Multiple services run in my GKE clusters. Some can tolerate downtime; others cannot. Because GKE performs automatic upgrades, I wanted to understand when updates happen and how much control I have.
Release Channels at a Glance
GKE (Google Kubernetes Engine) is Google’s managed Kubernetes offering. Kubernetes itself releases frequently to deliver new features and security fixes (release notes), and GKE follows suit. Google provides four release channels to help you balance stability and freshness (docs).
Static (No Channel)
The version stays fixed unless Google must patch it for security or compatibility reasons.
Rapid
Clusters are updated within one to two days of a new Kubernetes release. Google positions this as an early-access channel for users who want the latest features immediately.
Regular
This is the recommended channel. Updates roll out about one to two weeks after a new version is published, giving Google time to validate it.
Stable
The stable channel lags the regular channel until Google is confident the version is ready for broad production use.
Automatic Updates 101
As a managed service, GKE upgrades the control plane and node pools for you. That convenience can still cause downtime if your workloads can’t handle restarts, so it’s important to know what happens behind the scenes.
Automatic upgrades apply separately to the control plane and node pools. By default both are enabled, but only node pools can be disabled.
Can I Disable Automatic Upgrades?
- Control plane upgrades are always enabled. The best you can do is pick the Static/no-channel option to slow down change.
- Node pools can be toggled via the UI or CLI if you want to orchestrate upgrades yourself.
When Does Google Force an Upgrade?
Even if you opt out, GKE enforces upgrades for security or compatibility reasons. The release notes call out versions that will be removed.
Pay attention to the “no longer available” designation—that’s when Google upgrades clusters automatically. How GKE handles control planes vs. node pools differs slightly.
Control Plane
Control planes always receive upgrades. Even if your exact version is not marked “no longer available,” Google keeps control planes within a supported window:
Node Pool
Node pools honor the automatic-upgrade toggle most of the time. However, two scenarios still trigger upgrades:
- The version is marked “no longer available.”
- The node version lags more than three minors behind the control plane version.
In either case, GKE schedules upgrades regardless of your settings.
Maintenance Exclusions
You cannot stop control plane upgrades indefinitely, but you can defer them using maintenance windows and exclusions.
This feature lets you specify when upgrades can happen or block specific time ranges. Note the warning in the UI: within any 32-day period you still must allow at least 48 hours of maintenance time. Eventually the upgrades will happen.