Container Images used by Cluster Components

Ths runbook contains the list of container images used by the Cloud Platform components.

How to update this runbook

Check current components images versions

To grab the current image versions for all containers within components namespace pods, you can run the following command:

kubectl get pods -n [NAMESPACE] -o jsonpath='{range .items[*]}{"\n"}{.metadata.name}{":\t"}{range .spec.containers[*]}{.image}{", "}{end}{end}' | sort

Latest version for k8s 1.27

The latest versions of some of the components might not be compatible with k8s 1.27. For this, click the link to check the Compatibility Matrix

Latest version available

Thats the latest version available in the public repository. Update the version when there is a new release. You can find the latest version by clicking on the link or by checking the reports page

Urgency

This depends on several factors, some of them are: - the kubernetes version has been updated and the version currently used or no longer supported - the component is not working as expected and the latest version might fix the issue - the component is 1 major version behind and more than 3 minor versions behind

🟢 - low, OK to leave for now

🟠 - medium, within the next 2 sprints/4 weeks

🔴 - urgent, within this sprint

calico-apiserver

container image	urgency	latest version for k8s 1.27	latest version available	latest helm chart
docker.io/calico/apiserver:v3.25.0	🟢	v3.27.0	v3.27.0	v1.33.0

calico-system

container image	urgency	latest version for k8s 1.27	latest version available	latest helm chart
docker.io/calico/csi:v3.25.0	🟢	v3.27.0	v3.27.0	v1.33.0
docker.io/calico/kube-controllers:v3.25.0	🟢	v3.27.0	v3.27.0	v1.33.0
docker.io/calico/node-driver-registrar:v3.25.0	🟢	v3.27.0	v3.27.0	v1.33.0
docker.io/calico/node:v3.25.0	🟢	v3.27.0	v3.27.0	v1.33.0
docker.io/calico/typha:v3.25.0	🟢	v3.27.0	v3.27.0	v1.33.0

cert-manager

container image	urgency	latest version for k8s 1.27	latest version available	latest helm chart
quay.io/jetstack/cert-manager-cainjector:v1.13.1	🟢	v1.14.4	v1.14.4	v1.14.4
quay.io/jetstack/cert-manager-controller:v1.13.1	🟢	v1.14.4	v1.14.4	v1.14.4
quay.io/jetstack/cert-manager-webhook:v1.13.1	🟢	v1.14.4	v1.14.4	v1.14.4

concourse

container image	urgency	latest version for k8s 1.27	latest version available	latest helm chart
concourse/concourse:7.7.0	🟠	v7.11.2	v7.11.2	v17.3.1

external-secrets-operator

container image	urgency	latest version for k8s 1.27	latest version available	latest helm chart
ghcr.io/external-secrets/external-secrets:v0.8.1	🟢	v0.9.14	v0.9.14	v0.9.14

gatekeeper-system

container image	urgency	latest version for k8s 1.27	latest version available	latest helm chart
openpolicyagent/gatekeeper:v3.13.0:	🟢	v3.15.1	v3.15.1	v3.15.1

ingress-controllers

container image	urgency	latest version for k8s 1.27	latest version available	latest helm chart
debian:bookworm-slim	🟢	latest	n/a
fluent/fluent-bit:2.1.8-amd64	🟠	v3.0.1	v3.0.1	n/a
ministryofjustice/cloud-platform-custom-error-pages:0.6	🟠	managed by us	managed by us	n/a
registry.k8s.io/ingress-nginx/controller:v1.8.4	🟢	v1.10.0	v1.10.0	v4.10.0

kube-system

container image	urgency	latest version for k8s 1.27	latest version available	latest helm chart
602401143452.dkr.ecr.eu-west-2.amazonaws.com/amazon-k8s-cni:v1.17.1-eksbuild.1	🟢	v1.18.0-eksbuild.1	v1.18.0-eksbuild.1	n/a
602401143452.dkr.ecr.eu-west-2.amazonaws.com/amazon/aws-network-policy-agent:v1.1.0-eksbuild.1	🟢	v1.1.0-eksbuild.1	v1.1.0-eksbuild.1	n/a
602401143452.dkr.ecr.eu-west-2.amazonaws.com/eks/coredns:v1.10.1-eksbuild.7	🟢	v1.10.1-eksbuild.7	v1.11.1-eksbuild.6	n/a
066635153087.dkr.ecr.il-central-1.amazonaws.com/eks/kube-proxy:v1.27.10-minimal-eksbuild.2	🟢	v1.27.12-eksbuild.2	v1.29.1-eksbuild.2	n/a
docker.io/bitnami/external-dns:0.13.4-debian-11-r14	🟢	v0.14.x	v0.14.x	v0.14.x
public.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver:v1.24.0	🟠	v1.29.1	v1.29.1	2.29.1
public.ecr.aws/eks-distro/kubernetes-csi/external-attacher:v4.4.0-eks-1-28-6	🟠	v4.5.0	v1.29.1	2.29.1
public.ecr.aws/eks-distro/kubernetes-csi/external-provisioner:v3.5.0-eks-1-28-6	🟠	v4.0.0	v1.29.1	2.29.1
public.ecr.aws/eks-distro/kubernetes-csi/external-resizer:v1.9.0-eks-1-28-6	🟠	v1.10.0	v1.29.1	2.29.1
public.ecr.aws/eks-distro/kubernetes-csi/livenessprobe:v2.10.0-eks-1-28-6	🟠	v2.12.0	v1.29.1	2.29.1
public.ecr.aws/eks-distro/kubernetes-csi/node-driver-registrar:v2.9.0-eks-1-28-6	🟠	v2.10.0	v1.29.1	2.29.1
registry.k8s.io/autoscaling/cluster-autoscaler:v1.27.5	🟢	v1.27.5	v1.29.0	9.36.0
registry.k8s.io/descheduler/descheduler:v0.27.1	🟢	v0.27.1	v0.29.0	0.29.0
registry.k8s.io/metrics-server/metrics-server:v0.6.2	🟠	v0.7.1	v0.7.1	3.12.1

kuberhealthy

container image	urgency	latest version for k8s 1.27	latest version available	latest helm chart
754256621582.dkr.ecr.eu-west-2.amazonaws.com/webops/cloud-platform-kuberhealthy-checks:1.8	🟢	managed by us	1.8	n/a
docker.io/kuberhealthy/daemonset-check:v3.3.0	🟢	v3.3.0	v3.3.0	104
docker.io/kuberhealthy/deployment-check:v1.9.0	🟢	v1.9.0	v3.3.0	104
docker.io/kuberhealthy/dns-resolution-check:v1.5.0	🟢	v1.5.0	v3.3.0	104
docker.io/kuberhealthy/kuberhealthy:v2.8.0-rc2 [pre-release]	🟢	v2.7.1	v3.3.0	104

kuberos

container image	urgency	latest version for k8s 1.27	latest version available	latest helm chart
docker.io/ministryofjustice/cloud-platform-kuberos:2.6.0	🟢	managed by us	0.4.0	0.4.0

logging

container image	urgency	latest version for k8s 1.27	latest version available	latest helm chart
docker.io/fluent/fluent-bit:2.2.1	🟠	v3.0.1	v3.0.1	0.46.0

monitoring

container image	urgency	latest version for k8s 1.27	latest version available	latest helm chart
docker.io/bitnami/redis:7.2.4-debian-11-r5	🟢	v7.2.4-debian-12-r11	v7.2.4-debian-12-r11	n/a
docker.io/bitnami/thanos:0.34.1-debian-12-r1	🟢	v0.34.1	v0.34.1	v0.34.1
docker.io/grafana/grafana:10.3.3	🟢	v10.4.1	v10.4.1	58.0.0
ministryofjustice/prometheus-ecr-exporter:0.2.0	🟢	managed by us	n/a	0.4.0
prom/cloudwatch-exporter:v0.15.1	🟢	v0.15.5	v0.15.5	0.25.3
quay.io/kiwigrid/k8s-sidecar:1.25.2	🟠	v1.26.1	v1.26.1	58.0.0
quay.io/oauth2-proxy/oauth2-proxy:v7.6.0	🟢	v7.6.0	v7.6.0	7.4.1
quay.io/prometheus-operator/prometheus-config-reloader:v0.71.2	🟠	v0.73.0	v0.73.0	58.0.0
quay.io/prometheus-operator/prometheus-operator:v0.71.2	🟠	v0.73.0	v0.73.0	58.0.0
quay.io/prometheus/alertmanager:v0.27.0	🟢	v0.27.0	v0.27.0	58.0.0
quay.io/prometheus/node-exporter:v1.7.0	🟢	v1.7.0	v1.7.0	58.0.0
quay.io/prometheus/prometheus:v2.50.1	🟢	v2.51.1	v2.51.1	58.0.0
quay.io/thanos/thanos:v0.33.0	🟢	v0.34.1	v0.34.1	58.0.0
registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.10.1	🟢	v2.10.1	2.12.0	58.0.0

overprovision

container image	urgency	latest version for k8s 1.27	latest version available	latest helm chart
registry.k8s.io/cpa/cluster-proportional-autoscaler:1.8.6	🟢	v1.8.9	v1.8.9	1.1.0
registry.k8s.io/pause:3.9	🟢	v3.9	v3.9	registry

tigera-operator

container image	urgency	latest version for k8s 1.27	latest version available	latest helm chart
quay.io/tigera/operator:v1.29.1	🟠	v1.33.0	v1.33.0	3.27.0

trivy-system

container image	urgency	latest version for k8s 1.27	latest version available	latest helm chart
ghcr.io/aquasecurity/trivy-operator:0.16.4	🟢	v0.19.4	v0.19.4	0.21.4
ghcr.io/aquasecurity/trivy:0.47.0	🟢	v0.49.1	v0.50.1	0.21.4

velero

container image	urgency	latest version for k8s 1.27	latest version available	latest helm chart
velero/velero:v1.13.0	🟢	v1.13.1	v1.13.1	6.0.0

This page was last reviewed on 17 April 2024. It needs to be reviewed again on 17 July 2024 by the page owner #cloud-platform .

This page was set to be reviewed before 17 July 2024 by the page owner #cloud-platform. This might mean the content is out of date.