Skip to content

Commit

Permalink
Merge pull request #5757 from ministryofjustice/image-updates
Browse files Browse the repository at this point in the history 
docs: ✏️ update for 1.28 add-on versions
  • Loading branch information
@sj-williams
sj-williams authored Jun 24, 2024
2 parents add90f0 + c86d539 commit fabc27d
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 24 deletions.
46 changes: 23 additions & 23 deletions runbooks/source/container-images.html.md.erb
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
title: Container Images used by Cluster Components
weight: 55
last_reviewed_on: 2024-05-10
last_reviewed_on: 2024-06-24
review_in: 3 months
---

Expand All @@ -19,9 +19,9 @@ To grab the current image versions for all containers within components namespac
kubectl get pods -n [NAMESPACE] -o jsonpath='{range .items[*]}{"\n"}{.metadata.name}{":\t"}{range .spec.containers[*]}{.image}{", "}{end}{end}' | sort
```

### Latest version for k8s 1.27
### Latest version for k8s 1.28

The latest versions of some of the components might not be compatible with k8s 1.27. For this, click the link to check the Compatibility Matrix
The latest versions of some of the components might not be compatible with k8s 1.28. For this, click the link to check the Compatibility Matrix

### Latest version available
Thats the latest version available in the public repository. Update the version when there is a new release. You can find the latest version by clicking on the link or by checking the
Expand All @@ -41,12 +41,12 @@ This depends on several factors, some of them are:
🔴 - urgent, within this sprint

## calico-apiserver
| container image | urgency | latest version for k8s 1.27 | latest version available | latest helm chart |
| container image | urgency | latest version for k8s 1.28 | latest version available | latest helm chart |
|-|-|-|-|-|
| docker.io/calico/apiserver:v3.25.0 | 🟢 | [v3.27.0](https://docs.tigera.io/calico/latest/getting-started/kubernetes/requirements#kubernetes-requirements) |[v3.27.0](https://github.com/projectcalico/calico/releases/tag/v3.27.0) | [v1.33.0](https://github.com/tigera/operator/releases/tag/v1.33.0) |

## calico-system
| container image | urgency | latest version for k8s 1.27 | latest version available | latest helm chart |
| container image | urgency | latest version for k8s 1.28 | latest version available | latest helm chart |
|-|-|-|-|-|
| docker.io/calico/csi:v3.25.0 | 🟢 | [v3.27.0](https://docs.tigera.io/calico/latest/getting-started/kubernetes/requirements#kubernetes-requirements) | [v3.27.0](https://github.com/projectcalico/calico/releases/tag/v3.27.0) | [v1.33.0](https://github.com/tigera/operator/releases/tag/v1.33.0) |
| docker.io/calico/kube-controllers:v3.25.0 | 🟢 | v3.27.0 | [v3.27.0](https://github.com/projectcalico/calico/releases/tag/v3.27.0) | [v1.33.0](https://github.com/tigera/operator/releases/tag/v1.33.0) |
Expand All @@ -55,42 +55,42 @@ This depends on several factors, some of them are:
| docker.io/calico/typha:v3.25.0 | 🟢 | v3.27.0 | [v3.27.0](https://github.com/projectcalico/calico/releases/tag/v3.27.0) | [v1.33.0](https://github.com/tigera/operator/releases/tag/v1.33.0) |

## cert-manager
| container image | urgency | latest version for k8s 1.27 | latest version available | latest helm chart |
| container image | urgency | latest version for k8s 1.28 | latest version available | latest helm chart |
|-|-|-|-|-|
| quay.io/jetstack/cert-manager-cainjector:v1.13.1 | 🟢 | [v1.14.4](https://cert-manager.io/docs/releases/#currently-supported-releases) | [v1.14.4](https://github.com/cert-manager/cert-manager/releases/tag/v1.14.4) | [v1.14.4](https://github.com/cert-manager/cert-manager/releases/tag/v1.14.4) |
| quay.io/jetstack/cert-manager-controller:v1.13.1 | 🟢 | [v1.14.4](https://cert-manager.io/docs/releases/#currently-supported-releases) | [v1.14.4](https://github.com/cert-manager/cert-manager/releases/tag/v1.14.4) | [v1.14.4](https://github.com/cert-manager/cert-manager/releases/tag/v1.14.4) |
| quay.io/jetstack/cert-manager-webhook:v1.13.1 | 🟢 | [v1.14.4](https://cert-manager.io/docs/releases/#currently-supported-releases) | [v1.14.4](https://github.com/cert-manager/cert-manager/releases/tag/v1.14.4) | [v1.14.4](https://github.com/cert-manager/cert-manager/releases/tag/v1.14.4) |

## concourse
| container image | urgency | latest version for k8s 1.27 | latest version available | latest helm chart |
| container image | urgency | latest version for k8s 1.28 | latest version available | latest helm chart |
|-|-|-|-|-|
| concourse/concourse:7.7.0 | 🟠 | [v7.11.2](https://github.com/concourse/concourse/releases) | [v7.11.2](https://github.com/concourse/concourse/releases) | [v17.3.1](https://github.com/concourse/concourse-chart/releases/tag/v17.3.1)

## external-secrets-operator
| container image | urgency | latest version for k8s 1.27 | latest version available | latest helm chart |
| container image | urgency | latest version for k8s 1.28 | latest version available | latest helm chart |
|-|-|-|-|-|
| ghcr.io/external-secrets/external-secrets:v0.8.1 | 🟢 | [v0.9.14](https://external-secrets.io/latest/introduction/stability-support/#supported-versions) | [v0.9.14](https://github.com/external-secrets/external-secrets/releases/tag/v0.9.14) | [v0.9.14](https://github.com/external-secrets/external-secrets/releases/tag/helm-chart-0.9.14)

## gatekeeper-system
| container image | urgency | latest version for k8s 1.27 | latest version available | latest helm chart |
| container image | urgency | latest version for k8s 1.28 | latest version available | latest helm chart |
|-|-|-|-|-|
| openpolicyagent/gatekeeper:v3.13.0: | 🟢 | v3.15.1 | [v3.15.1](https://github.com/open-policy-agent/gatekeeper/releases/tag/v3.15.1) | [v3.15.1](https://github.com/open-policy-agent/gatekeeper/releases/tag/v3.15.1) |

## ingress-controllers
| container image | urgency | latest version for k8s 1.27 | latest version available | latest helm chart |
| container image | urgency | latest version for k8s 1.28 | latest version available | latest helm chart |
|-|-|-|-|-|
| debian:bookworm-slim | 🟢 | latest | n/a |
| fluent/fluent-bit:3.0.2-amd64 | 🟢 | v3.0.1 | [v3.0.3](https://github.com/fluent/fluent-bit/releases/tag/v3.0.3) | n/a |
| ministryofjustice/cloud-platform-custom-error-pages:0.6 | 🟠 | [managed by us](https://github.com/ministryofjustice/cloud-platform-custom-error-pages) | [managed by us](https://github.com/ministryofjustice/cloud-platform-custom-error-pages) | n/a |
| registry.k8s.io/ingress-nginx/controller:v1.8.4| 🟢 | [v1.10.0](https://github.com/kubernetes/ingress-nginx?tab=readme-ov-file#supported-versions-table) | [v1.10.0](https://github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.10.0) | [v4.10.0](https://github.com/kubernetes/ingress-nginx/tree/main/charts/ingress-nginx)

## kube-system
| container image | urgency | latest version for k8s 1.27 | latest version available | latest helm chart |
| container image | urgency | latest version for k8s 1.28 | latest version available | latest helm chart |
|-|-|-|-|-|
| 602401143452.dkr.ecr.eu-west-2.amazonaws.com/amazon-k8s-cni:v1.17.1-eksbuild.1 | 🟢 | [v1.18.0-eksbuild.1](https://docs.aws.amazon.com/eks/latest/userguide/managing-vpc-cni.html) | [v1.18.0-eksbuild.1](https://docs.aws.amazon.com/eks/latest/userguide/managing-vpc-cni.html) | n/a |
| 602401143452.dkr.ecr.eu-west-2.amazonaws.com/amazon/aws-network-policy-agent:v1.1.0-eksbuild.1 | 🟢 | [v1.1.0-eksbuild.1](https://docs.aws.amazon.com/eks/latest/userguide/managing-vpc-cni.html) | [v1.1.0-eksbuild.1](https://docs.aws.amazon.com/eks/latest/userguide/managing-vpc-cni.html) | n/a
| 602401143452.dkr.ecr.eu-west-2.amazonaws.com/eks/coredns:v1.10.1-eksbuild.7 | 🟢 | [v1.10.1-eksbuild.7](https://docs.aws.amazon.com/eks/latest/userguide/managing-coredns.html) | [v1.11.1-eksbuild.6](https://docs.aws.amazon.com/eks/latest/userguide/managing-coredns.html) | n/a |
| 066635153087.dkr.ecr.il-central-1.amazonaws.com/eks/kube-proxy:v1.27.10-minimal-eksbuild.2 | 🟢 | [v1.27.12-eksbuild.2](https://docs.aws.amazon.com/eks/latest/userguide/managing-kube-proxy.html) | [v1.29.1-eksbuild.2](https://docs.aws.amazon.com/eks/latest/userguide/managing-kube-proxy.html) | n/a
| 602401143452.dkr.ecr.eu-west-2.amazonaws.com/amazon-k8s-cni:v1.18.2-eksbuild.1 | 🟢 | [v1.18.2-eksbuild.1](https://docs.aws.amazon.com/eks/latest/userguide/managing-vpc-cni.html) | [v1.18.2-eksbuild.1](https://docs.aws.amazon.com/eks/latest/userguide/managing-vpc-cni.html) | n/a |
| 602401143452.dkr.ecr.eu-west-2.amazonaws.com/amazon/aws-network-policy-agent:v1.1.2-eksbuild.1 | 🟢 | [v1.1.2-eksbuild.1](https://docs.aws.amazon.com/eks/latest/userguide/managing-vpc-cni.html) | [v1.1.2-eksbuild.1](https://docs.aws.amazon.com/eks/latest/userguide/managing-vpc-cni.html) | n/a
| 602401143452.dkr.ecr.eu-west-2.amazonaws.com/eks/coredns:v1.10.1-eksbuild.11 | 🟢 | [v1.10.1-eksbuild.11](https://docs.aws.amazon.com/eks/latest/userguide/managing-coredns.html) | [v1.11.1-eksbuild.9](https://docs.aws.amazon.com/eks/latest/userguide/managing-coredns.html) | n/a |
| 066635153087.dkr.ecr.il-central-1.amazonaws.com/eks/kube-proxy:v1.27.10-minimal-eksbuild.2 | 🟢 | [v1.28.8-eksbuild.5](https://docs.aws.amazon.com/eks/latest/userguide/managing-kube-proxy.html) | [v1.30.0-eksbuild.3](https://docs.aws.amazon.com/eks/latest/userguide/managing-kube-proxy.html) | n/a
| docker.io/bitnami/external-dns:0.13.4-debian-11-r14 | 🟢 | v0.14.x | [v0.14.x](https://github.com/kubernetes-sigs/external-dns/releases/tag/v0.14.0) | [v0.14.x](https://github.com/bitnami/charts/blob/main/bitnami/external-dns/Chart.yaml#L11) |
| public.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver:v1.29.1 | 🟢 | [v1.30.0](https://github.com/kubernetes-sigs/aws-ebs-csi-driver?tab=readme-ov-file#compatibility) | [v1.30.0](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/releases/tag/v1.30.0) | [2.30.0](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/releases/tag/helm-chart-aws-ebs-csi-driver-2.30.0) |
| public.ecr.aws/eks-distro/kubernetes-csi/external-attacher:v4.5.0-eks-1-29-7 | 🟢 | [v4.5.0](https://distro.eks.amazonaws.com/releases/1-26/28/) | [v1.30.0](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/releases/tag/v1.29.1) | [2.30.0](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/releases/tag/helm-chart-aws-ebs-csi-driver-2.30.0) |
Expand All @@ -103,7 +103,7 @@ This depends on several factors, some of them are:
| registry.k8s.io/metrics-server/metrics-server:v0.6.2 | 🟠 | [v0.7.1](https://github.com/kubernetes-sigs/metrics-server?tab=readme-ov-file#compatibility-matrix) | [v0.7.1](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.7.1) | [3.12.1](https://github.com/kubernetes-sigs/metrics-server/releases/tag/metrics-server-helm-chart-3.12.1) |

## kuberhealthy
| container image | urgency | latest version for k8s 1.27 | latest version available | latest helm chart |
| container image | urgency | latest version for k8s 1.28 | latest version available | latest helm chart |
|-|-|-|-|-|
| 754256621582.dkr.ecr.eu-west-2.amazonaws.com/webops/cloud-platform-kuberhealthy-checks:1.8 | 🟢 | managed by us | [1.8](https://github.com/ministryofjustice/cloud-platform-kuberhealthy-checks/releases/tag/1.8) | n/a |
| docker.io/kuberhealthy/daemonset-check:v3.3.0 | 🟢 | v3.3.0 | [v3.3.0](https://github.com/kuberhealthy/kuberhealthy/releases/tag/v2.7.1) | [104](https://github.com/kuberhealthy/kuberhealthy/tree/master/deploy/helm/kuberhealthy) |
Expand All @@ -112,17 +112,17 @@ This depends on several factors, some of them are:
| docker.io/kuberhealthy/kuberhealthy:v2.8.0-rc2 __[pre-release]__| 🟢 | v2.7.1 | [v3.3.0](https://github.com/kuberhealthy/kuberhealthy/releases/tag/v2.7.1) | [104](https://github.com/kuberhealthy/kuberhealthy/tree/master/deploy/helm/kuberhealthy) |

## kuberos
| container image | urgency | latest version for k8s 1.27 | latest version available | latest helm chart |
| container image | urgency | latest version for k8s 1.28 | latest version available | latest helm chart |
|-|-|-|-|-|
| docker.io/ministryofjustice/cloud-platform-kuberos:2.6.0 | 🟢 | managed by us | [0.4.0](https://github.com/ministryofjustice/cloud-platform-helm-charts/tree/main/kuberos) | [0.4.0](https://github.com/ministryofjustice/cloud-platform-helm-charts/tree/main/kuberos)

## logging
| container image | urgency | latest version for k8s 1.27 | latest version available | latest helm chart |
| container image | urgency | latest version for k8s 1.28 | latest version available | latest helm chart |
|-|-|-|-|-|
| docker.io/fluent/fluent-bit:3.0.2 | 🟢 | v3.0.2 | [v3.0.3](https://github.com/fluent/fluent-bit/releases/tag/v3.0.3) | [0.46.5](https://github.com/fluent/helm-charts) |

## monitoring
| container image | urgency | latest version for k8s 1.27 | latest version available | latest helm chart |
| container image | urgency | latest version for k8s 1.28 | latest version available | latest helm chart |
|-|-|-|-|-|
| docker.io/bitnami/redis:7.2.4-debian-11-r5 | 🟢 | v7.2.4-debian-12-r11 | [v7.2.4-debian-12-r11](https://hub.docker.com/layers/bitnami/redis/7.2.4-debian-12-r11/images/sha256-5447a91cb398819dc9a396bfc6d24a0ef0f72800e18e6c442a53ededd45a6331?context=explore) | n/a |
| docker.io/bitnami/thanos:0.34.1-debian-12-r1 | 🟢 | v0.34.1 | [v0.34.1](https://github.com/thanos-io/thanos/releases) | [v0.34.1](https://github.com/bitnami/charts/blob/main/bitnami/thanos/Chart.yaml#L13) |
Expand All @@ -140,23 +140,23 @@ This depends on several factors, some of them are:
| registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.10.1 | 🟢 | [v2.10.1](https://github.com/kubernetes/kube-state-metrics?tab=readme-ov-file#compatibility-matrix) | [2.12.0](https://github.com/kubernetes/kube-state-metrics/releases) | [58.0.0](https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-prometheus-stack/Chart.yaml#L24) |

## overprovision
| container image | urgency | latest version for k8s 1.27 | latest version available | latest helm chart |
| container image | urgency | latest version for k8s 1.28 | latest version available | latest helm chart |
|-|-|-|-|-|
| registry.k8s.io/cpa/cluster-proportional-autoscaler:1.8.6 | 🟢 | v1.8.9 | [v1.8.9](https://github.com/kubernetes-sigs/cluster-proportional-autoscaler/releases/tag/v1.8.9) | [1.1.0](https://github.com/kubernetes-sigs/cluster-proportional-autoscaler/tree/master/charts/cluster-proportional-autoscaler)
| registry.k8s.io/pause:3.9 | 🟢 | v3.9 | [v3.9](https://github.com/kubernetes/kubernetes/tree/master/build/pause) | [registry](https://github.com/kubernetes/registry.k8s.io/blob/main/docs/debugging.md#verify-image-repositories-and-tags) |

## tigera-operator
| container image | urgency | latest version for k8s 1.27 | latest version available | latest helm chart |
| container image | urgency | latest version for k8s 1.28 | latest version available | latest helm chart |
|-|-|-|-|-|
| quay.io/tigera/operator:v1.30.0 | 🟠 | v1.33.0 | [v1.33.0](https://github.com/tigera/operator/releases/tag/v1.33.0) | [3.27.0](https://github.com/projectcalico/calico/tree/master/charts/tigera-operator)

## trivy-system
| container image | urgency | latest version for k8s 1.27 | latest version available | latest helm chart |
| container image | urgency | latest version for k8s 1.28 | latest version available | latest helm chart |
|-|-|-|-|-|
| ghcr.io/aquasecurity/trivy-operator:0.16.4 | 🟢 | v0.19.4 | [v0.19.4](https://github.com/aquasecurity/trivy-operator/releases/tag/v0.19.4) | [0.21.4](https://github.com/aquasecurity/trivy-operator/blob/main/deploy/helm/Chart.yaml)
| ghcr.io/aquasecurity/trivy:0.47.0 | 🟢 | v0.49.1 | [v0.50.1](https://github.com/aquasecurity/trivy/releases) | [0.21.4](https://github.com/aquasecurity/trivy-operator/blob/main/deploy/helm/Chart.yaml)

## velero
| container image | urgency | latest version for k8s 1.27 | latest version available | latest helm chart |
| container image | urgency | latest version for k8s 1.28 | latest version available | latest helm chart |
|-|-|-|-|-|
| velero/velero:v1.13.0 | 🟢 | [v1.13.1](https://github.com/vmware-tanzu/velero?tab=readme-ov-file#velero-compatibility-matrix) | [v1.13.1](https://github.com/vmware-tanzu/velero/releases) | [ 6.0.0](https://github.com/vmware-tanzu/helm-charts/tree/main/charts/velero) |
4 changes: 3 additions & 1 deletion runbooks/source/upgrade-eks-addons.html.md.erb
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
title: Upgrade EKS addons
weight: 53
last_reviewed_on: 2024-02-13
last_reviewed_on: 2024-06-24
review_in: 6 months
---

Expand Down Expand Up @@ -77,3 +77,5 @@ Create a thread in #cloud-platform notifying the team that upgrades are starting
## Finish the upgrade

Finish up communications and close the thread.

Finally, ensure that all add-on underlying image versions are updated in the [Container Images used by Cluster Components](https://runbooks.cloud-platform.service.justice.gov.uk/container-images.html) runbook

0 comments on commit fabc27d

Please sign in to comment.