- 新しい順
- 投票が多い順
- コメントが多い順
Hi, can you explain a little bit what you mean by Non Managed Cluster ? EKS is managed by default, did you get an exception ?
Hello.
Thank you for ask your question in re:post. Please let me address your query.
Kubernetes is a fast-growing project, new minor version (1.2X) updates are available on average every three months. Past a certain point (usually 1 year), the Kubernetes community stops releasing bug and CVE patches. Additionally, the Kubernetes project does not encourage CVE submission for deprecated versions. This means that vulnerabilities specific to an older version of Kubernetes may not even be reported, leaving customers exposed with no notice and no remediation options in the case of a vulnerability.
This is an unacceptable security posture for EKS and their customers, leading to the current policy of automatic upgrades to newer versions. [https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html]
The automatic upgrade is a measure in order to keep the Control Plane components in a supported Kubernetes version. After the End of Life you should be prepared to see an EKS Control Plane upgrade at any moment. AWS will not notify you the exact date, and you will be responsible to upgrade the data plane if needed (Worker Nodes, Controllers, Deployments, etc...)
As recommendation, do not wait until the automatic upgrade happen. Instead, please upgrade proactively your clusters to a supported version before the End of Life.
For more information about the Upgrade policy and how to upgrade, please review the corresponding section in the EKS Best practices Guide [https://aws.github.io/aws-eks-best-practices/upgrades/]
