View information about version changes for major, minor, and patch updates that are available for your IBM Cloud® Kubernetes Service clusters that run version 1.21. Changes include updates to Kubernetes and IBM Cloud Provider components.
Overview
Unless otherwise noted in the change logs, the IBM Cloud Kubernetes Service provider version enables Kubernetes APIs and features that are at beta. Kubernetes alpha features, which are subject to change, are disabled.
For more information about major, minor, and patch versions and preparation actions between minor versions, see Kubernetes versions.
Check the Security Bulletins on IBM Cloud Status for security vulnerabilities that affect IBM Cloud Kubernetes Service. You can filter the results
to view only Kubernetes Cluster security bulletins that are relevant to IBM Cloud Kubernetes Service. Change log entries that address other security vulnerabilities but don't also refer to an IBM security bulletin are for vulnerabilities that
are not known to affect IBM Cloud Kubernetes Service in normal usage. If you run privileged containers, run commands on the workers, or execute untrusted code, then you might be at risk.
Some change logs are for worker node fix packs, and apply only to worker nodes. You must apply these patches to ensure security compliance for your
worker nodes. These worker node fix packs can be at a higher version than the master because some build fix packs are specific to worker nodes. Other change logs are for master fix packs, and apply only to the cluster master. Master
fix packs might not be automatically applied. You can choose to apply them manually. For more information about patch types, see Update types.
Version 1.21 change log
Review the version 1.21 change log.
Change log for worker node fix pack 1.21.14_1578, released 26 September 2022
The following table shows the changes that are in the worker node fix pack 1.21.14_1578. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Changes since version 1.21.14_1578
| Component |
Previous |
Current |
Description |
| Ubuntu 18.04 packages |
4.15.0-192 |
4.15.0-193 |
Worker node kernel & package updates for CVE-2020-35525, CVE-2021-33655,
CVE-2021-33656, CVE-2022-0943, CVE-2022-1154, CVE-2022-1616, CVE-2022-1619, CVE-2022-1620, CVE-2022-1621,
CVE-2022-2526, CVE-2022-2795, CVE-2022-35252, CVE-2022-36946, CVE-2022-38177, CVE-2022-38178. |
| Kubernetes |
N/A |
N/A |
N/A |
Change log for worker node fix pack 1.21.14_1578, released 12 September 2022
The following table shows the changes that are in the worker node fix pack 1.21.14_1578. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Changes since version 1.21.14_1578
| Component |
Previous |
Current |
Description |
| Ubuntu 18.04 packages |
4.15.0-191 |
4.15.0-192 |
Worker node kernel & package updates for CVE-2021-33656, CVE-2022-35252. |
| Kubernetes |
N/A |
N/A |
N/A |
Change log for master fix pack 1.21.14_1579, released 1 September 2022
The following table shows the changes that are in the master fix pack 1.21.14_1579. Master patch updates are applied automatically.
Changes since version 1.21.14_1576
| Component |
Previous |
Current |
Description |
| Calico |
v3.20.5 |
v3.20.6 |
See the Calico release notes. |
| Cluster health image |
v1.3.9 |
v1.3.10 |
Updated Go dependencies and to Go version 1.18.5. |
| CoreDNS |
1.8.7 |
1.8.6 |
See the CoreDNS release notes. |
| Gateway-enabled cluster controller |
1792 |
1823 |
Updated to Go version 1.17.13. |
| GPU device plug-in and installer |
d8f1be0 |
c58c299 |
Enable DRM module and update Go to version 1.18.5. |
| IBM Calico extension |
997 |
1006 |
Updated to Go version 1.17.13. |
| IBM Cloud Controller Manager |
v1.21.14-3 |
v1.21.14-4 |
Updated vpcctl binary to version 3367. |
| IBM Cloud File Storage for Classic plug-in and monitor |
412 |
414 |
Updated to Go version 1.18.5. Updated universal base image (UBI) to version 8.6-902 to resolve CVEs. |
| IBM Cloud RBAC Operator |
0a187a4 |
dc1725a |
Updated Go dependencies and to Go version 1.18.3. |
| Key Management Service provider |
v2.5.7 |
v2.5.8 |
Updated Go dependencies. |
| Konnectivity agent and server |
v0.0.30_331_iks |
v0.0.32_363_iks |
Updated to Go version 1.17.13 and to Konnectivity version v0.0.32. |
| Kubernetes NodeLocal DNS cache |
1.21.4 |
1.22.6 |
See the Kubernetes NodeLocal DNS cache release notes. |
| Load balancer and load balancer monitor for IBM Cloud Provider |
2058 |
2110 |
Updated Go dependencies and to Go version 1.17.13. |
| Operator Lifecycle Manager |
0.16.1-IKS-18 |
0.16.1-IKS-19 |
Update image for CVE-2022-37434. |
| Portieris admission controller |
v0.12.5 |
v0.12.6 |
See the Portieris admission controller release notes. |
Change log for worker node fix pack 1.21.14_1578, released 29 August 2022
The following table shows the changes that are in the worker node fix pack 1.21.14_1578. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Change log for worker node fix pack 1.21.14_1576, released 16 August 2022
The following table shows the changes that are in the worker node fix pack 1.21.14_1576. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Change log for worker node fix pack 1.21.14_1575, released 01 August 2022
The following table shows the changes that are in the worker node fix pack 1.21.14_1575. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Change log for master fix pack 1.21.14_1574, released 26 July 2022
The following table shows the changes that are in the master fix pack 1.21.14_1574. Master patch updates are applied automatically.
Changes since version 1.21.14_1564
| Component |
Previous |
Current |
Description |
| Cluster health image |
v1.3.8 |
v1.3.9 |
Updated Go dependencies and to use Go version 1.18.4. Fixed minor typographical error in the add-on daemonset not available health status. |
| Gateway-enabled cluster controller |
1680 |
1792 |
Updated to use Go version 1.17.11. Updated image for CVE-2022-2097 and CVE-2022-29458. |
| GPU device plug-in and installer |
2b0b6d1 |
d8f1be0 |
Updated Go dependencies and to use Go version 1.18.3. |
| IBM Calico extension |
980 |
997 |
Updated to use Go version 1.17.11. Updated universal base image (UBI) to version 8.6-854 to resolve CVEs. |
| IBM Cloud Controller Manager |
v1.21.13-5 |
v1.21.14-3 |
Updated Go dependencies. Updated to support the Kubernetes 1.21.14 release. |
| IBM Cloud File Storage for Classic plug-in and monitor |
410 |
412 |
Updated to use Go version 1.18.3. Updated universal base image (UBI) to version 8.6-854 to resolve CVEs. Improved Kubernetes resource watch configuration. |
| IBM Cloud RBAC Operator |
8c96932 |
0a187a4 |
Updated universal base image (UBI) to resolve CVEs. |
| Key Management Service provider |
v2.5.6 |
v2.5.7 |
Updated Go dependencies and to use Go version 1.18.4. |
| Operator Lifecycle Manager |
0.16.1-IKS-17 |
0.16.1-IKS-18 |
Updated image for CVE-2022-2097. |
| Load balancer and load balancer monitor for IBM Cloud Provider |
1998 |
2058 |
Updated image for CVE-2022-2097. |
| Portieris admission controller |
v0.12.4 |
v0.12.5 |
See the Portieris admission controller release notes. |
Change log for worker node fix pack 1.21.14_1572, released 18 July 2022
The following table shows the changes that are in the worker node fix pack 1.21.14_1572. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Change log for worker node fix pack 1.21.14_1565, released 05 July 2022
The following table shows the changes that are in the worker node fix pack 1.21.14_1565. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Change log for master fix pack 1.21.14_1564, released 22 June 2022
The following table shows the changes that are in the master fix pack 1.21.14_1564. Master patch updates are applied automatically.
Changes since version 1.21.13_1561
| Component |
Previous |
Current |
Description |
| Cluster health image |
v1.3.7 |
v1.3.8 |
Updated Go to version 1.17.11 and also updated the dependencies. |
| CoreDNS |
1.8.6 |
1.8.7 |
See the CoreDNS release notes. |
| GPU device plug-in and installer |
382ada9 |
2b0b6d1 |
Updated universal base image (UBI) to version 8.6-751. Updated Go to version 1.17.10. |
| IBM Cloud Controller Manager |
v1.21.13-2 |
v1.21.13-5 |
Update prometheus/client_golang@v1.7.1 to v1.11.1 |
| Key Management Service provider |
v2.5.5 |
v2.5.6 |
Updated Go to version 1.17.11 and also updated the dependencies. |
| Kubernetes |
v1.21.13 |
v1.21.14 |
See the Kubernetes release notes. |
| Kubernetes add-on resizer |
1.8.14 |
1.8.15 |
See the Kubernetes add-on resizer release notes. |
Change log for worker node fix pack 1.21.14_1564, released 20 June 2022
The following table shows the changes that are in the worker node fix pack 1.21.14_1564. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Changes since version 1.21.13_1562
| Component |
Previous |
Current |
Description |
| Ubuntu 18.04 packages |
4.15.0-180 |
4.15.0-187 |
Worker node kernel & package updates for CVE-2021-46790, CVE-2022-1304,
CVE-2022-1419, CVE-2022-1966, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2022-21499, CVE-2022-28390,
CVE-2022-30783, CVE-2022-30784, CVE-2022-30785, CVE-2022-30786, CVE-2022-30787, CVE-2022-30788, CVE-2022-30789. |
| Haproxy |
468c09 |
04f862 |
CVE-2022-1271. |
| containerd |
v1.5.11 |
v1.5.13 |
See the change log, the security bulletin for CVE-2022-31030, and the security bulletin for CVE-2022-29162. |
| Kubernetes |
1.21.13 |
1.21.14 |
For more information, see the change log. |
Change log for worker node fix pack 1.21.13_1562, released 7 June 2022
The following table shows the changes that are in the worker node fix pack 1.21.13_1562. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Changes since version 1.21.12_1560
| Component |
Previous |
Current |
Description |
| Ubuntu 18.04 packages |
4.15.0-177 |
4.15.0-180 |
Worker node kernel & package updates for CVE-2019-13050, CVE-2022-1664,
CVE-2022-29581. |
Change log for master fix pack 1.21.13_1561, released 3 June 2022
The following table shows the changes that are in the master fix pack 1.21.13_1561. Master patch updates are applied automatically.
Changes since version 1.21.12_1557
| Component |
Previous |
Current |
Description |
| Cluster health image |
v1.3.6 |
v1.3.7 |
Updated Go to version 1.17.10 and also updated the dependencies. Update registry base image version to 104 |
| GPU device plug-in and installer |
9485e14 |
382ada9 |
Updated Go to version 1.17.9 |
| IBM Calico extension |
954 |
980 |
Updated to use Go version 1.17.10. Updated minimal UBI to version 8.5. |
| IBM Cloud Controller Manager |
v1.21.11-6 |
v1.21.13-2 |
Updated to support the Kubernetes 1.21.13 release. |
| IBM Cloud File Storage for Classic plug-in and monitor |
408 |
410 |
Updated universal base image (UBI) to version 8.6-751 to resolve CVEs. |
| IBM Cloud RBAC Operator |
8c8c82b |
8c96932 |
Updated Go to version 1.18.1 |
| Key Management Service provider |
v2.5.4 |
v2.5.5 |
Updated Go to version 1.17.10 and updated the golang dependencies. |
| Kubernetes |
v1.21.12 |
v1.21.13 |
See the Kubernetes release notes. |
| Kubernetes add-on resizer |
1.8.13 |
1.8.14 |
See the Kubernetes add-on resizer release notes. |
| Kubernetes Dashboard |
v2.3.1 |
v2.3.1 |
The default Kubernetes Dashboard settings found in the kubernetes-dashboard-settings config map in the kube-system namespace have been updated to set resourceAutoRefreshTimeInterval to 60. This default change is only applied to new clusters. The previous default value was 5. If your cluster has Kubernetes Dashboard performance problems, see the steps for changing the auto refresh time interval. |
| Load balancer and load balancer monitor for IBM Cloud Provider |
1916 |
1998 |
Updated Go to version 1.17.10 and updated dependencies. |
| Portieris admission controller |
v0.10.3 |
v0.12.4 |
See the Portieris admission controller release notes. |
Change log for worker node fix pack 1.21.12_1560, released 23 May 2022
The following table shows the changes that are in the worker node fix pack 1.21.12_1560. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Changes since version 1.21.12_1559
| Component |
Previous |
Current |
Description |
| Ubuntu 18.04 packages |
4.15.0-176 |
4.15.0-177 |
Worker node kernel & package updates for CVE-2019-20838, CVE-2020-14155,
CVE-2020-25648, CVE-2020-35512, CVE-2021-26401, CVE-2022-0001, CVE-2022-0934, CVE-2022-26490, CVE-2022-27223,
CVE-2022-27781, CVE-2022-27782, CVE-2022-28657, CVE-2022-29155, CVE-2022-29824, CVE-2017-9525, CVE-2022-28654,
CVE-2022-28656, CVE-2022-28655, CVE-2022-28652, CVE-2022-1242, CVE-2022-28658, CVE-2021-3899. |
| HA proxy |
36b0307 |
468c09 |
CVE-2021-3634. |
Change log for worker node fix pack 1.21.12_1559, released 09 May 2022
The following table shows the changes that are in the worker node fix pack 1.21.12_1559. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Changes since version 1.21.12_1558
| Component |
Previous |
Current |
Description |
| Ubuntu 18.04 packages |
N/A |
N/A |
Worker node package updates for CVE-2021-36084, CVE-2021-36085,
CVE-2021-36086, CVE-2021-36087, CVE-2022-1292, CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776,
CVE-2022-29799, CVE-2022-29800. |
| Kubernetes |
N/A |
N/A |
N/A |
| Haproxy |
f53b22 |
36b030 |
CVE-2022-1271, CVE-2022-1154, CVE-2018-25032. |
Change log for master fix pack 1.21.12_1557, released 26 April 2022
The following table shows the changes that are in the master fix pack 1.21.12_1557. Master patch updates are applied automatically.
Changes since version 1.21.11_1555
| Component |
Previous |
Current |
Description |
| Calico |
v3.20.4 |
v3.20.5 |
See the Calico release notes. |
| Cluster health image |
v1.3.5 |
v1.3.6 |
Updated Go to version 1.17.9 and also updated the dependencies. Update registry base image version to 103. |
| Gateway-enabled cluster controller |
1669 |
1680 |
Updated metadata for a rotated key. |
| GPU device plug-in and installer |
13677d2 |
9485e14 |
Updated Drivers to 470.103.01. Updated metadata for a rotated key. |
| IBM Calico extension |
950 |
954 |
Updated to latest UBI-minimal image to resolve CVE-2021-3999, CVE-2022-23218,
CVE-2022-23219, CVE-2022-23308, CVE-2021-23177, and CVE-2021-31566. |
| IBM Cloud Controller Manager |
v1.21.11-3 |
v1.21.11-6 |
Updated vpcctl to the 3003 binary image. |
| IBM Cloud File Storage for Classic plug-in and monitor |
407 |
408 |
Fixed CVE-2022-0778. |
| IBM Cloud RBAC Operator |
6c43ef1 |
8c8c82b |
Updated Go to version 1.17.8 |
| Key Management Service provider |
v2.5.3 |
v2.5.4 |
Moved to a different base image, version 102, to reduce CVE footprint. Resolved CVE-2022-0778. |
| Kubernetes |
v1.21.11 |
v1.21.12 |
See the Kubernetes release notes. |
| Kubernetes NodeLocal DNS cache |
1.21.3 |
1.21.4 |
See the Kubernetes NodeLocal DNS cache release notes. |
| Load balancer and Load balancer monitor for IBM Cloud Provider |
1899 |
1916 |
Updated the image to resolve CVEs. |
Change log for worker node fix pack 1.21.12_1558, released 25 April 2022
Changes since version 1.21.11_1556
| Component |
Previous |
Current |
Description |
| Ubuntu 18.04 packages |
4.15.0-175-generic |
4.15.0-176-generic |
Kernel and package updates for CVE-2018-16301, CVE-2019-18276,
CVE-2020-8037, CVE-2021-31870, CVE-2021-31871, CVE-2021-31872, CVE-2021-31873, CVE-2021-43975, CVE-2022-1271,
CVE-2022-24765. |
| Kubernetes |
v1.21.11 |
v1.21.12 |
For more information, see the change logs. |
Change log for worker node fix pack 1.21.11_1556, released 11 April 2022
The following table shows the changes that are in the worker node fix pack 1.21.11_1556. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Change log for master fix pack 1.21.11_1555, released 6 April 2022
Changes since version 1.21.11_1553
| Component |
Previous |
Current |
Description |
| Load balancer and load balancer monitor for IBM Cloud Provider |
1865 |
1899 |
Revert setting gratuitous ARP on LBv1. |
Change log for master fix pack 1.21.11_1553, released 30 March 2022
Changes since version 1.21.10_1550
| Component |
Previous |
Current |
Description |
| Calico |
v3.19.4 |
v3.20.4 |
See the Calico release notes. |
| Cluster health image |
v1.3.3 |
v1.3.5 |
Updated image to fix CVEs CVE-2021-3999, CVE-2022-23218,
CVE-2022-23219. Updated golang dependencies. |
| Gateway-enabled cluster controller |
1653 |
1669 |
Updated to use Go version 1.17.8. |
| GPU device plug-in and installer |
d7daae6 |
13677d2 |
Updated GPU images to resolve CVEs. |
| IBM Calico extension |
929 |
950 |
Updated to use Go version 1.17.8. Updated universal base image (UBI) to resolve CVEs. |
| IBM Cloud Controller Manager |
v1.21.10-2 |
v1.21.11-3 |
Updated to support the Kubernetes 1.21.11 release and to use Go version 1.16.15. |
| IBM Cloud File Storage for Classic plug-in and monitor |
405 |
407 |
Updated Go to version 1.16.14. Updated UBI image to version 8.5-240. |
| IBM Cloud RBAC Operator |
0fc9949 |
6c43ef1 |
Upgraded Go packages to resolve vulnerabilities |
| Key Management Service provider |
v2.4.3 |
v2.5.3 |
Updated to use Go version 1.17.8. Updated golang dependencies. Fixed CVE CVE-2022-24407 |
| Konnectivity agent |
v0.0.27_a6b5248a_323_iks |
v0.0.30_331_iks |
See the Konnectivity release notes. Updated to use Go version 1.17.8. |
| Konnectivity server |
v0.0.27_a6b5248a_323_iks |
v0.0.30_331_iks |
See the Konnectivity release notes. Updated to use Go version 1.17.8. |
| Kubernetes |
v1.21.10 |
v1.21.11 |
See the Kubernetes release notes. |
| Load balancer and Load balancer monitor for IBM Cloud Provider |
1747 |
1865 |
Updated the image to resolve CVEs. Updated to use Go version 1.17.8. Set gratuitous ARP at the correct time on LBv1. |
| Operator Lifecycle Manager |
0.16.1-IKS-15 |
0.16.1-IKS-16 |
Resolve CVE-2022-0778. |
Change log for worker node fix pack 1.21.11_1554, released 28 March 2022
Changes since version 1.21.10_1552
| Component |
Previous |
Current |
Description |
| Ubuntu 18.04 packages |
4.15.0-171-generic |
4.15.0-173-generic |
Kernel and package updates for CVE-2021-20193, CVE-2021-25220,
CVE-2021-3506, CVE-2022-0435, CVE-2022-0492, CVE-2022-0778, CVE-2022-0847, CVE-2022-23308. |
| HA proxy |
15198f |
b40c07 |
CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826,
CVE-2022-22827, CVE-2022-23852, CVE-2022-25235, CVE-2022-25236, CVE-2022-25315, CVE-2021-3999, CVE-2022-23218,
CVE-2022-23219, CVE-2022-23308, CVE-2021-23177, CVE-2021-31566. |
| Kubernetes |
1.21.10 |
1.21.11 |
For more information, see the change logs. |
Change log for worker node fix pack 1.21.10_1552, released 14 March 2022
Changes since version 1.21.10_1551
| Component |
Previous |
Current |
Description |
| Containerd |
v1.5.9 |
v1.5.10 |
See the change log and the security bulletin. |
| Ubuntu 18.04 packages |
4.15.0-169-generic |
4.15.0-171-generic |
Kernel and package updates for CVE-2016-10228, CVE-2019-25013,
CVE-2020-27618, CVE-2020-29562, CVE-2020-6096, CVE-2021-3326, CVE-2021-35942, CVE-2021-3999, CVE-2022-0001,
CVE-2022-23218, CVE-2022-23219, CVE-2022-25313, CVE-2022-25314, CVE-2022-25315. |
Change log for master fix pack 1.21.10_1550, released 3 March 2022
Changes since version 1.21.9_1547
| Component |
Previous |
Current |
Description |
| Calico |
v3.19.3 |
v3.19.4 |
See the Calico release notes. |
| Cluster health image |
v1.2.21 |
v1.3.3 |
Updated golang.org/x/crypto to v0.0.0-20220214200702-86341886e292. Adds fix for CVE-2021-43565. Adds Golang
dependency updates. |
| Gateway-enabled cluster controller |
1586 |
1653 |
Updated to use Go version 1.17.7 and updated Go modules to fix CVEs. |
| GPU device plug-in and installer |
eefc4ae |
d7daae6 |
Updated GPU images to resolve CVEs. |
| IBM Calico extension |
923 |
929 |
Updated universal base image (UBI) to the 8.5-230 version to resolve CVEs. Updated to use Go version 1.16.13. |
| IBM Cloud Controller Manager |
v1.21.9-1 |
v1.21.10-2 |
Updated to support the Kubernetes 1.21.10 release and to use Go version 1.16.14. |
| IBM Cloud File Storage for Classic plug-in and monitor |
404 |
405 |
Adds fix for CVE-2021-3538 and adds dependency updates. |
| Key Management Service provider |
v2.3.13 |
v2.4.3 |
Updated golang.org/x/crypto to v0.0.0-20220214200702-86341886e292. Adds fix for CVE-2021-43565. Adds Golang
dependency updates. |
| Konnectivity agent |
v0.0.27_309_iks |
v0.0.27_a6b5248a_323_iks |
See the Konnectivity release notes. Updates universal base image (UBI) to the 8.5-230 version
to resolve CVEs. Updates to use Go version 1.17.5. |
| Konnectivity server |
v0.0.27_309_iks |
v0.0.27_a6b5248a_323_iks |
See the Konnectivity release notes. Updates universal base image (UBI) to the 8.5-230 version
to resolve CVEs. Updates to use Go version 1.17.5. |
| Kubernetes |
v1.21.9 |
v1.21.10 |
See the Kubernetes release notes. |
Change log for worker node fix pack 1.21.10_1551, released 28 February 2022
Changes since version 1.21.9_1549
| Component |
Previous |
Current |
Description |
| Ubuntu 18.04 packages |
4.15.0-167-generic |
4.15.0-169-generic |
Kernel and package updates for CVE-2021-4083, CVE-2021-4155,
CVE-2021-45960, CVE-2021-46143, CVE-2022-0330, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825,
CVE-2022-22826, CVE-2022-22827, CVE-2022-22942, CVE-2022-23852, CVE-2022-23990, CVE-2022-24407, CVE-2022-25235,
CVE-2022-25236. |
| Kubernetes |
v1.21.9 |
v1.21.10 |
For more information, see the change logs. |
| HA proxy |
f6a2b3 |
15198fb |
Contains fixes for CVE-2022-24407, |
Change log for worker node fix pack 1.21.9_1549, released 14 February 2022
Changes since version 1.20.15_1569
| Component |
Previous |
Current |
Description |
| Ubuntu 18.04 packages |
N/A |
N/A |
N/A |
| Kubernetes |
N/A |
N/A |
N/A |
| HA proxy |
d38fa1 |
f6a2b3 |
CVE-2021-3521 CVE-2021-4122. |
Change log for worker node fix pack 1.21.9_1548, released 31 January 2022
Change log for master fix pack 1.21.9_1547, released 26 January 2022
Changes since version 1.21.7_1541
| Component |
Previous |
Current |
Description |
| Calico |
N/A |
N/A |
Changed to improve Calico availability during updates. |
| Cluster health image |
v1.2.20 |
v1.2.21 |
Updated to use Go version 1.17.5, updated Go dependencies and golangci-lint |
| GPU device plug-in and installer |
c9bfc8c |
eefc4ae |
Updated universal base image (UBI) to the 8.5-218 version to resolve CVEs. Updated to use Go version 1.16.13. |
| IBM Calico extension |
900 |
923 |
Updated universal base image (UBI) to the 8.5-218 version to resolve CVEs. Updated to use Go version 1.16.13. |
| IBM Cloud Controller Manager |
v1.21.7-3 |
v1.21.9-1 |
Updated to support the Kubernetes 1.21.9 release and to use Go version 1.16.12. |
| IBM Cloud File Storage for Classic plug-in and monitor |
402 |
404 |
Updated universal base image (UBI) to the 8.5-218 version to resolve CVEs. Updated to use Go version 1.16.13. |
| IBM Cloud RBAC Operator |
3430e03 |
0fc9949 |
Updated universal base image (UBI) to the 8.5-218 version to resolve CVEs. Updated to use Go version 1.16.13. |
| Key Management Service provider |
v2.3.12 |
v2.3.13 |
Updated Go dependencies and golangci-lint |
| Konnectivity agent |
v0.0.26_282_iks |
v0.0.27_309_iks |
See the Konnectivity release notes. Updated universal base image (UBI) to the 8.5-218 version
to resolve CVEs. Updated to use Go version 1.17.5. |
| Konnectivity server |
v0.0.26_282_iks |
v0.0.27_309_iks |
See the Konnectivity release notes. Updated universal base image (UBI) to the 8.5-218 version
to resolve CVEs. Updated to use Go version 1.17.5. |
| Kubernetes |
1.21.7 |
1.21.9 |
Changed the duration of the Kubernetes API server certificate from 825 days to 365 days. Changed the duration of the cluster CA certificate from 30 years to 10 years. Changed the duration of worker node certificates from 3 years to 2
years. See the Kubernetes release notes. |
| Kubernetes configuration |
N/A |
N/A |
Updated the feature gate configuration |
| Kubernetes Metrics Server |
v0.4.4 |
v0.4.5 |
Metrics server now dynamically reloads NannyConfiguration updates. See the Kubernetes Metrics Server release notes. |
| Kubernetes NodeLocal DNS cache |
1.21.1 |
1.21.3 |
See the Kubernetes NodeLocal DNS cache release notes. |
| Load balancer and load balancer monitor for IBM Cloud Provider |
1659 |
1747 |
Updated the Alpine base image to the 3.15 version to resolve CVEs. Updated to use Go version 1.17.6. |
Change log for worker node fix pack 1.21.7_1546, released 18 January 2022
Changes since version 1.21.7_1544
| Component |
Previous |
Current |
Description |
| Ubuntu 18.04 packages |
4.15.0-163-generic |
4.15.0-166-generic |
Kernel and package updates for CVE-2018-25020 and CVE-2021-4002. |
| Containerd |
v1.5.8 |
v1.5.9 |
See the change log. |
Change log for worker node fix pack 1.21.7_1544, released 4 January 2022
The following table shows the changes that are in the worker node fix pack patch update 1.21.7_1544. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
Changes since version 1.21.7_1542
| Component |
Previous |
Current |
Description |
| HA proxy |
3b8663 |
d38fa1 |
Contains fixes for CVE-2021-3712. |
| Ubuntu 18.04 packages |
N/A |
N/A |
Updated worker node image packages for CVE-2019-19449, CVE-2020-16592,
CVE-2020-21913, CVE-2020-27781, CVE-2020-36322, CVE-2020-36385, CVE-2021-25219, CVE-2021-28831, CVE-2021-28950,
CVE-2021-3487, CVE-2021-3524, CVE-2021-3531, CVE-2021-3733, CVE-2021-3737, CVE-2021-3759, CVE-2021-3778,
CVE-2021-3796, CVE-2021-3800, CVE-2021-38199, CVE-2021-3903, CVE-2021-3927, CVE-2021-3928, CVE-2021-40490,
CVE-2021-42374, CVE-2021-42378, CVE-2021-42384, and CVE-2021-43527. |
Change log for master fix pack 1.21.7_1541, released 7 December 2021
The following table shows the changes that are in the master fix pack update 1.21.7_1541. Master patch updates are applied automatically.
Changes since version 1.21.6_1539
| Component |
Previous |
Current |
Description |
| Cluster health image |
v1.2.18 |
v1.2.20 |
Updated universal base image (UBI) to the latest 8.4 version to resolve CVEs. Updated to use Go version 1.16.10. |
| CoreDNS |
1.8.4 |
1.8.6 |
See the CoreDNS release notes. |
| Gateway-enabled cluster controller |
1567 |
1586 |
Updated Alpine base image to the latest 3.14 version to resolve CVEs. Updated to use Go version 1.16.10. |
| GPU device plug-in and installer |
7fd867d |
c9bfc8c |
Updated universal base image (UBI) to the 8.5-204 version to resolve CVEs. Updated to use Go version 1.16.10. |
| IBM Calico extension |
864 |
900 |
Updated universal base image (UBI) to the 8.5-204 version to resolve CVEs. Updated to use Go version 1.16.10. |
| IBM Cloud Controller Manager |
v1.21.6-2 |
v1.21.7-3 |
Updated to support the Kubernetes 1.21.7 release and to use Go version 1.16.10. |
| IBM Cloud File Storage for Classic plug-in and monitor |
401 |
402 |
Updated universal base image (UBI) to the 8.5-204 version to resolve CVEs. Updated to use Go version 1.16.10. |
| IBM Cloud RBAC Operator |
4ca5637 |
3430e03 |
Updated universal base image (UBI) to the latest 8.5 version to resolve CVEs. Updated to use Go version 1.16.10. |
| Key Management Service provider |
v2.3.10 |
v2.3.12 |
Updated universal base image (UBI) to the latest 8.4 version to resolve CVEs. Updated to use Go version 1.16.10. |
| Konnectivity agent |
v0.0.24_268_iks |
v0.0.26_282_iks |
See the Konnectivity release notes. |
| Konnectivity server |
v0.0.24_268_iks |
v0.0.26_282_iks |
See the Konnectivity release notes. Updated to use TLS version 1.3 ciphers. |
| Kubernetes |
v1.21.6 |
v1.21.7 |
See the Kubernetes release notes. |
| Kubernetes NodeLocal DNS cache |
1.17.3 |
1.21.1 |
See the Kubernetes NodeLocal DNS cache release notes. Increased memory resource requests from 8Mi to 10Mi to better align with normal resource utilization. |
| Load balancer and load balancer monitor for IBM Cloud Provider |
1590 |
1659 |
Updated Alpine base image to the latest 3.14 version to resolve CVEs. Updated to use Go version 1.16.10. |
| Operator Lifecycle Manager |
0.16.1-IKS-14 |
0.16.1-IKS-15 |
Updated image for CVE-2021-42374, CVE-2021-42375,
CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42383, CVE-2021-42384,
CVE-2021-42385, and CVE-2021-42386. |
Change log for worker node fix pack 1.21.7_1542, released 6 December 2021
The following table shows the changes that are in the worker node fix pack patch update 1.21.7_1542. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
Changes since version 1.21.6_1540
| Component |
Previous |
Current |
Description |
| Ubuntu 18.04 packages |
4.15.0-162 |
4.15.0-163 |
Updated worker node images and kernel with package updates. Contains fixes for CVE-2021-43527 |
| Kubernetes |
1.21.6 |
1.21.7 |
See the change log |
| Containerd |
v1.5.7 |
v1.5.8 |
See the change log and the security bulletin |
Change log for worker node fix pack 1.21.6_1540, released 22 November 2021
The following table shows the changes that are in the worker node fix pack patch update 1.21.6_1540. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
Changes since version 1.21.5_1538
| Component |
Previous |
Current |
Description |
| Kubernetes |
1.21.5 |
1.21.6 |
For more information, see the change log. |
| HA proxy |
07f1e9e |
3b8663 |
Contains fixes for CVE-2021-20231, CVE-2021-20232,
CVE-2021-3580, CVE-2021-22946, CVE-2021-22947, CVE-2021-22876, CVE-2021-22898, CVE-2021-22925, CVE-2019-20838,
CVE-2020-14155, CVE-2018-20673, CVE-2021-42574, CVE-2019-17594, CVE-2019-17595, CVE-2020-12762, CVE-2020-16135,
CVE-2021-3445, CVE-2021-36084, CVE-2021-36085, CVE-2021-36086, CVE-2021-36087, CVE-2021-20266, CVE-2019-18218,
CVE-2021-23840, CVE-2021-23841, CVE-2021-27645, CVE-2021-33574, CVE-2021-35942, CVE-2021-33560, CVE-2019-13750,
CVE-2019-13751, CVE-2019-19603, CVE-2019-5827, CVE-2020-13435, CVE-2020-24370, CVE-2021-28153, CVE-2021-3800,
CVE-2021-33928, CVE-2021-33929, CVE-2021-33930, CVE-2021-33938, andCVE-2021-3200 |
| Ubuntu 18.04 packages |
4.15.0-161 |
4.15.0-162 |
Updated worker node images and kernel with package fixes forCVE-2019-19449, CVE-2020-36322, CVE-2020-36385, CVE-2021-28950,
CVE-2021-3759, CVE-2021-38199, CVE-2021-3903, CVE-2021-3927, and CVE-2021-3928. |
Change log for master fix pack 1.21.6_1539, released 17 November 2021
The following table shows the changes that are in the master fix pack update 1.21.5_1539. Master patch updates are applied automatically.
Changes since version 1.21.5_1536
| Component |
Previous |
Current |
Description |
| Cluster health image |
v1.2.16 |
v1.2.18 |
Updated Go module dependencies and to use Go version 1.16.9. Updated image for CVE-2021-22946, CVE-2021-22947, CVE-2021-33928, CVE-2021-33929 and CVE-2021-33930. |
| etcd |
v3.4.17 |
v3.4.18 |
See the etcd release notes. |
| Gateway-enabled cluster controller |
1510 |
1567 |
Updated to use Go version 1.16.9. |
| GPU device plug-in and installer |
58d7589 |
7fd867d |
Updated image for CVE-2021-36222, CVE-2021-37750,
CVE-2021-22922, CVE-2021-22923 and CVE-2021-22924. |
| IBM Cloud Controller Manager |
v1.21.5-2 |
v1.21.6-2 |
Updated to support the Kubernetes 1.21.6 release and to use Go version 1.16.9. Updated image for DLA-2797-1. |
| IBM Cloud RBAC Operator |
e3cb629 |
4ca5637 |
Updated universal base image (UBI) to the latest 8.4 version to resolve CVEs. |
| Key Management Service provider |
v2.3.8 |
v2.3.10 |
Updated Go module dependencies and to use Go version 1.16.9. Updated image for CVE-2021-22946. |
| Konnectivity agent |
v0.0.24_262_iks |
v0.0.24_268_iks |
Update to use Go version 1.16.9. |
| Konnectivity server |
v0.0.24_262_iks |
v0.0.24_268_iks |
Update to use Go version 1.16.9. |
| Kubernetes |
v1.21.5 |
v1.21.6 |
See the Kubernetes release notes. |
| Load balancer and load balancer monitor for IBM Cloud Provider |
1547 |
1590 |
Updated to use Go version 1.16.9. |
Change log for worker node fix pack 1.21.5_1538, released 10 November 2021
The following table shows the changes that are in the worker node fix pack patch update 1.21.5_1538. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
Change log for master fix pack 1.21.5_1536, released 29 October 2021
The following table shows the changes that are in the master fix pack update 1.21.5_1536. Master patch updates are applied automatically.
Changes since version 1.21.5_1531
| Component |
Previous |
Current |
Description |
| Cluster health image |
v1.2.15 |
v1.2.16 |
Updated universal base image (UBI) to the latest 8.4 version to resolve CVEs: CVE-2021-36222, CVE-2021-37750, CVE-2021-22922, CVE-2021-22923, and CVE-2021-22924. |
| etcd |
v3.4.16 |
v3.4.17 |
See the etcd release notes. |
| IBM Calico extension |
763 |
864 |
Updated to use Go version 1.16.9. Updated universal base image (UBI) to the latest 8.4 version to resolve CVEs. |
| IBM Cloud Controller Manager |
v1.21.5-1 |
v1.21.5-2 |
Updated to ignore VPC load balancer (LB) state when a LB delete is requested. |
| IBM Cloud File Storage for Classic plug-in and monitor |
400 |
401 |
Updated universal base image (UBI) to the latest 8.4-210 version to resolve CVEs. |
| Key Management Service provider |
v2.3.7 |
v2.3.8 |
Updated universal base image (UBI) to the latest 8.4 version to resolve CVEs: CVE-2021-36222, CVE-2021-37750, CVE-2021-22922, CVE-2021-22923, CVE-2021-22924 |
| Konnectivity agent |
v0.0.23_245_iks |
v0.0.24_262_iks |
See the Konnectivity release notes. Modified Konnectivity agent CPU and memory resource requests and memory
resource limit and removed the CPU resource limit. |
| Konnectivity server |
v0.0.23_245_iks |
v0.0.24_262_iks |
See the Konnectivity release notes. |
Change log for worker node fix pack 1.21.5_1537, released 25 October 2021
The following table shows the changes that are in the worker node fix pack patch update 1.21.25_1537. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
Changes since version 1.21.5_1533
| Component |
Previous |
Current |
Description |
| Ubuntu 18.04 packages |
N/A |
N/A |
Updated worker node images with package updates. Contains fix for cloud-init performance problem. |
| Worker-pool taint automation |
N/A |
N/A |
Fixes known issue related to worker-pool taint automation that prevents workers from getting providerID. |
Change log for worker node fix pack 1.21.5_1533, released 11 October 2021
The following table shows the changes that are in the worker node fix pack patch update 1.21.5_1533. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
Changes since version 1.21.5_1532
| Component |
Previous |
Current |
Description |
| Containerd |
v1.5.5 |
v1.5.7 |
See the security bulletin and the change log. |
| Ubuntu 18.04 packages |
4.15.0-158 |
4.15.0-159 |
Updated worker node images and kernel with package updates CVE-2021-3778 and CVE-2021-3796. |
Change log for master fix pack 1.21.5_1531, released 28 September 2021
The following table shows the changes that are in the master fix pack patch update 1.21.5_1531. Master patch updates are applied automatically.
Changes since version 1.21.4_1528
| Component |
Previous |
Current |
Description |
| Calico |
v3.19.1 |
v3.19.3 |
See the Calico release notes. Increased liveness and readiness probe timeouts to 10 seconds. |
| Gateway-enabled cluster controller |
1444 |
1510 |
Updated image for CVE-2021-3711 and CVE-2021-3712. |
| GPU device plug-in and installer |
8c8bcdf |
58d7589 |
Updated to use Go version 1.16.7. |
| IBM Cloud Controller Manager |
v1.21.4-1 |
v1.21.5-1 |
Updated to support the Kubernetes 1.21.5 release and to use Go version 1.16.8 and calicoctl version 3.19.3. Fixed a bug that might cause node initialization to fail when
a new node reuses the name of a deleted node. |
| IBM Cloud File Storage for Classic plug-in and monitor |
398 |
400 |
Updated to use Go version 1.16.7. Updated universal base image (UBI) to the latest 8.4-208 version to resolve CVEs. |
| IBM Cloud RBAC Operator |
945df65 |
e3cb629 |
Updated to use Go version 1.16.7. |
| Konnectivity agent |
v0.0.21e_231_iks |
v0.0.23_245_iks |
See the Konnectivity release notes. |
| Konnectivity server |
v0.0.21e_231_iks |
v0.0.23_245_iks |
See the Konnectivity release notes. |
| Kubernetes |
v1.21.4 |
v1.21.5 |
See the Kubernetes release notes. |
| Kubernetes API server auditing configuration |
N/A |
N/A |
Updated to support verbose Kubernetes API server auditing. |
| Kubernetes NodeLocal DNS cache |
N/A |
N/A |
Increased memory resource requests from 5Mi to 8Mi to better align with normal resource utilization. |
| Load balancer and load balancer monitor for IBM Cloud Provider |
1510 |
1547 |
Updated image for CVE-2021-3711 and CVE-2021-3712. |
| Operator Lifecycle Manager |
0.16.1-IKS-12 |
0.16.1-IKS-14 |
Updated image for CVE-2021-3711 and CVE-2021-3712. |
Change log for worker node fix pack 1.21.5_1532, released 27 September 2021
The following table shows the changes that are in the worker node fix pack patch update 1.21.5_1532. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
Changes since version 1.21.4_1530
| Component |
Previous |
Current |
Description |
| Disk identification |
N/A |
N/A |
Enhanced the disk identification logic to handle the case of 2+ partitions. |
| HA proxy |
9c98dc5 |
07f1e9 |
Updated image with fixes for CVE-2021-22922, CVE-2021-22923,
CVE-2021-22924, CVE-2021-36222, and CVE-2021-37750. |
| Kubernetes |
1.21.4 |
1.21.5 |
See the change logs. This update resolves CVE-2021-25741.
For more information, see the IBM security bulletin). |
| Ubuntu 18.04 packages |
4.15.0-156 |
4.15.0-158 |
Updated worker node images and kernel with package updates CVE-2021-22946, CVE-2021-22947, CVE-2021-33560, CVE-2021-3709,
CVE-2021-3710, CVE-2021-40330, CVE-2021-40528, and CVE-2021-41072. |
Change log for worker node fix pack 1.21.4_1530, released 13 September 2021
The following table shows the changes that are in the worker node fix pack patch update 1.21.4_1530. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
Change log for worker node fix pack 1.21.4_1529, released 30 August 2021
The following table shows the changes that are in the worker node fix pack patch update 1.21.4_1529. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
Changes since version 1.21.2_1524
| Component |
Previous |
Current |
Description |
| Ubuntu 18.04 packages |
4.15.0-153 |
4.15.0-154 |
Updated worker node images and kernel with package updates for CVE-2021-3711 and CVE-2021-3712. |
Change log for master fix pack 1.21.4_1528, released 25 August 2021
The following table shows the changes that are in the master fix pack patch update 1.21.4_1528. Master patch updates are applied automatically.
Changes since version 1.21.3_1525
| Component |
Previous |
Current |
Description |
| Calico |
N/A |
N/A |
Updated the rolling update configuration for the calico-node daemonset in the kube-system namespace. The configuration is now the same regardless of the number of cluster worker nodes. |
| Cluster health image |
v1.2.14 |
v1.2.15 |
Updated to use Go version 1.15.15. Updated universal base image (UBI) to the latest 8.4 version to resolve CVEs. |
| CoreDNS |
1.8.0 |
1.8.4 |
See the CoreDNS release notes. |
| Gateway-enabled cluster controller |
1348 |
1444 |
Updated image for CVE-2021-36159. |
| GPU device plug-in and installer |
483ccc2 |
8c8bcdf |
Updated to use Go version 1.16.6. |
| IBM Calico extension |
747 |
763 |
Updated to use Go version 1.16.6. Updated UBI to the latest 8.4-205 version to resolve CVEs. |
| IBM Cloud Controller Manager |
v1.21.3-2 |
v1.21.4-1 |
Updated to support the Kubernetes 1.21.4 release and to use Go version 1.16.7 and calicoctl version 3.19.2. |
| IBM Cloud File Storage for Classic plug-in and monitor |
395 |
398 |
Updated to use Go version 1.16.6. Updated image for CVE-2021-33910. |
| Key Management Service provider |
v2.3.6 |
v2.3.7 |
Updated to use Go version 1.15.15. Updated UBI to the latest 8.4 version to resolve CVEs. |
| Kubernetes |
v1.21.3 |
v1.21.4 |
See the Kubernetes release notes. |
| Kubernetes Dashboard |
v2.2.0 |
v2.3.1 |
See the Kubernetes Dashboard release notes. |
| Kubernetes Dashboard metrics scraper |
v1.0.6 |
v1.0.7 |
See the Kubernetes Dashboard metrics scraper release notes. |
| Kubernetes DNS autoscaler |
1.8.3 |
1.8.4 |
See the Kubernetes DNS autoscaler release notes. |
| Load balancer and load balancer monitor for IBM Cloud Provider |
1328 |
1510 |
Updated image for CVE-2020-27780. |
| Operator Lifecycle Manager |
0.16.1-IKS-10 |
0.16.1-IKS-12 |
Updated image for CVE-2021-36159. |
Change log for worker node fix pack 1.21.3_1527, released 16 August 2021
The following table shows the changes that are in the worker node fix pack patch update 1.21.3_1527. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
Changes since version 1.21.3_1526
| Component |
Previous |
Current |
Description |
| Ubuntu 18.04 packages |
4.15.0-151 |
4.15.0-153 |
N/A |
| HA proxy |
68e6b3 |
9c98dc |
Updated image with fixes for CVE-2021-27218. |
Change log for worker node fix pack 1.21.3_1526, released 02 August 2021
The following table shows the changes that are in the worker node fix pack patch update 1.21.3_1526. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
Change log for master fix pack 1.21.3_1525, released 27 July 2021
The following table shows the changes that are in the master fix pack patch update 1.21.3_1525. Master patch updates are applied automatically.
Changes since version 1.21.2_1522
| Component |
Previous |
Current |
Description |
| Cluster health image |
v1.2.13 |
v1.2.14 |
Updated universal base image (UBI) to the latest version to resolve CVEs. |
| etcd |
v3.4.14 |
v3.4.16 |
See the etcd release notes. |
| GPU device plug-in and installer |
772e15f |
483ccc2 |
Updated image for CVE-2021-20271, CVE-2021-3516,
CVE-2021-3517, CVE-2021-3518,
CVE-2021-3537, CVE-2021-3541,
and CVE-2021-3520. |
| IBM Calico extension |
730 |
747 |
Updated universal base image (UBI) to version 8.4-205 to resolve CVEs. |
| IBM Cloud Controller Manager |
v1.21.2-2 |
v1.21.3-2 |
Updated to support the Kubernetes 1.21.3 release and to use Go version 1.16.6 and calicoctl version 3.19.1. |
| IBM Cloud File Storage for Classic plug-in and monitor |
394 |
395 |
Updated universal base image (UBI) to version 8.4-205 to resolve CVEs. |
| IBM Cloud RBAC Operator |
b68ea92 |
945df65 |
Updated image for CVE-2021-33194. |
| Key Management Service provider |
v2.3.5 |
v2.3.6 |
Updated universal base image (UBI) to the latest version to resolve CVEs. |
| Konnectivity agent |
v0.0.19e_206_iks |
v0.0.21e_231_iks |
Updated universal base image (UBI) to version 8.4-205 to resolve CVEs. |
| Konnectivity server |
v0.0.19e_206_iks |
v0.0.21e_231_iks |
Updated universal base image (UBI) to version 8.4-205 to resolve CVEs. |
| Kubernetes |
v1.21.2 |
v1.21.3 |
See the Kubernetes release notes. |
Change log for worker node fix pack 1.21.2_1524, released 19 July 2021
The following table shows the changes that are in the worker node fix pack 1.21.2_1524. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker
node.
Changes since version 1.21.2_1523
| Component |
Previous |
Current |
Description |
| Ubuntu 16.04 packages |
N/A |
N/A |
Updated worker node images with kernel package updates. |
| Ubuntu 18.04 packages |
N/A |
N/A |
Updated worker node images with kernel package updates. |
Change log for worker node fix pack 1.21.2_1523, released 6 July 2021
The following table shows the changes that are in the worker node fix pack 1.21.2_1523. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker
node.
Change log for master fix pack 1.21.2_1522, released 28 June 2021
The following table shows the changes that are in the master fix pack patch update 1.21.2_1522. Master patch updates are applied automatically.
Changes since version 1.21.1_1519
| Component |
Previous |
Current |
Description |
| Cluster health image |
v1.2.12 |
v1.2.13 |
Updated to use Go version 1.15.12. Updated image for CVE-2021-33194. |
| GPU device plug-in and installer |
c7b87b1 |
772e15f |
Updated image for CVE-2021-27219. |
| IBM Calico extension |
695 |
730 |
Updated to use Go version 1.16.15. |
| IBM Cloud Controller Manager |
v1.21.1-4 |
v1.21.2-2 |
Updated to support the Kubernetes 1.21.2 release and to use Go version 1.16.5. Updated Go dependencies to resolve CVEs. Updated image to implement additional IBM security controls. |
| IBM Cloud File Storage for Classic plug-in and monitor |
393 |
394 |
Updated to use Go version 1.15.12. Updated image for CVE-2021-33194 and CVE-2021-27219. |
| IBM Cloud RBAC Operator |
cfd8ae9 |
b68ea92 |
Updated image for CVE-2021-27219. |
| Key Management Service provider |
v2.3.4 |
v2.3.5 |
Updated to use Go version 1.15.12. Updated image for CVE-2021-33194. |
| Konnectivity agent |
v0.0.19e_201_iks |
v0.0.19e_206_iks |
Updated image for CVE-2021-27219. |
| Konnectivity server |
v0.0.19e_201_iks |
v0.0.19e_206_iks |
Updated image for CVE-2021-27219. |
| Kubernetes |
v1.21.1 |
v1.21.2 |
See the Kubernetes release notes. |
| Portieris admission controller |
v0.10.2 |
v0.10.3 |
See the Portieris admission controller release notes. |
Change log for worker node fix pack 1.21.1_1521, released 22 June 2021
The following table shows the changes that are in the worker node fix pack 1.21.1_1521. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker
node.
Changes since version 1.21.1_1520
| Component |
Previous |
Current |
Description |
| HA proxy |
26c5cc |
d3dc33 |
Updated image with fixes for CVE-2020-24977, CVE-2020-13434,
CVE-2020-15358, CVE-2020-29361, CVE-2020-29362, CVE-2020-29363, CVE-2019-2708, CVE-2019-13012, CVE-2020-13543,
CVE-2020-13584, CVE-2020-9948, CVE-2020-9951, CVE-2020-9983, CVE-2021-27219, CVE-2020-8231, CVE-2020-8284,
CVE-2020-8285, CVE-2020-8286, CVE-2016-10228, CVE-2019-25013, CVE-2019-9169, CVE-2020-27618, CVE-2021-3326,
CVE-2020-26116, CVE-2020-27619, CVE-2021-23336, CVE-2021-3177, CVE-2019-3842, CVE-2020-13776, CVE-2020-24330,
CVE-2020-24331, CVE-2020-24332, CVE-2017-14502, CVE-2020-8927 and CVE-2020-28196. |
| IBM Cloud Container Registry |
N/A |
N/A |
Added private-only registry support for ca.icr.io, br.icr.io and jp2.icr.io. |
| Ubuntu 18.04 packages |
N/A |
N/A |
Updated worker node images with package updates for CVE-2017-8779, CVE-2017-8872, CVE-2018-16869, CVE-2019-20388,
CVE-2020-24977, CVE-2021-3516, CVE-2021-3517 CVE-2021-3518, CVE-2021-3537, CVE-2021-3580. |
Change log for worker node fix pack 1.21.1_1520, released 9 June 2021
The following table shows the changes that are in the worker node fix pack 1.21.1_1520. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker
node.
Change log for master fix pack 1.21.1_1519 released 9 June 2021
The following table shows the changes that are in the master fix pack patch update 1.21.1_1519. Master patch updates are applied automatically.
Changes since version 1.20.7_1540
| Component |
Previous |
Current |
Description |
| Calico |
v3.17.3 |
v3.19.1 |
See the Calico release notes. |
| Gateway-enabled cluster controller |
1352 |
1348 |
Updated to run as a non-root user by default, with privileged escalation as needed. |
| GPU device plug-in and installer |
9a5e70b |
c7b87b1 |
Updated to use Go version 1.15.12. Updated universal base image (UBI) to version 8.4 to resolve CVEs. Updated the GPU drivers to version 460.73.01. |
| IBM Calico extension |
689 |
695 |
Updated UBI minimal base image to version 8.4 to resolve CVEs. |
| IBM Cloud Controller Manager |
v1.20.7-3 |
v1.21.1-4 |
Updated to support the Kubernetes 1.21.1 release and to use Go version 1.16.4 and calicoctl version 3.19.0. |
| IBM Cloud File Storage for Classic plug-in and monitor |
392 |
393 |
Updated UBI to version 8.4 to resolve CVEs. |
| IBM Cloud RBAC Operator |
63cd064 |
cfd8ae9 |
Updated to use Go version 1.16.4. Updated UBI to version 8.4 to resolve CVEs. |
| Konnectivity agent |
N/A |
v0.0.19e_201_iks |
Konnectivity replaces OpenVPN as the network proxy that is used to secure the communication of the Kubernetes API server
master to worker nodes in the cluster. See the Konnectivity release notes. |
| Konnectivity server |
N/A |
v0.0.19e_201_iks |
Konnectivity replaces OpenVPN as the network proxy that is used to secure the communication of the Kubernetes API server
master to worker nodes in the cluster. See the Konnectivity release notes. |
| Kubernetes |
v1.20.7 |
v1.21.1 |
See the Kubernetes release notes. |
| Kubernetes admission controllers configuration |
N/A |
N/A |
Added DenyServiceExternalIPs to the --enable-admission-plugins option for the cluster's Kubernetes API server. The update resolves
CVE-2020-8554 (see the IBM security bulletin). |
| Kubernetes configuration |
N/A |
N/A |
Updated the feature gate configuration. |
| Kubernetes add-on resizer |
1.8.12 |
1.8.13 |
See the Kubernetes add-on resizer release notes. |
| Kubernetes Dashboard |
v2.1.0 |
v2.2.0 |
See the Kubernetes Dashboard release notes. |
| Pause container image |
3.2 |
3.5 |
See the pause container image release notes. |