This page lists selected known issues for GKE on AWS, and steps you can take to reduce their impact.
If you need additional assistance, reach out to Cloud Customer Care.Operations
Cluster autoscaler might incorrectly scale up from zero nodes
Versions affected by this issue are the following:
- All versions prior to 1.27
- Versions of 1.27 from 1.27.0-gke.0 up to, but not including, 1.27.12-gke.800
- Versions of 1.28 from 1.28.0-gke.0 up to, but not including, 1.28.8-gke.800
Cluster autoscaler doesn't correctly scale up from zero nodes for node pools with custom labels or taints.
This issue occurs because the GKE on AWS cluster autoscaler didn't configure the node pool labels and taint tags on the corresponding node pool Auto Scaling Group during node pool provisioning. For node pools with zero nodes, the cluster autoscaler can't create the node templates correctly because of these missing tags. This could lead to incorrect scaling decisions, such as Pods not being scheduled to the applicable nodes, or nodes being provisioned that aren't really needed. For more information, see Auto-Discovery Setup.
Networking
Application timeouts caused by conntrack table insertion failures
Versions affected by this issue are the following:
- All versions of 1.23 starting from 1.23.8-gke.1700.
- All versions of 1.24 starting from 1.24.0-gke.0.
- Versions of 1.25 ranging from 1.25.0-gke.0 up to, but not including, 1.25.10-gke.1200.
- Versions from 1.26.0-gke.0 up to, but not including, 1.26.4-gke.2200.
Clusters running on an Ubuntu OS that uses kernel 5.15 or higher are susceptible to netfilter connection tracking (conntrack) table insertion failures. Insertion failures can occur even when the conntrack table has room for new entries. The failures are caused by changes in kernel 5.15 and higher that restrict table insertions based on chain length.
To see if you are affected by this issue, check the in-kernel connection tracking system statistics with the following command:
sudo conntrack -S
The response looks like this:
cpu=0 found=0 invalid=4 insert=0 insert_failed=0 drop=0 early_drop=0
error=0 search_restart=0 clash_resolve=0 chaintoolong=0
cpu=1 found=0 invalid=0 insert=0 insert_failed=0 drop=0 early_drop=0
error=0 search_restart=0 clash_resolve=0 chaintoolong=0
cpu=2 found=0 invalid=16 insert=0 insert_failed=0 drop=0 early_drop=0
error=0 search_restart=0 clash_resolve=0 chaintoolong=0
cpu=3 found=0 invalid=13 insert=0 insert_failed=0 drop=0 early_drop=0
error=0 search_restart=0 clash_resolve=0 chaintoolong=0
cpu=4 found=0 invalid=9 insert=0 insert_failed=0 drop=0 early_drop=0
error=0 search_restart=0 clash_resolve=0 chaintoolong=0
cpu=5 found=0 invalid=1 insert=0 insert_failed=0 drop=0 early_drop=0
error=519 search_restart=0 clash_resolve=126 chaintoolong=0
If a chaintoolong
value in the response is a non-zero number, you are affected
by this issue.
Solution
If you are running version 1.26.2-gke.1001, upgrade to version 1.26.4-gke.2200 or later.
Usability
Unreachable clusters detected error in UI
Versions affected by this issue are 1.25.5-gke.1500 and 1.25.4-gke.1300.
Some UI surfaces in Google Cloud console can't authorize to the cluster and might display the cluster as unreachable.
Solution
Upgrade your cluster to the latest available patch of version 1.25. This
issue was fixed in version 1.25.5-gke.2000
.
API errors
Kubernetes 1.22 deprecates and replaces several APIs. If you've upgraded your cluster to version 1.22 or later, any calls your application makes to one of the deprecated APIs fail.
Solution
Upgrade your application to replace the deprecated API calls with their newer counterparts.