This changelog highlights the changes for v1-21-eks-5.
Base Image
Security updates to Amazon Linux 2.
Patches
Patches Removed
The following patches were in EKS-D v1.21-4
but were removed in the version.
- 0008-EKS-PATCH-Allow-override-of-kube-proxy-base-image.patch
- Patch is no longer needed.
Patches Added
- 0010-PATCH-kubeadm-CoreDNS-permissions-for-endpointslices.patch
- Fixes error with CoreDNS. See EKS-D
Issue #545. - Patch is from a commit in upstream Kubernetes
PR #102466
- Fixes error with CoreDNS. See EKS-D
- Multiple, related patches that fix a security vulnerability with kubelet
- New patches
- 0009-EKS-PATCH-Pass-additional-flags-to-subpath-mount-to-avoid-flak.patch
- 0010-EKS-PATCH-Add-missing-interface-method-in-mount_unsupported.go.patch
- 0011-EKS-PATCH-Update-the-unit-tests-to-handle-mountFlags.patch
- 0012-EKS-PATCH-Keep-MakeMountArgSensitive-and-add-a-new-signature-t.patch
- About the patches
- Security fix for upstream Kubernetes
issue #104980.
The Kubernetes version used by this EKS-D release is v1.21.4, which falls
within the range of versions impacted by this security vulnerability. - Patches are from the commits in upstream Kubernetes
PR #104253, which
should be part of Kubernetes v1.23. Upstream Kubernetes v1.21.5
cherry-picked the PR.
- Security fix for upstream Kubernetes
- New patches
Contributor Shout Out
Special thanks to jonathan-conder-sm
for their contributions to this release, specifically their
thoroughly-investigated issue
and subsequent PR
that added a patch
and fixed the bug.
For additional information, see the changelog for this release.
Release Manifest
Download the release manifest here: kubernetes-1-21-eks-5.yaml
| Name | Version | URI |
|---|---|---|
| aws-iam-authenticator | 0.5.2 | public.ecr.aws/eks-distro/kubernetes-sigs/aws-iam-authenticator:v0.5.2-eks-1-21-5 |
| coredns | 1.8.3 | public.ecr.aws/eks-distro/coredns/coredns:v1.8.3-eks-1-21-5 |
| csi-snapshotter | 3.0.3 | public.ecr.aws/eks-distro/kubernetes-csi/external-snapshotter/csi-snapshotter:v3.0.3-eks-1-21-5 |
| etcd | 3.4.16 | public.ecr.aws/eks-distro/etcd-io/etcd:v3.4.16-eks-1-21-5 |
| external-attacher | 3.1.0 | public.ecr.aws/eks-distro/kubernetes-csi/external-attacher:v3.1.0-eks-1-21-5 |
| external-provisioner | 2.1.1 | public.ecr.aws/eks-distro/kubernetes-csi/external-provisioner:v2.1.1-eks-1-21-5 |
| external-resizer | 1.1.0 | public.ecr.aws/eks-distro/kubernetes-csi/external-resizer:v1.1.0-eks-1-21-5 |
| go-runner | 0.9.0 | public.ecr.aws/eks-distro/kubernetes/go-runner:v0.9.0-eks-1-21-5 |
| kube-apiserver | 1.21.2 | public.ecr.aws/eks-distro/kubernetes/kube-apiserver:v1.21.2-eks-1-21-5 |
| kube-controller-manager | 1.21.2 | public.ecr.aws/eks-distro/kubernetes/kube-controller-manager:v1.21.2-eks-1-21-5 |
| kube-proxy | 1.21.2 | public.ecr.aws/eks-distro/kubernetes/kube-proxy:v1.21.2-eks-1-21-5 |
| kube-proxy-base | 0.9.0 | public.ecr.aws/eks-distro/kubernetes/kube-proxy-base:v0.9.0-eks-1-21-5 |
| kube-scheduler | 1.21.2 | public.ecr.aws/eks-distro/kubernetes/kube-scheduler:v1.21.2-eks-1-21-5 |
| livenessprobe | 2.2.0 | public.ecr.aws/eks-distro/kubernetes-csi/livenessprobe:v2.2.0-eks-1-21-5 |
| metrics-server | 0.5.0 | public.ecr.aws/eks-distro/kubernetes-sigs/metrics-server:v0.5.0-eks-1-21-5 |
| node-driver-registrar | 2.1.0 | public.ecr.aws/eks-distro/kubernetes-csi/node-driver-registrar:v2.1.0-eks-1-21-5 |
| pause | 1.21.2 | public.ecr.aws/eks-distro/kubernetes/pause:v1.21.2-eks-1-21-5 |
| snapshot-controller | 3.0.3 | public.ecr.aws/eks-distro/kubernetes-csi/external-snapshotter/snapshot-controller:v3.0.3-eks-1-21-5 |
| snapshot-validation-webhook | 3.0.3 | public.ecr.aws/eks-distro/kubernetes-csi/external-snapshotter/snapshot-validation-webhook:v3.0.3-eks-1-21-5 |