Skip to main content

lacework-global-372

Elastic Kubernetes Service (EKS) clusters should run on a supported Kubernetes version (Automated)

Description

In late 2023 AWS introduced a new extended support service for EKS, providing customers with the ability to use an older version of Kubernetes for up to an additional 12 months after standard support ended. Lacework considers versions of Kubernetes that have entered the extended support period as unsupported.

The policy fails if the EKS cluster is running on an unsupported version of Kubernetes. The current oldest supported version is 1.25.

If the application does not require a specific version of Kubernetes, best practices recommend using the latest EKS supported Kubernetes version for the clusters.

For more information, see the Amazon EKS Kubernetes release calendar: https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html#kubernetes-release-calendar and Amazon EKS version support and FAQ in the Amazon EKS User Guide: https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html#version-deprecation.

Remediation

Carry out any version specific prerequisites from the AWS EKS User Guide before following the remediation steps: https://docs.aws.amazon.com/eks/latest/userguide/update-cluster.html#update-existing-cluster.

From the AWS console:

  1. Log in to the AWS Management Console.
  2. Click Services.
  3. Select Containers > Elastic Kubernetes Service.
  4. Click the name of the cluster to update.
  5. Click the Update now button.
  6. In the pop-up box, select a version of Kubernetes to upgrade to.
note

It may not be possible to directly update to the latest version, depending on changes between versions of kubernetes. Review these by clicking the Show upgrade insights button before updating.

  1. Click Update and wait for the update process to complete (this may take a few minutes).

From CLI:

aws eks update-cluster-version --region <region> --name <cluster_name> --kubernetes-version <EKS_version_number>

Check the following link for a list of versions currently available on standard support: https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html#available-versions.

References

https://docs.aws.amazon.com/securityhub/latest/userguide/eks-controls.html#eks-2
https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html#kubernetes-release-calendar
https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html#available-versions
https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html#version-deprecation
https://docs.aws.amazon.com/eks/latest/userguide/update-cluster.html

Last updated on