Each GKE on AWS release comes with Kubernetes version notes. These are similar to release notes but are specific to a Kubernetes version and might offer more technical detail.
GKE on AWS supports the Kubernetes versions listed in the following sections. If a version isn't included in this file, it's unsupported.
Kubernetes 1.31
1.31.1-gke.1800
- Feature: Added support for
sysctlnode system configuration already supported by GKE undernodepool.config.linux_node_config.sysctls. This feature is only available via direct API call, and is not supported in any clients. The following are the supported configuration options for thesysctlutility:net.core.busy_pollnet.core.busy_readnet.core.netdev_max_backlognet.core.rmem_maxnet.core.wmem_defaultnet.core.wmem_maxnet.core.optmem_maxnet.core.somaxconnnet.ipv4.tcp_rmemnet.ipv4.tcp_wmemnet.ipv4.tcp_tw_reusenet.ipv6.conf.all.disable_ipv6net.ipv6.conf.default.disable_ipv6vm.max_map_count
- Feature: The
gcloud beta container fleet memberships get-credentialscommand uses a preview feature of the Connect gateway that lets you run thekubectl port-forwardcommand. For more information, see Limitations in the Connect gateway documentation. - Security Fixes
- Fixed CVE-2019-18276
- Fixed CVE-2021-25743
- Fixed CVE-2022-41723
- Fixed CVE-2023-2431
- Fixed CVE-2023-2727
- Fixed CVE-2023-2728
- Fixed CVE-2023-28452
- Fixed CVE-2023-29406
- Fixed CVE-2023-29409
- Fixed CVE-2023-30464
- Fixed CVE-2023-3446
- Fixed CVE-2023-3676
- Fixed CVE-2023-3817
- Fixed CVE-2023-3955
- Fixed CVE-2023-40577
- Fixed CVE-2023-45142
- Fixed CVE-2023-4911
- Fixed CVE-2023-5678
- Fixed CVE-2023-6992
- Fixed CVE-2024-0727
- Fixed CVE-2024-0793
- Fixed CVE-2024-0874
- Fixed CVE-2024-24557
- Fixed CVE-2024-2511
- Fixed CVE-2024-29018
- Fixed CVE-2024-2961
- Fixed CVE-2024-41110
- Fixed CVE-2024-4741
- Fixed CVE-2024-6104
- Fixed CVE-2024-9143
- Fixed GHSA-87m9-rv8p-rgmg
- Fixed GHSA-jq35-85cj-fj4p
- Fixed GHSA-mh55-gqvf-xfwm
- Fixed CVE-2024-45016
- Fixed CVE-2024-24790
Kubernetes 1.30
1.30.5-gke.1000
- Security Fixes:
- Fixed CVE-2024-24790
1.30.5-gke.200
- Security Fixes:
- Fixed CVE-2024-9143
- Fixed GHSA-87m9-rv8p-rgmg
- Fixed GHSA-mh55-gqvf-xfwm
1.30.4-gke.400
- Bug Fix: Fixed an issue of a frequent error message "object has been modified" by updating the
csi-snapshotterto version 6.3.3. - Security Fixes:
- Fixed CVE-2023-50387
- Fixed CVE-2023-50868
- Fixed CVE-2024-0553
- Fixed CVE-2024-0567
- Fixed CVE-2024-4603
- Fixed CVE-2024-7348
1.30.3-gke.100
Feature: Added
kubeletConfignode system configuration. With this feature, you can specify custom configurations on your node pools, including CPU manager policy, CPU throttling, and process IDs (PIDs).Feature: The
gcloud beta container fleet memberships get-credentialscommand uses a preview feature of the Connect gateway that lets you run thekubectlattach,cp, andexeccommands. For more information, see Limitations in the Connect gateway documentation.Security Fixes:
- Fixed CVE-2024-21626
- Fixed CVE-2024-7264
- Fixed CVE-2024-26642
- Fixed CVE-2024-26923
Kubernetes 1.29
1.29.10-gke.100
- Security Fixes:
- Fixed CVE-2024-24790
1.29.8-gke.1800
- Security Fixes:
- Fixed CVE-2024-9143
- Fixed GHSA-87m9-rv8p-rgmg
- Fixed GHSA-mh55-gqvf-xfwm
1.29.8-gke.600
- Bug Fix: Fixed an issue of a frequent error message "object has been modified" by updating the
csi-snapshotterto version 6.3.3. - Security Fixes:
- Fixed CVE-2023-50387
- Fixed CVE-2023-50868
- Fixed CVE-2024-0553
- Fixed CVE-2024-0567
- Fixed CVE-2024-4603
- Fixed CVE-2024-7348
1.29.7-gke.100
- Security Fixes:
- Fixed CVE-2024-7264
- Fixed CVE-2024-26642
- Fixed CVE-2024-26923
1.29.6-gke.600
- Security Fixes
- Fixed CVE-2022-40735
- Fixed CVE-2023-24329
- Fixed CVE-2023-40217
- Fixed CVE-2023-41105
- Fixed CVE-2023-50387
- Fixed CVE-2023-50868
- Fixed CVE-2023-5678
- Fixed CVE-2023-6129
- Fixed CVE-2023-6237
- Fixed CVE-2023-6597
- Fixed CVE-2024-0450
- Fixed CVE-2024-0727
- Fixed CVE-2024-28834
- Fixed CVE-2024-28835
1.29.5-gke.1100
- Security Fixes:
- Fixed CVE-2024-6387
- Fixed CVE-2024-26583
- Fixed CVE-2024-26584
- Fixed CVE-2024-26585
- Fixed CVE-2023-52447
- Fixed CVE-2024-26643
- Fixed CVE-2024-26643
- Fixed CVE-2024-26809
- Fixed CVE-2024-26808
- Fixed CVE-2024-26924
- Fixed CVE-2024-26925
1.29.5-gke.700
- Security Fixes:
- Fixed CVE-2022-3715
- Fixed CVE-2022-48303
- Fixed CVE-2023-2953
- Fixed CVE-2023-39804
- Fixed CVE-2023-4641
- Fixed CVE-2023-47038
- Fixed CVE-2023-52425
- Fixed CVE-2023-5678
- Fixed CVE-2023-5981
- Fixed CVE-2023-6004
- Fixed CVE-2023-6129
- Fixed CVE-2023-6237
- Fixed CVE-2023-6918
- Fixed CVE-2024-0553
- Fixed CVE-2024-0567
- Fixed CVE-2024-0727
- Fixed CVE-2024-0985
- Fixed CVE-2024-22365
- Fixed CVE-2024-2398
- Fixed CVE-2024-28085
- Fixed CVE-2024-28182
- Fixed CVE-2024-28757
- Fixed CVE-2024-28834
- Fixed CVE-2024-28835
1.29.4-gke.200
- Security Fixes:
- Fixed CVE-2023-52620.
- Fixed CVE-2024-1085.
- Fixed CVE-2024-26581.
1.29.3-gke.600
Breaking Change: Starting from Kubernetes 1.29, clusters require outbound HTTPS connectivity to the domain
kubernetesmetadata.googleapis.com. Please ensure that your proxy server and/or firewall configuration allows this traffic. You also need to enable the Kubernetes Metadata API, which can be enabled in the Google Cloud console.Feature: Removed the requirement for connectivity to the domain
opsconfigmonitoring.googleapis.com. This domain was previously required for logging and monitoring but is no longer needed for Kubernetes 1.29 and later. You should remove this domain from your firewall and/or proxy server configuration.Bug Fix: Fixed an issue where the Fluentbit agent becomes unresponsive and stops ingesting logs into Cloud Logging. Added a mechanism to detect and automatically restart the agent when this occurs.
Bug Fix: Fixed an issue with the cluster autoscaler so that it respects user-configured labels and taints on node pools. This enhancement enables accurate scaling up from zero nodes, and enables more precise provisioning of your clusters. This change fixes the following Known issue.
Security Fixes:
- Fixed CVE-2020-29509
- Fixed CVE-2020-29511
- Fixed CVE-2020-29652
- Fixed CVE-2021-29923
- Fixed CVE-2021-31525
- Fixed CVE-2021-33195
- Fixed CVE-2021-33196
- Fixed CVE-2021-33197
- Fixed CVE-2021-33198
- Fixed CVE-2021-34558
- Fixed CVE-2021-36221
- Fixed CVE-2021-38297
- Fixed CVE-2021-38561
- Fixed CVE-2021-39293
- Fixed CVE-2021-41771
- Fixed CVE-2021-41772
- Fixed CVE-2021-43565
- Fixed CVE-2021-44716
- Fixed CVE-2022-1705
- Fixed CVE-2022-1962
- Fixed CVE-2022-21698
- Fixed CVE-2022-23772
- Fixed CVE-2022-23773
- Fixed CVE-2022-23806
- Fixed CVE-2022-24675
- Fixed CVE-2022-24921
- Fixed CVE-2022-27191
- Fixed CVE-2022-27664
- Fixed CVE-2022-28131
- Fixed CVE-2022-28327
- Fixed CVE-2022-2879
- Fixed CVE-2022-2880
- Fixed CVE-2022-29526
- Fixed CVE-2022-30580
- Fixed CVE-2022-30629
- Fixed CVE-2022-30630
- Fixed CVE-2022-30631
- Fixed CVE-2022-30632
- Fixed CVE-2022-30633
- Fixed CVE-2022-30635
- Fixed CVE-2022-32148
- Fixed CVE-2022-32149
- Fixed CVE-2022-32189
- Fixed CVE-2022-41715
- Fixed CVE-2022-41717
- Fixed CVE-2022-41724
- Fixed CVE-2022-41725
- Fixed CVE-2023-24532
- Fixed CVE-2023-24534
- Fixed CVE-2023-24536
- Fixed CVE-2023-24537
- Fixed CVE-2023-24538
- Fixed CVE-2023-24539
- Fixed CVE-2023-24540
- Fixed CVE-2023-29400
- Fixed CVE-2023-29402
- Fixed CVE-2023-29403
- Fixed CVE-2023-29404
- Fixed CVE-2023-29405