IBM Cloud Docs
Version 1.17 change log

Version 1.17 change log

This version is no longer supported. Update your cluster to a supported version as soon as possible.

Change log for worker node fix pack 1.17.17_1568, released 19 July 2021

The following table shows the changes that are in the worker node fix pack 1.17.17_1568. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.17.17_1567
Component Previous Current Description
Ubuntu 16.04 packages N/A N/A Updated worker node images with kernel package updates.
Ubuntu 18.04 packages N/A N/A Updated worker node images with kernel package updates.

Change log for worker node fix pack 1.17.17_1567, released 6 July 2021

The following table shows the changes that are in the worker node fix pack 1.17.17_1567. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.17.17_1566
Component Previous Current Description
HA proxy 700dc6 aae810 Updated image with fixes for CVE-2021-3520, CVE-2021-20271, CVE-2021-3516, CVE-2021-3517, CVE-2021-3518, CVE-2021-3537, and CVE-2021-3541.
Ubuntu 18.04 packages 4.15.0.144 4.15.0.147 Updated worker node images with kernel package updates for CVE-2021-23133, CVE-2021-3444, and CVE-2021-3600.

Change log for master fix pack 1.17.17_1567, released 28 June 2021

The following table shows the changes that are in the master fix pack patch update 1.17.17_1567. Master patch updates are applied automatically.

Changes since version 1.17.17_1563
Component Previous Current Description
Cluster health image v1.1.22 v1.1.23 Updated to use Go version 1.15.12. Updated image for CVE-2021-33194.
GPU device plug-in and installer 4aa248d 83ae89b Updated to use Go version 1.15.12. Updated universal base image (UBI) to version 8.4 to resolve CVEs. Updated the GPU drivers to version 460.73.01.
IBM Calico extension 689 730 Updated to use Go version 1.16.15. Updated UBI minimal base image to version 8.4 to resolve CVEs.
IBM Cloud File Storage for Classic plug-in and monitor 392 394 Updated to use Go version 1.15.12. Updated UBI base image to version 8.4 to resolve CVEs.
Key Management Service provider v1.0.14 v1.0.15 Updated to use Go version 1.15.12. Updated image for CVE-2021-33194.

Change log for worker node fix pack 1.17.17_1566, released 22 June 2021

The following table shows the changes that are in the worker node fix pack 1.17.17_1566. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.17.17_1565
Component Previous Current Description
HA proxy 26c5cc d3dc33 Updated image with fixes for CVE-2020-24977, CVE-2020-13434, CVE-2020-15358, CVE-2020-29361, CVE-2020-29362, CVE-2020-29363, CVE-2019-2708, CVE-2019-13012, CVE-2020-13543, CVE-2020-13584, CVE-2020-9948, CVE-2020-9951, CVE-2020-9983, CVE-2021-27219, CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2016-10228, CVE-2019-25013, CVE-2019-9169, CVE-2020-27618, CVE-2021-3326, CVE-2020-26116, CVE-2020-27619, CVE-2021-23336, CVE-2021-3177, CVE-2019-3842, CVE-2020-13776, CVE-2020-24330, CVE-2020-24331, CVE-2020-24332, CVE-2017-14502, CVE-2020-8927 and CVE-2020-28196.
IBM Cloud Container Registry N/A N/A Added private-only registry support for ca.icr.io, br.icr.io and jp2.icr.io.
Ubuntu 18.04 packages N/A N/A Updated worker node images with package updates for CVE-2017-8779, CVE-2017-8872, CVE-2018-16869, CVE-2019-20388, CVE-2020-24977, CVE-2021-3516, CVE-2021-3517 CVE-2021-3518, CVE-2021-3537, CVE-2021-3580.

Change log for worker node fix pack 1.17.17_1565, released 7 June 2021

The following table shows the changes that are in the worker node fix pack 1.17.17_1565. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.17.17_1564
Component Previous Current Description
HA proxy 26c5cc 700dc6 Updated the image for CVE-2021-27219.
TCP keepalive optimization for VPC N/A N/A Set the net.ipv4.tcp_keepalive_time setting to 180 seconds for compatibility with VPC gateways.
Ubuntu 18.04 packages 4.15.0-143 4.15.0-144 Updated worker node images with kernel package updates for CVE-2021-25217, CVE-2021-31535, CVE-2021-32547, CVE-2021-32552, CVE-2021-32556, CVE-2021-32557, CVE-2021-3448, and CVE-2021-3520.

Change log for worker node fix pack 1.17.17_1564, released 24 May 2021

The following table shows the changes that are in the worker node fix pack 1.17.17_1564. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.17.17_1562
Component Previous Current Description
HA proxy e0fa2f 26c5cc Updated image with fixes for CVE-2020-26116, CVE-2020-27619, CVE-2021-23336, CVE-2021-3177, CVE-2019-3842, CVE-2020-13776, CVE-2019-18276, CVE-2020-24977, CVE-2020-13434, CVE-2020-15358, CVE-2019-13012, CVE-2020-13543, CVE-2020-13584, CVE-2020-9948, CVE-2020-9951, CVE-2020-9983, CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2020-24330, CVE-2020-24331, CVE-2020-24332, CVE-2020-29361, CVE-2020-29362, CVE-2020-29363, CVE-2020-28196, CVE-2019-2708, CVE-2016-10228, CVE-2019-25013, CVE-2019-9169, CVE-2020-27618, CVE-2021-3326, and CVE-2020-8927.
Ubuntu 18.04 packages 4.15.0-142 4.15.0-143 Updated worker node images with kernel package updates for CVE-2021-28688, CVE-2021-20292, CVE-2021-29264, CVE-2021-29265, and CVE-2021-29650.
Ubuntu 16.04 packages N/A N/A Updated worker node images with package updates for CVE-2009-5155 and CVE-2020-6096.

Change log for master fix pack 1.17.17_1563, released 24 May 2021

The following table shows the changes that are in the master fix pack patch update 1.17.17_1563. Master patch updates are applied automatically.

Changes since version 1.17.17_1560
Component Previous Current Description
Cluster health image v1.1.21 v1.1.22 Updated image to implement additional IBM security controls and for CVE-2020-26160, CVE-2020-28483 and CVE-2021-20305.
Gateway-enabled cluster controller 1322 1352 Updated to use Go version 1.15.11. Updated image to implement additional IBM security controls and for CVE-2021-28831, CVE-2021-30139, CVE-2021-3449 and CVE-2021-3450.
IBM Calico extension 618 689 Updated to use Go version 1.15.12. Updated image to implement additional IBM security controls and for CVE-2020-14391, CVE-2020-25661 and CVE-2020-25662.
IBM Cloud File Storage for Classic plug-in and monitor 390 392 Improved the prerequisite validation logic for provisioning persistent volume claims (PVCs). Updated image to implement additional IBM security controls and for CVE-2021-20305.
Key Management Service provider v1.0.12 v1.0.14 Updated image to implement additional IBM security controls and for CVE-2020-26160 and CVE-2020-28483.
Load balancer and load balancer monitor for IBM Cloud Provider 1274 1328 Updated to use Go version 1.15.11. Updated image to implement additional IBM security controls and for CVE-2021-28831, CVE-2021-30139, CVE-2021-3449 and CVE-2021-3450.

Change log for worker node fix pack 1.17.17_1562, released 10 May 2021

The following table shows the changes that are in the worker node fix pack 1.17.17_1562. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.17.17_1561
Component Previous Current Description
Ubuntu 18.04 packages N/A N/A Updated worker node images with package updates for CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216.
Ubuntu 16.04 packages N/A N/A Updated worker node images with package updates for CVE-2020-27350, CVE-2020-3810, CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216.

Change log for master fix pack 1.17.17_1560, released 27 April 2021

The following table shows the changes that are in the master fix pack patch update 1.17.17_1560. Master patch updates are applied automatically.

Changes since version 1.17.17_1557
Component Previous Current Description
Cluster health image v1.1.19 v1.1.21 Updated to use Go version 1.15.11. Updated image to implement additional IBM security controls and for CVE-2021-3449, CVE-2021-3450, and CVE-2021-20305.
GPU device plug-in and installer 65e4401 4aa248d Updated image for CVE-2021-3449, CVE-2021-3450, and CVE-2021-20305.
IBM Cloud File Storage for Classic plug-in and monitor 389 390 Updated to use Go version 1.15.9 and for CVE-2020-28851 and CVE-2021-3121.
Key Management Service provider v1.0.10 v1.0.12 Updated to use Go version 1.15.11 and for CVE-2021-3449, CVE-2021-3450, and CVE-2021-20305.
OpenVPN client 2.4.6-r3-IKS-301 2.4.6-r3-IKS-386 Updated image to implement additional IBM security controls.
OpenVPN server 2.4.6-r3-IKS-301 2.4.6-r3-IKS-385 Updated image to implement additional IBM security controls.
Operator Lifecycle Manager 0.14.1-IKS-4 0.14.1-IKS-8 Updated image for CVE-2021-3449, CVE-2021-3450, and CVE-2021-30139.

Change log for worker node fix pack 1.17.17_1561, released 26 April 2021

The following table shows the changes that are in the worker node fix pack 1.17.17_1561. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.17.17_1559
Component Previous Current Description
HA proxy a3b1ff e0fa2f The update addresses CVE-2021-20305.
Ubuntu 18.04 packages N/A N/A Added resiliency to systemd units to prevent failures situations where the worker nodes are overused.
Updated worker node images with kernel and package updates for CVE-2018-13095, CVE-2021-20305, CVE-2021-29154, and CVE-2021-3348.
Ubuntu 16.04 packages 4.4.0-206 4.4.0-210 Updated worker node images with kernel and package updates for [CVE-2015-1350, CVE-2017-15107, CVE-2017-5967, CVE-2018-13095, CVE-2018-5953, CVE-2019-14513, CVE-2019-16231, CVE-2019-16232, CVE-2019-19061, CVE-2021-20305, and CVE-2021-29154.

Change log for worker node fix pack 1.17.17_1559, released 12 April 2021

The following table shows the changes that are in the worker node fix pack 1.17.17_1559. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.17.17_1558
Component Previous Current Description
HA proxy 9b2dca a3b1ff The update addresses CVE-2021-3449 and CVE-2021-3450.
Ubuntu 18.04 packages N/A N/A Updated worker node images with package updates for CVE-2021-22876.
Ubuntu 16.04 packages N/A N/A Updated worker node images with package updates for CVE-2021-22876.

Change log for master fix pack 1.17.17_1557, released 30 March 2021

The following table shows the changes that are in the master fix pack patch update 1.17.17_1557. Master patch updates are applied automatically.

Changes since version 1.17.17_1555
Component Previous Current Description
Activity Tracker event N/A N/A Now, the containers-kubernetes.version.update event is sent to Activity Tracker when a master fix pack update is initiated for a cluster.
Cluster health image v1.1.18 v1.1.19 Updated image for CVE-2020-28851.
Gateway-enabled cluster controller 1232 1322 Updated to use Go version 1.15.10 and for CVE-2021-23839, CVE-2021-23840, and CVE-2021-23841.
GPU device plug-in 4d3b934f 65e4401 Updated image for CVE-2021-27919, CVE-2020-28851, and CVE-2020-28852.
IBM Cloud File Storage for Classic plug-in and monitor 388 389 Updated to use Go version 1.15.8.
Load balancer and load balancer monitor for IBM Cloud Provider 1165 1274 Fixed a bug that might cause version 2.0 network load balancers (NLBs) to crash and restart on load balancer updates.

Change log for worker node fix pack 1.17.17_1558, released 29 March 2021

The following table shows the changes that are in the worker node fix pack 1.17.17_1558. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.17.17_1556
Component Previous Current Description
Ubuntu 18.04 packages 4.15.0-136-generic 4.15.0-140-generic Updated worker node images with kernel and package updates for CVE-2020-27170, CVE-2020-27171, CVE-2021-27363, CVE-2021-27365, CVE-2021-28153, and CVE-2021-3449.
Ubuntu 16.04 packages 4.4.0-203-generic 4.4.0-206-generic Updated worker node images with kernel and package updates for CVE-2021-27363, CVE-2021-27365, and CVE-2021-28153.

Change log for worker node fix pack 1.17.17_1556, released 12 March 2021

The following table shows the changes that are in the worker node fix pack 1.17.17_1556. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.17.17_1555
Component Previous Current Description
Containerd v1.3.9 1.3.10 See the containerd release notes. The update resolves CVE-2021-21334 (see the IBM security bulletin).
Ubuntu 18.04 packages N/A N/A Updated worker node image with package updates for CVE-2021-21300, CVE-2021-24031, CVE-2021-24032, CVE-2021-27218, and CVE-2021-27219.
Ubuntu 16.04 packages N/A N/A Updated worker node image with package updates for{: external}, CVE-2021-21300, CVE-2021-27218, CVE-2021-27219, and CVE-2021-3177.

Change log for worker node fix pack 1.17.17_1555, released 1 March 2021

The following table shows the changes that are in the worker node fix pack 1.17.17_1555. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.17.17_1553
Component Previous Current Description
Ubuntu 18.04 packages 4.15.0-135-generic 4.15.0-136-generic Updated worker node image with package updates for CVE-2020-27619, CVE-2020-29372, CVE-2020-29374, CVE-2020-8625, CVE-2021-23840, CVE-2021-23841, CVE-2021-26937, CVE-2021-27212, and CVE-2021-3177.
Ubuntu 16.04 packages 4.4.0-201-generic 4.4.0-203-generic Updated worker node image with package updates for CVE-2020-27619, CVE-2020-29372, CVE-2020-29374, CVE-2020-8625, CVE-2021-23840, CVE-2021-23841, CVE-2021-26937, CVE-2021-27212, and CVE-2021-3177.

Change log for master fix pack 1.17.17_1555, released 22 February 2021

The following table shows the changes that are in the master fix pack patch update 1.17.17_1555. Master patch updates are applied automatically.

Changes since version 1.17.17_1551
Component Previous Current Description
Cluster health image v1.1.16 v1.1.18 Updated to use Go version 1.15.7. Updated image to implement additional IBM security controls.
Gateway-enabled cluster controller 1195 1232 Updated to use Go version 1.15.7.
IBM Calico extension 567 618 Updated to use Go version 1.15.7.
IBM Cloud Controller Manager v1.17.17-1 v1.17.17-6 Updated image for for DLA-2509-1.
IBM Cloud File Storage for Classic plug-in and monitor 385 388 Improved the retry logic for provisioning persistent volume claims (PVCs).
Key Management Service provider v1.0.7 v1.0.10 Updated image for CVE-2020-1971 and CVE-2020-24659.
Load balancer and load balancer monitor for IBM Cloud Provider 1078 1165 Updated to use Go version 1.15.7.
Operator Lifecycle Manager 0.14.1-IKS-2 0.14.1-IKS-4 Updated image for CVE-2021-23839, CVE-2021-23840, and CVE-2021-23841.

Change log for worker node fix pack 1.17.17_1553, released 15 February 2021

The following table shows the changes that are in the worker node fix pack 1.17.17_1553. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.17.17_1552
Component Previous Current Description
Ubuntu 18.04 packages N/A N/A Updated worker node image with package updates for CVE-2020-36221, CVE-2020-36222, CVE-2020-36223, CVE-2020-36224, CVE-2020-36225, CVE-2020-36226, CVE-2020-36227, CVE-2020-36228, CVE-2020-36229, CVE-2020-36230, CVE-2021-25682, CVE-2021-25683, and CVE-2021-25684.
Ubuntu 16.04 packages N/A N/A Updated worker node image with package updates for CVE-2020-36221, CVE-2020-36222, CVE-2020-36223, CVE-2020-36224, CVE-2020-36225, CVE-2020-36226, CVE-2020-36227, CVE-2020-36228, CVE-2020-36229, CVE-2020-36230, CVE-2021-25682, CVE-2021-25683, and CVE-2021-25684.

Change log for worker node fix pack 1.17.17_1552, released 1 February 2021

The following table shows the changes that are in the worker node fix pack 1.17.17_1552. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.17.17_1551
Component Previous Current Description
Ubuntu 16.04 packages 4.4.0-200-generic 4.4.0-201-generic Updated worker node image with kernel and package updates for CVE-2019-14834, CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686, CVE-2020-25687, CVE-2020-27777, CVE-2021-23239, and CVE-2021-3156.
Ubuntu 18.04 packages 4.15.0-132-generic 4.15.0-135-generic Updated worker node image with kernel and package updates for CVE-2019-12761, CVE-2019-14834, CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686, CVE-2020-25687, CVE-2020-27777, CVE-2021-23239, and CVE-2021-3156.

Change log for master fix pack 1.17.17_1551, released 19 January 2021

The following table shows the changes that are in the master fix pack patch update 1.17.17_1551. Master patch updates are applied automatically.

Changes since version 1.17.16_1550
Component Previous Current Description
Cluster health image v1.1.13 v1.1.16 Updated image to implement additional IBM security controls.
Gateway-enabled cluster controller 1184 1195 Updated image for CVE-2020-1971.
GPU device plug-in and installer adcae42 4d3b934f Updated image for CVE-2021-3114, CVE-2021-3115, CVE-2020-27350, CVE-2020-29361, CVE-2020-29362, CVE-2020-29363, CVE-2020-1971, CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, and CVE-2020-8286.
IBM Calico extension 556 567 Updated image for CVE-2020-1971 and CVE-2020-24659.
IBM Cloud Controller Manager v1.17.16-1 v1.17.17-1 Updated to support the Kubernetes 1.17.17 release.
IBM Cloud File Storage for Classic plug-in and monitor 384 385 Updated image for CVE-2020-1971 and CVE-2020-24659.
Key Management Service provider v1.0.5 v1.0.7 Fixed bug to ignore conflict errors during KMS secret reencryption. Updated to use Go version 1.15.5. Updated image for CVE-2020-1971.
Kubernetes v1.17.16 v1.17.17 See the Kubernetes release notes. Updated to implement additional IBM security controls.
Kubernetes Dashboard v2.0.4 v2.0.5 See the Kubernetes Dashboard release notes.
Kubernetes Dashboard metrics scraper v1.0.4 v1.0.6 See the Kubernetes Dashboard metrics scraper release notes.
Load balancer and load balancer monitor for IBM Cloud Provider 1004 1078 Updated image for CVE-2020-1971.

Change log for worker node fix pack 1.17.17_1551, released 18 January 2021

The following table shows the changes that are in the worker node fix pack 1.17.17_1551. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.17.15_1549
Component Previous Current Description
Kubernetes v1.17.15 v1.17.17 See the Kubernetes release notes.
Ubuntu 16.04 packages 4.4.0-197-generic 4.4.0-200-generic Updated worker node image with kernel and package updates for CVE-2018-20482, CVE-2019-9923, CVE-2020-28374, CVE-2020-29361 external}, and CVE-2020-29362 external}.
Ubuntu 18.04 packages 4.15.0-128-generic 4.15.0-132-generic Updated worker node image with kernel and package updates for CVE-2018-20482, CVE-2019-9923, CVE-2020-28374, CVE-2020-29361, CVE-2020-29362, CVE-2020-29363, CVE-2021-1052, CVE-2021-1053, and CVE-2019-19770.

Change log for master fix pack 1.17.16_1550, released 6 January 2021

The following table shows the changes that are in the master fix pack patch update 1.17.16_1550. Master patch updates are applied automatically.

Changes since version 1.17.15_1548
Component Previous Current Description
IBM Calico extension 544 556 Updated image to include the ip command.
IBM Cloud Controller Manager v1.17.15-1 v1.17.16-1 Updated to support the Kubernetes 1.17.16 release.
IBM Cloud File Storage for Classic plug-in N/A N/A Updated to run with a privileged security context.
Kubernetes v1.17.15 v1.17.16 See the Kubernetes release notes.
Operator Lifecycle Manager 0.14.1-IKS-1 0.14.1-IKS-2 Updated image for CVE-2020-1971 and CVE-2020-28928.

Change log for worker node fix pack 1.17.15_1549, released 21 December 2020

The following table shows the changes that are in the worker node fix pack 1.17.15_1549. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.17.15_1548
Component Previous Current Description
Ubuntu 16.04 packages N/A N/A Updated worker node image with package updates for: CVE-2020-1971, CVE-2020-27350, CVE-2020-27351, CVE-2020-8284, CVE-2020-8285, and CVE-2020-8286.
Ubuntu 18.04 packages 4.15.0-126-generic 4.15.0-128-generic Updated worker node image with kernel and package updates for: CVE-2020-1971, CVE-2020-27350, CVE-2020-27351, CVE-2020-8284, CVE-2020-8285, and CVE-2020-8286.
Kubernetes v1.17.14 v1.17.15 See the Kubernetes change logs.
Ephemeral storage reservations N/A N/A Reserve local ephemeral storage to prevent workload evictions.
HAProxy db4e6d 9b2dca Image update for CVE-2020-1971 and CVE-2020-24659.

Change log for master fix pack 1.17.15_1548, released 14 December 2020

The following table shows the changes that are in the master fix pack patch update 1.17.15_1548. Master patch updates are applied automatically.

Changes since version 1.17.14_1545
Component Previous Current Description
CoreDNS 1.6.9 1.8.0 See the CoreDNS release notes. Additionally, updated the CoreDNS configuration to increase the weight of scheduling CoreDNS pods to different worker nodes and zones.
etcd v3.4.13 v3.4.14 See the etcd release notes.
Gateway-enabled cluster controller 1105 1184 Updated to use Go version 1.15.5. Updated image to implement additional IBM security controls.
GPU device plug-in and installer c7a8cf7 adcae42 Updated the GPU drivers to version 450.80.02. Updated image for CVE-2020-28367, CVE-2020-28366, and CVE-2020-28362. Updated image to implement additional IBM security controls.
IBM Calico extension 378 544 Updated to use the universal base image (UBI) and to use Go version 1.15.5. Updated image to implement additional IBM security controls.
IBM Cloud Controller Manager v1.17.14-1 v1.17.15-1 Updated to support the Kubernetes 1.17.15 release. Updated image to implement additional IBM security controls.
IBM Cloud File Storage for Classic monitor 379 384 Updated to use Go version 1.15.5 and to run as a non-root user. Updated image to implement additional IBM security controls.
IBM Cloud File Storage for Classic plug-in 379 384 Updated to use Go version 1.15.5 and to run with a least privileged security context. Updated image to implement additional IBM security controls.
Key management service (KMS) provider v1.0.4 v1.0.5 Updated image to implement additional IBM security controls.
Kubernetes v1.17.14 v1.17.15 See the Kubernetes release notes.
Kubernetes NodeLocal DNS cache N/A N/A Updated the NodeLocal DNS cache configuration to support customizing the node-local-dns config map.
Load balancer and load balancer monitor for IBM Cloud Provider 208 1004 Updated Alpine base image to version 3.12 and to use Go version 1.15.5. Updated image for CVE-2020-8037 and CVE-2020-28928. Updated image to implement additional IBM security controls.
OpenVPN client 2.4.6-r3-IKS-116 2.4.6-r3-IKS-301 Updated image to implement additional IBM security controls.
OpenVPN server 2.4.6-r3-IKS-222 2.4.6-r3-IKS-301 Updated image to implement additional IBM security controls.

Change log for worker node fix pack 1.17.14_1548, released 11 December 2020

The following table shows the changes that are in the worker node fix pack 1.17.14_1548. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.17.14_1546
Component Previous Current Description
Ubuntu 18.04 bare metal kernel 4.15.0-126-generic 4.15.0-123-generic Bare metal worker nodes: Reverted the kernel version for bare metal worker nodes while Canonical addresses issues with the previous version that prevented worker nodes from being reloaded or updated.

Change log for worker node fix pack 1.17.14_1546, released 7 December 2020

The following table shows the changes that are in the worker node fix pack 1.17.14_1546. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.17.14_1545
Component Previous Current Description
Containerd v1.3.4 1.3.9 See the containerd release notes. The update resolves CVE-2020–15257 (see the IBM security bulletin).
HAProxy 1.8.26-384f42 db4e6d Added provenance labels for source tracking.
Ubuntu 18.04 packages 4.15.0-123-generic 4.15.0-126-generic Updated worker node image with kernel and package updates for CVE-2020-14351 and CVE-2020-4788.
Ubuntu 16.04 packages 4.4.0-194-generic 4.4.0-197-generic Updated worker node image with kernel and package updates for CVE-2020-0427, CVE-2020-12352, CVE-2020-14351, CVE-2020-25645, and CVE-2020-4788.

Change log for worker node fix pack 1.17.14_1545, released 23 November 2020

The following table shows the changes that are in the worker node fix pack 1.17.14_1545. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.17.13_1544
Component Previous Current Description
Kubernetes v1.17.13 v1.17.14 See the Kubernetes change log.
Ubuntu 18.04 packages 4.15.0-122-generic 4.15.0-123-generic Updated worker node image with kernel and package updates for CVE-2020-25692, CVE-2020-25709, CVE-2020-25710, CVE-2020-28196, and CVE-2020-8694.
Ubuntu 16.04 packages 4.4.0-193-generic 4.4.0-194-generic Updated worker node image with kernel and package updates for CVE-2020-25692, CVE-2020-25709, CVE-2020-25710, CVE-2020-28196, and CVE-2020-8694.

Change log for master fix pack 1.17.14_1545, released 16 November 2020

The following table shows the changes that are in the master fix pack patch update 1.17.14_1545. Master patch updates are applied automatically.

Changes since version 1.17.13_1543
Component Previous Current Description
Cluster health image v1.1.12 v1.1.13 Updated image for DLA-2424-1.
GPU device plug-in and installer edd26a4 c7a8cf7 Updated image for CVE-2019-20386, CVE-2019-13050, CVE-2020-8177, CVE-2019-14889, CVE-2020-1730, CVE-2020-10029, CVE-2020-1751, CVE-2020-1752, CVE-2019-16168, CVE-2019-20218, CVE-2019-5018, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-6405, CVE-2020-9327, CVE-2019-1551, CVE-2019-19221, CVE-2019-16935, CVE-2019-20907, CVE-2020-14422, CVE-2020-8492, CVE-2019-19906, CVE-2019-20454, CVE-2019-19956, CVE-2019-20388, CVE-2020-7595, CVE-2019-13627, CVE-2018-20843, CVE-2019-15903, and CVE-2019-20387.
IBM Cloud Controller Manager v1.17.13-1 v1.17.14-1 Updated to support the Kubernetes 1.17.14 release. Updated image for DLA-2424-1.
IBM Cloud File Storage for Classic plug-in and monitor 378 379 Updated to use the universal base image (UBI) and to use Go version 1.15.2.
Key Management Service provider v1.0.3 v1.0.4 Updated image for DLA-2424-1.
Kubernetes v1.17.13 v1.17.14 See the Kubernetes release notes.

Change log for worker node fix pack 1.17.13_1544, released 9 November 2020

The following table shows the changes that are in the worker node fix pack 1.17.13_1544. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.17.13_1543
Component Previous Current Description
Ubuntu 18.04 packages N/A N/A Updated worker node image with kernel and package updates for CVE-2018-14036, CVE-2020-10543, CVE-2020-10878, CVE-2020-12723, CVE-2020-16126, CVE-2020-25659, and CVE-2017-18269.
Ubuntu 16.04 packages N/A N/A Updated worker node image with package updates for CVE-2018-14036, CVE-2020-10543, CVE-2020-10878, CVE-2020-12723, CVE-2020-16126, and CVE-2020-25659.

Change log for worker node fix pack 1.17.13_1543, released 26 October 2020

The following table shows the changes that are in the worker node fix pack 1.17.13_1543. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.17.12_1542
Component Previous Current Description
Kubernetes v1.17.12 v1.17.13 See the Kubernetes release notes.
Ubuntu 18.04 packages 4.15.0-118-generic 4.15.0-122-generic Updated worker node images with kernel and package updates for CVE-2018-10322, CVE-2019-20807, CVE-2019-20916, CVE-2020-12351, CVE-2020-12352, CVE-2020-15999, CVE-2020-16119, CVE-2020-16120, CVE-2020-24490, and CVE-2020-26116.
Ubuntu 16.04 packages 4.4.0-190-generic 4.4.0-193-generic Updated worker node images with kernel and package updates for CVE-2017-17087, CVE-2018-10322, CVE-2019-20807, CVE-2020-15999, CVE-2020-16119, and CVE-2020-26116.

Change log for master fix pack 1.17.13_1543, released 26 October 2020

The following table shows the changes that are in the master fix pack patch update 1.17.13_1543. Master patch updates are applied automatically.

Changes since version 1.17.12_1540
Component Previous Current Description
Calico configuration N/A N/A Updated the calico-node daemon set in the kube-system namespace to set the spec.updateStrategy.rollingUpdate.maxUnavailable parameter to 10% for clusters with more than 50 worker nodes.
Cluster health image v1.1.11 v1.1.12 Updated to use Go version 1.15.2.
Gateway-enabled cluster controller 1082 1105 Updated to use Go version 1.15.2.
IBM Cloud Controller Manager v1.17.12-1 v1.17.13-1 Updated to support the Kubernetes 1.17.13 release.
Kubernetes v1.17.12 v1.17.13 See the Kubernetes release notes.
Kubernetes NodeLocal DNS cache 1.15.13 1.15.14 See the Kubernetes NodeLocal DNS cache release notes.

Change log for worker node fix pack 1.17.12_1542, released 12 October 2020

The following table shows the changes that are in the worker node fix pack 1.17.12_1542. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.17.12_1541
Component Previous Current Description
Ubuntu 18.04 packages N/A N/A Updated worker node image with package updates for CVE-2019-8936, CVE-2020-26137, and CVE-2020-14365.
Ubuntu 16.04 packages N/A N/A Updated worker node image with package updates for CVE-2020-14365 and CVE-2020-26137.

Change log for worker node fix pack 1.17.12_1541, released 28 September 2020

The following table shows the changes that are in the worker node fix pack 1.17.12_1541. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.17.11_1539
Component Previous Current Description
Kubernetes v1.17.11 v1.17.12 See the Kubernetes release notes.
Ubuntu 18.04 packages 4.15.0-117-generic 4.15.0-118-generic Updated worker node image with kernel and package updates for CVE-2018-1000500, CVE-2018-7738, CVE-2019-14855, CVE-2019-1547, CVE-2019-1551, CVE-2019-1563, CVE-2020-10753, CVE-2020-12059, CVE-2020-12888, CVE-2020-1760, and CVE-2020-1968.
Ubuntu 16.04 packages 4.4.0-189-generic 4.4.0-190-generic Updated worker node image with kernel and package updates for CVE-2019-20811, CVE-2019-9453, CVE-2020-0067, and CVE-2020-1968.

Change log for master fix pack 1.17.12_1540, released 21 September 2020

The following table shows the changes that are in the master fix pack patch update 1.17.12_1540. Master patch updates are applied automatically.

Changes since version 1.17.11_1539
Component Previous Current Description
Cluster health image v1.1.9 v1.1.11 Updated Go version for CVE-2020-16845 and CVE-2020-24553.
etcd v3.4.10 v3.4.13 See the etcd release notes.
GPU device plug-in and installer bacb9e1 edd26a4 Updated Go version for CVE-2020-16845 and CVE-2020-24553. Updated the GPU drivers to version 450.51.06.
IBM Cloud Controller Manager v1.17.9-1 v1.17.12-1 Updated to support the Kubernetes 1.17.12 release and to use Go version 1.13.15.
IBM Cloud File Storage for Classic plug-in and monitor 377 378 Updated Go version for CVE-2020-16845.
Key Management Service provider v1.0.1 v1.0.3 Updated Go version for CVE-2020-16845 and CVE-2020-24553.
Kubernetes v1.17.11 v1.17.12 See the Kubernetes release notes.
Kubernetes Dashboard v2.0.3 v2.0.4 See the Kubernetes Dashboard release notes.

Change log for worker node fix pack 1.17.11_1539, released 14 September 2020

The following table shows the changes that are in the worker node fix pack 1.17.11_1539. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.17.11_1538
Component Previous Current Description
HAProxy 1.8.25-384f42 1.8.26-561f1a See the HAProxy change log.
Ubuntu 18.04 packages 4.15.0-112-generic 4.15.0-117-generic Updated worker node image with kernel and package updates for CVE-2020-14344, CVE-2020-14363, and CVE-2020-14386.
Ubuntu 16.04 packages 4.4.0-187-generic 4.4.0-189-generic Updated worker node image with kernel and package updates for CVE-2020-14344 and CVE-2020-14363.

Change log for worker node fix pack 1.17.11_1538, released 31 August 2020

The following table shows the changes that are in the worker node fix pack 1.17.11_1538. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.17.11_1537
Component Previous Current Description
Ubuntu 18.04 packages N/A N/A Updated worker node image with package updates for CVE-2020-12403, CVE-2020-8231, CVE-2020-8622, CVE-2020-8623, and CVE-2020-8624.
Ubuntu 16.04 packages 4.4.0-186-generic 4.4.0-187-generic Updated worker node image with kernel and package updates for CVE-2020-8231, CVE-2020-8622, and CVE-2020-8623.

Change log for master fix pack 1.17.11_1537, released 18 August 2020

The following table shows the changes that are in the master fix pack patch update 1.17.11_1537. Master patch updates are applied automatically.

Changes since version 1.17.9_1535
Component Previous Current Description
Cluster health image v1.1.8 v1.1.9 Updated to use Go version 1.13.13.
etcd v3.4.9 v3.4.10 See the etcd release notes.
GPU device plug-in and installer 8c24345 bacb9e1 Updated image for CVE-2020-14039 and CVE-2020-15586.
IBM Cloud File Storage for Classic plug-in and monitor 376 377 Fixed a bug that prevents persistent volume claim (PVC) creation failures from being retried.
Key Management Service provider v1.0.0 v1.0.1 Updated image for CVE-2020-15586.
Kubernetes v1.17.9 v1.17.11 See the Kubernetes release notes.
Kubernetes add-on resizer 1.8.5 1.8.11 See the Kubernetes add-on resizer release notes.
Kubernetes configuration N/A N/A The Kubernetes API server audit policy configuration is updated to include auditing of all API groups except apiregistration.k8s.io and coordination.k8s.io.
Kubernetes Metrics Server v0.3.6 v0.3.7 See the Kubernetes Metrics Server release notes.
Kubernetes NodeLocal DNS cache configuration N/A N/A Increased the pod termination grace period.

Change log for worker node fix pack 1.17.11_1537, released 17 August 2020

The following table shows the changes that are in the worker node fix pack 1.17.11_1537. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.17.9_1535
Component Previous Current Description
Kubernetes v1.17.9 v1.17.11 See the Kubernetes change logs.
Ubuntu 18.04 packages N/A N/A Updated worker node image with package updates for CVE-2020-11936, CVE-2020-12400, CVE-2020-12401, CVE-2020-15701, CVE-2020-15702, CVE-2020-15709, and CVE-2020-6829.
Ubuntu 16.04 packages N/A N/A Updated worker node image with package updates for CVE-2020-11936, CVE-2020-15701, CVE-2020-15702, and CVE-2020-15709.

Change log for worker node fix pack 1.17.9_1535, released 3 August 2020

The following table shows the changes that are in the worker node fix pack 1.17.9_1535. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.17.9_1532
Component Previous Current Description
Ubuntu 18.04 packages 4.15.0-111-generic 4.15.0-112-generic Updated worker node images with kernel and package updates for CVE-2019-17514, CVE-2019-20907, CVE-2019-9674, CVE-2020-10713, CVE-2020-10757, CVE-2020-11935, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-14422, CVE-2020-15705, CVE-2020-15706, and CVE-2020-15707.
Ubuntu 16.04 packages 4.4.0-185-generic 4.4.0-186-generic Updated worker node images with package updates for CVE-2019-12380, CVE-2019-17514, CVE-2019-20907, CVE-2019-9674, CVE-2020-10713, CVE-2020-11935, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-14422, CVE-2020-15705, CVE-2020-15706, and CVE-2020-15707.

Change log for master fix pack 1.17.9_1534, released 24 July 2020

The following table shows the changes that are in the master fix pack patch update 1.17.9_1534. Master patch updates are applied automatically.

Changes since version 1.17.9_1533
Component Previous Current Description
Cluster master operations N/A N/A Fixed a problem that might cause pods to fail authentication to the Kubernetes API server after a cluster master operation.
IBM Cloud File Storage for Classic plug-in and monitor 375 376 Updated to use Go version 1.13.8.

Change log for master fix pack 1.17.9_1533, released 20 July 2020

The following table shows the changes that are in the master fix pack patch update 1.17.9_1533. Master patch updates are applied automatically.

Changes since version 1.17.7_1530
Component Previous Current Description
GPU device plug-in and installer 31d4bb6 8c24345 Updated image for CVE-2017-12133, CVE-2017-18269, CVE-2018-11236, CVE-2018-11237, CVE-2018-19591, CVE-2018-6485, CVE-2019-19126, CVE-2019-9169, CVE-2020-10029, CVE-2020-1751, and CVE-2020-1752.
IBM Calico extension 353 378 Updated to handle any ens network interface.
IBM Cloud Controller Manager v1.17.7-1 v1.17.9-1 Updated to support the Kubernetes 1.17.9 release.
IBM Cloud File Storage for Classic plug-in and monitor configuration N/A N/A Added a pod memory limit.
Kubernetes v1.17.7 v1.17.9 See the Kubernetes release notes. The update resolves CVE-2020-8559 (see the IBM security bulletin).
Kubernetes configuration N/A N/A The Kubernetes API server audit policy configuration is updated to include auditing the scheduling.k8s.io API group and the tokenreviews resource.
Kubernetes Dashboard v2.0.1 v2.0.3 See the Kubernetes Dashboard release notes.
OpenVPN server 2.4.6-r3-IKS-131 2.4.6-r3-IKS-222 Removed the deprecated comp-lzo compression configuration option and updated the default cipher that is used for encryption.
Operator Lifecycle Manager 0.14.1 0.14.1-IKS-1 Updated image for CVE-2020-1967.

Change log for worker node fix pack 1.17.9_1532, released 20 July 2020

The following table shows the changes that are in the worker node fix pack 1.17.9_1532. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.17.7_1530
Component Previous Current Description
HAProxy 2.0.15-afe432 1.8.25-384f42 See the HAProxy change log. Fixes a connection leak that happens when HAProxy is under high load.
Kubernetes v1.17.7 v1.17.9 See the Kubernetes change logs. The update resolves CVE-2020-8557 (see the IBM security bulletin).
Ubuntu 18.04 packages 4.15.0-109-generic 4.15.0-111-generic Updated worker node images with kernel and package updates for CVE-2018-11236, CVE-2018-11237, CVE-2018-19591, CVE-2019-19126, CVE-2019-9169, CVE-2020-10029, CVE-2020-12402, CVE-2020-1751, and CVE-2020-1752.
Ubuntu 16.04 packages 4.4.0-184-generic 4.4.0-185-generic Updated worker node images with package updates for CVE-2017-12133, CVE-2017-18269, CVE-2018-11236, CVE-2018-11237, CVE-2018-6485, CVE-2019-19126, CVE-2019-9169, CVE-2020-0543, CVE-2020-10029, CVE-2020-10711, CVE-2020-13143, CVE-2020-1751, and CVE-2020-1752.

Change log for worker node fix pack 1.17.7_1530, released 6 July 2020

The following table shows the changes that are in the worker node fix pack 1.17.7_1530. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.17.7_1529
Component Previous Current Description
HAProxy 1.8.25-30b675 2.0.15-afe432 See the HAProxy change log.
Ubuntu 18.04 packages 4.15.0-106-generic 4.15.0-109-generic Updated worker node images with kernel and package updates for CVE-2019-12380, CVE-2019-16089, CVE-2019-19036, CVE-2019-19039, CVE-2019-19318, CVE-2019-19642, CVE-2019-19813, CVE-2019-3689, CVE-2020-0543, CVE-2020-10711, CVE-2020-13143, CVE-2020-8177, CVE-2019-19377, and CVE-2019-19816.
Ubuntu 16.04 packages N/A N/A Updated worker node images with package updates for CVE-2019-3689 and CVE-2020-8177.
Worker node drain automation N/A N/A Fixes a race condition that can cause worker node drain automation to fail.

Change log for 1.17.7_1529, released 22 June 2020

The following table shows the changes that are in the master and worker node update 1.17.7_1529. Master patch updates are applied automatically. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node. For more information, see Update types.

Changes since version 1.17.6_1527
Component Location Previous Current Description
Calico Master v3.12.1 v3.12.2 See the Calico release notes. The master update resolves CVE-2020-13597 (see the IBM security bulletin).
Cluster health image Master v1.1.5 v1.1.8 Additional status information is included when an add-on health state is critical. Improved performance when handling cluster status updates.
Cluster master operations Master N/A N/A Cluster master operations such as refresh or update are now canceled if a broken Kubernetes admission webhook is detected.
etcd Master v3.4.7 v3.4.9 See the etcd release notes.
GPU device plug-in and installer Master 8b02302 31d4bb6 Updated image for CVE-2020-3810.
IBM Cloud Controller Manager Master v1.17.6-1 v1.17.7-1 Updated to support the Kubernetes 1.17.7 release. Updated the version 2.0 private network load balancers (NLBs) to manage Calico global network policies. Updated calicoctl version to 3.12.2.
IBM Cloud File Storage for Classic plug-in Master 373 375 Fixed a bug that might cause error handling to create additional persistent volumes.
Kubernetes Both v1.17.6 v1.17.7 See the Kubernetes release notes. The master update resolves CVE-2020-8558 (see the IBM security bulletin).
Kubernetes configuration Master N/A N/A The Kubernetes API server audit policy configuration is updated to include auditing the apiextensions.k8s.io API group and the persistentvolumeclaims and persistentvolumes resources. Additionally, the http2-max-streams-per-connection option is set to 1000 to mitigate network disruption impacts on the kubelet connection to the API server.
Kubernetes Dashboard Master v2.0.0 v2.0.1 See the Kubernetes Dashboard release notes.
Ubuntu 18.04 packages Worker 4.15.0-101-generic 4.15.0-106-generic Updated worker node images with kernel and package updates for CVE-2018-8740, CVE-2019-17023, CVE-2020-0543, CVE-2020-12049, CVE-2020-12399, CVE-2020-13434, CVE-2020-13630, and CVE-2020-13632.
Ubuntu 16.04 packages Worker 4.4.0-179-generic 4.4.0-184-generic Updated worker node images with package and kernel updates for CVE-2020-12049, CVE-2020-0543, CVE-2020-12769, CVE-2020-1749, CVE-2020-13434, CVE-2020-13630, andCVE-2020-13632.

Change log for worker node fix pack 1.17.6_1527, released 8 June 2020

The following table shows the changes that are in the worker node fix pack 1.17.6_1527. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.17.6_1526
Component Previous Current Description
Ubuntu 18.04 packages N/A N/A Updated worker node images with package updates for CVE-2019-1547, CVE-2019-1549, CVE-2019-1551, CVE-2019-1563, and CVE-2020-12762.
Ubuntu 16.04 packages 4.4.0-178-generic 4.4.0-179-generic Updated worker node images with package and kernel updates for CVE-2019-1547, CVE-2019-1551, CVE-2019-1563, and CVE-2020-12762.

Change log for 1.17.6_1526, released 26 May 2020

The following table shows the changes that are in the master and worker node update 1.17.6_1526. Master patch updates are applied automatically. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node. For more information, see Update types.

Changes since version 1.17.5_1524
Component Location Previous Current Description
Cluster health image Master v1.1.1 v1.1.4 When cluster add-ons don't support the current cluster version, a warning is now returned in the cluster health state.
etcd Master v3.4.3 v3.4.7 See the etcd release notes.
Gateway-enabled cluster controller Master 1045 1082 Updated image for CVE-2020-1967.
GPU device plug-in and installer Master 8c6538f 8b02302 Updated image for CVE-2020-1967.
IBM Calico extension Master 320 353 Skips creating a Calico host endpoint when no endpoint is needed. Updated image for CVE-2020-1967.
IBM Cloud Controller Manager Master v1.17.5-1 v1.17.6-1 Updated to support the Kubernetes 1.17.6 release. Updated network load balancer (NLB) events to use the latest IBM Cloud troubleshooting documentation.
IBM Cloud File Storage for Classic plug-in and monitor Master 358 373 Updated image for CVE-2020-1967 and CVE-2020-11655.
Kubernetes Both v1.17.5 v1.17.6 See the Kubernetes release notes.
Kubernetes Dashboard Master v2.0.0-rc7 v2.0.0 See the Kubernetes Dashboard release notes.
Kubernetes Metrics Server Master N/A N/A Increased the CPU per node for the metrics-server container to improve availability of the metrics server API service for large clusters.
Kubernetes NodeLocal DNS cache Master 1.15.8 1.15.13 See the Kubernetes NodeLocal DNS cache release notes. Updated the node-local-dns daemon set to include the prometheus.io/port and prometheus.io/scrape annotations on the pods.
Load balancer and load balancer monitor for IBM Cloud Provider Master 177 208 Updated the version 2.0 network load balancers (NLB) to clean up unnecessary IPVS rules. Improved application logging. Updated image for CVE-2020-1967.
Ubuntu 18.04 packages Worker 4.15.0-99-generic 4.15.0-101-generic Updated worker node images with kernel and package updates for CVE-2019-20795, CVE-2020-11494, CVE-2020-12762, CVE-2020-3810, CVE-2020-8616, and CVE-2020-8617.
Ubuntu 16.04 packages Worker 4.4.0-178-generic 4.4.0-179-generic Updated worker node images with package and kernel updates for CVE-2019-19060, CVE-2020-11494, CVE-2020-11608, CVE-2020-12762, CVE-2020-3810, CVE-2020-8616, and CVE-2020-8617.

Change log for worker node fix pack 1.17.5_1524, released 11 May 2020

The following table shows the changes that are in the worker node fix pack 1.17.5_1524. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.17.4_1523
Component Previous Current Description
Ubuntu 18.04 packages 4.15.0-96-generic 4.15.0-99-generic Updated worker node images with kernel and package updates for CVE-2019-19768, CVE-2020-11884, and CVE-2020-12243.
Ubuntu 16.04 packages 4.4.0-177-generic 4.4.0-178-generic Updated worker node images with package and kernel updates for CVE-2019-19768 and CVE-2020-12243.

Change log for worker node fix pack 1.17.5_1523, released 27 April 2020

The following table shows the changes that are in the worker node fix pack 1.17.5_1523. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.17.4_1521
Component Previous Current Description
containerd v1.3.3 v1.3.4 See the containerd release notes.
HA proxy 1.8.25-30b675 1.8.25-adb65d The update addresses CVE-2020-1967.
Kubernetes v1.17.4 v1.17.5 See the Kubernetes release notes.
Ubuntu 18.04 packages N/A N/A Updated worker node images with package updates for CVE-2018-1000876, CVE-2018-10372, CVE-2018-10373, CVE-2018-10534, CVE-2018-10535, CVE-2018-12641, CVE-2018-12697, CVE-2018-12698, CVE-2018-12699, CVE-2018-12700, CVE-2018-12934, CVE-2018-13033, CVE-2018-17358, CVE-2018-17359, CVE-2018-17360, CVE-2018-17794, CVE-2018-17985, CVE-2018-18309, CVE-2018-18483, CVE-2018-18484, CVE-2018-18605, CVE-2018-18606, CVE-2018-18607, CVE-2018-18700, CVE-2018-18701, CVE-2018-19931, CVE-2018-19932, CVE-2018-20002, CVE-2018-20623, CVE-2018-20651, CVE-2018-20671, CVE-2018-8945, CVE-2018-9138, CVE-2019-12972, CVE-2019-14250, CVE-2019-14444, CVE-2019-17450, CVE-2019-17451, CVE-2019-18348, CVE-2019-9070, CVE-2019-9071, CVE-2019-9073, CVE-2019-9074, CVE-2019-9075, CVE-2019-9077, CVE-2020-11008, CVE-2020-5260, and CVE-2020-8492.
Ubuntu 16.04 packages N/A N/A Updated worker node images with package updates for CVE-2019-18348, CVE-2020-11008, CVE-2020-5260, and CVE-2020-8492.

Change log for master fix pack 1.17.5_1522, released 23 April 2020

The following table shows the changes that are in the master fix pack patch update 1.17.5_1522. Master patch updates are applied automatically.

Changes since version 1.17.4_1521
Component Previous Current Description
Cluster health N/A v1.1.1 Cluster health now includes more add-on status information.
IBM Cloud Controller Manager v1.17.4-3 v1.17.5-1 Updated to support the Kubernetes 1.17.5 release and to use Go version 1.13.9.
Kubernetes v1.17.4 v1.17.5 See the Kubernetes release notes. The update resolves CVE-2020-8555 (see the IBM security bulletin).

Change log for master fix pack 1.17.4_1521, released 17 April 2020

The following table shows the changes that are in the master fix pack patch update 1.17.4_1521. Master patch updates are applied automatically.

Changes since version 1.17.4_1520
Component Previous Current Description
Calico v3.12.0 v3.12.1 See the Calico release notes. Updated to allow egress from the worker nodes via the allow-vrrp GlobalNetworkPolicy.
CoreDNS 1.6.7 1.6.9 See the CoreDNS release notes. Fixed a bug during Corefile migration that might generate invalid data that makes CoreDNS pods fail.
GPU device plug-in and installer 49979f5 8c6538f Updated the GPU drivers to version 440.33.01.
IBM Cloud Controller Manager v1.17.4-1 v1.17.4-3 Updated to use calicoctl version 3.12.1.
Key Management Service provider 277 v1.0.0 Updated the IBM Key Protect Go client.
Kubernetes Dashboard v2.0.0-rc5 v2.0.0-rc7 See the Kubernetes Dashboard release notes. Added a readiness probe to the Kubernetes Dashboard configuration.
Kubernetes Dashboard metrics scraper v1.0.3 v1.0.4 See the Kubernetes Dashboard metrics scraper release notes.
OpenVPN client N/A N/A Fixed problem that might cause the vpn-config secret in the kube-system namespace to be deleted during cluster master operations.
Operator Lifecycle Manager Catalog v1.5.11 v1.6.1 See the Operator Lifecycle Manager Catalog release notes.

Change log for worker node fix pack 1.17.4_1521, released 13 April 2020

The following table shows the changes that are in the worker node fix pack 1.17.4_1521. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.17.4_1520
Component Previous Current Description
HA proxy 1.8.23 1.8.25 See the HA proxy change logs. The update addresses CVE-2020-11100.
Ubuntu 18.04 packages 4.15.0-91-generic 4.15.0-96-generic Updated worker node images with package and kernel updates for CVE-2020-8831, CVE-2020-8833, CVE-2020-11100, and CVE-2020-8834.
Ubuntu 16.04 packages 4.4.0-176-generic 4.4.0-177-generic Updated worker node images with package and kernel updates for CVE-2020-8831, CVE-2020-8833, and CVE-2020-8428.

Change log for worker node fix pack 1.17.4_1520, released 30 March 2020

The following table shows the changes that are in the worker node fix pack 1.17.4_1520. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.17.4_1519
Component Previous Current Description
Ubuntu 18.04 packages 4.15.0-88-generic 4.15.0-91-generic Updated worker node images with package and kernel updates for CVE-2020-1700, CVE-2020-10531, CVE-2020-2732, CVE-2020-8832, CVE-2019-12387, CVE-2019-12855, CVE-2019-9512, CVE-2019-9514, CVE-2019-9515, CVE-2020-10108, CVE-2020-10109, CVE-2018-20786, and CVE-2019-20079.
Ubuntu 16.04 packages 4.4.0-174-generic 4.4.0-176-generic Updated worker node images with package updates for CVE-2020-10531, CVE-2020-2732, CVE-2017-11109, CVE-2017-6349, and CVE-2017-6350.

Change log for 1.17.4_1519, released 16 March 2020

The following table shows the changes that are in the master and worker node update 1.17.4_1519. Master patch updates are applied automatically. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node. For more information, see Update types.

Changes since version 1.17.3_1518
Component Location Previous Current Description
Cluster health image Master N/A N/A Cluster health status now includes links to IBM Cloud documentation.
IBM Cloud Controller Manager Master v1.17.3-1 v1.17.4-1 Updated to support the Kubernetes 1.17.4 release and to use Go version 1.13.8. Fixed VPC load balancer error message to use the current IBM Cloud Kubernetes Service plug-in CLI syntax.
Kubernetes Both v1.17.3 v1.17.4 See the Kubernetes release notes.
Load balancer and load balancer monitor for IBM Cloud Provider Master 169 177 Version 2.0 network load balancers (NLB) were updated to fix problems with long-lived network connections to endpoints that failed readiness probes.
Operator Lifecycle Manager Catalog Master v1.5.9 v1.5.11 See the Operator Lifecycle Manager Catalog release notes.
Ubuntu 18.04 packages Worker N/A N/A Updated worker node images with package updates for CVE-2019-13734, CVE-2019-13750, CVE-2019-13751, CVE-2019-13752, CVE-2019-13753, CVE-2019-19923, CVE-2019-19924, CVE-2019-19925, CVE-2019-19926, CVE-2019-19959, and CVE-2019-20218.
Ubuntu 16.04 packages Worker N/A N/A Updated worker node images with package updates for CVE-2019-13734, CVE-2019-13750, CVE-2019-13751, CVE-2019-13752, CVE-2019-13753, CVE-2019-19926, and CVE-2019-20218.

Change log for worker node fix pack 1.17.3_1518, released 2 March 2020

The following table shows the changes that are in the worker node fix pack 1.17.3_1518. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.17.3_1516
Component Previous Current Description
GPU worker node provisioning N/A N/A Fixed bug where new GPU worker nodes could not automatically join clusters that run Kubernetes version 1.16 or 1.17.
Ubuntu 18.04 packages 4.15.0-76-generic 4.15.0-88-generic Updated worker node images with package updates for CVE-2019-5108, CVE-2019-20096, CVE-2019-18885, CVE-2019-19082, CVE-2019-19078, CVE-2019-19332, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, and CVE-2016-9843.
Ubuntu 16.04 packages 4.4.0-173-generic 4.4.0-174-generic Updated worker node images with kernel and package updates for CVE-2019-20096, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, and CVE-2016-9843.

Change log for fix pack 1.17.3_1516, released 17 February 2020

The following table shows the changes that are in the master and worker node fix pack update 1.17.3_1516. Master patch updates are applied automatically. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node. For more information, see Update types.

Changes since version 1.17.2_1515
Component Location Previous Current Description
containerd Worker v1.3.2 v1.3.3 See containerd release notes. Update resolves CVE-2019-19921, CVE-2019-16884, CVE-2020-0601, CVE-2020-7919, and CVE-2019-11253.
GPU device plug-in and installer Master affdfe2 49979f5 Image updated for CVE-2018-16888, CVE-2019-20386, CVE-2019-3843, CVE-2019-3844, and CVE-2020-1712.
IBM Cloud Controller Manager Master v1.17.2-4 v1.17.3-1 Updated to support the Kubernetes 1.17.3 release and to use Go version 1.13.6.
Kubernetes Both v1.17.2 v1.17.3 See the Kubernetes release notes. The master update resolves CVE-2019-11254 and CVE-2020-8552 (see the IBM security bulletin), and the worker node update resolves CVE-2020-8551 (see the IBM security bulletin).
Kubernetes Dashboard Master v2.0.0-rc3 v2.0.0-rc5 See the Kubernetes Dashboard release notes.
Operator Lifecycle Manager Catalog Master v1.5.8 v1.5.9 See the Operator Lifecycle Manager Catalog release notes.
Ubuntu 18.04 packages Worker N/A N/A Updated worker node images with package updates for CVE-2019-19956, CVE-2020-7595, CVE-2019-18634, CVE-2019-3843, CVE-2019-3844, CVE-2019-20386, and CVE-2020-1712.
Ubuntu 16.04 packages Worker N/A N/A Updated worker node images with package updates for CVE-2019-19956, CVE-2020-7595, CVE-2019-18634, CVE-2018-16888, CVE-2019-20386, and CVE-2020-1712.

Change log for 1.17.2_1515, released 10 February 2020

The following table shows the changes that are in patch update 1.17.2_1515.

Changes since version 1.16.5_1522
Component Previous Current Description
Calico v3.9.5 v3.12.0 See the Calico release notes.
CoreDNS 1.6.6 1.6.7 See the CoreDNS release notes.
etcd v3.3.18 v3.4.3 See the etcd release notes.
GPU device plug-in and installer da19df3 affdfe2 Image updated for CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, and CVE-2019-5188.
New: IBM Cloud Controller Manager v1.16.5-148 v1.17.2-4 The IBM Cloud Controller Manager component replaces the IBM Cloud Provider component by moving the IBM Cloud controllers from the Kubernetes kube-controller-manager to the cloud-controller-manager component. The IBM Cloud Controller Manager is updated to support the Kubernetes 1.17.2 release, to use distroless/static base image version c6d59815, and to use calicoctl version 3.12.0.
IBM Cloud File Storage for Classic plug-in and monitor 357 358 Made the ibmc-file-gold storage class the default storage class for new clusters only. The default storage class for existing clusters is unchanged. In addition, the updated the image for CVE-2019-5188.
Kubernetes v1.16.5 v1.17.2 See the Kubernetes release notes.
Kubernetes configuration N/A N/A Updated the OpenID Connect configuration for the cluster's Kubernetes API server to use the IBM Cloud® Identity and Access Management (IAM) iam.cloud.ibm.com endpoint. Added the AllowInsecureBackendProxy=false Kubernetes feature gate to prevent skipping TLS verification of kubelet during pod logs requests.
Kubernetes Dashboard v2.0.0-rc2 v2.0.0-rc3 See the Kubernetes Dashboard release notes.
Kubernetes Dashboard metrics scraper v1.0.2 v1.0.3 See the Kubernetes Dashboard metrics scraper release notes.
Kubernetes NodeLocal DNS cache 1.15.4 1.15.8 See the Kubernetes NodeLocal DNS cache release notes. Now in Kubernetes 1.17, when you apply the label to set up node local DNS caching, the requests are handled immediately and you don't need to reload the worker nodes.
OpenVPN server N/A N/A OpenVPN server is now restarted during cluster master refresh.
Operator Lifecycle Manager Catalog v1.5.6 v1.5.8 See the Operator Lifecycle Manager Catalog release notes.
Operator Lifecycle Manager 0.13.0 0.14.1 See the Operator Lifecycle Manager release notes.