Shoot Kubernetes Minor Version Upgrades
Breaking changes may be introduced with new Kubernetes versions. This documentation describes the Gardener specific differences and requirements for upgrading to a supported Kubernetes version. For Kubernetes specific upgrade notes the upstream Kubernetes release notes, changelogs and release blogs should be considered before upgrade.
Upgrading to Kubernetes v1.34
- The
Shoot
's.spec.cloudProfileName
field is forbidden.Shoot
owners must migrate theirCloudProfile
reference to the newspec.cloudProfile.name
field.
Upgrading to Kubernetes v1.33
- A new
deny-all
NetworkPolicy
is deployed into thekube-system
namespace of theShoot
cluster.Shoot
owners that run workloads in thekube-system
namespace are required to explicitly allow their expectedIngress
andEgress
traffic inkube-system
viaNetworkPolicies
. - The
Shoot
's.spec.kubernetes.kubeControllerManager.podEvictionTimeout
field is forbidden.Shoot
owners should use the.spec.kubernetes.kubeAPIServer.defaultNotReadyTolerationSeconds
and.spec.kubernetes.kubeAPIServer.defaultUnreachableTolerationSeconds
fields. - The
Shoot
's.spec.kubernetes.clusterAutoscaler.maxEmptyBulkDelete
field is forbidden.Shoot
owners should use the.spec.kubernetes.clusterAutoscaler.maxScaleDownParallelism
field. - The
Shoot
's.spec.cloudProfileName
field is deprecated.Shoot
owners should migrate theirCloudProfile
reference to the new.spec.cloudProfile.name
field.
Upgrading to Kubernetes v1.32
TIP
It is recommended to migrate from OIDC to StructuredAuthentication
before updating to Kubernetes v1.32 in order to avoid not being able to revert the change.
- The
Shoot
'sspec.kubernetes.kubeAPIServer.oidcConfig
field is forbidden.Shoot
owners that have usedoidcConfig
or a(Cluster)OpenIDConnectPreset
resource are recommended to migrate toStructuredAuthentication
. More information aboutStructuredAuthentication
can be found in the Structured Authentication documentation.
Upgrading to Kubernetes v1.31
- The
Shoot
'sspec.kubernetes.kubeAPIServer.oidcConfig.clientAuthentication
field is forbidden. - The
Shoot
's.spec.kubernetes.kubelet.systemReserved
and.spec.provider.workers[].kubernetes.kubelet.systemReserved
fields are forbidden.Shoot
owners should use the.spec.kubernetes.kubelet.kubeReserved
and.spec.provider.workers[].kubernetes.kubelet.kubeReserved
fields.
Upgrading to Kubernetes v1.30
- The
kubelet
UnlimitedSwap
behavior, configured in theShoot
's.spec.{kubernetes,provider.workers[]}.kubelet.memorySwap.swapBehavior
fields, can no longer be used.