Version updates
The following article provides information on how version updates for Kubernetes versions and operating system (OS) versions are handled for the SKE service.
General information for Kubernetes & OS updates
Section titled “General information for Kubernetes & OS updates”Classification of available versions
Section titled “Classification of available versions”The available Kubernetes and operating system versions are categorized as preview, supported, deprecated and expired with following meaning:
preview: A preview version is a new version that has a higher probability of undiscovered issues and is therefore not yet meant for productive usage. Clusters are never automatically updated (neither auto-updated nor force-updated) to a preview version during the maintenance window. Also preview versions are not considered for the default version that is used during the a cluster creation.supported: Supported versions are the recommended versions for new and existing clusters and are supported for productive usage. Typically, for Kubernetes the latest patch versions of the most recent minor version and the last 3 minor Kubernetes versions are supported.deprecated: A deprecated version is a version that approaches end of life and might contain issues that are probably resolved in a supported version. New clusters should not use this version anymore if it is not explicitly required. Existing clusters will be updated to a newer version if auto-update is enabled. Using automatic upgrades, however, does not guarantee that a cluster uses a non-deprecated version, as the latest version (overall or of the minor version) can be deprecated as well. Deprecated versions have an expiration date set for eventual expiration.expired: An expired version has an expiration date (for example, 2024-03-01) in the past. No new clusters can be created for that version and existing clusters are automatically migrated to a higher supported version during the maintenance time.
The list of currently available Kubernetes and operating system versions can be found in the SKE Dashboard.
SKE update types
Section titled “SKE update types”Automatically update the Kubernetes and OS versions (auto updates)
Section titled “Automatically update the Kubernetes and OS versions (auto updates)”SKE can manage updates of clusters automatically during maintenance windows. With this option enabled (see Update and maintain clusters) an update for a Kubernetes or OS version of a cluster gets triggered during its maintenance window whenever there is a supported version available that is higher than the current version being used. For Kubernetes, auto updates only update to higher patch levels (for example, v1.27.8 to v1.27.9).
Mandatory updates
Section titled “Mandatory updates”If the Kubernetes or OS version of a cluster has reached its expiration date, SKE starts a mandatory update to the highest available patch version of the current minor version, or to the highest patch version of the consecutive minor version that is not classified as preview version. Note that mandatory version updates are even executed if the auto update for the Kubernetes version is deactivated since using a supported version is crucial for your cluster’s security and stability.
Manual updates
Section titled “Manual updates”Manual updates can be performed by selecting a specific version of Kubernetes or operating system version. This update mechanism can be used if you want to perform a update of the OS or Kubernetes version (for example, from v1.26 to v1.27) before auto updates will trigger this process. Please be aware that such updates could have breaking changes that could impact the cluster workload. Therefore, before applying such an update on minor or major releases, the cluster user should check for all the breaking changes introduced in the changelog of the target OS and Kubernetes release.
Kubernetes
Section titled “Kubernetes”The Kubernetes update policy follows the above described update mechanisms. New Kubernetes versions will be released shortly after the official Kubernetes lifecycle. As a SKE user you will get informed via release notes and via E-Mail in case you are operating a cluster with a deprecated Kubernetes version.
Kubernetes update examples
Section titled “Kubernetes update examples”Sample SKE versions to describe update mechanics:
| Version | State at Release Day X |
|---|---|
| v1.28.8 | preview |
| v1.27.11 | supported |
| v1.26.14 | supported |
| v1.26.11 | deprecated, not expired |
| v1.25.15 | supported |
| v1.25.13 | deprecated, not expired |
| v1.24.13 | expired |
This table shows different versions and how they are updated during the maintenance window.
| Current version | Auto Update enabled | Version expired | Version after Update | Notes |
|---|---|---|---|---|
| v1.26.11 | yes | no | v1.26.14 | --- |
| v1.26.11 | no | no | v1.26.14 | Will be automatically updated to v1.26.14 when expiration date is reached |
| v1.25.13 | yes | no | v1.25.15 | --- |
| v1.25.3 | no | yes | v1.25.15 | --- |
| v1.25.2 | yes | yes | v1.25.15 | --- |
| v1.24.13 | no | yes | v1.25.15 | Forceful update to new minor version because there is no supported version v1.24 anymore |
Operating system (OS)
Section titled “Operating system (OS)”The operating system upgrade policy follows the update mechanisms described above. New operating system versions are released on patchdays without separate announcement. Urgent security updates are still announced and released independent of patchdays.
Currently, SKE supports Flatcar & Ubuntu (preview) as operating systems and regular updates for them will happen on patchdays.
Patch days
Section titled “Patch days”SKE provides new operating system versions on patchdays. New OS versions will at first be provided as preview version. These versions become supported on the next patchday. Once a new image becomes supported, then previous versions are deprecated. Moreover, deprecated images will be expired on the next patchday.
Clusters update to new operating system versions according to the previously described auto update and forceful update mechanisms.
The following patchdays are set:
| Date (YYYY-MM-DD) |
|---|
| 2025-10-08 |
| 2025-11-12 |
| 2025-12-10 |
| 2026-01-14 |
| 2026-02-11 |
| 2026-03-11 |
| 2026-04-08 |
| 2026-05-13 |
| 2026-06-10 |
| 2026-07-08 |
| 2026-08-12 |
| 2026-09-09 |
| 2026-10-14 |
| 2026-11-11 |
| 2026-12-09 |
Example for Flatcar
Section titled “Example for Flatcar”| Version / Patchday | 2024-04-10 | 2024-05-08 | 2024-06-12 |
|---|---|---|---|
| 3760.2.0 | supported | deprecated | expired |
| 3815.2.0 | preview | supported | deprecated |
| 3815.2.1 | preview | supported |
If a newer minor version, in this case 3815.2.0, becomes supported, the older supported version becomes deprecated.
If a newer patch version, in this case 3815.2.1 (2024-06-12) becomes supported, the older patch version becomes deprecated.
Example for Ubuntu (preview)
Section titled “Example for Ubuntu (preview)”| Version / Patchday | 2024-04-10 | 2024-05-08 | 2024-06-12 |
|---|---|---|---|
| 2204.20240221.0 | preview | deprecated | expired |
| 2204.20240308.0 | preview | preview |
Currently, Ubuntu images are only available as preview versions. Therefore, a preview version will become deprecated, when a new preview is released.
Security issues
Section titled “Security issues”If images are affected by security issues, new supported images will be provided between patchdays. Images affected by security issues will be marked as deprecated or expired. This ensures timely upgrades for cluster with and without enabled auto-upgrades.
In summary: What will happen on patch days?
Section titled “In summary: What will happen on patch days?”- Promotion
- new OS versions (Flatcar or Ubuntu) can get released as preview
- existing preview images can become supported
- older OS versions that were previously in state supported can get deprecated
- Deprecated versions move to expired on the following patchday
- Upgrades of clusters (node roll)
- if clusters have enabled auto updates in maintenance
- auto updates will start within the maintenance window
- if clusters have disabled auto updates in maintenance
- auto updates will not happen on is planned for next patchday
- unless the current OS version is in state deprecated and expires on patchday
- auto updates will not happen on is planned for next patchday
- security issues (can happen outside patchdays)
- auto-upgrade will happen to next supported version
- if clusters have enabled auto updates in maintenance