Kubernetes major updates and deprecations
LegacyServiceAccountTokenNoAutoGeneration Feature Gate
With Kubernetes 1.24 the LegacyServiceAccountTokenNoAutoGeneration feature gate is now enabled by default. This affects the attachment of existing Kubernetes clusters, for which you now must manually create the token. We include instructions on how to do this in the Attach a GKE cluster and Attach an Amazon EKS cluster pages.
Furthermore, upgrading to 1.24 may affect some other components of your environment:
Before upgrading, we strongly recommend verifying your current setup against the information on this page and reading more about Kubernetes' new features in our blog https://eng.d2iq.com/blog/service-account-tokens-in-kubernetes-v1.24/, and in Kubernetes urgent upgrade notes.
Control Plane Node Label and Taint
A new label has been implemented called
node-role.kubernetes.io/control-plane to be added to control plane nodes.
In an effort to migrate Kubernetes away from the usage of the word
master in labels and taints, for new clusters, the label
node-role.kubernetes.io/master will no longer be added to control plane nodes. The new label
node-role.kubernetes.io/control-plane will be added. For upgraded clusters, the label
node-role.kubernetes.io/master will be removed from existing control-plane nodes. For new clusters, both the old taint
node-role.kubernetes.io/master:NoSchedule and new taint
node-role.kubernetes.io/control-plane:NoSchedule will be added to control plane nodes. For clusters that are being upgraded, the command will add the new taint
node-role.kubernetes.io/control-plane:NoSchedule to existing control plane nodes.
Before upgrading, modify your workloads that are currently relying on the label
node-role.kubernetes.io/master to use
node-role.kubernetes.io/control-plane instead for its
affinity. For any workloads that have a toleration for
node-role.kubernetes.io/master , add a toleration for
See the Kubernetes urgent upgrade notes for a full list of changes.