K
Q

Can not Upgrade AKS worker nodes to protect against CVE-2021-25741

10/26/2021

I was trying to upgrade my Azure AKS to protect against CVE-2021-25741.

I had seen that the following versions are affected:

Affected Versions

I cannot upgrade my cluster to any of the versions above.

When I run the following command

az aks get-versions --location westeurope --output table

I get this:

Azure Versions

So the question is how can I upgrade to a non-affected version.

-- Klatuu
azure-aks
kubernetes
upgrade

Similar Questions

replace configmap contents with some environment variables
Jenkins and Kubernetes integration localhost
Is istio a bottleneck for Reactive applications?
Halyard Deploy Spinnaker Target
How do I install Istio with fixed/static NodePort assignments?

1 Answer

10/26/2021

you have to wait until the AKS Team is releasing a Kubernetes Version were this is fixed.

Until then, you can leverage Azure Policy & Gatekeeper to mitigate the attack scenario: https://sysdig.com/blog/cve-2021-25741-kubelet-falco/

-- Philip Welz
Source: StackOverflow