Based on customer feedback, we’ve now disabled posting AWS Node Termination Handler (NTH) notifications to Slack by default. The NTH is responsible for reacting to node state changes, by properly draining a node for example when a Spot Instance interuption is received.
More …Update 2023-02-10: All clusters have been upgraded to v1.24.
We’ve upgraded all Teleport clusters from version 11.1.2 to 11.1.4.
This upgrade was done on all Teleport servers to fix potential vulnerabilties:
As part of our regular upgrade cycle, the following Kubernetes cluster components have been updated. These changes will be rolling out to all clusters soon.
More …We have upgraded Istio on all clusters that use it. The version was upgraded from 1.15.2 to 1.16.1. What’s new:
All Vault setups have been updated from 1.12.0 to the latest version 1.12.2. This release brings small improvements and bug fixes. Please refer to the upstream changelogs to see what’s changed:
Whenever you deploy an Ingress resource, external-dns is responsible for creating the matching DNS record. We have now enabled the “CRD” feature of this component, which allows you to manage any DNS records of your choice through external-dns.
We’ve upgraded all Teleport clusters from version 11.0.3 to 11.1.1.
This upgrade was done on all Teleport servers to fix a potential vulnerabilty:
More …Fixed issue where an attacker with physical access to user’s computer and raw access to the filesystem could potentially recover the seed QR code.
We’ve upgraded all Teleport clusters from version 10.1.4 to 11.0.3. Teleport is a tool we mostly use internally to provide secure and auditted access to (EC2) instances, Kubernetes clusters and several dashboards. The nodes will gradually be upgraded to the new version when new instances are launched.
Today we’re adding a new fearure in our Kubernetes reference solution. It is now possible to deploy the Kubernetes descheduler on your cluster(s). For now while we are testing this add-on this is an optional component. If all goes well we’ll deploy it as a standard component.
More …As part of our regular upgrade cycle, the following Kubernetes cluster components have been updated. We’ve already rolled these out to all non-production clusters. Production upgrades are scheduled to happen next week during business hours. As usual, no workload interuptions are expected.
More …We have started rolling out AKS and EKS 1.23. This brings our supported AKS platforms to v1.22.12 and EKS to v1.22.13.
In response to several CVEs, the following Kubernetes cluster components have been updated. These changes have already been rolled out to all clusters.
More …In response to CVE-2022-32149, the following Kubernetes cluster components have been updated. These changes have already been rolled out to all clusters.
More …We use the AWS-published EKS AMI (Amazon Machine Image) as a base to build our custom image for our managed Kubernetes clusters, which in turn is based on Amazon linux 2. Our CI system monitors the published AWS AMIs and automatically builds our custom base image, which is then rolled out to customer clusters based on our regular update cycle.
More …We’ve implemented several improvements on the monitoring of our RDS snapshot cross-account replicator module, which have been rolled out to all customers that are currently using it.
More …All Vault setups have been updated to the latest version 1.12.0. Please refer to the upstream changelogs to see what’s changed:
A security issue was discovered in Golang where a user can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
More …We have upgraded our Concourse setups to the latest version 7.8.3. This patch release comes with some security fixes. You can check the full changelog in the Concourse releases page.
More …We now offer the option to enable and use an AWS NLB as load balancer type for your ingress. This has a couple of benefits compared to an ELB.
More …