AWS eks documentation change
Summary
Removed Kubernetes 1.32 documentation section, updated version list to remove 1.32, and added hyperlinks to Amazon Linux 2 AMI deprecation documentation
Security assessment
This change removes documentation for an older Kubernetes version (1.32) and adds proper markdown links to deprecation documentation. The removed section included security-related content about anonymous authentication restrictions, but this appears to be routine documentation cleanup as versions rotate out of support rather than addressing a specific security vulnerability. The change does not introduce new security documentation or fix security issues.
Diff
diff --git a/eks/latest/userguide/kubernetes-versions-standard.md b/eks/latest/userguide/kubernetes-versions-standard.md index e402aca98..1cfb80ce7 100644 --- a//eks/latest/userguide/kubernetes-versions-standard.md +++ b//eks/latest/userguide/kubernetes-versions-standard.md @@ -5 +5 @@ -Kubernetes 1.35Kubernetes 1.34Kubernetes 1.33Kubernetes 1.32 +Kubernetes 1.35Kubernetes 1.34Kubernetes 1.33 @@ -77 +77 @@ Kubernetes `1.34` is now available in Amazon EKS. For more information about Kub - * For more information, see Amazon Linux 2 AMI deprecation. + * For more information, see [Amazon Linux 2 AMI deprecation](./kubernetes-versions-extended.html#al2-ami-deprecation). @@ -139 +139 @@ Kubernetes `1.33` is now available in Amazon EKS. For more information about Kub - * For more information, see Amazon Linux 2 AMI deprecation. + * For more information, see [Amazon Linux 2 AMI deprecation](./kubernetes-versions-extended.html#al2-ami-deprecation). @@ -163,49 +162,0 @@ For the complete Kubernetes `1.33` changelog, see https://github.com/kubernetes/ -## Kubernetes 1.32 - -Kubernetes `1.32` is now available in Amazon EKS. For more information about Kubernetes `1.32`, see the [official release announcement](https://kubernetes.io/blog/2024/12/11/kubernetes-v1-32-release/). - -###### Important - - * The `flowcontrol.apiserver.k8s.io/v1beta3` API version of FlowSchema and PriorityLevelConfiguration has been removed in version `1.32`. If you are using these APIs, you must update your configurations to use the latest supported version before upgrading. - - * ServiceAccount `metadata.annotations[kubernetes.io/enforce-mountable-secrets]` has been deprecated in version `1.32` and will be removed in a future Kubernetes minor version release. It is recommended to use separate namespaces to isolate access to mounted secrets. - - * Kubernetes version `1.32` is the last version for which Amazon EKS will release Amazon Linux 2 (AL2) AMIs. From version `1.33` onwards, Amazon EKS will continue to release Amazon Linux 2023 (AL2023) and Bottlerocket based AMIs. - - - - - * The Memory Manager feature has graduated to Generally Available (GA) status in Kubernetes version `1.32`. This enhancement provides more efficient and predictable memory allocation for containerized applications, particularly beneficial for workloads with specific memory requirements. - - * PersistentVolumeClaims (PVCs) created by StatefulSets now include automatic cleanup functionality. When PVCs are no longer needed, they will be automatically deleted while maintaining data persistence during StatefulSet updates and node maintenance operations. This feature simplifies storage management and helps prevent orphaned PVCs in your cluster. - - * Custom Resource Field Selector functionality has been introduced, allowing developers to add field selectors to custom resources. This feature provides the same filtering capabilities available for built-in Kubernetes objects to custom resources, enabling more precise and efficient resource filtering and promoting better API design practices. - - - - -For the complete Kubernetes `1.32` changelog, see https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.32.md - -### Anonymous authentication changes - -Starting with Amazon EKS `1.32`, anonymous authentication is restricted to the following API server health check endpoints: - - * `/healthz` - - * `/livez` - - * `/readyz` - - - - -Requests to any other endpoint using the `system:unauthenticated` user will receive a `401 Unauthorized` HTTP response. This security enhancement helps prevent unintended cluster access that could occur due to misconfigured RBAC policies. - -###### Note - -The `public-info-viewer` RBAC role continues to apply for the health check endpoints listed above. - -### Amazon Linux 2 AMI deprecation - -Kubernetes version `1.32` is the last version for which Amazon EKS released AL2 AMIs. From version `1.33` onwards, Amazon EKS will continue to release AL2023 and Bottlerocket based AMIs. For more information, see [Guide to EKS AL2 & AL2-Accelerated AMIs transition features](./eks-ami-deprecation-faqs.html). -