Upgrading a GKE Cluster Without Changing the Release Channel

In some situations, you might prefer not to change your GKE release channel. For example, your cluster is currently on a specific version in the Regular channel, and certain CVE fixes are available only in a minor version that belongs to the Rapid channel. However, you would like to keep your cluster on the Regular channel.

The good news is that you can upgrade your cluster to a specific minor version without switching the release channel. Below are the steps to help you achieve this.

Steps to Follow

Step 1: Verify the Current Cluster Version

1. Navigate to the Cluster Details page in the Google Cloud Console.

   

2. Click on Upgrade Available to check the available upgrade options.

   

   Step 2: Verify the Available Versions Using Cloud Shell

   The recommended approach is to check available versions using Cloud Shell. Run the following command to view valid versions for the Regular channel:

3.   gcloud container get-server-config --region us-central1 --flatten="channels" --filter="channels.channel=Regular" --format="yaml(channels.channel,channels.validVersions)"
   

   Following output something will look like this below:-

   

   let’s take a scenario For example, if the required CVE fix is in version 1.31.6-gke.1099000, but this version is unavailable in the Regular channel, proceed to the next step.

   Step 3: Check the Required Version in the other channels for example this time I took Rapid Channel

   Run the following command to check available versions in the Rapid channel:

gcloud container get-server-config --region us-central1 --flatten="channels" --filter="channels.channel=Rapid" --format="yaml(channels.channel,channels.validVersions)"output:-

As you can see above the required version 1.31.6-gke.1099000 is available in the Rapid channel next step we can proceed with the upgrade.

Step 4: Upgrade the Cluster to the Required Version

You can upgrade the cluster to the next minor version, as fixes are included in these updates. Any GKE version equal to or greater than 1.31.6-gke.1099000 within 1.31 may address the CVE.

To upgrade the master version, run the following command:

gcloud container clusters upgrade cluster-1-test --region us-central1 --master --cluster-version 1.31.6-gke.1099000

The upgrade process will take some time, depending on the cluster's node and workload setup.

Step 5: Verify the Upgrade

Once the upgrade is complete, check the upgraded version in the Google Cloud Console.

You can also verify the version via Cloud Shell using the following command:

gcloud container clusters describe cluster-1-test --region us-central1 --format="value(currentMasterVersion)"

This confirms that the cluster has been successfully upgraded without changing the release channel.

Please note that fix versions are released in a phased manner:

\> 1 to 2 months from Rapid to Regular.

\> 1 to 2 months from Regular to Stable.

If an immediate security fix is required, upgrading to a newer minor version within the same channel ensures the latest patches are applied while maintaining consistency in the environment. This approach helps balance security, stability, and compliance needs effectively.

I hope you found this information helpful. If you did, please feel free to share and like 👍.