Supported OS version details
vSphere | Bare Metal | Nutanix | CloudStack | Snow | |
---|---|---|---|---|---|
Ubuntu 20.04 | ✔ | ✔ | ✔ | — | ✔ |
Ubuntu 22.04 | ✔ | ✔ | ✔ | — | — |
Bottlerocket 1.20.5 | ✔ | — | — | — | — |
RHEL 8.x | ✔ | ✔ | ✔ | ✔ | — |
RHEL 9.x | — | ✔ | ✔ | ✔ | — |
Must read before upgrade
- On October 11, 2024, a security issue CVE-2024-9594 was discovered in the Kubernetes Image Builder where default credentials are enabled during the image build process when using the Nutanix, OVA, QEMU or raw providers. The credentials can be used to gain root access. The credentials are disabled at the conclusion of the image build process. Kubernetes clusters are only affected if their nodes use VM images created via the Image Builder project. Clusters using virtual machine images built with Kubernetes Image Builder version
v0.1.37
or earlier are affected if built with the Nutanix, OVA, QEMU or raw providers. These images built using previous versions of image-builder will be vulnerable only during the image build process, if an attacker was able to reach the VM where the image build was happening, login using these default credentials and modify the image at the time the image build was occurring. This CVE has been fixed in image-builder versions >=v0.1.38
, which has been included in EKS Anywhere releasesv0.19.11
andv0.20.8
.
Changed
- EKS Distro:
v1-28-eks-33
tov1-28-eks-34
v1-29-eks-22
tov1-29-eks-23
v1-30-eks-15
tov1-30-eks-16
- image-builder:
v0.1.36
tov0.1.39
- cluster-api-provider-vsphere(CAPV):
v1.10.3
tov1.10.4
- etcdadm-controller:
v1.0.23
tov1.0.24
- etcdadm-bootstrap-provider:
v1.0.13
tov1.0.14
- kube-vip:
v0.8.3
tov0.8.4
- containerd:
v1.7.22
tov1.7.23
- runc:
v1.1.14
tov1.1.15
- local-path-provisioner:
v0.0.29
tov0.0.30