Shoot cluster supported Kubernetes versions and specifics
Defining the differences and requirements for upgrading to a supported Kubernetes version
2 minute read
Shoot Kubernetes Minor Version Upgrades
Breaking changes may be introduced with new Kubernetes versions. This documentation describes the Gardener specific differences and requirements for upgrading to a supported Kubernetes version. For Kubernetes specific upgrade notes the upstream Kubernetes release notes, changelogs and release blogs should be considered before upgrade.
Upgrading to Kubernetes v1.33
- A new
deny-allNetworkPolicyis deployed into thekube-systemnamespace of theShootcluster.Shootowners that run workloads in thekube-systemnamespace are required to explicitly allow their expectedIngressandEgresstraffic inkube-systemviaNetworkPolicies. - The
Shoot’s field.spec.kubernetes.kubeControllerManager.podEvictionTimeoutis forbidden.Shootowners should use the.spec.kubernetes.kubeAPIServer.defaultNotReadyTolerationSecondsand.spec.kubernetes.kubeAPIServer.defaultUnreachableTolerationSecondsfields. - The
Shoot’s field.spec.kubernetes.clusterAutoscaler.maxEmptyBulkDeleteis forbidden.Shootowners should use the.spec.kubernetes.clusterAutoscaler.maxScaleDownParallelismfield.
Upgrading to Kubernetes v1.32
Tip
It is recommended to migrate from OIDC to
StructuredAuthenticationbefore updating to Kubernetes v1.32 in order to avoid not being able to revert the change.
- The
Shoot’sspec.kubernetes.kubeAPIServer.oidcConfigfield is forbidden.Shootowners that have usedoidcConfigor a(Cluster)OpenIDConnectPresetresource are recommended to migrate toStructuredAuthentication. More information aboutStructuredAuthenticationcan be found in the Structured Authentication documentation.
Upgrading to Kubernetes v1.31
- The
Shoot’sspec.kubernetes.kubeAPIServer.oidcConfig.clientAuthenticationfield is forbidden. - The
Shoot’s.spec.kubernetes.kubelet.systemReservedand.spec.provider.workers[].kubernetes.kubelet.systemReservedfields are forbidden.Shootowners should use the.spec.kubernetes.kubelet.kubeReservedand.spec.provider.workers[].kubernetes.kubelet.kubeReservedfields.
Upgrading to Kubernetes v1.30
- The
kubeletUnlimitedSwapbehavior, configured in theShoot’s.spec.{kubernetes,provider.workers[]}.kubelet.memorySwap.swapBehaviorfields, can no longer be used.
Feedback
Was this page helpful?