Amazon EKS follows the shared responsibility model for CVEs and security patches on managed node groups. When managed nodes run an Amazon EKS optimized AMI, Amazon EKS is responsible for building patched versions of the AMI when bugs or issues are reported. We can publish a fix. However, you're responsible for deploying these patched AMI versions to your managed node groups. When managed nodes run a custom AMI, you're responsible for building patched versions of the AMI when bugs or issues are reported and then deploying the AMI. For more information, see Updating a managed node group . For the control plane, AWS manage the provision of automated version updates and patching.
- AWS manages the underlying infrastructure of the EKS control plane, including security updates and maintenance.
- AWS ensures that the EKS control plane is running the latest security patches, bug fixes, and improvements.
- You are responsible for upgrading the Kubernetes software in your EKS cluster's control plane. This involves upgrading the Kubernetes version to benefit from new features and security enhancements.
- You need to plan, schedule, and perform the upgrade of the control plane manually.
- AWS provides tools, resources, and documentation to guide you through the process of upgrading the control plane.
To summarize, while AWS takes care of the maintenance and patching of the underlying infrastructure of the EKS control plane, you are responsible for upgrading the Kubernetes software itself.
- Accepted Answerasked 5 months ago
- How do I use the Microsoft KB number in Patch Manager to install a specific patch or set of patches?AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 9 days ago
- How do I troubleshoot a missing KB patch after a successful patching operation on EC2 Windows instances through Patch Manager?AWS OFFICIALUpdated 9 months ago