aws-1.9.0-gke.2 is now available.
Anthos clusters on AWS aws-1.9.0-gke.2 clusters run the following Kubernetes versions:
- 1.18.20-gke.6300
- 1.19.14-gke.2200
- 1.20.10-gke.2000
- 1.21.4-gke.2100
You can now launch Kubernetes 1.21 clusters.
Anthos Identity Service is available on Kubernetes clusters version 1.21 and above.
Kubernetes 1.21 clusters now support the Kubernetes Konnectivity tool for communication between nodes and the control plane. When you launch a 1.21 cluster, you must allow connections between control plane nodes and node pool nodes on port 8132.
You can now update the OIDC configuration on a running cluster.
You can now specify a Cloud Storage Bucket name where Anthos clusters on AWS stores configuration data.
You can now launch node pools with AWS R5 instances.
The VolumeSnapshot resource API version v1beta1
is deprecated in Kubernetes 1.21 clusters. Use API version v1
for 1.21 clusters and above. All previously persisted VolumeSnapshot objects remain functional.
A security vulnerability, CVE-2020-8561,
has been discovered in Kubernetes where certain webhooks can be made to
redirect kube-apiserver
requests to private networks of that API
server.
For more information, see the GCP-2021-021 security bulletin.
You cannot create new 1.16 clusters. Existing 1.16 clusters continue to function.
Error messages when upgrading or downgrading your clusters have been clarified.
September 15, 2021
A security issue was discovered in Kubernetes, CVE-2021-25741, where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem. For more information, see the GCP-2021-018 security bulletin.
September 01, 2021
Anthos clusters on AWS aws-1.8.2-gke.2 is now available.
Anthos clusters on AWS aws-1.8.2-gke.2 clusters run the following Kubernetes versions:
- 1.17.17-gke.15800
- 1.18.20-gke.4800
- 1.19.14-gke.600
- 1.20.10-gke.600
The supported versions also offer the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on AWS 1.8.
July 29, 2021
Anthos clusters on AWS aws-1.8.1-gke.1 is now available.
Anthos clusters on AWS aws-1.8.1-gke.1 clusters run the following Kubernetes versions:
- 1.17.17-gke.13600
- 1.18.20-gke.2600
- 1.19.13-gke.300
- 1.20.9-gke.300
This release contains fixes for the following security vulnerabilities:
Anthos clusters on AWS now requires kubectl
version 1.17 or higher and terraform
version v0.14.3 or higher.
July 07, 2021
Anthos clusters on AWS aws-1.8.0-gke.8 is now available.
Anthos clusters on AWS aws-1.8.0-gke.8 clusters run the following Kubernetes versions:
- 1.17.17-gke.11000
- 1.18.19-gke.2300
- 1.19.11-gke.2300
- 1.20.7-gke.2400
This release fixes an issue mentioned in the entry on July 2, 2021. We recommend all customers upgrade to 1.8.0-gke.8.
When you upgrade or update a user cluster, the Connect agent is automatically updated to the latest version.
July 02, 2021
An issue has been discovered with Anthos clusters on AWS 1.8.0. When you complete an upgrade to your management service to 1.8.0, the management service automatically performs a rolling update of all node pools.
A fix for this issue is being developed. A new build will be published when the fix is available.
July 01, 2021
Anthos clusters on AWS aws-1.8.0-gke.7 is now available.
Anthos clusters on AWS aws-1.8.0-gke.7 clusters run the following Kubernetes versions:
- 1.17.17-gke.11000
- 1.18.19-gke.2300
- 1.19.11-gke.2300
- 1.20.7-gke.2400
You can now launch Kubernetes 1.20 clusters.
Workload identity to authenticate to Google Cloud services from your user clusters is now available. Using workload identity is supported on user clusters running version 1.20 and higher.
You can now update the security groups associated with user clusters and node pools. For more information, see Updating a user cluster
You can now modify proxy settings on a running cluster. For more information, see Changing Cluster Proxy Settings
Anthos clusters on AWS now supports Cloud Logging and Cloud Monitoring of user cluster control planes. For more information, see Configuring logging and monitoring.
June 03, 2021
Anthos clusters on AWS 1.7.2-gke.0 is now available.
Anthos clusters on AWS 1.7.2-gke.0 clusters run the following Kubernetes versions:
- 1.16.15-gke.18500
- 1.17.17-gke.8200
- 1.18.18-gke.1500
- 1.19.10-gke.1500
The Anthos clusters on AWS 1.7.2-gke.0 release addresses the following vulnerabilities:
April 30, 2021
Anthos clusters on AWS 1.7.1-gke.1 is now available.
Anthos clusters on AWS 1.7.1-gke.1 clusters run the following Kubernetes versions:
- 1.16.15-gke.17300
- 1.17.17-gke.7000
- 1.18.18-gke.300
- 1.19.9-gke.900
The Anthos clusters on AWS 1.7.1-gke.1 patch release addresses the following security vulnerabilities:
April 20, 2021
The Kubernetes project recently announced a new security vulnerability, CVE-2021-25735, that could allow node updates to bypass a Validating Admission Webhook. For more details, see the GCP-2021-003 security bulletin.
April 06, 2021
Anthos clusters on AWS 1.7.0-gke.12 is now available.
Anthos clusters on AWS 1.7.0-gke.12 clusters run the following Kubernetes versions:
- 1.16.15-gke.8100
- 1.17.13-gke.2800
- 1.18.12-gke.1800
- 1.19.8-gke.1000
To upgrade your clusters, perform the following steps:
- Upgrade your Management service to 1.7.0-gke.12.
- Upgrade your user clusters to a supported Kubernetes version.
This release fixes an issue mentioned in the entry on April 2, 2021. We recommend all customers running 1.7.0-gke.11 upgrade to 1.7.0-gke.12.
April 02, 2021
An issue has been discovered with Anthos clusters on AWS 1.7.0.
If you use a HTTP proxy, do not upgrade to 1.7.0.
If you do not use a HTTP proxy, you can upgrade to 1.7.0.
A fix for this issue is being developed.
March 31, 2021
Anthos clusters on AWS 1.7.0-gke.11 is now available.
This note is updated. For more information, see entry on April 2, 2021.
Anthos clusters on AWS 1.7.0-gke.11 clusters run the following Kubernetes versions:
- 1.16.15-gke.8100
- 1.17.13-gke.2800
- 1.18.12-gke.1800
- 1.19.8-gke.1000
To upgrade your clusters, perform the following steps:
- Upgrade your Management service to 1.7.0-gke.11.
- Upgrade your user clusters to a supported Kubernetes version.
Anthos clusters on AWS now supports Kubernetes 1.19.
Anthos clusters on AWS now supports exporting logs and metrics from an Anthos clusters on AWS user cluster to Cloud Logging and Cloud Monitoring.
For more information, see Configuring logging and monitoring for Anthos clusters on AWS
Anthos clusters on AWS now supports CMK encryption for component volumes. For more information, see Using CMK to encrypt volumes.
Workload identity in user clusters is now generally available.
Anthos clusters on AWS now supports gp3
EBS volume types. You can configure gp3
volumes on your management service, AWSCluster, and AWSNodePools.
February 25, 2021
Anthos clusters on AWS 1.6.2-gke.0 is now available.
Anthos clusters on AWS 1.6.2-gke.0 clusters run the following Kubernetes versions:
- 1.16.15-gke.5302
- 1.17.9-gke.6402
- 1.18.10-gke.902
To upgrade your clusters, perform the following steps:
- Upgrade your Management service to 1.6.2-gke.0.
- Upgrade your user clusters to a supported Kubernetes version.
This release fixes an issue where the management service fails to start when provided with a KMS alias.
Bug fixes and security improvements.
February 03, 2021
GKE on AWS 1.6.1-gke.2 is now available.
GKE on AWS 1.6.1-gke.2 clusters run the following Kubernetes versions:
- 1.16.15-gke.5301
- 1.17.9-gke.6401
- 1.18.10-gke.901
To upgrade your clusters, perform the following steps:
- Upgrade your Management service to 1.6.1-gke.2.
- Upgrade your user clusters to a supported Kubernetes version.
Snapshots now collect AWS EFS logs from user cluster nodes.
Bug fixes and performance improvements.
December 17, 2020
GKE on AWS 1.6.0-gke.3 is now available.
GKE on AWS 1.6.0-gke.3 clusters run the following Kubernetes versions:
- 1.16.15-gke.5300
- 1.17.9-gke.6400
- 1.18.10-gke.900
To upgrade your clusters, perform the following steps:
- Upgrade your Management service to 1.6.0-gke.1.
- Upgrade your user clusters to a supported Kubernetes version.
GKE on AWS now supports Kubernetes 1.18.
The Kubernetes 1.18 version includes CoreDNS 1.7.1 and Cluster Autoscaler 1.18.
GKE on AWS now supports mounting AWS Elastic File System file systems without having to install a driver.
You can now specify an AWS KMS alias in your anthos-gke.yaml
instead of a KMS ARN.
You can now use custom DNS hostnames in your VPC by setting enableDnsHostnames
to false
Cluster state synchronizations between the management service and S3 now use HTTPS.
November 02, 2020
Anthos GKE on AWS 1.5.1-gke.1 is now available and clusters run on 1.16.15-gke.701 and v1.17.9-gke.2801. To upgrade your clusters, perform the following steps:
Upgrade your Management service to 1.5.1-gke.1. Upgrade your user clusters to 1.16.15-gke.701 or v1.17.9-gke.2801
You can now use Private Google Access to provision images for your GKE on AWS environment. For more information, see spec.ubuntuRepositoryMirror
in the AWSManagementService resource.
Bug fixes and performance improvements.
October 12, 2020
GKE on AWS 1.5.0 supports volume snapshots.
October 02, 2020
Anthos GKE on-AWS 1.5.0-gke.6 is now available and clusters run on 1.16.15-gke.700 and v1.17.9-gke.2800. To upgrade your clusters, perform the following steps:
- Upgrade your Management service to 1.5.0-gke.6.
- Upgrade your user clusters to 1.16.15-gke.700 or v1.17.9-gke.2800
Workload identity (preview) lets you bind Kubernetes service accounts to AWS IAM accounts with specific permissions. Workload identity blocks unwanted access to cloud resources with AWS IAM permissions. With workload identity, you can assign different IAM roles to each workload. Fine grained permissions control allows you to follow the principle of least privilege. For more details, see Creating a user cluster with workload identity
You can now route traffic from the GKE on AWS management service and Connect through an HTTP/HTTPS proxy. For more details, see Using a proxy with GKE on AWS
Improved installation experience
This version enables installation and upgrade by using any Google Cloud–authenticated service account. You no longer need to be on the allowlist to access GKE on AWS components..
Additional preflight checks enforce enablement of required Google Cloud APIs. See Google Cloud requirements for more information.
When creating multiple multiple management clusters, users may have seen name collisions with S3 bucket. Now, you can specify a custom name for your S3 bucket to avoid naming conflicts.
September 17, 2020
GKE on AWS 1.4.3-gke.7 is now available. GKE on AWS 1.4.3-gke.7 clusters run on Kubernetes 1.16.13-gke.1402.
To Upgrade:
- Upgrade your Management service to 1.4.3-gke.7.
- Upgrade your user clusters to to 1.16.13-gke.1402.
A vulnerability, described in CVE-2020-14386, was recently discovered in the Linux kernel. The vulnerability may allow container escape to obtain root privileges on the host node.
All GKE on AWS nodes are affected.
To fix this vulnerability, upgrade your management service and user clusters to this patched version. The following GKE on AWS version contains the fix for this vulnerability:
- GKE on AWS 1.4.3
For more information, see the Security Bulletin
August 27, 2020
GKE on AWS 1.4.2-gke.1 is released. This release includes Kubernetes version 1.16.13-gke.1401.
This release includes bug fixes and security improvements. We recommend you update your clusters to this version.
To upgrade your clusters, perform the following steps:
- Upgrade your management service to aws-1.4.2-gke.1.
- Upgrade your user cluster's AWSCluster and AWSNodePools to 1.16.13-gke.1401.
- Fixed Perl version to fix security vulnerability CVE-2020-10878
- Removed a dependency on Musl to fix security vulnerability CVE-2019-14697
August 04, 2020
Anthos GKE on AWS 1.4.1-gke.17 is released. This release fixes a memory leak that causes clusters to become unresponsive.
To upgrade your clusters, perform the following steps:
- Restart your control plane instances.
- Upgrade your management service to aws-1.4.1-gke.17.
- Upgrade your user cluster's AWSCluster and AWSNodePools to 1.16.9-gke.15.
Use version 1.16.9-gke.15 for creating new clusters.
August 03, 2020
Anthos GKE on AWS 1.4.1-gke.15 clusters will experience a memory leak that results in an unresponsive cluster. A fix for this issue is in development.
If you are planning to deploy an Anthos GKE on AWS cluster, wait until the fix is ready.
July 24, 2020
Anthos GKE on AWS is now generally available.
Clusters support in-place upgrades, with the ability to upgrade the control plane and node pools separately.
Clusters can be deployed in a high availability (HA) configuration, where control plane instances and node pools are spread across multiple availability zones.
Clusters have been validated to support up to 200 nodes and 6000 pods.
Allows the number of nodes to be scaled dynamically based on traffic volume to increase utilization and reduce cost, and improve performance
Anthos can be deployed within existing AWS VPCs, leveraging existing security groups to secure those clusters. Customers can ingress traffic using NLB and ALBs. Additionally Anthos on AWS supports AWS IAM and OIDC. This makes deploying Anthos easy, eliminates the need to provision new accounts, and minimizes configuration of the environment.
With Anthos Config Management enterprises can set policies on their AWS workloads and with Anthos Service Mesh, they can monitor, manage, and secure them.
Kubernetes settings (flags and sysctl settings) have been updated to match GKE.
Upgrades from beta versions are not supported. To install Anthos GKE on AWS, you must remove your user and management clusters, then reinstall them.
May 29, 2020
A new build of Anthos GKE on AWS has been released. This build removes the need to check AWS IAM privileges when creating a management cluster. You don't need to update if you have not encountered this issue.
To install this build, download the anthos-gke
tool by running the following command:
gsutil cp gs://gke-multi-cloud-release/bin/aws-0.2.1-gke.8/anthos-gke .
Then, recreate your Terraform configuration and continue with your installation.
May 07, 2020
To upgrade your Anthos GKE on AWS clusters, you need to uninstall all your management and user clusters. You also need to download the new version of the anthos-gke
cli tool.
Anthos GKE on AWS now supports auto-scaling. You can enable auto-scaling by changing settings in your AWSNodePools, or scale your clusters manually by adding new AWSNodePools.
Built-in EBS StorageClass names have been changed to standard-rwo
and premium-rwo
. If you declare the singlewriter-standard
or singlewriter-premium
StorageClasses with your workloads, you must update your workloads when upgrading.
Anthos GKE on AWS now support for Application-layer secrets encryption with AWS KMS by passing a KMS key ARN to your AWSCluster.
April 02, 2020
Initial beta release of Anthos GKE on AWS
The release improves upon earlier releases with:
Improved reliability: User clusters are now deployed in a high availability (HA) fashion, where both control plane instances as well as node pools can be placed across multiple availability zones. AWS Auto Scaling groups are also now used for resiliency.
Improved security: Control plane instances for different user clusters are now isolated in separate security groups. Instance Metadata Service Version 2 (IMDSv2) is enabled to protect against SSRF attacks, and sensitive fields in EC2 metadata are now encrypted.
Easier to deploy: The installation process for the management layer has been simplified and performs additional validation checks. It uses Terraform modules for flexible integration into different AWS environments, and customers can now leverage existing security groups and IAM resources to secure clusters. Documentation has been improved and expanded.
Future-proof storage stack: We're now using the EBS CSI driver to manage all AWS EBS volumes. The legacy, in-tree Kubernetes EBS driver has been removed entirely, and all upcoming storage features, such as snapshots, will be provided using CSI.
Updated Kubernetes version: User clusters are now based on Kubernetes 1.15 and have passed open-source Kubernetes conformance tests.