kubernetesupgradeazure-aks
Can not Upgrade AKS worker nodes to protect against CVE-2021-25741
I was trying to upgrade my Azure AKS to protect against CVE-2021-25741.
I had seen that the following versions are affected:
I cannot upgrade my cluster to any of the versions above.
When I run the following command
az aks get-versions --location westeurope --output table
I get this:
So the question is how can I upgrade to a non-affected version.
Solution
you have to wait until the AKS Team is releasing a Kubernetes Version were this is fixed.
Until then, you can leverage Azure Policy & Gatekeeper to mitigate the attack scenario: https://sysdig.com/blog/cve-2021-25741-kubelet-falco/
- Is there a name or standard for the YAML format used to describe kubernetes resources?
- Kubernetes Application with multiple Resources single YAML
- Kubernetes Persisten Volumes
- Kubernetes Authentication no re-create token
- .NET 8 app in Rancher only listening on http port
- Issue injecting helm value on configmap
- Which rights are missing? Unable to continue with install: could not get information about the resource: podsecuritypolicies.policy
- is it possible to shrink the spaces of io.containerd.snapshotter.v1.overlayfs folder in kubernetes
- How can I get pods by label, using the python kubernetes api?
- Failed calling webhook "namespace.sidecar-injector.istio.io"
- Delete Kubernetes namespace with delay
- Redis Sentinel doesn't auto discover new slave instances
- difference between spark.kubernetes.driver.request.cores, spark.kubernetes.driver.limit.cores and spark.driver.cores
- Debezium KafkaConnect, kafka_connect_run.sh No such file or directory
- Unable to access my minikube cluster from the browser (❗ Because you are using a Docker driver on windows, the terminal needs to be open to run it.)
- What is the difference between Istio VirtualService and Kubernetes Service?
- Can't add Prometheus as DataSource in Grafana, via Minikube
- How can I deploy PostgreSQL using the Stolon operator on OpenShift?
- How to expose kubernetes app from minikube outside of domain
- Using Trusted Platform module in Kubernetes
- How to remove claim from a persistent volume when it was released?
- Helm Template check boolean value
- Getting permission denied error while trying to access any vault secret engines using Spring boot application on kubernetes
- Kubernetes: how to set VolumeMount user group and file permissions
- Do I need to create different StorageClasses for different PVs?
- how can i control the number of events a namespace can save?
- Kubernetes : Dynamic Storage Provisioning using host-path
- Restart Pod when secrets gets updated
- Error connecting to kafka broker as a k8s pod on local machine
- How to access Kafka Connect created by Strimzi?