Support for Kubernetes version 1.20.11

Container Engine for Kubernetes now supports Kubernetes version 1.20.11, in addition to versions 1.19.15 and 1.18.10. With the availability of support for Kubernetes version 1.20.11, Container Engine for Kubernetes will cease support for Kubernetes version 1.20.8 on November 7, 2021. Oracle strongly recommends you immediately upgrade clusters to Kubernetes version 1.20.11.

Note the following:

  • Kubernetes version 1.20.11 addresses a security vulnerability (CVE-2021-25741) found in earlier versions of Kubernetes 1.20. For more information, see the Kubernetes 1.20 changelog.
  • Although Kubernetes version 1.20.8 will not be supported after November 7, 2021, it will continue to be available for selection. However, Oracle strongly recommends you upgrade clusters to Kubernetes version 1.20.11.
  • If you are upgrading clusters from Kubernetes version 1.18 or earlier, note that Kubernetes version 1.19 is built with golang version 1.15. Golang no longer supports x509 certificates that contain only CommonName. Before upgrading to Kubernetes version 1.19, Oracle recommends you check whether any clusters have admission webhooks that use an x509 certificate containing only CommonName. If there is such a cluster, update the admission webhook to use a new x509 certificate that contains a Subject Alternative Name (SAN). If you don't update the admission webhook, kube-apiserver cannot call it. As a result, any deployment dependent on the admission webhook will not be deployed in the cluster.

To upgrade a cluster to a new Kubernetes minor version:

  1. Upgrade the Kubernetes version running on the control plane by following the instructions here.
  2. Having upgraded the control plane, upgrade the Kubernetes version running on worker nodes in a node pool by following the instructions here.

Note:

Always follow the Kubernetes skew policy for Kubernetes minor version support.

Example skew policy:

  • Kubernetes control plane nodes are at version 1.20.11
  • Kubernetes worker nodes must be at version 1.20.11, 1.19.15, or 1.18.10

Note that although the worker nodes in a node pool must follow the Kubernetes skew policy, you do not have to upgrade them one minor version at a time.

For more information, see Upgrading Clusters to Newer Kubernetes Versions.