This document lists production updates to Google Distributed Cloud (software only) for bare metal (formerly known as Google Distributed Cloud Virtual, previously known as Anthos clusters on bare metal). Check this page periodically for any new announcements.
You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or programmatically access release notes in BigQuery.
To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly.
December 18, 2024
Release 1.31.0-gke.889
Google Distributed Cloud for bare metal 1.31.0-gke.889 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.31.0-gke.889 runs on Kubernetes 1.31.
After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.
If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.
Version 1.28 end of life: In accordance with the Version Support Policy, version 1.28 (all patch releases) of Google Distributed Cloud for bare metal has reached its end of life and is no longer supported.
Functionality changes:
Added support for configuring the GKE Identity Service to enforce a minimum transport layer security (TLS) version of 1.2 for HTTPS connections. By default, the GKE Identity Service allows TLS 1.1 and higher connections. If you require enforcement for a minimum of TLS 1.2, reach out to Cloud Customer Care for assistance.
Updated the
bmctl push images
command to check for the existence of an image digest to determine whether or not to push an image.Increased priority for
cert-manager
pods to system-cluster-critical to prevent premature eviction under control plane node resource pressure.Updated the logic for parsing the cluster configuration file for newer clusters to validate that the
anthosBareMetalVersion
value follows the fullx.y.z-gke.n
semantic versioning scheme, including the GKE patch version.Updated the snapshot capability to collect the following information:
- Details for all custom resources
- Additional debugging information for clusters
Add a health check to check that the
ifnode-problem-detector
systemd service is running on the node.Updated the
bmctl update
command to identify differences (if any) between the preview feature annotations in the cluster configuration file and the annotations in the deployed Cluster resource.Added a
--num-of-parallel-threads
flag to the snapshot command (bmctl check cluster --snapshot
) so that you can specify the number of threads to use to create a snapshot. The default number of threads for snapshot creation is 10.
Fixes:
Fixed an issue where the registry mirror reachability check fails for a single unreachable registry mirror. Now the reachability check applies to configured registry mirrors only, instead of all registry mirrors.
Fixed the issue where non-root users can't run
bmctl restore
to restore quorum.Fixed the issue that caused the
cplb-update
healthcheck job to run every 7 days, instead when needed only.Fixed an issue where CronJob specs for periodic health checks weren't updated to reflect cluster annotation changes.
Fixed an issue where the control plane VIP might become unavailable because Keepalived didn't check correctly that the VIP is on a node with a responsive HAProxy.
Fixed the issue where, due to a misconfigured client,
bmctl update
misjudges clusters about whether they're self-managed.Fixed Cloud Audit Logging failure due to allowlisting issue with multiple project IDs.
The following container image security vulnerabilities have been fixed in 1.31.0-gke.889:
Critical container vulnerabilities:
High-severity container vulnerabilities:
- CVE-2020-22218
- CVE-2021-3583
- CVE-2022-1304
- CVE-2022-3697
- CVE-2022-48733
- CVE-2023-3676
- CVE-2023-3955
- CVE-2023-4237
- CVE-2023-5528
- CVE-2023-5764
- CVE-2023-7104
- CVE-2023-39325
- CVE-2023-47038
- CVE-2023-47108
- CVE-2023-49083
- CVE-2023-52425
- CVE-2024-0553
- CVE-2024-0567
- CVE-2024-0743
- CVE-2024-0793
- CVE-2024-5321
- CVE-2024-6609
- CVE-2024-7348
- CVE-2024-10220
- CVE-2024-20696
- CVE-2024-37370
- CVE-2024-38577
- CVE-2024-39487
- CVE-2024-41011
- CVE-2024-41040
- CVE-2024-41046
- CVE-2024-41049
- CVE-2024-41059
- CVE-2024-41070
- CVE-2024-42104
- CVE-2024-42148
- CVE-2024-42228
- CVE-2024-42280
- CVE-2024-42284
- CVE-2024-42285
- CVE-2024-42301
- CVE-2024-42302
- CVE-2024-42313
- CVE-2024-43839
- CVE-2024-43858
- CVE-2024-43882
- CVE-2024-44974
- CVE-2024-44987
- CVE-2024-44998
- CVE-2024-44999
- CVE-2024-46673
- CVE-2024-46674
- CVE-2024-46722
- CVE-2024-46723
- CVE-2024-46724
- CVE-2024-46725
- CVE-2024-46731
- CVE-2024-46738
- CVE-2024-46740
- CVE-2024-46743
- CVE-2024-46744
- CVE-2024-46747
- CVE-2024-46756
- CVE-2024-46757
- CVE-2024-46758
- CVE-2024-46759
- CVE-2024-46782
- CVE-2024-46798
- CVE-2024-46800
- CVE-2024-46804
- CVE-2024-46814
- CVE-2024-46815
- CVE-2024-46818
- CVE-2024-46828
- CVE-2024-46844
- GHSA-87m9-rv8p-rgmg
- GHSA-m425-mq94-257g
Medium-severity container vulnerabilities:
- CVE-2016-3709
- CVE-2021-3620
- CVE-2021-3669
- CVE-2021-36976
- CVE-2022-26280
- CVE-2023-2431
- CVE-2023-2727
- CVE-2023-2728
- CVE-2023-3978
- CVE-2023-5981
- CVE-2023-23931
- CVE-2023-31083
- CVE-2023-44487
- CVE-2023-5115
- CVE-2023-52889
- CVE-2024-0690
- CVE-2024-6104
- CVE-2024-7264
- CVE-2024-8096
- CVE-2024-24557
- CVE-2024-29018
- CVE-2024-36901
- CVE-2024-36938
- CVE-2024-41009
- CVE-2024-41012
- CVE-2024-41055
- CVE-2024-41063
- CVE-2024-41064
- CVE-2024-41098
- CVE-2024-42101
- CVE-2024-42102
- CVE-2024-42114
- CVE-2024-42131
- CVE-2024-42137
- CVE-2024-42152
- CVE-2024-42153
- CVE-2024-42154
- CVE-2024-42157
- CVE-2024-42161
- CVE-2024-42223
- CVE-2024-42224
- CVE-2024-42229
- CVE-2024-42232
- CVE-2024-42236
- CVE-2024-42244
- CVE-2024-42246
- CVE-2024-42247
- CVE-2024-42259
- CVE-2024-42272
- CVE-2024-42283
- CVE-2024-42286
- CVE-2024-42287
- CVE-2024-42288
- CVE-2024-42289
- CVE-2024-42297
- CVE-2024-42309
- CVE-2024-42310
- CVE-2024-42311
- CVE-2024-43828
- CVE-2024-43829
- CVE-2024-43834
- CVE-2024-43835
- CVE-2024-43846
- CVE-2024-43849
- CVE-2024-43853
- CVE-2024-43854
- CVE-2024-43856
- CVE-2024-43860
- CVE-2024-43861
- CVE-2024-43871
- CVE-2024-43884
- CVE-2024-43889
- CVE-2024-43890
- CVE-2024-43892
- CVE-2024-43893
- CVE-2024-43894
- CVE-2024-43905
- CVE-2024-43907
- CVE-2024-43908
- CVE-2024-43914
- CVE-2024-44935
- CVE-2024-44944
- CVE-2024-44946
- CVE-2024-44947
- CVE-2024-44954
- CVE-2024-44960
- CVE-2024-44965
- CVE-2024-44968
- CVE-2024-44971
- CVE-2024-44988
- CVE-2024-44989
- CVE-2024-44990
- CVE-2024-44995
- CVE-2024-45003
- CVE-2024-45006
- CVE-2024-45016
- CVE-2024-45018
- CVE-2024-45021
- CVE-2024-45025
- CVE-2024-45028
- CVE-2024-46675
- CVE-2024-46676
- CVE-2024-46677
- CVE-2024-46679
- CVE-2024-46685
- CVE-2024-46689
- CVE-2024-46702
- CVE-2024-46707
- CVE-2024-46714
- CVE-2024-46719
- CVE-2024-46721
- CVE-2024-46737
- CVE-2024-46739
- CVE-2024-46750
- CVE-2024-46755
- CVE-2024-46763
- CVE-2024-46771
- CVE-2024-46777
- CVE-2024-46780
- CVE-2024-46781
- CVE-2024-46783
- CVE-2024-46791
- CVE-2024-46817
- CVE-2024-46819
- CVE-2024-46822
- CVE-2024-46829
- CVE-2024-46840
- CVE-2024-47663
- GHSA-jq35-85cj-fj4p
- GHSA-mh55-gqvf-xfwm
Low-severity container vulnerabilities:
Known issues:
For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.