gcp Google Cloud release notes · May 29, 2026

GKE: Workload Identity timeouts, Gateway TLS auth

infragcpengineer

feature announcement

Workloads using Workload Identity in GKE 1.35+ may encounter transient timeouts connecting to the metadata server after node startup. A new feature adds backend authenticated TLS support for Gateway-originated connections to Pods and InferencePools in specific GatewayClasses. Users experiencing connection issues should consult the provided documentation for recommendations and workarounds.

Features (1) ›

Google Kubernetes Engine

GKE Gateway now supports backend authenticated TLS for Gateway-originated connections to Pods or InferencePools for the following GatewayClasses: gke-l7-global-external-managed gke-l7-regional-external-managed gke-l7-rilb

Known issues (1) ›

Google Kubernetes Engine

In GKE version 1.35 and later, workloads that use Workload Identity to authenticate to Google Cloud APIs might experience transient connectivity timeouts or refused connections to the GKE metadata server immediately following node startup. For recommendations and workarounds, see Timeout errors at Pod startup .

authenticate to Google Cloud APIs Timeout errors at Pod startup

Read the original announcement →

https://docs.cloud.google.com/release-notes#May_29_2026