- Newest
- Most votes
- Most comments
Hello,
Amazon EKS follows the shared responsibility model for CVEs and security patches on managed node groups. When managed nodes run an Amazon EKS optimized AMI, Amazon EKS is responsible for building patched versions of the AMI when bugs or issues are reported. We can publish a fix. However, you're responsible for deploying these patched AMI versions to your managed node groups. When managed nodes run a custom AMI, you're responsible for building patched versions of the AMI when bugs or issues are reported and then deploying the AMI. For more information, see Updating a managed node group [1]. For the control plane, AWS manage the provision of automated version updates and patching.
[1] - https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html
AWS Responsibility:
- AWS manages the underlying infrastructure of the EKS control plane, including security updates and maintenance.
- AWS ensures that the EKS control plane is running the latest security patches, bug fixes, and improvements.
Your Responsibility:
- You are responsible for upgrading the Kubernetes software in your EKS cluster's control plane. This involves upgrading the Kubernetes version to benefit from new features and security enhancements.
- You need to plan, schedule, and perform the upgrade of the control plane manually.
- AWS provides tools, resources, and documentation to guide you through the process of upgrading the control plane.
To summarize, while AWS takes care of the maintenance and patching of the underlying infrastructure of the EKS control plane, you are responsible for upgrading the Kubernetes software itself.
Relevant content
- asked 3 months ago
- asked a year ago
- asked a year ago
AWS OFFICIALUpdated a year ago- How do I use the Microsoft KB number in Patch Manager to install a specific patch or set of patches?AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 10 months ago
