IBM Cloud Docs
Kubernetes version 1.26 change log

Kubernetes version 1.26 change log

This version is no longer supported. Update your cluster to a supported version as soon as possible.

Overview

In clusters that run version 1.23 or earlier, the IBM Cloud provider version enables Kubernetes APIs and features that are at beta. Most new beta features are disabled by default. Kubernetes alpha features, which are subject to change, are disabled in all versions. For more information, see the Default service settings for Kubernetes components and the feature gates for each version.

For more information about major, minor, and patch versions and preparation actions between minor versions, see Kubernetes versions.

Check the Security Bulletins on IBM Cloud Status for security vulnerabilities that affect IBM Cloud Kubernetes Service. You can filter the results to view only Kubernetes Cluster security bulletins that are relevant to IBM Cloud Kubernetes Service. Change log entries that address other security vulnerabilities but don't also refer to an IBM security bulletin are for vulnerabilities that are not known to affect IBM Cloud Kubernetes Service in normal usage. If you run privileged containers, run commands on the workers, or execute untrusted code, then you might be at risk.

Some change logs are for worker node fix packs, and apply only to worker nodes. You must apply these patches to ensure security compliance for your worker nodes. These worker node fix packs can be at a higher version than the master because some build fix packs are specific to worker nodes. Other change logs are for master fix packs, and apply only to the cluster master. Master fix packs might not be automatically applied. You can choose to apply them manually. For more information about patch types, see Update types.

Version 1.26 change log

Review the version 1.26 change log.

Change log for worker node fix pack 1.26.15_1584, released 23 May 2024

The following table shows the changes that are in the worker node fix pack 1.26.15_1584. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.26.15_1583
Component Previous Current Description
Ubuntu 20.04 packages 5.4.0-177-generic 5.4.0-182-generic Worker node package and kernel updates CVE-2016-9840, CVE-2016-9841, CVE-2018-25032, CVE-2022-37434, CVE-2023-23000, CVE-2023-23004, CVE-2023-24023, CVE-2023-4421, CVE-2023-46838, CVE-2023-52600, CVE-2023-52603, CVE-2023-5388, CVE-2023-6135, CVE-2024-0607, CVE-2024-1086, CVE-2024-23851, CVE-2024-24855, CVE-2024-26581, CVE-2024-26589, CVE-2024-28085, CVE-2024-28834, CVE-2024-2961, CIS benchmark compliance: 4.5.1.6, 4.5.1.7, 4.5.7.
Kubernetes 1.26.15 1.26.15 N/A
Containerd 1.7.16 1.7.17 For more information, see the change logs.
HAProxy d225100 4e826da CVE-2024-2961, CVE-2024-28834.

Change log for worker node fix pack 1.26.15_1583, released 06 May 2024

The following table shows the changes that are in the worker node fix pack 1.26.15_1583. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.26.15_1582
Component Previous Current Description
Ubuntu 20.04 packages 5.4.0-177-generic 5.4.0-177-generic Worker node package updates for CVE-2015-1197, CVE-2023-7207, CVE-2024-28182, CVE-2024-32487. CIS benchmark compliance: 1.1.2.1, 1.1.2.2, 1.1.2.3, and 1.1.2.4.
Kubernetes 1.26.15 1.26.15 N/A
Containerd 1.7.15 1.7.16 For more information, see the change logs.
HAProxy 295dba8 295dba8 N/A
GPU device plug-in and installer 9fad43c 806184d Security fixes for CVE-2022-48554, CVE-2023-2975, CVE-2023-3446, CVE-2023-5678, CVE-2024-22365, CVE-2023-7008, CVE-2023-3817, CVE-2023-6129, CVE-2023-6237, CVE-2024-0727.

Change log for master fix pack 1.26.15_1581, released 24 April 2024

The following table shows the changes that are in the master fix pack 1.26.15_1581. Master patch updates are applied automatically.

Changes since version 1.26.15_1578
Component Previous Current Description
Cluster health image v1.4.8 v1.4.9 New version contains updates and security fixes.
etcd v3.5.12 v3.5.13 See the etcd release notes.
GPU device plug-in and installer 71cb7f7 206b5a6 New version contains updates and security fixes.
IBM Cloud Metrics Server Config Watcher 803912f 50808cc New version contains updates and security fixes.
IBM Cloud RBAC Operator bd30030 4c5d156 New version contains updates and security fixes.
Key Management Service provider v2.8.8 v2.8.9 New version contains updates and security fixes.
Load balancer and load balancer monitor for IBM Cloud Provider 2831 2867 New version contains updates and security fixes.
Portieris admission controller v0.13.12 v0.13.13 See the Portieris admission controller release notes.

Change log for worker node fix pack 1.26.15_1582, released 22 April 2024

The following table shows the changes that are in the worker node fix pack 1.26.15_1582. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.26.15_1580
Component Previous Current Description
Ubuntu 20.04 packages 5.4.0-174-generic 5.4.0-177-generic Worker node and kernel package updates for CVE-2016-9840, CVE-2016-9841, CVE-2018-25032, CVE-2022-37434, CVE-2023-23000, CVE-2023-23004, CVE-2023-24023, CVE-2023-4421, CVE-2023-46838, CVE-2023-52600, CVE-2023-52603, CVE-2023-5388, CVE-2023-6135, CVE-2024-0607, CVE-2024-1086, CVE-2024-23851, CVE-2024-24855, CVE-2024-26581, CVE-2024-26589, CVE-2024-28085, CVE-2024-28834, CVE-2024-2961.
Kubernetes 1.26.15 1.26.15 N/A
Containerd 1.7.13 1.7.15 For more information, see the change logs.
HAProxy 295dba8 4e826da Security fixes for CVE-2024-28834.
GPU device plug-in and installer 206b5a6 9fad43c1 Security fixes for CVE-2024-1488, CVE-2024-28834, CVE-2024-28835.

Change log for worker node fix pack 1.26.15_1580, released 8 April 2024

The following table shows the changes that are in the worker node fix pack 1.26.15_1580. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.26.15_1579
Component Previous Current Description
Ubuntu 20.04 packages 5.4.0-174-generic 5.4.0-174-generic Worker node package updates for CVE-2024-2398, CVE-2024-28085.
Kubernetes 1.26.15 1.26.15 N/A
Containerd 1.7.14 1.7.13 Reverted due to a bug.
HAProxy 512b32a 295dba8 Security fixes for CVE-2023-28322, CVE-2023-38546, CVE-2023-46218, CVE-2023-52425
GPU device plug-in and installer 5b69345 206b5a6 Security fixes for CVE-2023-28322, CVE-2023-38546, CVE-2023-46218, CVE-2023-52425

Change log for master fix pack 1.26.15_1578, released 27 March 2024

The following table shows the changes that are in the master fix pack 1.26.15_1578. Master patch updates are applied automatically.

Changes since version 1.26.14_1575
Component Previous Current Description
Cluster health image v1.4.7 v1.4.8 New version contains updates and security fixes.
Gateway-enabled cluster controller 2415 2502 New version contains updates and security fixes.
IBM Calico extension 1534 1537 New version contains security fixes.
IBM Cloud Block Storage driver and plug-in v2.4.18 v2.4.19 New version contains updates and security fixes.
IBM Cloud File Storage for Classic plug-in and monitor 441 442 New version contains updates and security fixes.
IBM Cloud Metrics Server Config Watcher 90a78ef 803912f New version contains updates and security fixes.
Key Management Service provider v2.8.7 v2.8.8 New version contains updates and security fixes.
Kubernetes v1.26.14 v1.26.15 See the Kubernetes release notes.
Kubernetes NodeLocal DNS cache 1.22.28 1.23.0 See the Kubernetes NodeLocal DNS cache release notes.
Load balancer and load balancer monitor for IBM Cloud Provider 2807 2831 New version contains updates and security fixes.
Portieris admission controller v0.13.11 v0.13.12 See the Portieris admission controller release notes.

Change log for worker node fix pack 1.26.15_1579, released 25 March 2024

The following table shows the changes that are in the worker node fix pack 1.26.15_1579. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.26.14_1577
Component Previous Current Description
Ubuntu 20.04 packages 5.4.0-173-generic 5.4.0-174-generic Worker node kernel and package updates for CVE-2012-6655, CVE-2023-23000, CVE-2023-23004, CVE-2024-1086, CVE-2024-22667, CVE-2024-24855.
Kubernetes 1.26.14 1.26.15 For more information, see the change logs.
Containerd 1.7.14 1.7.14 N/A
HAProxy 512b32 512b32 N/A

Change log for worker node fix pack 1.26.14_1577, released 13 March 2024

The following table shows the changes that are in the worker node fix pack 1.26.14_1577. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.26.14_1576
Component Previous Current Description
Ubuntu 20.04 packages 5.4.0-172-generic 5.4.0-173-generic Worker node kernel and package updates for CVE-2022-47695, CVE-2022-48063, CVE-2022-48065, CVE-2022-48624, CVE-2023-0340, CVE-2023-22995, CVE-2023-50782, CVE-2023-51779, CVE-2023-51781, CVE-2023-51782, CVE-2023-6915, CVE-2024-0565, CVE-2024-0646, CVE-2024-24806, CVE-2024-25062.
Kubernetes 1.26.14 1.26.14 N/A
HAProxy 9b0400 512b32 N/A
Containerd 1.7.13 1.7.14 For more information, see the change logs.

Change log for master fix pack 1.26.14_1575, released 28 February 2024

The following table shows the changes that are in the master fix pack 1.26.14_1575. Master patch updates are applied automatically.

Changes since version 1.26.13_1569
Component Previous Current Description
Cluster health image v1.4.6 v1.4.7 New version contains updates and security fixes.
etcd v3.5.11 v3.5.12 See the etcd release notes.
GPU device plug-in and installer 6273cd0 d992fea New version contains updates and security fixes.
IBM Calico extension 1525 1534 New version contains security fixes.
IBM Cloud Block Storage driver and plug-in v2.4.14 v2.4.18 New version contains updates and security fixes.
IBM Cloud Controller Manager v1.26.13-3 v1.26.13-8 New version contains updates and security fixes.
IBM Cloud File Storage for Classic plug-in and monitor 439 441 New version contains updates and security fixes.
IBM Cloud RBAC Operator 7185ea1 bd30030 New version contains updates and security fixes.
Key Management Service provider v2.8.6 v2.8.7 New version contains updates and security fixes.
Kubernetes v1.26.13 v1.26.14 See the Kubernetes release notes.
Load balancer and load balancer monitor for IBM Cloud Provider 2789 2807 New version contains updates and security fixes.

Change log for worker node fix pack 1.26.14_1576, released 26 February 2024

The following table shows the changes that are in the worker node fix pack 1.26.14_1576. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.26.13_1571
Component Previous Current Description
Ubuntu 20.04 packages 5.4.0-171-generic 5.4.0-172-generic Worker node kernel and package updates for CVE-2023-4408, CVE-2023-4641, CVE-2023-50387, CVE-2023-50868, CVE-2023-51781, CVE-2023-5517, CVE-2023-6516, CVE-2023-6915, CVE-2024-0565, CVE-2024-0646.
Containerd 1.7.13 1.7.13 N/A

Change log for worker node fix pack 1.26.13_1571, released 12 February 2024

The following table shows the changes that are in the worker node fix pack 1.26.13_1571. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.26.13_1570
Component Previous Current Description
Ubuntu 20.04 packages 5.4.0-170-generic 5.4.0-171-generic Worker node kernel and package updates for CVE-2023-2953, CVE-2023-45863, CVE-2023-5678, CVE-2023-6040, CVE-2023-6606, CVE-2023-6931, CVE-2023-6932, CVE-2024-0727.
Kubernetes N/A N/A N/A
Containerd 1.7.12 1.7.13 For more information, see change log and security bulletin for CVE-2024-21626.
HAProxy a13673 9b0400 Security fixes for CVE-2024-0553, CVE-2023-48795, CVE-2021-35937, CVE-2021-35938, CVE-2021-35939.

Change log for master fix pack 1.26.13_1569, released 31 January 2024

The following table shows the changes that are in the master fix pack 1.26.13_1569. Master patch updates are applied automatically.

Changes since version 1.26.11_1564
Component Previous Current Description
Calico v3.26.3 v3.26.4 See the Calico release notes.
Cluster health image v1.4.5 v1.4.6 New version contains security fixes.
etcd v3.5.10 v3.5.11 See the etcd release notes.
GPU device plug-in and installer 0e3950c 6273cd0 New version contains security fixes.
IBM Calico extension 1487 1525 New version contains security fixes.
IBM Cloud Controller Manager v1.26.11-6 v1.26.13-3 New version contains updates and security fixes.
IBM Cloud Metrics Server Config Watcher 58e69e0 90a78ef New version contains updates and security fixes.
IBM Cloud RBAC Operator e544e35 7185ea1 New version contains updates and security fixes.
Key Management Service provider v2.8.5 v2.8.6 New version contains updates and security fixes.
Kubernetes v1.26.11 v1.26.13 See the Kubernetes release notes.
Kubernetes NodeLocal DNS cache 1.22.27 1.22.28 See the Kubernetes NodeLocal DNS cache release notes.
Load balancer and load balancer monitor for IBM Cloud Provider 2767 2789 New version contains updates and security fixes.
Portieris admission controller v0.13.10 v0.13.11 See the Portieris admission controller release notes.

Change log for worker node fix pack 1.26.13_1570, released 29 January 2024

The following table shows the changes that are in the worker node fix pack 1.26.13_1570. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.26.11_1568
Component Previous Current Description
Ubuntu 20.04 packages 5.4.0-169-generic 5.4.0-170-generic Worker node package and kernel updates for CVE-2020-28493, CVE-2022-44840, CVE-2022-45703, CVE-2022-47007, CVE-2022-47008, CVE-2022-47010, CVE-2022-47011, CVE-2023-6004, CVE-2023-6040, CVE-2023-6606, CVE-2023-6918, CVE-2023-6931, CVE-2023-6932, CVE-2024-0553, CVE-2024-22195, CVE-2024-22365.
Kubernetes 1.26.11 1.26.13 For more information, see change logs.
Containerd 1.7.12 1.7.12 N/A
HAProxy e105dc a13673 Security fixes for CVE-2023-7104, CVE-2023-27043.

Change log for worker node fix pack 1.26.11_1568, released 16 January 2024

The following table shows the changes that are in the worker node fix pack 1.26.11_1568. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.26.11_1567
Component Previous Current Description
Ubuntu 20.04 packages 5.4.0-169-generic 5.4.0-169-generic Worker node package updates for CVE-2021-41617, CVE-2022-39348, CVE-2023-46137, CVE-2023-51385, CVE-2023-7104.
Kubernetes 1.26.11 1.26.11 N/A
Containerd 1.7.11 1.7.12 For more information, see the change logs.
Haproxy 3060b0 e105dc CVE-2023-39615, CVE-2023-5981, CVE-2022-48560, CVE-2022-48564.

Change log for worker node fix pack 1.26.11_1567, released 02 January 2024

The following table shows the changes that are in the worker node fix pack 1.26.11_1567. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.26.11_1566
Component Previous Current Description
Ubuntu 20.04 packages 5.4.0-169-generic 5.4.0-169-generic Worker node package updates for CVE-2023-48795.
Kubernetes 1.26.11 1.26.11 N/A
Containerd 1.7.11 1.7.11 N/A

Change log for worker node fix pack 1.26.11_1566, released 18 December 2023

The following table shows the changes that are in the worker node fix pack 1.26.11_1566. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.26.11_1565
Component Previous Current Description
Ubuntu 20.04 packages 5.4.0-167-generic 5.4.0-169-generic Worker node kernel & package updates for CVE-2020-19726, CVE-2021-46174, CVE-2022-1725, CVE-2022-1771, CVE-2022-1897, CVE-2022-2000, CVE-2022-35205, CVE-2023-23931, CVE-2023-31085, CVE-2023-37453, CVE-2023-39192, CVE-2023-39193, CVE-2023-39804, CVE-2023-42754, CVE-2023-45539, CVE-2023-45871, CVE-2023-46218, CVE-2023-46246, CVE-2023-4806, CVE-2023-4813, CVE-2023-48231, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-5178, CVE-2023-5717.
Kubernetes N/A N/A N/A
Containerd 1.7.10 1.7.11 For more information, see the change logs.

Change log for master fix pack 1.26.11_1564, released 06 December 2023

The following table shows the changes that are in the master fix pack 1.26.11_1564. Master patch updates are applied automatically.

Changes since version 1.26.10_1560
Component Previous Current Description
GPU device plug-in and installer 99267c4 0e3950c New version contains updates and security fixes.
IBM Cloud Block Storage driver and plug-in v2.4.12 v2.4.14 New version contains updates and security fixes.
IBM Cloud Controller Manager v1.26.10-4 v1.26.11-6 New version contains updates and security fixes.
IBM Cloud File Storage for Classic plug-in and monitor 438 439 New version contains updates and security fixes.
IBM Cloud Metrics Server Config Watcher c33e6e7 58e69e0 New version contains updates and security fixes.
Konnectivity agent and server v0.1.5_39_iks v0.1.5_47_iks See the Konnectivity release notes.
Kubernetes v1.26.10 v1.26.11 Review the community Kubernetes release notes. Resolves CVE-2023-39325 and CVE-2023-44487. For more information, see Security Bulletin: IBM Cloud Kubernetes Service is affected by Kubernetes API server security vulnerabilities (CVE-2023-39325 and CVE-2023-44487).
Kubernetes NodeLocal DNS cache 1.22.24 1.22.27 See the Kubernetes NodeLocal DNS cache release notes.
Load balancer and Load balancer monitor for IBM Cloud Provider 2731 2767 New version contains updates and security fixes.

Change log for worker node fix pack 1.26.11_1565, released 04 December 2023

The following table shows the changes that are in the worker node fix pack 1.26.11_1565. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.26.10_1561
Component Previous Current Description
Ubuntu 20.04 packages 5.4.0-166-generic 5.4.0-167-generic Worker node kernel & package updates for CVE-2023-31085, CVE-2023-40217, CVE-2023-44487, CVE-2023-45871, CVE-2023-47038, CVE-2023-5981.
Kubernetes 1.26.10 1.26.11 For more information, see the change logs.

Change log for worker node fix pack 1.26.10_1561, released 29 November 2023

The following table shows the changes that are in the worker node fix pack 1.26.10_1561. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.26.9_1559
Component Previous Current Description
Ubuntu 20.04 packages 5.4.0-166-generic 5.4.0-166-generic Worker node package updates for CVE-2023-36054, CVE-2023-4016, CVE-2023-43804, CVE-2023-45803.
Kubernetes 1.26.9 1.26.10 For more information, see the change logs.
Containerd 1.7.8 1.7.9 For more information, see the change logs.

Change log for master fix pack 1.26.10_1560, released 15 November 2023

The following table shows the changes that are in the master fix pack 1.26.10_1560. Master patch updates are applied automatically.

Changes since version 1.26.9_1557
Component Previous Current Description
Cluster health image v1.4.4 v1.4.5 New version contains updates and security fixes.
etcd v3.5.9 v3.5.10 See the etcd release notes.
Gateway-enabled cluster controller 2366 2415 New version contains updates and security fixes.
GPU device plug-in and installer 4319682 99267c4a New version contains updates and security fixes.
IBM Cloud Controller Manager v1.26.9-8 v1.26.10-4 New version contains updates and security fixes.
IBM Cloud File Storage for Classic plug-in and monitor 435 438 New version contains updates and security fixes.
IBM Cloud Metrics Server Config Watcher a1edf56 c33e6e7 New version contains updates and security fixes.
IBM Cloud RBAC Operator f0d3265 e544e35 New version contains updates and security fixes.
Key Management Service provider v2.8.4 v2.8.5 New version contains updates and security fixes.
Konnectivity agent and server v0.1.3_5_iks v0.1.5_39_iks See the Konnectivity release notes.
Kubernetes v1.26.9 v1.26.10 See the Kubernetes release notes.
Load balancer and load balancer monitor for IBM Cloud Provider 2681 2731 New version contains updates and security fixes.
Portieris admission controller v0.13.8 v0.13.10 See the Portieris admission controller release notes.

Change log for worker node fix pack 1.26.9_1559, released 08 November 2023

The following table shows the changes that are in the worker node fix pack 1.26.9_1559. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.26.9_1558
Component Previous Current Description
Ubuntu 20.04 packages 5.4.0-165-generic 5.4.0-166-generic Worker node kernel & package updates for CVE-2023-0597, CVE-2023-31083, CVE-2023-34058, CVE-2023-34059, CVE-2023-34319, CVE-2023-3446, CVE-2023-3772, CVE-2023-3817, CVE-2023-4132, CVE-2023-42752, CVE-2023-42753, CVE-2023-42755, CVE-2023-42756, CVE-2023-4622, CVE-2023-4623, CVE-2023-4733, CVE-2023-4735, CVE-2023-4750, CVE-2023-4751, CVE-2023-4752, CVE-2023-4781, CVE-2023-4881, CVE-2023-4921, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535.
Containerd 1.7.7 1.7.8 For more information, see the change logs.

Change log for master fix pack 1.26.9_1557, released 25 October 2023

The following table shows the changes that are in the master fix pack 1.26.9_1557. Master patch updates are applied automatically.

Changes since version 1.26.8_1554
Component Previous Current Description
Calico v3.26.1 v3.26.3 See the Calico release notes.
Cluster health image v1.4.2 v1.4.4 New version contains updates and security fixes.
IBM Calico extension 1390 1487 New version contains security fixes.
IBM Cloud Block Storage driver and plug-in v2.4.10 v2.4.12 New version contains updates and security fixes.
IBM Cloud Controller Manager v1.26.8-3 v1.26.9-8 New version contains updates and security fixes. The logic for the service.kubernetes.io/ibm-load-balancer-cloud-provider-vpc-idle-connection-timeout annotation has changed. The default idle timeout is dependent on your account settings. Usually, this value is 50. However some allowlisted accounts have larger timeout settings. If you don't set the annotation, your load balancers use the timeout setting in your account. You can explicitly specify the timeout by setting this annotation.
IBM Cloud RBAC Operator 4e2f346 f0d3265 New version contains updates and security fixes.
Key Management Service provider v2.8.2 v2.8.4 New version contains updates and security fixes.
Kubernetes v1.26.8 v1.26.9 See the Kubernetes release notes.
Kubernetes NodeLocal DNS cache 1.22.23 1.22.24 See the Kubernetes NodeLocal DNS cache release notes.
Portieris admission controller v0.13.6 v0.13.8 See the Portieris admission controller release notes.

Change log for worker node fix pack 1.26.9_1558, released 23 October 2023

The following table shows the changes that are in the worker node fix pack 1.26.9_1558. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.26.8_1556
Component Previous Current Description
Ubuntu 20.04 packages 5.4.0-164-generic 5.4.0-165-generic Worker node kernel & package updates for CVE-2022-3234, CVE-2022-3256, CVE-2022-3324, CVE-2022-3352, CVE-2022-3520, CVE-2022-3591, CVE-2022-3705, CVE-2022-4292, CVE-2022-4293, CVE-2023-34319, CVE-2023-38546, CVE-2023-42752, CVE-2023-42753, CVE-2023-42755, CVE-2023-42756, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921.
Kubernetes 1.26.8 1.26.9 For more information, see the change logs.
Containerd 1.7.6 1.7.7 For more information, see the change logs.

Change log for worker node fix pack 1.26.8_1556, released 9 October 2023

The following table shows the changes that are in the worker node fix pack 1.26.8_1556. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.26.8_1555
Component Previous Current Description
Ubuntu 20.04 packages 5.4.0-163-generic 5.4.0-164-generic Worker node kernel & package updates for CVE-2021-4001, CVE-2023-1206, CVE-2023-20588, CVE-2023-3212, CVE-2023-3863, CVE-2023-40283, CVE-2023-4128, CVE-2023-4194, CVE-2023-43785, CVE-2023-43786, CVE-2023-43787.
Kubernetes N/A N/A N/A
Containerd N/A N/A N/A

Change log for worker node fix pack 1.26.8_1555, released 27 September 2023

The following table shows the changes that are in the worker node fix pack 1.26.8_1555. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.26.7_1552
Component Previous Current Description
Ubuntu 20.04 packages 5.4.0-162-generic 5.4.0-163-generic Package updates for CVE-2023-3341, CVE-2023-4156, CVE-2023-4128, CVE-2023-20588, CVE-2023-20900, CVE-2023-40283.
RHEL 8 Packages 4.18.0-477.21.1.el8_8 4.18.0-477.27.1.el8_8 Worker node kernel & package updates for CVE-2023-2002, CVE-2023-3090, CVE-2023-3390, CVE-2023-3776, CVE-2023-4004, CVE-2023-20593, CVE-2023-29491, CVE-2023-30630, CVE-2023-35001, CVE-2023-35788.

Change log for master fix pack 1.26.8_1554, released 20 September 2023

The following table shows the changes that are in the master fix pack 1.26.8_1554. Master patch updates are applied automatically.

Changes since version 1.26.7_1550
Component Previous Current Description
Calico v3.25.1 v3.26.1 See the Calico release notes.
Cluster health image v1.3.24 v1.4.2 Updated Go to version 1.20.8 and updated dependencies. Updated to new base image.
IBM Cloud Block Storage driver and plug-in v2.4.5 v2.4.10 Updated Go dependencies. Updated to newer UBI base image.
IBM Cloud Controller Manager v1.26.7-4 v1.26.8-3 Updated to support the Kubernetes 1.26.8 release. Updated Go to version 1.20.7 and updated Go dependencies.
IBM Cloud File Storage for Classic plug-in and monitor 434 435 Updated Go to version 1.20.6 and updated dependencies. Updated to newer UBI base image.
Key Management Service provider v2.7.3 v2.8.2 Updated Go dependencies. Changed to new base image.
Kubernetes v1.26.7 v1.26.8 See the Kubernetes release notes.
Load balancer and load balancer monitor for IBM Cloud Provider 2631 2681 Updated Go to version 1.19.12 and updated Go dependencies.

Change log for worker node fix pack 1.26.7_1552, released 12 September 2023

The following table shows the changes that are in the worker node fix pack 1.26.7_1552. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.26.7_1551
Component Previous Current Description
Ubuntu 20.04 packages 5.4.0-156-generic 5.4.0-162-generic Worker node kernel & package updates for CVE-2020-21047, CVE-2021-33294, CVE-2022-40982, CVE-2023-20593CVE-2023-2269, CVE-2023-31084, CVE-2023-3268, CVE-2023-3609, CVE-2023-3611, CVE-2023-3776.
Containerd 1.7.4 1.7.5 N/A

Change log for master fix pack 1.26.7_1550, released 30 August 2023

The following table shows the changes that are in the master fix pack 1.26.7_1550. Master patch updates are applied automatically.

Changes since version 1.26.7_1545
Component Previous Current Description
Cluster health image v1.3.23 v1.3.24 Updated Go to version 1.19.12 and updated dependencies. Updated base image version to 378.
Gateway-enabled cluster controller 2322 2366 Update Go dependencies to fix CVE-2023-3978.
GPU device plug-in and installer 495931a 8e87e60 Updated Go to version 1.19.11
IBM Cloud Controller Manager v1.26.7-1 v1.26.7-4 Updated Go dependencies to resolve a CVE.
IBM Cloud File Storage for Classic plug-in and monitor 433 434 Updated Go to version 1.20.6 and updated dependencies. Updated to newer UBI base image.
IBM Cloud Metrics Server Config Watcher d293d8b a1edf56 Updated Go to version 1.20.6.
Key Management Service provider v2.7.2 v2.7.3 Updated Go dependencies.
Portieris admission controller v0.13.5 v0.13.6 See the Portieris admission controller release notes.

Change log for worker node fix pack 1.26.7_1551, released 28th August 2023

The following table shows the changes that are in the worker node fix pack 1.26.7_1551. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.26.7_1547
Component Previous Current Description
Ubuntu 20.04 packages 5.4.0-155-generic 5.4.0-156-generic Worker node kernel & package updates for CVE-2022-2598, CVE-2022-3016, CVE-2022-3037, CVE-2022-3099, CVE-2023-40225.

Change log for worker node fix pack 1.26.7_1547, released 15th August 2023

The following table shows the changes that are in the worker node fix pack 1.26.7_1547. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.26.7_1546
Component Previous Current Description
Ubuntu 20.04 packages N/A N/A Package updates for CVE-2020-36691, CVE-2022-0168, CVE-2022-1184, CVE-2022-2208, CVE-2022-2210, CVE-2022-2257, CVE-2022-2264, CVE-2022-2284, CVE-2022-2285, CVE-2022-2286, CVE-2022-2287, CVE-2022-2289, CVE-2022-27672, CVE-2022-4269, CVE-2023-1611, CVE-2023-2124, CVE-2023-3090, CVE-2023-3111, CVE-2023-3141, CVE-2023-32629, CVE-2023-3390, CVE-2023-35001.
Kubernetes N/A N/A N/A
Containerd N/A N/A N/A

Change log for worker node fix pack 1.26.7_1546, released 1 August 2023

The following table shows the changes that are in the worker node fix pack 1.26.7_1546. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.26.6_1544
Component Previous Current Description
Ubuntu 18.04 packages 4.15.0-212-generic 4.15.0-214-generic Worker node kernel & package updates for CVE-2020-13987, CVE-2020-13988, CVE-2020-17437, CVE-2022-1184, CVE-2022-3303, CVE-2023-1611, CVE-2023-1670, CVE-2023-1859, CVE-2023-1990, CVE-2023-20867, CVE-2023-2124, CVE-2023-2828, CVE-2023-3090, CVE-2023-3111, CVE-2023-3141, CVE-2023-3268, CVE-2023-3390, CVE-2023-35001.
Ubuntu 20.04 packages 5.4.0-153-generic 5.4.0-155-generic Worker node kernel & package updates for CVE-2020-13987, CVE-2020-13988, CVE-2020-17437, CVE-2023-20867, CVE-2023-28321, CVE-2023-28322, CVE-2023-3090, CVE-2023-32629, CVE-2023-3390, CVE-2023-35001, CVE-2023-38408.
Kubernetes 1.26.6 1.26.7 For more information, see the change logs.
Containerd 1.6.21 1.6.22 For more information, see the change logs.

Change log for master fix pack 1.26.7_1545, released 27 July 2023

The following table shows the changes that are in the master fix pack 1.26.7_1545. Master patch updates are applied automatically.

Changes since version 1.26.6_1541
Component Previous Current Description
Cluster health image v1.3.21 v1.3.23 Updated Go to version 1.19.11 and updated Go dependencies. Updated UBI base image.
GPU device plug-in and installer 202b284 495931a Updated Go to version 1.20.6.
IBM Cloud Controller Manager v1.26.6-1 v1.26.7-1 Updated to support the Kubernetes 1.26.4 release. Updated Go dependencies and to Go version 1.20.6.
Key Management Service provider v2.6.7 v2.7.2 Updated Go to version 1.19.11 and updated Go dependencies. Updated UBI base image.
Konnectivity agent and server v0.1.2_591_iks v0.1.3_5_iks See the Konnectivity release notes.
Kubernetes NodeLocal DNS cache 1.22.21 1.22.23 See the Kubernetes NodeLocal DNS cache release notes.
Kubernetes v1.26.6 v1.26.7 See the Kubernetes release notes.
Load balancer and load balancer monitor for IBM Cloud Provider 2584 2631 Updated Go to version 1.19.10 and updated Go dependencies. Updated Alpine base image.

Change log for worker node fix pack 1.26.6_1544, released 17 July 2023

The following table shows the changes that are in the worker node fix pack 1.26.6_1544. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.26.6_1542
Component Previous Current Description
Kubernetes N/A N/A N/A
Ubuntu 18.04 packages N/A N/A Worker node package updates for CVE-2023-24626, CVE-2023-2953.
Ubuntu 20.04 packages N/A N/A N/A

Change log for worker node fix pack 1.26.6_1542, released 03 July 2023

The following table shows the changes that are in the worker node fix pack 1.26.6_1542. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.26.5_1540
Component Previous Current Description
Ubuntu 18.04 packages N/A N/A Worker node package updates for CVE-2023-2603,CVE-2023-3138
Ubuntu 20.04 packages 5.4.0-150-generic 5.4.0-153-generic Worker node kernel & package updates for CVE-2023-0461,CVE-2023-1380, CVE-2023-1670,CVE-2023-1859,CVE-2023-2612, CVE-2023-2828,CVE-2023-30456,CVE-2023-3138, CVE-2023-31436,CVE-2023-32233,CVE-2023-3297.
Kubernetes 1.26.5 1.26.6 See the Kubernetes release notes.

Change log for master fix pack 1.26.6_1541, released 27 June 2023

The following table shows the changes that are in the master fix pack 1.26.6_1541. Master patch updates are applied automatically.

Changes since version 1.26.5_1537
Component Previous Current Description
Cluster health image v1.3.20 v1.3.21 Updated Go dependencies and to Go version 1.19.10.
etcd v3.5.8 v3.5.9 See the etcd release notes.
Gateway-enabled cluster controller 2106 2322 Updated image to resolve CVE-2023-2650.
GPU device plug-in and installer 28d80a0 202b284 Updated to Go version 1.19.9
IBM Cloud Controller Manager v1.26.4-7 v1.26.6-1 Updated to support the Kubernetes 1.26.6 release. Updated Go dependencies and to Go version 1.19.10. Updated calicoctl and vpcctl.
IBM Cloud File Storage for Classic plug-in and monitor 431 433 Updated Go to version 1.20.4. Updated UBI base image.
IBM Cloud Metrics Server Config Watcher d842983 d293d8b Updated Go to version 1.20.5. Updates to build and base images.
Key Management Service provider v2.6.6 v2.6.7 Updated Go dependencies and to Go version 1.19.10.
Kubernetes v1.26.5 v1.26.6 CVE-2023-2728. For more information, see IBM Cloud Kubernetes Service is affected by a Kubernetes API server security vulnerability (CVE-2023-2728). See the Kubernetes release notes.
Load balancer and load balancer monitor for IBM Cloud Provider 2486 2584 Updated Go dependencies and to Go version 1.19.9. Updated base image.

Change log for worker node fix pack 1.26.5_1540, released 19 June 2023

The following table shows the changes that are in the worker node fix pack 1.26.5_1540. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.26.5_1539
Component Previous Current Description
Ubuntu 18.04 packages N/A N/A Worker node package updates for CVE-2020-11080,CVE-2023-24329, CVE-2023-2603,CVE-2023-2609,CVE-2023-2610, CVE-2023-32681
Ubuntu 20.04 packages 5.4.0-149-generic 5.4.0-150-generic Worker node kernel & package updates for CVE-2020-11080,CVE-2021-45078, CVE-2023-1380,CVE-2023-1667,CVE-2023-1670, CVE-2023-1859,CVE-2023-2283,CVE-2023-24329, CVE-2023-24593,CVE-2023-2602,CVE-2023-2603, CVE-2023-2609,CVE-2023-2610,CVE-2023-2612, CVE-2023-30456,CVE-2023-3138,CVE-2023-31436, CVE-2023-31484,CVE-2023-32233,CVE-2023-32643, CVE-2023-32681.
Kubernetes N/A N/A N/A

Change log for worker node fix pack 1.26.5_1539, released 5 June 2023

The following table shows the changes that are in the worker node fix pack 1.26.5_1539. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.26.5_1538
Component Previous Current Description
Ubuntu 18.04 packages 4.15.0-211-generic 4.15.0-212-generic Worker node kernel & package updates for CVE-2019-17595, CVE-2021-39537, CVE-2022-29458, CVE-2022-4304, CVE-2023-1380, CVE-2023-25584, CVE-2023-25585, CVE-2023-25588, CVE-2023-2650, CVE-2023-29491, CVE-2023-30456, CVE-2023-31436, CVE-2023-31484, CVE-2023-32233.
Ubuntu 20.04 packages 5.4.0-148-generic 5.4.0-149-generic Worker node kernel & package updates for CVE-2021-39537, CVE-2022-29458, CVE-2023-1075, CVE-2023-1118, CVE-2023-1380, CVE-2023-25584, CVE-2023-25585, CVE-2023-25588, CVE-2023-2612, CVE-2023-2650, CVE-2023-29491, CVE-2023-30456, CVE-2023-31436, CVE-2023-32233.
Kubernetes N/A N/A N/A

Change log for master fix pack 1.26.5_1537, released 23 May 2023

The following table shows the changes that are in the master fix pack 1.26.5_1537. Master patch updates are applied automatically.

Changes since version 1.26.4_1535
Component Previous Current Description
Cluster health image v1.3.19 v1.3.20 Updated Go to version 1.19.9 and updated dependencies. Updated the base image. Resolved add-on health bugs.
etcd v3.5.7 v3.5.8 See the etcd release notes.
GPU device plug-in fc4cf22 28d80a0 Updated Go to version 1.19.8
IBM Cloud Controller Manager v1.26.4-1 v1.26.4-7 Updated support of the Kubernetes 1.26.4 release. Updated Go dependencies. Key rotation.
IBM Cloud RBAC Operator 778ef2b 4e2f346 Make armada-rbac-sync FIPS compliant
Key Management Service provider v2.6.5 v2.6.6 Updated Go to version 1.19.9 and updated dependencies.
Kubernetes v1.26.4 v1.26.5 See the Kubernetes release notes.
Kubernetes DNS autoscaler 1.8.6 v1.8.8 See the Kubernetes DNS autoscaler release notes.
Kubernetes NodeLocal DNS cache 1.22.18 1.22.21 See the Kubernetes NodeLocal DNS cache release notes.
Portieris admission controller v0.13.4 v0.13.5 See the Portieris admission controller release notes.

Change log for worker node fix pack 1.26.5_1538, released 23 May 2023

The following table shows the changes that are in the worker node fix pack 1.26.5_1538. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.26.4_1536
Component Previous Current Description
Ubuntu 18.04 packages 4.15.0-210-generic 4.15.0-211-generic Worker node kernel & package updates for CVE-2021-3979, CVE-2023-1118.
Ubuntu 20.04 packages 5.4.0-139-generic 5.4.0-148-generic Worker node kernel & package updates for CVE-2023-2004.
Kubernetes 1.26.4 1.26.5 CVE-2023-2431. For more information, see IBM Cloud Kubernetes Service is affected by a kubelet security vulnerability (CVE-2023-2431). For more information, see the change logs.
Containerd 1.7.0 1.7.1 For more information, see the change log and security bulletin for CVE-2023-28642 and CVE-2023-27561.
Haproxy N\A N\A N\A

Change log for worker node fix pack 1.26.4_1536, released 9 May 2023

The following table shows the changes that are in the worker node fix pack 1.26.4_1536. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.26.4_1535
Component Previous Current Description
Ubuntu 18.04 packages 4.15.0-209-generic 4.15.0-210-generic Worker node kernel & package updates for CVE-2023-1786, CVE-2023-0464, CVE-2023-0466, CVE-2023-1829, CVE-2023-25652, CVE-2023-25815, CVE-2023-29007.
Ubuntu 20.04 packages n/a n/a Worker node kernel & package updates for CVE-2023-1786, CVE-2023-0464, CVE-2023-0466, CVE-2023-25652, CVE-2023-25815, CVE-2023-29007.
Kubernetes N/A N/A N/A

Change log for master fix pack 1.26.4_1535, released 27 April 2023

The following table shows the changes that are in the master fix pack 1.26.4_1535. Master patch updates are applied automatically.

Changes since version 1.26.3_1531
Component Previous Current Description
Calico v3.25.0 v3.25.1 See the Calico release notes.
Cluster health image v1.3.17 v1.3.19 Updated Go to version 1.19.8 and updated dependencies.
Gateway-enabled cluster controller 2024 2106 Support Ubuntu 20 and update image to resolve CVEs.
GPU device plug-in a873e90 fc4cf22 Updated Go to version 1.19.7.
GPU installer a873e90 28d80a0 Updated Go to version 1.19.8.
IBM Calico extension 1366 1390 Eliminate IP syscall.
IBM Cloud Block Storage driver and plug-in v2.4.0 v2.4.5 Updated universal base image (UBI) to resolve CVEs. Updated Go to version 1.19.8 and updated dependencies.
IBM Cloud Controller Manager v1.26.3-1 v1.26.4-1 Updated to support the Kubernetes 1.26.4 release. Updated Go dependencies and to Go version 1.19.8.
IBM Cloud File Storage for Classic plug-in and monitor 429 431 Updated Go to version 1.19.8 and updated dependencies. Update UBI base image.
IBM Cloud Metrics Server Config Watcher N/A d842983 New component with multi-architecture support that replaces the existing metrics server configuration watcher.
Key Management Service provider v2.6.4 v2.6.5 Updated Go to version 1.19.7 and updated dependencies.
Konnectivity agent and server v0.1.1_569_iks v0.1.2_591_iks See the Konnectivity release notes. Updated configuration to set keepalive-time to 40s.
Kubernetes v1.26.3 v1.26.4 See the Kubernetes release notes.
Kubernetes Metrics Server configuration N/A N/A Updated to use TLS version 1.3 ciphers.
Load balancer and load balancer monitor for IBM Cloud Provider 2420 2486 Updated Go to version 1.19.7 and updated dependencies.
Portieris admission controller v0.13.3 v0.13.4 See the Portieris admission controller release notes.

Change log for worker node fix pack 1.26.4_1535, released 24 April 2023

The following table shows the changes that are in the worker node fix pack 1.26.4_1535. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.26.3_1533
Component Previous Current Description
Ubuntu 18.04 packages 4.15.0-208-generic 4.15.0-209-generic Worker node package updates for  CVE-2021-4192, CVE-2021-4193, CVE-2022-0213, CVE-2022-0261, CVE-2022-0318, CVE-2022-0319, CVE-2022-0351, CVE-2022-0359, CVE-2022-0361, CVE-2022-0368, CVE-2022-0408, CVE-2022-0443, CVE-2022-0554, CVE-2022-0572, CVE-2022-0685, CVE-2022-0714, CVE-2022-0729, CVE-2022-2207, CVE-2022-3903, CVE-2023-1281, CVE-2023-1326, CVE-2023-26545, CVE-2023-28450, CVE-2023-28484, CVE-2023-28486, CVE-2023-28487, CVE-2023-29469.
Ubuntu 20.04 packages N/A N/A Worker node package updates for CVE-2021-4166, CVE-2021-4192, CVE-2021-4193, CVE-2022-0213, CVE-2022-0261, CVE-2022-0318, CVE-2022-0319, CVE-2022-0351, CVE-2022-0359, CVE-2022-0361, CVE-2022-0368, CVE-2022-0408, CVE-2022-0443, CVE-2022-0554, CVE-2022-0572, CVE-2022-0629, CVE-2022-0685, CVE-2022-0714, CVE-2022-0729, CVE-2022-2207, CVE-2022-3108, CVE-2022-3903, CVE-2023-1281, CVE-2023-1326, CVE-2023-26545, CVE-2023-28484, CVE-2023-28486, CVE-2023-28487, CVE-2023-29469.
Kubernetes 1.26.3 1.26.4 See change logs.
Containerd N/A N/A N/A
Haproxy N/A N/A N/A

Change log for worker node fix pack 1.26.3_1533, released 11 April 2023

The following table shows the changes that are in the worker node fix pack 1.26.3_1533. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.26.3_1531
Component Previous Current Description
Ubuntu 18.04 packages 4.15.0-206 4.15.0-208 Worker node kernel & package updates for CVE-2021-3669, CVE-2022-0413, CVE-2022-1629, CVE-2022-1674, CVE-2022-1720, CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851, CVE-2022-1898, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206, CVE-2022-2304, CVE-2022-2345, CVE-2022-2571, CVE-2022-2581, CVE-2022-2845, CVE-2022-2849, CVE-2022-2923, CVE-2022-2946, CVE-2022-41218, CVE-2023-0045, CVE-2023-0266, CVE-2023-23559.
Ubuntu 20.04 packages N/A N/A Worker node package updates for CVE-2022-0413, CVE-2022-1629, CVE-2022-1674, CVE-2022-1720, CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851, CVE-2022-1898, CVE-2022-1927, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206, CVE-2022-2304, CVE-2022-2344, CVE-2022-2345, CVE-2022-2571, CVE-2022-2581, CVE-2022-2845, CVE-2022-2849, CVE-2022-2923, CVE-2022-2946, CVE-2022-2980. Updated sysctl setting for fs.inotify.max_user_instances from default 128 to 1024.
Kubernetes N/A N/A N/A
Haproxy 8398d1 8895ad CVE-2023-0361.
Containerd N/A N/A N/A

Change log for worker node fix pack 1.26.3_1531, released 29 March 2023

The following table shows the changes that are in the worker node fix pack 1.26.3_1531. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.26.3_1529
Component Previous Current Description
Ubuntu 20.04 packages 5.4.0-144 5.4.0-139 Downgrading kernel to address Upstream canonical bug.

Change log for master fix pack 1.26.3_1528, released 28 March 2023

The following table shows the changes that are in the master fix pack 1.26.3_1528. Master patch updates are applied automatically.

Changes since version 1.26.1_1524
Component Previous Current Description
Cluster health image v1.3.16 v1.3.17 Updated Go to version 1.19.7 and updated dependencies.
GPU device plug-in and installer 79a2232 a873e90 Updated Go to version 1.19.6.
IBM Calico extension 1308-amd64 1366-amd64 Updated to resolve CVE-2023-23916.
IBM Cloud Block Storage driver and plug-in v2.3.7 v2.4.0 Removed ExpandInUsePersistentVolumes feature gate.
IBM Cloud Controller Manager v1.26.1-16 v1.26.3-1 Updated to support the Kubernetes 1.26.3 release.
IBM Cloud File Storage for Classic plug-in and monitor 427 429 Updated universal base image (UBI) to resolve CVEs. Updated Go to version 1.19.6 and updated dependencies.
Key Management Service provider v2.6.3 v2.6.4 Updated Go to version 1.19.7 and updated dependencies.
Kubernetes v1.26.1 v1.26.3 See the Kubernetes release notes.
Kubernetes Dashboard metrics scraper v1.0.8 v1.0.9 See the Kubernetes Dashboard metrics scraper release notes.
Load balancer and load balancer monitor for IBM Cloud Provider 2383 2420 Updated the image to resolve CVEs.

Change log for worker node fix pack 1.26.3_1529, released 27 March 2023

The following table shows the changes that are in the worker node fix pack 1.26.3_1529. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.26.1_1525
Component Previous Current Description
Ubuntu 18.04 packages N/A N/A Worker node package updates for CVE-2021-36222, CVE-2021-37750, CVE-2022-47024, CVE-2023-0049, CVE-2023-0054, CVE-2023-0288, CVE-2023-0433, CVE-2023-1170, CVE-2023-1175, CVE-2023-24329, CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538.
Ubuntu 20.04 packages N/A N/A Worker node package updates for CVE-2021-36222, CVE-2021-37750, CVE-2022-47024, CVE-2023-0049, CVE-2023-0054, CVE-2023-0288, CVE-2023-0433, CVE-2023-1170, CVE-2023-1175, CVE-2023-1264, CVE-2023-24329, CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538.
Kubernetes 1.26.1 1.26.3 For more information, see the change log.
Containerd 1.7.0-rc.3 1.7.0 For more information, see the change log.
Haproxy af5031 8398d1 CVE-2023-23916.

Change log for worker node fix pack 1.26.1_1525, released 13 March 2023

The following table shows the changes that are in the worker node fix pack 1.26.1_1525. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.26.1_1522
Component Previous Current Description
Ubuntu 20.04 packages 5.4.0-139 5.4.0-144 Worker node kernel & package updates for CVE-2022-29154, CVE-2022-3545, CVE-2022-3821, CVE-2022-40898, CVE-2022-41218, CVE-2022-4139, CVE-2022-4415, CVE-2022-47520, CVE-2022-48303, CVE-2023-0266, CVE-2023-0361, CVE-2023-0461, CVE-2023-0767, CVE-2023-23916.
Ubuntu 18.04 packages 4.15.0-204 4.15.0-206 Worker node kernel & package updates for CVE-2022-29154, CVE-2022-3545, CVE-2022-3628, CVE-2022-37454, CVE-2022-3821, CVE-2022-40898, CVE-2022-48303, CVE-2023-0461, CVE-2023-0767, CVE-2023-22490, CVE-2023-23916.
Kubernetes N/A N/A N/A
Containerd 1.7.0-rc.1 1.7.0-rc.3 For more information, see the change log.

Change log for master fix pack 1.26.1_1524, released 2 March 2023

The following table shows the changes that are in the master fix pack 1.26.1_1524. Master patch updates are applied automatically.

Changes since version 1.26.1_1519
Component Previous Current Description
Calico v3.24.5 v3.25.0 See the Calico release notes.
Cluster health image v1.3.15 v1.3.16 Updated Go dependencies and to Go version 1.19.6. Updated universal base image (UBI) to resolve CVEs.
CoreDNS 1.10.0 1.10.1 See the CoreDNS release notes.
etcd v3.5.6 v3.5.7 See the etcd release notes.
IBM Calico extension 1305-amd64 1308-amd64 Updated universal base image (UBI) to resolve CVE-2022-47629.
IBM Cloud Block Storage driver and plug-in v2.3.6 v2.3.7 Updated universal base image (UBI) to resolve CVEs.
IBM Cloud Controller Manager v1.26.1-2 v1.26.1-16 Updated Go dependencies. Updated k8s.io/utils digest to a5ecb01.
IBM Cloud File Storage for Classic plug-in and monitor 425 427 Updated universal base image (UBI) to resolve CVEs.
Gateway-enabled cluster controller 1902 1987 Updated armada-utils to version v1.9.35
Key Management Service provider v2.6.2 v2.6.3 Updated Go dependencies and to Go version 1.19.6.
Konnectivity agent v0.1.0_503_iks v0.1.1_569_iks Updated to Konnectivity version v0.1.1.
Kubernetes NodeLocal DNS cache 1.22.15 1.22.18 See the Kubernetes NodeLocal DNS cache release notes.
Load balancer and Load balancer monitor for IBM Cloud Provider 2325 2383 Updated to armada-utils version 1.9.35.
Portieris admission controller v0.12.6 v0.13.3 See the Portieris admission controller release notes.

Change log for worker node fix pack 1.26.1_1522, released 27 February 2023

The following table shows the changes that are in the worker node fix pack 1.26.1_1522. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.26.1_1521
Component Previous Current Description
containerd v1.6.17 v1.6.18 See the 1.6.18 change log and the security bulletin for CVE-2023-25153 and CVE-2023-25173.
Ubuntu 18.04 packages N/A N/A Worker node package updates for CVE-2023-22490, CVE-2023-23946, CVE-2023-25725.
Ubuntu 20.04 packages N/A N/A Worker node package updates for CVE-2023-22490, CVE-2023-23946, CVE-2023-25725.
Kubernetes N/A N/A N/A
HAProxy d38f89 af5031 CVE-2022-40897, CVE-2022-4415, CVE-2020-10735, CVE-2021-28861, CVE-2022-45061.
Default Worker Pool Ubuntu 18 Ubuntu 20 For IBM Cloud Kubernetes Service, default worker-pool is created with Ubuntu 20 Operating system

Change log for worker node fix pack 1.26.1_1521, released 13 February 2023

The following table shows the changes that are in the worker node fix pack 1.26.1_1521. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.26.1_1520
Component Previous Current Description
Ubuntu 18.04 packages 4.15.0-202 4.15.0-204 Worker node kernel & package updates for CVE-2022-28321, CVE-2022-3437, CVE-2022-4304, CVE-2022-4450, CVE-2022-45142, CVE-2022-47016, CVE-2023-0215, CVE-2023-0286.
Ubuntu 20.04 packages 5.4.0-137 5.4.0-139 Worker node kernel & package updates for CVE-2022-28321, CVE-2022-3437, CVE-2022-4304, CVE-2022-4450, CVE-2022-45142, CVE-2022-47016, CVE-2023-0215, CVE-2023-0286.
Kubernetes N/A N/A N/A
HAProxy 8d6ea6 08c969 CVE-2022-47629.

Change log for master fix pack 1.26.1_1519 and worker node fix pack 1.26.1_1520, released 1 February 2023

Changes since version 1.25.
Component Previous Current Description
Calico configuration N/A N/A Calico configuration now sets a BGP password and container network sysctl tuning for net.ipv4.tcp_keepalive_intvl to 15, net.ipv4.tcp_keepalive_probes to 6 and net.ipv4.tcp_keepalive_time to 40.
containerd v1.6.16 v1.7.0-beta.2 See the containerd release notes. In addition, the image pull progress timeout has been configured to 5 minutes.
IBM Cloud Controller Manager v1.25.6-2 v1.26.1-2 Updated to support the Kubernetes 1.26.1 release. Updated Go dependencies and to Go version 1.19.5. VPC load balancer creation now honors a user specified name. VPC load balancer update now handles an empty default pool name.
Key Management Service provider v2.5.13 v2.6.2 Delayed KMS pod termination until the Kubernetes API server terminates. Updated Go dependencies and to Go version 1.19.4.
Konnectivity agent and server v0.0.34_491_iks v0.1.0_503_iks See the Konnectivity release notes.
Kubernetes v1.25.6 v1.26.1 See the Kubernetes release notes.
Kubernetes configuration N/A N/A Updated the kube-proxy configuration.
Kubernetes add-on resizer 1.8.15 1.8.16 See the Kubernetes add-on resizer release notes. In addition, a liveness probe has been configured to improve availability.
Kubernetes DNS autoscaler configuration N/A N/A Memory resource requests were increased from 5Mi to 7Mi to better align with normal resource utilization. In addition, a liveness probe has been configured to improve availability.
Kubernetes Metrics Server v0.6.0 v0.6.2 See the Kubernetes Metrics Server release notes.
Kubernetes NodeLocal DNS cache 1.22.13 1.22.15 See the Kubernetes NodeLocal DNS cache release notes.
Pause container image 3.8 3.9 See the pause container image release notes.