Version updates
Last updated on
The following article provides information on how version updates for Kubernetes versions and operating system (OS) versions are handled for the SKE service.
General information
Section titled “General information”The available Kubernetes and operating system versions are categorized as preview, supported, deprecated and expired with following meaning:
preview: A preview version is a new version that has a higher probability of undiscovered issues and is therefore not yet meant for productive usage. Clusters are never automatically updated (neither auto-updated nor force-updated) to a preview version during the maintenance window. Also preview versions are not considered for the default version that is used during the a cluster creation.supported: Supported versions are the recommended versions for new and existing clusters and are supported for productive usage. Typically, for Kubernetes the latest patch versions of the most recent minor version and the last 3 minor Kubernetes versions are supported.deprecated: A deprecated version is a version that approaches end of life and might contain issues that are probably resolved in a supported version. New clusters should not use this version anymore if it is not explicitly required. Existing clusters will be updated to a newer version if auto-update is enabled. Using automatic upgrades, however, does not guarantee that a cluster uses a non-deprecated version, as the latest version (overall or of the minor version) can be deprecated as well. Deprecated versions have an expiration date set for eventual expiration.expired: An expired version has an expiration date (for example, 2024-03-01) in the past. No new clusters can be created for that version and existing clusters are automatically migrated to a higher supported version during the maintenance time.
The list of currently available Kubernetes and operating system versions can be found in the SKE Dashboard.
SKE update types
Section titled “SKE update types”Automatic updates
Section titled “Automatic updates”SKE can manage updates of clusters automatically during maintenance windows. With this option enabled (see Update and maintain clusters) an update for a Kubernetes or OS version of a cluster gets triggered during its maintenance window whenever there is a supported version available that is higher than the current version being used. For Kubernetes, auto updates only update to higher patch levels (for example, v1.27.8 to v1.27.9).
Mandatory updates
Section titled “Mandatory updates”If the Kubernetes or OS version of a cluster has reached its expiration date, SKE starts a mandatory update to the highest available patch version of the current minor version, or to the highest patch version of the consecutive minor version that is not classified as preview version. Note that mandatory version updates run, even if the auto update for the Kubernetes version is deactivated since using a supported version is crucial for your cluster’s security and stability.
Manual updates
Section titled “Manual updates”Manual updates can be performed by selecting a specific version of Kubernetes or operating system version. This update mechanism can be used if you want to perform a update of the OS or Kubernetes version (for example, from v1.26 to v1.27) before auto updates will trigger this process. Please be aware that such updates could have breaking changes that could impact the cluster workload. Therefore, before applying such an update on minor or major releases, the cluster user should check for all the breaking changes introduced in the changelog of the target OS and Kubernetes release.
Kubernetes updates
Section titled “Kubernetes updates”The Kubernetes update policy follows the above described update mechanisms. New Kubernetes versions will be released shortly after the official Kubernetes lifecycle. As a SKE user you will get informed via release notes and via email in case you are operating a cluster with a deprecated Kubernetes version.
Kubernetes update examples
Section titled “Kubernetes update examples”Sample SKE versions to describe update mechanics:
| Version | State at Release Day X |
|---|---|
| v1.28.8 | preview |
| v1.27.11 | supported |
| v1.26.14 | supported |
| v1.26.11 | deprecated, not expired |
| v1.25.15 | supported |
| v1.25.13 | deprecated, not expired |
| v1.24.13 | expired |
This table shows different versions and how they are updated during the maintenance window.
| Current version | Auto Update enabled | Version expired | Version after Update | Notes |
|---|---|---|---|---|
| v1.26.11 | yes | no | v1.26.11 | --- |
| v1.26.11 | no | no | v1.26.11 | Will be automatically updated to v1.26.14 when expiration date is reached |
| v1.25.13 | yes | no | v1.25.15 | --- |
| v1.25.13 | no | yes | v1.25.15 | --- |
| v1.25.12 | yes | yes | v1.25.15 | --- |
| v1.24.13 | no | yes | v1.25.15 | Forceful update to new minor version because there is no supported version v1.24 anymore |
Operating system updates
Section titled “Operating system updates”The operating system upgrade policy follows the update mechanisms described above. New operating system versions are released on patch days without separate announcement. Urgent security updates are still announced and released independent of patch days.
Currently, SKE supports Flatcar and Ubuntu (preview) as operating systems and regular updates for them will happen on patch days.
Please refer to the SKE lifecycle page for the exact dates of scheduled patch days.
Example for Flatcar
Section titled “Example for Flatcar”If a newer minor version, in this case 3815.2.0, becomes supported, the older supported version becomes deprecated.
If a newer patch version, in this case 3815.2.1 (2024-06-12) becomes supported, the older patch version becomes deprecated:
| Version / Patchday | 2024-04-10 | 2024-05-08 | 2024-06-12 |
|---|---|---|---|
| 3760.2.0 | supported | deprecated | expired |
| 3815.2.0 | preview | supported | deprecated |
| 3815.2.1 | preview | supported |
Example for Ubuntu
Section titled “Example for Ubuntu”Currently, Ubuntu images are only available as preview versions. Therefore, a preview version will become deprecated, when a new preview is released:
| Version / Patchday | 2024-04-10 | 2024-05-08 | 2024-06-12 |
|---|---|---|---|
| 2204.20240221.0 | preview | deprecated | expired |
| 2204.20240308.0 | preview | preview |
Security patches
Section titled “Security patches”If images are affected by security issues, new supported images will be provided between patch days. Images affected by security issues will be marked as deprecated or expired. This ensures timely upgrades for clusters with and without auto updates enabled.
Summary
Section titled “Summary”What will happen on patch days?
- Version progression:
- New OS versions (Flatcar or Ubuntu) can be released as preview.
- Existing preview images can become supported.
- Older OS versions that were previously supported can become deprecated.
- Deprecated versions can expire on the following patch day.
- Cluster upgrades (rolling node updates):
- If clusters have enabled auto updates in maintenance, auto updates will start within the maintenance window.
- If clusters have disabled auto updates in maintenance, auto updates will not happen on patch day.
- Unless the current OS version is deprecated and expires on patch day.
- Security patches:
- Can happen outside of patch days.
- The next supported version will be applied, even if auto update is disabled.