On GKE Autopilot clusters running version 1.30 and later, partner workloads that set AppArmor profiles might unexpectedly be rejected at admission
Share
Services
## Fix
On GKE Autopilot clusters running version 1.30 and later, partner workloads that set AppArmor profiles might unexpectedly be rejected at admission. This might include installations of Prisma Defender, Wiz Runtime Sensor, Sentinel One Agent, Checkpoint CloudGuard, Aqua Security Enforcer and Splunk OTEL Collector.
The following GKE versions contain a fix for this issue:
* 1.30.5-gke.1355000 and later
* 1.31.1-gke.1621000 and later
Clusters in any release channel can be created on or upgraded to these versions. For details, see[Manually upgrading the control plane](https://cloud.google.com/kubernetes-engine/docs/how-to/upgrading-a-cluster#upgrade%5Fcp).
## Feature
You can now create workloads with multiple network interfaces in GKE Autopilot clusters running version 1.29.5-gke.1091000 and later or version 1.30.1-gke.1280000 and later. For more information, see [Setup multi-network support for Pods](https://cloud.google.com/kubernetes-engine/docs/how-to/setup-multinetwork-support-for-pods).
## Change
For newly-created VPC Peering-based clusters running version 1.27 or later, traffic from the `kube-apiserver` to nodes routes through [the Konnectivity service](https://kubernetes.io/docs/concepts/architecture/control-plane-node-communication/#konnectivity-service). For existing VPC Peering-based clusters, GKE gradually migrates your cluster to use the Konnectivity service.
What else is happening at Google Cloud Platform?
Read update
Services
Share
Organization policy constraints for Artifact Registry is available in General Availability
about 9 hours ago
Services
Share
Preview stage support for the following integration Audit Manager
about 10 hours ago
Services
Share
Read update
Services
Share