Update supported k8s version for EKS #4915
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
A documentation preview will be available soon. Request a new doc build by commenting
If your PR continues to fail for an unknown reason, the doc build pipeline may be broken. Elastic employees can check the pipeline status here. |
Contributor
|
This pull request does not have a backport label. Could you fix it @uri-weisman? 🙏
NOTE: |
|
@uri-weisman Thanks for starting this conversation, I agree to call out the specific versions we support in our docs, to help get this update could you please highlight the exact Kubernetes versions for our EKS support? cc @benironside |
Contributor
Author
This problem arises from the CIS EKS benchmark v1.0.1, which does not specify the EKS versions to which the benchmark is applicable. For example, in the mentioned benchmark version, they refer to k8s resources (PSP) that are already being removed in the current version (v1.25). The EKS benchmark implementation includes data collectors that are specific to the cloud provider and some that are shared with self-managed k8s, supporting v1.23. This means that we will publish that our supported EKS version is v1.23.The newer versions may work, but they might result in lost findings. cc @tehilashn |
mergify bot
pushed a commit
that referenced
this pull request
Apr 11, 2024
* update supported k8s version for eks * applies update in other location --------- Co-authored-by: Benjamin Ironside Goldstein <benjamin.ironside@elastic.co> (cherry picked from commit 55e1037)
mergify bot
pushed a commit
that referenced
this pull request
Apr 11, 2024
* update supported k8s version for eks * applies update in other location --------- Co-authored-by: Benjamin Ironside Goldstein <benjamin.ironside@elastic.co> (cherry picked from commit 55e1037)
mergify bot
pushed a commit
that referenced
this pull request
Apr 11, 2024
* update supported k8s version for eks * applies update in other location --------- Co-authored-by: Benjamin Ironside Goldstein <benjamin.ironside@elastic.co> (cherry picked from commit 55e1037)
mergify bot
pushed a commit
that referenced
this pull request
Apr 11, 2024
* update supported k8s version for eks * applies update in other location --------- Co-authored-by: Benjamin Ironside Goldstein <benjamin.ironside@elastic.co> (cherry picked from commit 55e1037)
mergify bot
pushed a commit
that referenced
this pull request
Apr 11, 2024
* update supported k8s version for eks * applies update in other location --------- Co-authored-by: Benjamin Ironside Goldstein <benjamin.ironside@elastic.co> (cherry picked from commit 55e1037)
mergify bot
pushed a commit
that referenced
this pull request
Apr 11, 2024
* update supported k8s version for eks * applies update in other location --------- Co-authored-by: Benjamin Ironside Goldstein <benjamin.ironside@elastic.co> (cherry picked from commit 55e1037)
mergify bot
pushed a commit
that referenced
this pull request
Apr 11, 2024
* update supported k8s version for eks * applies update in other location --------- Co-authored-by: Benjamin Ironside Goldstein <benjamin.ironside@elastic.co> (cherry picked from commit 55e1037)
mergify bot
pushed a commit
that referenced
this pull request
Apr 11, 2024
* update supported k8s version for eks * applies update in other location --------- Co-authored-by: Benjamin Ironside Goldstein <benjamin.ironside@elastic.co> (cherry picked from commit 55e1037) # Conflicts: # docs/cloud-native-security/cspm-faq.asciidoc # docs/cloud-native-security/kspm-faq.asciidoc
mergify bot
pushed a commit
that referenced
this pull request
Apr 11, 2024
* update supported k8s version for eks * applies update in other location --------- Co-authored-by: Benjamin Ironside Goldstein <benjamin.ironside@elastic.co> (cherry picked from commit 55e1037) # Conflicts: # docs/cloud-native-security/cspm-faq.asciidoc # docs/cloud-native-security/kspm-faq.asciidoc
benironside
pushed a commit
that referenced
this pull request
Apr 15, 2024
* update supported k8s version for eks * applies update in other location --------- Co-authored-by: Benjamin Ironside Goldstein <benjamin.ironside@elastic.co> (cherry picked from commit 55e1037) Co-authored-by: Uri Weisman <68195305+uri-weisman@users.noreply.github.com>
benironside
pushed a commit
that referenced
this pull request
Apr 15, 2024
* update supported k8s version for eks * applies update in other location --------- Co-authored-by: Benjamin Ironside Goldstein <benjamin.ironside@elastic.co> (cherry picked from commit 55e1037) Co-authored-by: Uri Weisman <68195305+uri-weisman@users.noreply.github.com>
benironside
pushed a commit
that referenced
this pull request
Apr 15, 2024
* update supported k8s version for eks * applies update in other location --------- Co-authored-by: Benjamin Ironside Goldstein <benjamin.ironside@elastic.co> (cherry picked from commit 55e1037) Co-authored-by: Uri Weisman <68195305+uri-weisman@users.noreply.github.com>
benironside
pushed a commit
that referenced
this pull request
Apr 15, 2024
* update supported k8s version for eks * applies update in other location --------- Co-authored-by: Benjamin Ironside Goldstein <benjamin.ironside@elastic.co> (cherry picked from commit 55e1037) Co-authored-by: Uri Weisman <68195305+uri-weisman@users.noreply.github.com>
benironside
pushed a commit
that referenced
this pull request
Apr 15, 2024
* update supported k8s version for eks * applies update in other location --------- Co-authored-by: Benjamin Ironside Goldstein <benjamin.ironside@elastic.co> (cherry picked from commit 55e1037) Co-authored-by: Uri Weisman <68195305+uri-weisman@users.noreply.github.com>
benironside
pushed a commit
that referenced
this pull request
Apr 15, 2024
* update supported k8s version for eks * applies update in other location --------- Co-authored-by: Benjamin Ironside Goldstein <benjamin.ironside@elastic.co> (cherry picked from commit 55e1037) Co-authored-by: Uri Weisman <68195305+uri-weisman@users.noreply.github.com>
benironside
added a commit
that referenced
this pull request
Apr 16, 2024
* update supported k8s version for eks * applies update in other location --------- Co-authored-by: Benjamin Ironside Goldstein <benjamin.ironside@elastic.co> (cherry picked from commit 55e1037) Co-authored-by: Uri Weisman <68195305+uri-weisman@users.noreply.github.com> Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We encountered an SDH ticket where a customer upgraded their EKS cluster to v1.25 and lost all their Pod Security Policy (PSP) findings because PSPs were removed in this version.
I don't believe we can claim to support all available EKS versions because our benchmark is not being updated, and we are likely to miss relevant findings.
It seems logical to tie our EKS support to the Kubernetes version we officially support. What do you think, @tinnytintin10?
Preview: KSPM FAQ