FAQ

  4 minute read  

Kubernetes Versions and Upgrades

Which Kubernetes versions are currently supported?

PSKE always supports the three latest Kubernetes versions released by Gardener. A current overview of supported versions and upcoming EOL dates is available under Kubernetes Versions EOL.

What happens when a Kubernetes version reaches its end-of-life date?

If a cluster is not manually upgraded before the EOL date, PSKE automatically upgrades it to the next supported minor version. Prior notice is provided via the Plusserver status page.

How is a cluster upgrade to a new Kubernetes version performed?

Upgrades are triggered via the PSKE dashboard or the Shoot manifest. Key points:

  • Upgrades are only possible to the next minor version (e.g. 1.30 β†’ 1.31) β€” skipping versions is not supported.
  • The upgrade process is rolling: the control plane is updated first, followed by the worker nodes.
  • The cluster remains available during the upgrade; individual nodes may be temporarily unreachable.

Before upgrading, it is recommended to review the Release Notes and the official Kubernetes changelog for breaking changes.

Are worker nodes updated automatically?

Yes, if Auto Update is enabled for the machine image and Kubernetes version under the cluster’s “Maintenance” settings. Updates are applied during the configured maintenance window. Details under Auto-Updates.

LoadBalancer

The LoadBalancer is not receiving an external IP β€” what to check?

Possible causes:

  • Quota exhausted: Is the OpenStack floating IP quota reached? See Limits and Quotas.
  • Internal LoadBalancer annotation set: With openstack-internal-load-balancer: "true", no floating IP is assigned β€” this is expected behavior.
  • Network conflicts: The service CIDR or node CIDR overlaps with the floating IP network.
  • Provisioning still in progress: The CCM may take up to 1–2 minutes after the Service is created.

Run kubectl describe service <name> β€” the Events section usually contains a descriptive error message.

How can a floating IP be permanently reserved so it is not released when the Service is deleted?

Use the annotation loadbalancer.openstack.org/keep-floatingip: "true". Details and examples under LoadBalancer Services.

Pods and Scheduling

Pods are stuck in Pending status β€” what are typical causes?

  • Insufficient resources: The requested CPU/RAM exceeds the available node capacity. Solution: scale the worker pool or enable the Node Autoscaler.
  • Taints without matching tolerations: The node has a taint that the pod does not tolerate.
  • Quota reached: The maximum number of pods per node or namespace has been hit (see Limits and Quotas).
  • No matching node for NodeSelector/Affinity: The configured node selectors or affinity rules do not match any available node.

kubectl describe pod <name> shows in the Events section why the scheduler could not place the pod.

How many pods can run on a single node?

The default limit is 110 pods per node. This value is set by the Kubernetes default and cannot be increased via self-service.

Networking and DNS

DNS resolution within the cluster is failing β€” what to check?

  1. Are CoreDNS pods running? kubectl get pods -n kube-system -l k8s-app=kube-dns
  2. Is the service name correct? Format: <service>.<namespace>.svc.cluster.local
  3. Is a NetworkPolicy blocking DNS traffic (port 53 UDP/TCP to CoreDNS)?
  4. Is NodeLocalDNS active? This can cause issues if pods address CoreDNS IPs directly instead of the local DNSCache IP.

Further information on DNS configuration under Cluster DNS.

Why does the backend see the LoadBalancer IP instead of the real client IP?

The Proxy Protocol must be enabled on both the LoadBalancer Service and the Ingress Controller. Instructions under LoadBalancer Services β€” Proxy Protocol.

Access and Authentication

The kubeconfig is no longer working β€” expired token?

Kubeconfigs downloaded from the Gardener dashboard have a limited validity period. A new kubeconfig can be downloaded from the PSKE dashboard at any time. For permanent access, using a Service Account is recommended β€” details under Permanent Kubeconfig.

Hibernation

What happens when a cluster is hibernated?

During hibernation, all worker nodes are stopped and their resources are released. The control plane is also shut down. Persistent Volumes are retained. Running workloads are interrupted and restarted when the cluster wakes up.

During hibernation, costs are still incurred for the cluster fee, storage, and reserved floating IPs. Details under Cluster Hibernation.

Can hibernation be scheduled automatically?

Yes, hibernation schedules can be configured via the Shoot manifest or the PSKE dashboard using cron syntax. Details under Cluster Hibernation.

Deletion and Resource Cleanup

Are all OpenStack resources removed when a cluster is deleted?

Kubernetes-managed resources such as LoadBalancers and Cinder volumes are automatically cleaned up when the cluster is deleted β€” provided the corresponding Services and PVCs still exist at the time of deletion. Resources created manually in OpenStack, or floating IPs with keep-floatingip: "true", are retained and must be released manually.

Quotas and Limits

How can a quota increase be requested?

Quota increases are requested via a support ticket in the customer portal. A list of default quotas is available under Limits and Quotas.

Last modified 29.04.2026: Correntcions (d9f3dab)