You can get notified about GKE cluster upgrades by setting up a Pub/Sub topic and subscribing your cluster to it.
Here’s how to do it:
First, let’s create a Pub/Sub topic. This will be the channel where GKE sends its upgrade notifications.
gcloud pubsub topics create gke-upgrade-notifications --project=YOUR_PROJECT_ID
Replace YOUR_PROJECT_ID with your actual Google Cloud project ID.
Next, we need to grant the GKE service account permission to publish messages to this topic. GKE uses a specific service account for its operations, which you can find by describing your cluster.
gcloud container clusters describe YOUR_CLUSTER_NAME --zone=YOUR_CLUSTER_ZONE --project=YOUR_PROJECT_ID --format='value(currentNodeServiceAccount)'
Once you have the service account email (it typically looks like [PROJECT_NUMBER]-compute@developer.gserviceaccount.com or a custom one if you specified it during cluster creation), grant it the Pub/Sub Publisher role on your newly created topic:
gcloud pubsub topics add-iam-policy-binding gke-upgrade-notifications \
--member="serviceAccount:YOUR_GKE_SERVICE_ACCOUNT_EMAIL" \
--role="roles/pubsub.publisher" \
--project=YOUR_PROJECT_ID
Now, we’ll configure your GKE cluster to send notifications to this topic. You can do this by updating your cluster’s notification configuration.
gcloud container clusters update YOUR_CLUSTER_NAME \
--zone=YOUR_CLUSTER_ZONE \
--project=YOUR_PROJECT_ID \
--notification-config='pubsub={topic=projects/YOUR_PROJECT_ID/topics/gke-upgrade-notifications}'
This command tells GKE to send all its notification events, including upgrade-related ones, to the specified Pub/Sub topic.
To actually receive these notifications, you’ll need to set up a subscriber to this topic. This could be a Cloud Function, a custom application, or even just a simple gcloud command for testing. Let’s set up a basic pull subscription for demonstration:
gcloud pubsub subscriptions create gke-upgrade-subscriber \
--topic=gke-upgrade-notifications \
--project=YOUR_PROJECT_ID
Now, you can pull messages from this subscription to see the notifications:
gcloud pubsub subscriptions pull gke-upgrade-subscriber \
--auto-ack \
--limit=1 \
--project=YOUR_PROJECT_ID
When GKE initiates an upgrade for your cluster, you’ll see messages appearing in this subscription. These messages contain details about the upgrade, such as the target version and the status.
The surprising part is that GKE doesn’t just send a single "upgrade started" message; it publishes a stream of events related to the upgrade lifecycle. This includes messages about maintenance windows, pre-upgrade checks, actual upgrade progress, and post-upgrade validation. You can leverage these granular events to build sophisticated automation, like pausing critical workloads before an upgrade or triggering rollback procedures if post-upgrade checks fail.
The exact structure of the Pub/Sub message payload can vary slightly depending on the event type. For upgrade events, you’ll typically find fields like eventType, clusterName, resource, state, and version. The resource field will contain details about the specific GKE resource being upgraded, and version will indicate the target Kubernetes version.
The next step is to process these messages automatically, perhaps by triggering an automated workflow based on the eventType and state fields.