Kubernetes version 1.24 change log
This version is no longer supported. Update your cluster to a supported version as soon as possible.
Overview
In clusters that run version 1.23 or earlier, the IBM Cloud provider version enables Kubernetes APIs and features that are at beta. In version 1.24 and later, most new beta features are disabled by default. Kubernetes alpha features, which are subject to change, are disabled in all versions. For more information, see the Default service settings for Kubernetes components and the feature gates for each version.
For more information about major, minor, and patch versions and preparation actions between minor versions, see Kubernetes versions.
Check the Security Bulletins on IBM Cloud Status for security vulnerabilities that affect IBM Cloud Kubernetes Service. You can filter the results to view only Kubernetes Cluster security bulletins that are relevant to IBM Cloud Kubernetes Service. Change log entries that address other security vulnerabilities but don't also refer to an IBM security bulletin are for vulnerabilities that are not known to affect IBM Cloud Kubernetes Service in normal usage. If you run privileged containers, run commands on the workers, or execute untrusted code, then you might be at risk.
Some change logs are for worker node fix packs, and apply only to worker nodes. You must apply these patches to ensure security compliance for your worker nodes. These worker node fix packs can be at a higher version than the master because some build fix packs are specific to worker nodes. Other change logs are for master fix packs, and apply only to the cluster master. Master fix packs might not be automatically applied. You can choose to apply them manually. For more information about patch types, see Update types.
Version 1.24 change log
Review the version 1.24 change log.
Change log for worker node fix pack 1.24.17_1592, released 04 December 2023
The following table shows the changes that are in the worker node fix pack 1.24.17_1592. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Component | Previous | Current | Description |
---|---|---|---|
Ubuntu 20.04 packages | 5.4.0-166-generic | 5.4.0-167-generic | Worker node kernel & package updates for CVE-2023-31085, CVE-2023-40217, CVE-2023-44487, CVE-2023-45871, CVE-2023-47038, CVE-2023-5981. |
Kubernetes | 1.24.17 | 1.24.17 | N/A |
Change log for worker node fix pack 1.24.17_1591, released 29 November 2023
The following table shows the changes that are in the worker node fix pack 1.24.17_1591. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Component | Previous | Current | Description |
---|---|---|---|
Ubuntu 20.04 packages | 5.4.0-166-generic | 5.4.0-166-generic | Worker node package updates for CVE-2023-36054, CVE-2023-4016, CVE-2023-43804, CVE-2023-45803. |
Kubernetes | 1.24.17 | 1.24.17 | N/A |
Containerd | N/A | N/A | N/A |
Change log for worker node fix pack 1.24.17_1590, released 08 November 2023
The following table shows the changes that are in the worker node fix pack 1.24.17_1590. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Component | Previous | Current | Description |
---|---|---|---|
Ubuntu 20.04 packages | 5.4.0-165-generic | 5.4.0-166-generic | Worker node kernel & package updates for CVE-2023-0597, CVE-2023-31083, CVE-2023-34058, CVE-2023-34059, CVE-2023-34319, CVE-2023-3446, CVE-2023-3772, CVE-2023-3817, CVE-2023-4132, CVE-2023-42752, CVE-2023-42753, CVE-2023-42755, CVE-2023-42756, CVE-2023-4622, CVE-2023-4623, CVE-2023-4733, CVE-2023-4735, CVE-2023-4750, CVE-2023-4751, CVE-2023-4752, CVE-2023-4781, CVE-2023-4881, CVE-2023-4921, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535. |
Containerd | N/A | N/A | N/A |
Change log for worker node fix pack 1.24.17_1589, released 23 October 2023
The following table shows the changes that are in the worker node fix pack 1.24.17_1589. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Component | Previous | Current | Description |
---|---|---|---|
Ubuntu 20.04 packages | 5.4.0-164-generic | 5.4.0-165-generic | Worker node kernel & package updates for CVE-2022-3234, CVE-2022-3256, CVE-2022-3324, CVE-2022-3352, CVE-2022-3520, CVE-2022-3591, CVE-2022-3705, CVE-2022-4292, CVE-2022-4293, CVE-2023-34319, CVE-2023-38546, CVE-2023-42752, CVE-2023-42753, CVE-2023-42755, CVE-2023-42756, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921. |
Kubernetes | N/A | N/A | N/A |
Containerd | N/A | N/A | N/A |
Change log for worker node fix pack 1.24.17_1588, released 9 October 2023
The following table shows the changes that are in the worker node fix pack 1.24.17_1588. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Component | Previous | Current | Description |
---|---|---|---|
Ubuntu 20.04 packages | 5.4.0-163-generic | 5.4.0-164-generic | Worker node kernel & package updates for CVE-2021-4001, CVE-2023-1206, CVE-2023-20588, CVE-2023-3212, CVE-2023-3863, CVE-2023-40283, CVE-2023-4128, CVE-2023-4194, CVE-2023-43785, CVE-2023-43786, CVE-2023-43787. |
Kubernetes | N/A | N/A | N/A |
Containerd | N/A | N/A | N/A |
Change log for worker node fix pack 1.24.17_1587, released 27 September 2023
The following table shows the changes that are in the worker node fix pack 1.24.17_1587. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Component | Previous | Current | Description |
---|---|---|---|
Ubuntu 20.04 packages | 5.4.0-162-generic | 5.4.0-163-generic | Package updates for CVE-2023-3341, CVE-2023-4156, CVE-2023-4128, CVE-2023-20588, CVE-2023-20900, CVE-2023-40283. |
RHEL 8 Packages | 4.18.0-477.21.1.el8_8 | 4.18.0-477.27.1.el8_8 | Worker node kernel & package updates for CVE-2023-2002, CVE-2023-3090, CVE-2023-3390, CVE-2023-3776, CVE-2023-4004, CVE-2023-20593, CVE-2023-29491, CVE-2023-30630, CVE-2023-35001, CVE-2023-35788. |
Change log for master fix pack 1.24.17_1586, released 20 September 2023
The following table shows the changes that are in the master fix pack 1.24.17_1586. Master patch updates are applied automatically.
Component | Previous | Current | Description |
---|---|---|---|
IBM Cloud Block Storage driver and plug-in | v2.4.5 | v2.4.10 | Updated Go dependencies . Updated to newer UBI base image. |
IBM Cloud Controller Manager | v1.24.16-5 | v1.24.17-2 | Updated to support the Kubernetes 1.24.17 release. Updated Go to version 1.20.7 and updated Go dependencies . |
IBM Cloud File Storage for Classic plug-in and monitor | 434 | 435 | Updated Go to version 1.20.6 and updated dependencies. Updated to newer UBI base image. |
Kubernetes | v1.24.16 | v1.24.17 | See the Kubernetes release notes. |
Load balancer and load balancer monitor for IBM Cloud Provider | 2631 | 2681 | Updated Go to version 1.19.12 and updated Go dependencies . |
Change log for worker node fix pack 1.24.16_1583, released 12 September 2023
The following table shows the changes that are in the worker node fix pack 1.24.16_1583. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Component | Previous | Current | Description |
---|---|---|---|
Ubuntu 20.04 packages | 5.4.0-156-generic | 5.4.0-162-generic | Worker node kernel & package updates for CVE-2020-21047, CVE-2021-33294, CVE-2022-40982, CVE-2023-20593CVE-2023-2269, CVE-2023-31084, CVE-2023-3268, CVE-2023-3609, CVE-2023-3611, CVE-2023-3776. |
Containerd | 1.7.4 | 1.7.5 | N/A |
Change log for master fix pack 1.24.16_1581, released 30 August 2023
The following table shows the changes that are in the master fix pack 1.24.16_1581. Master patch updates are applied automatically.
Component | Previous | Current | Description |
---|---|---|---|
Cluster health image | v1.3.23 | v1.3.24 | Updated Go to version 1.19.12 and updated dependencies. Updated base image version to 378. |
Gateway-enabled cluster controller | 2322 | 2366 | Update Go dependencies to fix CVE-2023-3978. |
GPU device plug-in and installer | 495931a | 8e87e60 | Updated Go to version 1.19.11 |
IBM Cloud Controller Manager | v1.24.16-1 | v1.24.16-5 | Updated Go dependencies to resolve a CVE. Updates to Travis build. |
IBM Cloud File Storage for Classic plug-in and monitor | 433 | 434 | Updated Go to version 1.20.6 and updated dependencies. Updated to newer UBI base image. |
Key Management Service provider | v2.7.2 | v2.7.3 | Updated Go dependencies. |
Portieris admission controller | v0.13.5 | v0.13.6 | See the Portieris admission controller release notes. |
Change log for worker node fix pack 1.24.16_1582, released 28th August 2023
The following table shows the changes that are in the worker node fix pack 1.24.16_1582. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Component | Previous | Current | Description |
---|---|---|---|
Ubuntu 20.04 packages | 5.4.0-155-generic | 5.4.0-156-generic | Worker node kernel & package updates for CVE-2022-2598, CVE-2022-3016, CVE-2022-3037, CVE-2022-3099, CVE-2023-40225. |
Change log for worker node fix pack 1.24.16_1580, released 15th August 2023
The following table shows the changes that are in the worker node fix pack 1.24.16_1580. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Component | Previous | Current | Description |
---|---|---|---|
Ubuntu 20.04 packages | N/A | N/A | Package updates for CVE-2020-36691, CVE-2022-0168, CVE-2022-1184, CVE-2022-2208, CVE-2022-2210, CVE-2022-2257, CVE-2022-2264, CVE-2022-2284, CVE-2022-2285, CVE-2022-2286, CVE-2022-2287, CVE-2022-2289, CVE-2022-27672, CVE-2022-4269, CVE-2023-1611, CVE-2023-2124, CVE-2023-3090, CVE-2023-3111, CVE-2023-3141, CVE-2023-32629, CVE-2023-3390, CVE-2023-35001. |
Kubernetes | N/A | N/A | N/A |
Containerd | N/A | N/A | N/A |
Change log for worker node fix pack 1.24.16_1579, released 1 August 2023
The following table shows the changes that are in the worker node fix pack 1.24.16_1579. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Component | Previous | Current | Description |
---|---|---|---|
Ubuntu 18.04 packages | 4.15.0-212-generic | 4.15.0-214-generic | Worker node kernel & package updates for CVE-2020-13987, CVE-2020-13988, CVE-2020-17437, CVE-2022-1184, CVE-2022-3303, CVE-2023-1611, CVE-2023-1670, CVE-2023-1859, CVE-2023-1990, CVE-2023-20867, CVE-2023-2124, CVE-2023-2828, CVE-2023-3090, CVE-2023-3111, CVE-2023-3141, CVE-2023-3268, CVE-2023-3390, CVE-2023-35001. |
Ubuntu 20.04 packages | 5.4.0-153-generic | 5.4.0-155-generic | Worker node kernel & package updates for CVE-2020-13987, CVE-2020-13988, CVE-2020-17437, CVE-2023-20867, CVE-2023-28321, CVE-2023-28322, CVE-2023-3090, CVE-2023-32629, CVE-2023-3390, CVE-2023-35001, CVE-2023-38408. |
Kubernetes | 1.24.15 | 1.24.16 | For more information, see the change logs. |
Containerd | 1.6.21 | 1.6.22 | For more information, see the change logs. |
Change log for master fix pack 1.24.16_1578, released 27 July 2023
The following table shows the changes that are in the master fix pack 1.24.16_1578. Master patch updates are applied automatically.
Component | Previous | Current | Description |
---|---|---|---|
Cluster health image | v1.3.21 | v1.3.23 | Updated Go to version 1.19.11 and updated Go dependencies. Updated UBI base image. |
GPU device plug-in and installer | 202b284 | 495931a | Updated Go to version 1.20.6 . |
IBM Cloud Controller Manager | v1.24.15-1 | v1.24.16-1 | Updated to support the Kubernetes 1.24.16 release. Updated Go dependencies and to Go version 1.20.6 . |
Key Management Service provider | v2.6.7 | v2.7.2 | Updated Go to version 1.19.11 and updated Go dependencies. Updated UBI base image. |
Konnectivity agent and server | v0.1.2_591_iks | v0.1.3_5_iks | See the Konnectivity release notes. |
Kubernetes NodeLocal DNS cache | 1.22.21 | 1.22.23 | See the Kubernetes NodeLocal DNS cache release notes. |
Kubernetes | v1.24.15 | v1.24.16 | See the Kubernetes release notes. |
Load balancer and load balancer monitor for IBM Cloud Provider | 2584 | 2631 | Updated Go to version 1.19.10 and updated Go dependencies. Updated Alpine base image. |
Change log for worker node fix pack 1.24.15_1576, released 17 July 2023
The following table shows the changes that are in the worker node fix pack 1.24.15_1576. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Component | Previous | Current | Description |
---|---|---|---|
Kubernetes | N/A | N/A | N/A |
Ubuntu 18.04 packages | N/A | N/A | Worker node package updates for CVE-2023-24626, CVE-2023-2953. |
Ubuntu 20.04 packages | N/A | N/A | N/A |
Change log for worker node fix pack 1.24.15_1574, released 03 July 2023
The following table shows the changes that are in the worker node fix pack 1.24.15_1574. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Component | Previous | Current | Description |
---|---|---|---|
Ubuntu 18.04 packages | N/A | N/A | Worker node package updates for CVE-2023-2603,CVE-2023-3138 |
Ubuntu 20.04 packages | 5.4.0-150-generic | 5.4.0-153-generic | Worker node kernel & package updates for CVE-2023-0461,CVE-2023-1380, CVE-2023-1670,CVE-2023-1859,CVE-2023-2612, CVE-2023-2828,CVE-2023-30456,CVE-2023-3138, CVE-2023-31436,CVE-2023-32233,CVE-2023-3297. |
Kubernetes | 1.24.14 | 1.24.15 | See the Kubernetes release notes. |
Change log for master fix pack 1.24.15_1573, released 27 June 2023
The following table shows the changes that are in the master fix pack 1.24.15_1573. Master patch updates are applied automatically.
Component | Previous | Current | Description |
---|---|---|---|
Calico | v3.24.5 | v3.24.6 | See the Calico release notes. |
Cluster health image | v1.3.20 | v1.3.21 | Updated Go dependencies and to Go version 1.19.10 . |
etcd | v3.5.8 | v3.5.9 | See the etcd release notes. |
Gateway-enabled cluster controller | 2106 | 2322 | Updated image to resolve CVE-2023-2650. |
GPU device plug-in and installer | 28d80a0 | 202b284 | Updated to Go version 1.19.9 |
IBM Cloud Controller Manager | v1.24.13-6 | v1.24.15-1 | Updated to support the Kubernetes 1.24.15 release. Updated Go dependencies and to Go version 1.19.10 . Updated calicoctl and vpcctl . |
IBM Cloud File Storage for Classic plug-in and monitor | 431 | 433 | Updated Go to version 1.20.4 . Updated UBI base image. |
Key Management Service provider | v2.6.6 | v2.6.7 | Updated Go dependencies and to Go version 1.19.10 . |
Kubernetes | v1.24.14 | v1.24.15 | CVE-2023-2728. For more information, see IBM Cloud Kubernetes Service is affected by a Kubernetes API server security vulnerability (CVE-2023-2728). See the Kubernetes release notes. |
Load balancer and load balancer monitor for IBM Cloud Provider | 2486 | 2584 | Updated Go dependencies and to Go version 1.19.9 . Updated base image. |
Change log for worker node fix pack 1.24.14_1572, released 19 June 2023
The following table shows the changes that are in the worker node fix pack 1.24.14_1572. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Component | Previous | Current | Description |
---|---|---|---|
Ubuntu 18.04 packages | N/A | N/A | Worker node package updates for CVE-2020-11080,CVE-2023-24329, CVE-2023-2603,CVE-2023-2609,CVE-2023-2610, CVE-2023-32681 |
Ubuntu 20.04 packages | 5.4.0-149-generic | 5.4.0-150-generic | Worker node kernel & package updates for CVE-2020-11080,CVE-2021-45078, CVE-2023-1380,CVE-2023-1667,CVE-2023-1670, CVE-2023-1859,CVE-2023-2283,CVE-2023-24329, CVE-2023-24593,CVE-2023-2602,CVE-2023-2603, CVE-2023-2609,CVE-2023-2610,CVE-2023-2612, CVE-2023-30456,CVE-2023-3138,CVE-2023-31436, CVE-2023-31484,CVE-2023-32233,CVE-2023-32643, CVE-2023-32681. |
Kubernetes | N/A | N/A | N/A |
Change log for worker node fix pack 1.24.14_1571, released 5 June 2023
The following table shows the changes that are in the worker node fix pack 1.24.14_1571. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Component | Previous | Current | Description |
---|---|---|---|
Ubuntu 18.04 packages | 4.15.0-211-generic | 4.15.0-212-generic | Worker node kernel & package updates for CVE-2019-17595, CVE-2021-39537, CVE-2022-29458, CVE-2022-4304, CVE-2023-1380, CVE-2023-25584, CVE-2023-25585, CVE-2023-25588, CVE-2023-2650, CVE-2023-29491, CVE-2023-30456, CVE-2023-31436, CVE-2023-31484, CVE-2023-32233. |
Ubuntu 20.04 packages | 5.4.0-148-generic | 5.4.0-149-generic | Worker node kernel & package updates for CVE-2021-39537, CVE-2022-29458, CVE-2023-1075, CVE-2023-1118, CVE-2023-1380, CVE-2023-25584, CVE-2023-25585, CVE-2023-25588, CVE-2023-2612, CVE-2023-2650, CVE-2023-29491, CVE-2023-30456, CVE-2023-31436, CVE-2023-32233. |
Kubernetes | N/A | N/A | N/A |
Change log for master fix pack 1.24.14_1568, released 23 May 2023
The following table shows the changes that are in the master fix pack 1.24.14_1568. Master patch updates are applied automatically.
Component | Previous | Current | Description |
---|---|---|---|
Cluster health image | v1.3.19 | v1.3.20 | Updated Go to version 1.19.9 and updated dependencies. Updated the base image. Resolved add-on health bugs. |
etcd | v3.5.7 | v3.5.8 | See the etcd release notes. |
GPU device plug-in | fc4cf22 | 28d80a0 | Updated Go to version 1.19.8 |
IBM Cloud Controller Manager | v1.24.13-1 | v1.24.13-6 | Updated support of the Kubernetes 1.24.13 release. Updated Go dependencies. Key rotation. |
IBM Cloud RBAC Operator | 778ef2b | 4e2f346 | Make armada-rbac-sync FIPS compliant |
Key Management Service provider | v2.6.5 | v2.6.6 | Updated Go to version 1.19.9 and updated dependencies. |
Kubernetes | v1.24.13 | v1.24.14 | See the Kubernetes release notes. |
Kubernetes NodeLocal DNS cache | 1.22.18 | 1.22.21 | See the [Kubernetes NodeLocal DNS cache release notes](https://github.com/kubernetes/dns/releases/tag/1.22.21 |
Portieris admission controller | v0.13.4 | v0.13.5 | See the Portieris admission controller release notes. |
Change log for worker node fix pack 1.24.14_1570, released 23 May 2023
The following table shows the changes that are in the worker node fix pack 1.24.14_1570. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Component | Previous | Current | Description |
---|---|---|---|
Ubuntu 18.04 packages | 4.15.0-210-generic | 4.15.0-211-generic | Worker node kernel & package updates for CVE-2021-3979, CVE-2023-1118. |
Ubuntu 20.04 packages | 5.4.0-139-generic | 5.4.0-148-generic | Worker node kernel & package updates for CVE-2023-2004. |
Kubernetes | 1.24.13 | 1.24.14 | CVE-2023-2431. For more information, see IBM Cloud Kubernetes Service is affected by a kubelet security vulnerability (CVE-2023-2431). For more information, see the change logs. |
Containerd | 1.6.20 | 1.6.21 | For more information, see the change logs. |
Haproxy | N\A | N\A | N\A |
Change log for worker node fix pack 1.24.13_1567, released 9 May 2023
The following table shows the changes that are in the worker node fix pack 1.24.13_1567. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Component | Previous | Current | Description |
---|---|---|---|
Ubuntu 18.04 packages | 4.15.0-209-generic | 4.15.0-210-generic | Worker node kernel & package updates for CVE-2023-1786, CVE-2023-0464, CVE-2023-0466, CVE-2023-1829, CVE-2023-25652, CVE-2023-25815, CVE-2023-29007. |
Ubuntu 20.04 packages | n/a | n/a | Worker node kernel & package updates for CVE-2023-1786, CVE-2023-0464, CVE-2023-0466, CVE-2023-25652, CVE-2023-25815, CVE-2023-29007. |
Kubernetes | N/A | N/A | N/A |
Change log for master fix pack 1.24.13_1566, released 27 April 2023
The following table shows the changes that are in the master fix pack 1.24.13_1566. Master patch updates are applied automatically.
Component | Previous | Current | Description |
---|---|---|---|
Cluster health image | v1.3.17 | v1.3.19 | Updated Go to version 1.19.8 and updated dependencies. |
Gateway-enabled cluster controller | 2024 | 2106 | Support Ubuntu 20 and update image to resolve CVEs. |
GPU device plug-in | a873e90 | fc4cf22 | Updated Go to version 1.19.7 . |
GPU installer | a873e90 | 28d80a0 | Updated Go to version 1.19.8 . |
IBM Calico extension | 1366-amd64 | 1390-amd64 | Eliminate IP syscall. |
IBM Cloud Block Storage driver and plug-in | v2.4.0 | v2.4.5 | Updated universal base image (UBI) to resolve CVEs. Updated Go to version 1.19.8 and updated dependencies. |
IBM Cloud Controller Manager | v1.24.12-1 | v1.24.13-1 | Updated to support the Kubernetes 1.24.13 release. Updated Go dependencies and to Go version 1.19.8 . |
IBM Cloud File Storage for Classic plug-in and monitor | 429 | 431 | Updated Go to version 1.19.8 and updated dependencies. Update UBI base image. |
Key Management Service provider | v2.6.4 | v2.6.5 | Updated Go to version 1.19.7 and updated dependencies. |
Konnectivity agent and server | v0.1.1_569_iks-amd64 | v0.1.2_591_iks-amd64 | See the Konnectivity release notes. Updated configuration to set keepalive-time to 40s . |
Kubernetes | v1.24.12 | v1.24.13 | See the Kubernetes release notes. |
Kubernetes Metrics Server configuration | N/A | N/A | Updated to use TLS version 1.3 ciphers. |
Load balancer and load balancer monitor for IBM Cloud Provider | 2420 | 2486 | Updated Go to version 1.19.7 and updated dependencies. |
Portieris admission controller | v0.13.3 | v0.13.4 | See the Portieris admission controller release notes. |
Change log for worker node fix pack 1.24.13_1566, released 24 April 2023
The following table shows the changes that are in the worker node fix pack 1.24.13_1566. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Change log for worker node fix pack 1.24.12_1564, released 11 April 2023
The following table shows the changes that are in the worker node fix pack 1.24.12_1564. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Change log for worker node fix pack 1.24.12_1562, released 29 March 2023
The following table shows the changes that are in the worker node fix pack 1.24.12_1562. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Component | Previous | Current | Description |
---|---|---|---|
Ubuntu 20.04 packages | 5.4.0-144 | 5.4.0-139 | Downgrading kernel to address Upstream canonical bug. |
Change log for master fix pack 1.24.12_1559, released 28 March 2023
The following table shows the changes that are in the master fix pack 1.24.12_1559. Master patch updates are applied automatically.
Component | Previous | Current | Description |
---|---|---|---|
Calico configuration | N/A | N/A | Calico configuration now sets container network sysctl tuning for net.ipv4.tcp_keepalive_intvl to 15 , net.ipv4.tcp_keepalive_probes to 6 and net.ipv4.tcp_keepalive_time to 40 . |
Cluster health image | v1.3.16 | v1.3.17 | Updated Go to version 1.19.7 and updated dependencies. |
GPU device plug-in and installer | 79a2232 | a873e90 | Updated Go to version 1.19.6 . |
IBM Calico extension | 1308-amd64 | 1366-amd64 | Updated to resolve CVE-2023-23916. |
IBM Cloud Block Storage driver and plug-in | v2.3.7 | v2.4.0 | Removed ExpandInUsePersistentVolumes feature gate. |
IBM Cloud Controller Manager | v1.24.10-10 | v1.24.12-1 | Updated to support the Kubernetes 1.24.12 release. |
IBM Cloud File Storage for Classic plug-in and monitor | 427 | 429 | Updated universal base image (UBI) to resolve CVEs. Updated Go to version 1.19.6 and updated dependencies. |
Key Management Service provider | v2.6.3 | v2.6.4 | Updated Go to version 1.19.7 and updated dependencies. |
Kubernetes | v1.24.10 | v1.24.12 | See the Kubernetes release notes. |
Load balancer and load balancer monitor for IBM Cloud Provider | 2383 | 2420 | Updated the image to resolve CVEs. |
Change log for worker node fix pack 1.24.12_1560, released 27 March 2023
The following table shows the changes that are in the worker node fix pack 1.24.12_1560. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Component | Previous | Current | Description |
---|---|---|---|
Ubuntu 18.04 packages | N/A | N/A | Worker node package updates for CVE-2021-36222, CVE-2021-37750, CVE-2022-47024, CVE-2023-0049, CVE-2023-0054, CVE-2023-0288, CVE-2023-0433, CVE-2023-1170, CVE-2023-1175, CVE-2023-24329, CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538. |
Ubuntu 20.04 packages | N/A | N/A | Worker node package updates for CVE-2021-36222, CVE-2021-37750, CVE-2022-47024, CVE-2023-0049, CVE-2023-0054, CVE-2023-0288, CVE-2023-0433, CVE-2023-1170, CVE-2023-1175, CVE-2023-1264, CVE-2023-24329, CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538. |
Kubernetes | 1.24.10 | 1.24.12 | For more information, see the change log. |
Containerd | N/A | N/A | N/A |
Haproxy | af5031 | 8398d1 | CVE-2023-23916. |
Change log for worker node fix pack 1.24.10_1558, released 13 March 2023
The following table shows the changes that are in the worker node fix pack 1.24.10_1558. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Component | Previous | Current | Description |
---|---|---|---|
Ubuntu 20.04 packages | 5.4.0-139 | 5.4.0-144 | Worker node kernel & package updates for CVE-2022-29154, CVE-2022-3545, CVE-2022-3821, CVE-2022-40898, CVE-2022-41218, CVE-2022-4139, CVE-2022-4415, CVE-2022-47520, CVE-2022-48303, CVE-2023-0266, CVE-2023-0361, CVE-2023-0461, CVE-2023-0767, CVE-2023-23916. |
Ubuntu 18.04 packages | 4.15.0-204 | 4.15.0-206 | Worker node kernel & package updates for CVE-2022-29154, CVE-2022-3545, CVE-2022-3628, CVE-2022-37454, CVE-2022-3821, CVE-2022-40898, CVE-2022-48303, CVE-2023-0461, CVE-2023-0767, CVE-2023-22490, CVE-2023-23916. |
Kubernetes | N/A | N/A | N/A |
Containerd | 1.6.18 | 1.6.19 | For more information, see the change log. |
Change log for master fix pack 1.24.10_1557, released 2 March 2023
The following table shows the changes that are in the master fix pack 1.24.10_1557. Master patch updates are applied automatically.
Component | Previous | Current | Description |
---|---|---|---|
Cluster health image | v1.3.15 | v1.3.16 | Updated Go dependencies and to Go version 1.19.6 . Updated universal base image (UBI) to resolve CVEs. |
etcd | v3.5.6 | v3.5.7 | See the etcd release notes. |
Gateway-enabled cluster controller | 1902 | 1987 | Updated armada-utils to version v1.9.35 |
IBM Calico extension | 1280-amd64 | 1308-amd64 | Updated universal base image (UBI) to resolve CVE-2022-47629. |
IBM Cloud Block Storage driver and plug-in | v2.3.6 | v2.3.7 | Updated universal base image (UBI) to resolve CVEs. |
IBM Cloud Controller Manager | v1.24.10-2 | v1.24.10-10 | Updated Go dependencies. Updated k8s.io/utils digest to a5ecb01 . Updated vpcctl to v0.10.0 . |
IBM Cloud File Storage for Classic plug-in and monitor | 425 | 427 | Updated universal base image (UBI) to resolve CVEs. |
Key Management Service provider | v2.5.13 | v2.6.3 | Updated Go dependencies and to Go version 1.19.6 . |
Konnectivity agent and server | v0.0.34_491_iks | v0.1.1_569_iks-amd64 | Updated to Konnectivity version v0.1.0. |
Kubernetes NodeLocal DNS cache | 1.22.11 | 1.22.18-amd64 | See the Kubernetes NodeLocal DNS cache release notes. |
Load balancer and Load balancer monitor for IBM Cloud Provider | 2325 | 2383 | Updated to armada-utils version 1.9.35 . |
Portieris admission controller | v0.12.6 | v0.13.3 | See the Portieris admission controller release notes. |
Change log for worker node fix pack 1.24.10_1554, released 27 February 2023
The following table shows the changes that are in the worker node fix pack 1.24.10_1554. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Component | Previous | Current | Description |
---|---|---|---|
containerd | v1.6.17 | v1.6.18 | See the 1.6.18 change log and the security bulletin for CVE-2023-25153 and CVE-2023-25173. |
Ubuntu 18.04 packages | N/A | N/A | Worker node package updates for CVE-2023-22490, CVE-2023-23946, CVE-2023-25725. |
Ubuntu 20.04 packages | N/A | N/A | Worker node package updates for CVE-2023-22490, CVE-2023-23946, CVE-2023-25725. |
Kubernetes | N/A | N/A | N/A |
HAProxy | d38f89 | af5031 | CVE-2022-40897, CVE-2022-4415, CVE-2020-10735, CVE-2021-28861, CVE-2022-45061. |
Default Worker Pool | Ubuntu 18 | Ubuntu 20 | For IBM Cloud Kubernetes Service, default worker-pool is created with Ubuntu 20 Operating system |
Change log for worker node fix pack 1.24.10_1553, released 13 February 2023
The following table shows the changes that are in the worker node fix pack 1.24.10_1553. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Component | Previous | Current | Description |
---|---|---|---|
Ubuntu 18.04 packages | 4.15.0-202 | 4.15.0-204 | Worker node kernel & package updates for CVE-2022-28321, CVE-2022-3437, CVE-2022-4304, CVE-2022-4450, CVE-2022-45142, CVE-2022-47016, CVE-2023-0215, CVE-2023-0286. |
Ubuntu 20.04 packages | 5.4.0-137 | 5.4.0-139 | Worker node kernel & package updates for CVE-2022-28321, CVE-2022-3437, CVE-2022-4304, CVE-2022-4450, CVE-2022-45142, CVE-2022-47016, CVE-2023-0215, CVE-2023-0286. |
Kubernetes | N/A | N/A | N/A |
HAProxy | 8d6ea6 | 08c969 | CVE-2022-47629. |
Change log for master fix pack 1.24.10_1551, released 30 January 2023
The following table shows the changes that are in the master fix pack 1.24.10_1551. Master patch updates are applied automatically.
Component | Previous | Current | Description |
---|---|---|---|
Cluster health image | v1.3.14 | v1.3.15 | Updated Go dependencies and to Go version 1.19.4 . |
GPU device plug-in and installer | 03fd318 | 79a2232 | Updated Go to version 1.19.4 . |
IBM Calico extension | 1257 | 1280 | Publish s390x image. |
IBM Cloud Block Storage driver and plug-in | v2.3.4 | v2.3.6 | Updated UBI images to 8.7-1031 |
IBM Cloud Controller Manager | v1.24.8-3 | v1.24.10-2 | Updated to support the Kubernetes 1.24.10 release. Updated Go dependencies and to Go version 1.19.5 . |
IBM Cloud File Storage for Classic plug-in and monitor | 421 | 425 | Fixes for CVE-2022-40303 and CVE-2022-40304. |
Key Management Service provider | v2.5.12 | v2.5.13 | Updated Go dependencies and to Go version 1.19.4 . Changed to focal distribution. |
Konnectivity agent and server | v0.0.33_418_iks | v0.0.34_491_iks | See the Konnectivity release notes. |
Kubernetes | v1.24.9 | v1.24.10 | See the Kubernetes release notes. |
Change log for worker node fix pack 1.24.10_1552, released 30 January 2023
The following table shows the changes that are in the worker node fix pack 1.24.10_1552. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Component | Previous | Current | Description |
---|---|---|---|
Ubuntu 18.04 packages | N/A | N/A | Worker node kernel & package updates for CVE-2018-20217, CVE-2022-23521, CVE-2022-28321, CVE-2022-40897, CVE-2022-40898, CVE-2022-41903, CVE-2022-42898, CVE-2023-22809. |
Ubuntu 20.04 packages | N/A | N/A | Worker node kernel & package updates for CVE-2021-33503, CVE-2022-23521, CVE-2022-28321, CVE-2022-3094, CVE-2022-40897, CVE-2022-40898, CVE-2022-41903, CVE-2022-42898, CVE-2023-0056, CVE-2023-22809. |
Kubernetes | 1.24.9 | 1.24.10 | For more information, see the change log. |
HAProxy | 508bf6 | 8d6ea6 | CVE-2022-42010, CVE-2022-42011, CVE-2022-42012, CVE-2022-40303, CVE-2022-40304, CVE-2022-3821, CVE-2022-35737, CVE-2022-43680, CVE-2021-46848. |
Change log for worker node fix pack 1.24.9_1550, released 16 January 2023
The following table shows the changes that are in the worker node fix pack 1.24.9_1550. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Component | Previous | Current | Description |
---|---|---|---|
Ubuntu 18.04 packages | 4.15.0-200 | 4.15.0-202 | Worker node kernel & package updates for CVE-2021-44758, CVE-2022-0392, CVE-2022-2663, CVE-2022-3061, CVE-2022-3437, CVE-2022-3643, CVE-2022-42896, CVE-2022-42898, CVE-2022-43552, CVE-2022-43945, CVE-2022-44640, CVE-2022-45934, CVE-2022-47629. |
Ubuntu 20.04 packages | 5.4.0-135 | 5.4.0-137 | Worker node kernel & package updates for CVE-2021-44758, CVE-2022-0392, CVE-2022-0417, CVE-2022-2663, CVE-2022-3061, CVE-2022-3437, CVE-2022-3643, CVE-2022-42896, CVE-2022-42898, CVE-2022-43552, CVE-2022-43945, CVE-2022-44640, CVE-2022-45934, CVE-2022-47629. |
Kubernetes | N/A | N/A | N/A |
Change log for worker node fix pack 1.24.9_1549, released 02 January 2023
The following table shows the changes that are in the worker node fix pack 1.24.9_1549. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Component | Previous | Current | Description |
---|---|---|---|
Ubuntu 18.04 packages | N/A | N/A | N/A |
Ubuntu 20.04 packages | N/A | N/A | N/A |
Kubernetes | N/A | N/A | N/A |
Change log for worker node fix pack 1.24.9_1548, released 19 December 2022
The following table shows the changes that are in the worker node fix pack 1.24.9_1548. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Component | Previous | Current | Description |
---|---|---|---|
Containerd | 1.6.10 | 1.6.12 | See the 1.6.12 change log, the 1.6.11 change log, and the security bulletin for CVE-2022-23471. |
Ubuntu 18.04 packages | 4.15.0-197 | 4.15.0-200 | Worker node kernel & package updates for CVE-2022-2309, CVE-2022-38533, CVE-2022-40303, CVE-2022-40304, CVE-2022-41916, CVE-2022-45061. |
Ubuntu 20.04 packages | 5.4.0-132 | 5.4.0-135 | Worker node kernel & package updates for CVE-2022-2309, CVE-2022-38533, CVE-2022-40303, CVE-2022-40304, CVE-2022-41916. |
Kubernetes | 1.24.8 | 1.24.9 | For more information, see the change log. |
Change log for master fix pack 1.24.9_1547, released 14 December 2022
The following table shows the changes that are in the master fix pack 1.24.9_1547. Master patch updates are applied automatically.
Component | Previous | Current | Description |
---|---|---|---|
Cluster health image | v1.3.13 | v1.3.14 | Updated Go dependencies. Exclude ingress status from cluster status aggregation. |
etcd | v3.5.5 | v3.5.6 | See the etcd release notes. |
GPU device plug-in and installer | cce0cfa | 03fd318 | Update GPU images with Go version 1.19.2 to resolve vulnerabilities |
IBM Calico extension | 1213 | 1257 | Updated universal base image (UBI) to resolve: CVE-2022-1304, CVE-2016-3709, CVE-2022-42898. |
IBM Cloud Block Storage driver and plug-in | v2.3.3 | v2.3.4 | Updated universal base image (UBI) to resolve CVEs. Updated Go to version 1.18.6 |
IBM Cloud Controller Manager | v1.24.7-10 | v1.24.8-3 | Updated to support the Kubernetes 1.24.8 release. Enable mixed protocol for LoadBalancer Service. |
IBM Cloud File Storage for Classic plug-in and monitor | 420 | 421 | Updated universal base image (UBI) to resolve CVE-2022-42898. Updated Go to version 1.18.8 |
Key Management Service provider | v2.5.11 | v2.5.12 | Updated Go dependencies. |
Kubernetes | v1.24.8 | v1.24.9 | See the Kubernetes release notes. |
Load balancer and load balancer monitor for IBM Cloud Provider | 2110 | 2325 | Update Go to version 1.19.1 and update dependencies. |
Change log for worker node fix pack 1.24.8_1546, released 05 December 2022
The following table shows the changes that are in the worker node fix pack 1.24.8_1546. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Component | Previous | Current | Description |
---|---|---|---|
Containerd | 1.6.8 | 1.6.10 | See the 1.6.10 change log and the 1.6.9 change log. |
Ubuntu 18.04 packages | N/A | N/A | Worker node package updates for CVE-2013-4235, CVE-2022-3239, CVE-2022-3524, CVE-2022-3564, CVE-2022-3565, CVE-2022-3566, CVE-2022-3567, CVE-2022-3594, CVE-2022-3621, CVE-2022-42703. |
Kubernetes | N/A | N/A | N/A |
HAProxy | c619f4 | 508bf6 | CVE-2016-3709, CVE-2022-42898, CVE-2022-1304. |
CUDA | fd4353 | 0ab756 | CVE-2022-42898. |
Change log for worker node fix pack 1.24.8_1545, released 21 November 2022
The following table shows the changes that are in the worker node fix pack 1.24.8_1545. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Component | Previous | Current | Description |
---|---|---|---|
Ubuntu 18.04 packages | 4.15.0-194 | 4.15.0-197 | Worker node kernel & package updates for CVE-2018-16860, CVE-2019-12098, CVE-2020-16156, CVE-2021-3671, CVE-2021-43618, CVE-2022-2978, CVE-2022-3028, CVE-2022-3116, CVE-2022-32221, CVE-2022-3515, CVE-2022-35737, CVE-2022-39253, CVE-2022-39260, CVE-2022-40284, CVE-2022-40674, CVE-2022-40768, CVE-2022-41974, CVE-2022-42010, CVE-2022-42011, CVE-2022-42012. |
Kubernetes | 1.24.7 | 1.24.8 | For more information, see the change log. |
CUDA | 576234 | cce0cf | CVE-2022-3515, CVE-2022-2509, CVE-2022-37434, CVE-2020-35525, CVE-2020-35527. |
Change log for master fix pack 1.24.8_1544, released 16 November 2022
The following table shows the changes that are in the master fix pack 1.24.8_1544. Master patch updates are applied automatically.
Component | Previous | Current | Description |
---|---|---|---|
Calico | v3.23.3 | v3.24.5 | See the Calico release notes. |
Cluster health image | v1.3.12 | v1.3.13 | Updated Go dependencies, golangci-lint , gosec , and to Go version 1.19.3. Updated base image version to 116. |
etcd | v3.5.4 | v3.5.5 | See the etcd release notes. |
Gateway-enabled cluster controller | 1823 | 1902 | Go module updates. |
GPU device plug-in and installer | 373bb9f | cce0cfa | Updated the GPU driver 470 minor version |
IBM Calico extension | 1096 | 1213 | Updated image to fix the following CVEs: CVE-2020-35525, CVE-2020-35527, CVE-2022-3515, CVE-2022-37434, CVE-2022-2509, CVE-2022-32149. |
IBM Cloud Block Storage driver and plug-in | v2.3.1 | v2.3.3 | Updated universal base image (UBI) to version 8.7-923 to resolve CVEs. |
IBM Cloud Controller Manager | v1.24.7-1 | v1.24.7-10 | Key rotation and updated Go dependencies. |
IBM Cloud File Storage for Classic plug-in and monitor | 416 | 420 | Updated universal base image (UBI) to version 8.7-923 to resolve CVEs. |
Key Management Service provider | v2.5.10 | v2.5.11 | Updated Go dependencies and to Go version 1.19.3 . |
Kubernetes | v1.24.7 | v1.24.8 | CVE-2022-3294 and CVE-2022-3162. For more information, see IBM Cloud Kubernetes Service is affected by Kubernetes API server security vulnerabilities CVE-2022-3294 and CVE-2022-3162. See the Kubernetes release notes. |
Change log for worker node fix pack 1.24.7_1543, released 07 November 2022
The following table shows the changes that are in the worker node fix pack 1.24.7_1543. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Component | Previous | Current | Description |
---|---|---|---|
Ubuntu 18.04 packages | N/A | N/A | Worker node package updates for CVE-2022-32221, CVE-2022-40284, CVE-2022-42010, CVE-2022-42011, CVE-2022-42012. |
Kubernetes | 1.24.6 | 1.24.7 | For more information, see the change log. |
HAProxy | b034b2 | 3a1392 | CVE-2022-37434, CVE-2022-37434, CVE-2020-35525, CVE-2020-35527, CVE-2022-3515, CVE-2022-2509. |
CUDA | 3ea43b | 576234 | CVE-2022-3515, CVE-2022-2509, CVE-2022-37434, CVE-2020-35525, CVE-2020-35527. |
Change log for master fix pack 1.24.7_1542, released 27 October 2022
The following table shows the changes that are in the master fix pack 1.24.7_1542. Master patch updates are applied automatically.
Component | Previous | Current | Description |
---|---|---|---|
Cluster health image | v1.3.11 | v1.3.12 | Updated Go dependencies, golangci-lint, and to Go version 1.19.2. Updated base image version to 109. Excluded ingress status from cluster status calculation. |
IBM Cloud Controller Manager | v1.24.5-1 | v1.24.7-1 | Updated to support the Kubernetes 1.24.7 release. |
IBM Cloud RBAC Operator | dc1725a | 778ef2b | Updated to Go version 1.18.6 . |
Key Management Service provider | v2.5.9 | v2.5.10 | Updated Go dependencies and to Go version 1.19.2 . |
Kubernetes | v1.24.6 | v1.24.7 | See the Kubernetes release notes. |
Konnectivity agent and server | v0.0.32_363_iks | v0.0.33_418_iks | Updated Konnectivity to version v0.0.33 and added s390x functionality. See the Konnectivity release notes. |
Change log for worker node fix pack 1.24.6_1541, released 25 October 2022
The following table shows the changes that are in the worker node fix pack 1.24.6_1541. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Component | Previous | Current | Description |
---|---|---|---|
Ubuntu 18.04 packages | 4.15.0-193 | 4.15.0-194 | Worker node kernel & package updates for CVE-2018-16860, CVE-2019-12098, CVE-2020-16156, CVE-2021-3671, CVE-2021-43618, CVE-2022-3116, CVE-2022-3515, CVE-2022-39253, CVE-2022-39260. |
Kubernetes | N/A | N/A | N/A |
Change log for worker node fix pack 1.24.6_1540, released 10 October 2022
The following table shows the changes that are in the worker node fix pack 1.24.6_1540. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Component | Previous | Current | Description |
---|---|---|---|
Ubuntu 18.04 packages | N/A | N/A | N/A |
Kubernetes | N/A | N/A | N/A |
Change log for master fix pack 1.24.6_1538, released 26 September 2022
The following table shows the changes that are in the master fix pack 1.24.6_1538. Master patch updates are applied automatically.
Component | Previous | Current | Description |
---|---|---|---|
Cluster health image | v1.3.10 | v1.3.11 | Updated Go dependencies and to Go version 1.18.6 . |
GPU device plug-in and installer | c58c299 | 373bb9f | Updated to Go version 1.19.1 . |
IBM Calico extension | 1006 | 1096 | Updated image for CVE-2022-2526. |
IBM Cloud Block Storage driver and plug-in | v2.2.9 | v2.3.1 | Updated to Go version 1.18.6 . Updated universal base image (UBI) to version 8.6-941 to resolve CVEs. |
IBM Cloud Controller Manager | v1.24.4-1 | v1.24.5-1 | Updated Go dependencies and to use Go version 1.18.6 . Updated to support the Kubernetes 1.24.5 release. |
IBM Cloud File Storage for Classic plug-in and monitor | 414 | 416 | Updated to Go version 1.18.6 . Updated universal base image (UBI) to version 8.6-941 to resolve CVEs. |
Key Management Service Provider | v2.5.8 | v2.5.9 | Updated Go dependencies and to Go version 1.18.6 . |
Kubernetes | v1.24.4 | v1.24.6 | This update resolves CVE-2022-3172. For more information, see the IBM security bulletin. See the Kubernetes release notes. |
Kubernetes NodeLocal DNS cache | 1.22.6 | 1.22.11 | See the Kubernetes NodeLocal DNS cache release notes. |
Change log for worker node fix pack 1.24.6_1539, released 26 September 2022
The following table shows the changes that are in the worker node fix pack 1.24.6_1539. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Component | Previous | Current | Description |
---|---|---|---|
Ubuntu 18.04 packages | 4.15.0-192 | 4.15.0-193 | Worker node kernel & package updates for CVE-2020-35525, CVE-2021-33655, CVE-2021-33656, CVE-2022-0943, CVE-2022-1154, CVE-2022-1616, CVE-2022-1619, CVE-2022-1620, CVE-2022-1621, CVE-2022-2526, CVE-2022-2795, CVE-2022-35252, CVE-2022-36946, CVE-2022-38177, CVE-2022-38178. |
Kubernetes | 1.24.4 | 1.24.6 | For more information, see the change log. |
Change log for worker node fix pack 1.24.4_1537, released 12 September 2022
The following table shows the changes that are in the worker node fix pack 1.24.4_1537. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Component | Previous | Current | Description |
---|---|---|---|
Ubuntu 18.04 packages | 4.15.0-191 | 4.15.0-192 | Worker node kernel & package updates for CVE-2021-33656, CVE-2022-35252. |
Kubernetes | N/A | N/A | N/A |
Change log for master fix pack 1.24.4_1536, released 1 September 2022
The following table shows the changes that are in the master fix pack 1.24.4_1536. Master patch updates are applied automatically.
Component | Previous | Current | Description |
---|---|---|---|
Cluster health image | v1.3.9 | v1.3.10 | Updated Go dependencies and to Go version 1.18.5 . |
Gateway-enabled cluster controller | 1792 | 1823 | Updated to Go version 1.17.13 . |
GPU device plug-in and installer | d8f1be0 | c58c299 | Enable DRM module and update Go to version 1.18.5 . |
IBM Calico extension | 997 | 1006 | Updated to Go version 1.17.13 . |
IBM Cloud Block Storage driver and plug-in | v2.2.8 | v2.2.9 | Updated to Go version 1.18.5 . |
IBM Cloud Controller Manager | v1.24.2-8 | v1.24.4-1 | Updated vpcctl binary to version 3367 . Updated to support the Kubernetes 1.24.4 release. |
IBM Cloud File Storage for Classic plug-in and monitor | 412 | 414 | Updated to Go version 1.18.5 . Updated universal base image (UBI) to version 8.6-902 to resolve CVEs. |
IBM Cloud RBAC Operator | 0a187a4 | dc1725a | Updated Go dependencies and to Go version 1.18.3 . |
Key Management Service provider | v2.5.7 | v2.5.8 | Updated Go dependencies. |
Konnectivity agent and server | v0.0.30_331_iks | v0.0.32_363_iks | Updated to Go version 1.17.13 and to Konnectivity version v0.0.32 . |
Kubernetes | v1.24.3 | v1.24.4 | See the Kubernetes release notes. |
Kubernetes Dashboard | v2.5.0 | v2.6.1 | See the Kubernetes Dashboard release notes. |
Kubernetes Dashboard metrics scraper | v1.0.7 | v1.0.8 | See the Kubernetes Dashboard metrics scraper release notes. |
Kubernetes NodeLocal DNS cache | 1.22.5 | 1.22.6 | See the Kubernetes NodeLocal DNS cache release notes. |
Load balancer and load balancer monitor for IBM Cloud Provider | 2058 | 2110 | Updated Go dependencies and to Go version 1.17.13 . |
Portieris admission controller | v0.12.5 | v0.12.6 | See the Portieris admission controller release notes. |
Change log for worker node fix pack 1.24.4_1535, released 29 August 2022
The following table shows the changes that are in the worker node fix pack 1.24.4_1535. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Component | Previous | Current | Description |
---|---|---|---|
Ubuntu 18.04 packages | N/A | N/A | Worker node kernel & package updates for CVE-2019-5815, CVE-2021-30560, CVE-2022-31676, CVE-2022-37434. |
Kubernetes | 1.24.3 | 1.24.4 | For more information, see the change log. |
HAProxy | 6514a2 | c1634f | CVE-2022-32206, CVE-2022-32208 |
Change log for worker node fix pack 1.24.3_1533, released 16 August 2022
The following table shows the changes that are in the worker node fix pack 1.24.3_1533. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Component | Previous | Current | Description |
---|---|---|---|
Ubuntu 18.04 packages | 4.15.0-189 | 4.15.0-191 | Worker node kernel & package updates for CVE-2016-3709, CVE-2021-4209, CVE-2022-1652, CVE-2022-1679, CVE-2022-1734, CVE-2022-2509, CVE-2022-2586, CVE-2022-2588, CVE-2022-34918. |
Kubernetes | N/A | N/A | N/A |
containerd | 1.6.6 | 1.6.8 | For more information, see the change log. |
Change log for worker node fix pack 1.24.3_1532, released 01 August 2022
The following table shows the changes that are in the worker node fix pack 1.24.3_1532. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Component | Previous | Current | Description |
---|---|---|---|
Ubuntu 18.04 packages | N/A | N/A | Worker node kernel & package updates for CVE-2022-27404, CVE-2022-27405, CVE-2022-27406, CVE-2022-29217, CVE-2022-31782. |
Kubernetes | 1.24.2 | 1.24.3 | For more information, see the change log. |
Change log for master fix pack 1.24.3_1531, released 26 July 2022
The following table shows the changes that are in the master fix pack 1.24.3_1531. Master patch updates are applied automatically.
Component | Previous | Current | Description |
---|---|---|---|
Calico | v3.23.1 | v3.23.3 | See the Calico release notes. Updated the Calico custom resource definitions to include preserveUnknownFields: false . |
Cluster health image | v1.3.8 | v1.3.9 | Updated Go dependencies and to use Go version 1.18.4 . Fixed minor typographical error in the add-on daemonset not available health status. |
Gateway-enabled cluster controller | 1680 | 1792 | Updated to use Go version 1.17.11 . Updated image for CVE-2022-2097 and CVE-2022-29458. |
GPU device plug-in and installer | 2b0b6d1 | d8f1be0 | Updated Go dependencies and to use Go version 1.18.3 . |
IBM Calico extension | 980 | 997 | Updated to use Go version 1.17.11 . Updated universal base image (UBI) to version 8.6-854 to resolve CVEs. |
IBM Cloud Block Storage driver and plug-in | v2.2.6 | v2.2.8 | Updated to use Go version 1.18.3 . Updated universal base image (UBI) to version 8.6-854 to resolve CVEs. |
IBM Cloud Controller Manager | v1.24.1-7 | v1.24.2-8 | Updated Go dependencies and to use Go version 1.18.3 . Updated to support the Kubernetes 1.24.2 release. Disabling load balancer NodePort allocation is now prevented for VPC load balancers. |
IBM Cloud File Storage for Classic plug-in and monitor | 410 | 412 | Updated to use Go version 1.18.3 . Updated universal base image (UBI) to version 8.6-854 to resolve CVEs. Improved Kubernetes resource watch configuration. |
IBM Cloud RBAC Operator | 8c96932 | 0a187a4 | Updated universal base image (UBI) to resolve CVEs. |
Key Management Service provider | v2.5.6 | v2.5.7 | Updated Go dependencies and to use Go version 1.18.4 . |
Kubernetes | v1.24.2 | v1.24.3 | See the Kubernetes release notes. |
Kubernetes NodeLocal DNS cache | 1.22.2 | 1.22.5 | See the Kubernetes NodeLocal DNS cache release notes. |
Load balancer and load balancer monitor for IBM Cloud Provider | 1998 | 2058 | Updated image for CVE-2022-2097. |
Portieris admission controller | v0.12.4 | v0.12.5 | See the Portieris admission controller release notes. |
Change log for worker node fix pack 1.24.2_1529, released 18 July 2022
The following table shows the changes that are in the worker node fix pack 1.24.2_1529. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Component | Previous | Current | Description |
---|---|---|---|
Ubuntu 18.04 packages | 4.15.0-188 | 4.15.0-189 | Worker node kernel & package updates for CVE-2015-20107, CVE-2022-2097, CVE-2022-22747, CVE-2022-24765, CVE-2022-29187, CVE-2022-34480, CVE-2022-34903. |
Kubernetes | N/A | N/A | N/A |
Change log for worker node fix pack 1.24.2_1527, released 05 July 2022
The following table shows the changes that are in the worker node fix pack 1.24.2_1527. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Component | Previous | Current | Description |
---|---|---|---|
Ubuntu 18.04 packages | 4.15.0-187 | 4.15.0-188 | Worker node kernel & package updates for CVE-2022-1292, CVE-2022-2068, CVE-2022-2084, CVE-2022-28388, CVE-2022-32206, CVE-2022-32208. |
Kubernetes | N/A | N/A | N/A |
Change log for master fix pack 1.24.2_1526, released 22 June 2022
The following table shows the changes that are in the master fix pack 1.24.2_1526. Master patch updates are applied automatically.
Component | Previous | Current | Description |
---|---|---|---|
IBM Cloud Block Storage driver and plug-in | v2.2.4 | v2.2.6 | Bug fixes for the driver installation. Block plugin base images were updated to ubi : 8.6-751.1655117800 for CVE-2022-1271 |
Kubernetes | v1.24.1 | v1.24.2 | See the Kubernetes release notes. |
Kubernetes add-on resizer | 1.8.14 | 1.8.15 | See the Kubernetes add-on resizer release notes. |
Change log for worker node fix pack 1.24.2_1526, released 20 June 2022
The following table shows the changes that are in the worker node fix pack 1.24.2_1526. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
Component | Previous | Current | Description |
---|---|---|---|
Ubuntu 18.04 packages | 4.15.0-180 | 4.15.0-187 | Worker node kernel & package updates for CVE-2021-46790, CVE-2022-1304, CVE-2022-1419, CVE-2022-1966, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2022-21499, CVE-2022-28390, CVE-2022-30783, CVE-2022-30784, CVE-2022-30785, CVE-2022-30786, CVE-2022-30787, CVE-2022-30788, CVE-2022-30789. |
HAProxy | 468c09 | 04f862 | CVE-2022-1271. |
containerd | v1.6.4 | v1.6.6 | See the change log, the security bulletin for CVE-2022-31030, and the security bulletin for CVE-2022-29162. |
Kubernetes | 1.24.1 | 1.24.2 | For more information, see the change log. |
Change log for master fix pack 1.24.1_1523 and worker node fix pack 1.24.1_1522, released 9 June 2022
Component | Previous | Current | Description |
---|---|---|---|
Calico | v3.21.5 | v3.23.1 | See the Calico release notes. The default BGP configuration found in the default BGP Configuration resource has been updated to set nodeMeshMaxRestartTime to 30m . This default change is only applied if the cluster does not have a custom BGP configuration.
The previous default value was 120s . |
CoreDNS | 1.8.7 | 1.9.2 | See the CoreDNS release notes. |
etcd | v3.4.18 | v3.5.4 | See the etcd release notes. |
GPU device plug-in and installer | 382ada9 | 2b0b6d1 | Updated image for CVE-2018-25032, CVE-2021-3634, CVE-2021-3737 and CVE-2021-4189. |
IBM Cloud® Block Storage for Classic driver and plug-in | None | v2.2.5 | The IBM Cloud® Block Storage for Classic driver and plug-in component is now installed on clusters running classic infrastructure. |
IBM Cloud Controller Manager | v1.23.7-4 | v1.24.1-4 | Updated to support the Kubernetes 1.24.1 release and Go version 1.18.2 . Disabling load balancer NodePort allocation is not supported for VPC load balancers. |
Kubernetes | v1.23.7 | v1.24.1 | See the Kubernetes release notes. |
Kubernetes configuration | N/A | N/A | Updated the feature gate configuration. |
Kubernetes CSI snapshotter CRDs | v4.2.1 | v5.0.1 | See the Kubernetes container storage interface (CSI) snapshotter release notes. |
Kubernetes Dashboard | v2.4.0 | v2.5.0 | See the Kubernetes Dashboard release notes. |
Kubernetes DNS autoscaler | 1.8.4 | 1.8.5 | See the Kubernetes DNS autoscaler release notes. |
Kubernetes Metrics Server | v0.6.0 | v0.6.0 | Updated to run with a highly available configuration. For more information on this configuration, see the Kubernetes Metrics Server release notes. |
Kubernetes NodeLocal DNS cache | 1.21.4 | 1.22.2 | See the Kubernetes NodeLocal DNS cache release notes. |
Pause container image | 3.6 | 3.7 | See the pause container image release notes. |