Changed

• Upgraded clusters using Kubernetes 1.26 to patch version 1.26.9

Added

• Kubernetes 1.27 is now available on LKE. Review the Kubernetes changelog and blog post.

  Kubernetes 1.27 locks the LegacyServiceAccountTokenNoAutoGeneration feature gate that enables the token controller to automatically create API server access tokens for Kubernetes service accounts. After upgrading to 1.27, customers may notice a warning message regarding these legacy tokens:

  Warning: Use tokens from the TokenRequest API or manually created secret-based tokens instead of autogenerated secret-based tokens.
  

  To fix this issue, remove any auto-generated secrets of type kubernetes.io/service-account-token in the kube-system namespace with kubectl delete secrets -n kube-system --field-selector="type==kubernetes.io/service-account-token" and regenerate the cluster's Kubeconfig. See the Kubernetes Cluster Regenerate ((POST /lke/clusters/{clusterId}/regenerate) endpoint.

  Customers with service accounts outside of kube-system need to delete the auto-generated service account tokens in their respective namespaces.