Skip to main content

Container Images used by Cluster Components

This runbook contains the list of container images used by the Cloud Platform components.

How to update this runbook

Check current components images versions

To grab the current image versions for all containers within components namespace pods, you can run the following command:

kubectl get pods -n [NAMESPACE] -o jsonpath='{range .items[*]}{"\n"}{.metadata.name}{":\t"}{range .spec.containers[*]}{.image}{", "}{end}{end}' | sort

Latest version for k8s 1.29

The latest versions of some of the components might not be compatible with k8s 1.29. For this, click the link to check the Compatibility Matrix

Latest version available

That’s the latest version available in the public repository. Update the version when there is a new release. You can find the latest version by clicking on the link or by checking the reports page

Urgency

This depends on several factors, some of them are: - the kubernetes version has been updated and the version currently used or no longer supported - the component is not working as expected and the latest version might fix the issue - the component is 1 major version behind and more than 3 minor versions behind

๐ŸŸข - low, OK to leave for now

๐ŸŸ  - medium, within the next 2 sprints/4 weeks

๐Ÿ”ด - urgent, within this sprint

calico-apiserver

container image urgency latest version for k8s 1.29 latest version available latest helm chart
docker.io/calico/apiserver:v3.28.1 ๐ŸŸ  v3.29.0 v3.29.0 v1.36.1

calico-system

container image urgency latest version for k8s 1.29 latest version available latest helm chart
docker.io/calico/csi:v3.28.1 ๐ŸŸ  v3.29.0 v3.29.0 v1.36.1
docker.io/calico/kube-controllers:v3.28.1 ๐ŸŸ  v3.29.0 v3.29.0 v1.36.1
docker.io/calico/node-driver-registrar:v3.28.1 ๐ŸŸ  v3.29.0 v3.29.0 v1.36.1
docker.io/calico/node:v3.28.1 ๐ŸŸ  v3.29.0 v3.29.0 v1.36.1
docker.io/calico/typha:v3.28.1 ๐ŸŸ  v3.29.0 v3.29.0 v1.36.1

cert-manager

container image urgency latest version for k8s 1.29 latest version available latest helm chart
quay.io/jetstack/cert-manager-cainjector:v1.13.1 ๐ŸŸ  v1.16.0 v1.16.1 v1.16.1
quay.io/jetstack/cert-manager-controller:v1.13.1 ๐ŸŸ  v1.16.0 v1.16.1 v1.16.1
quay.io/jetstack/cert-manager-webhook:v1.13.1 ๐ŸŸ  v1.16.0 v1.16.1 v1.16.1

concourse

container image urgency latest version for k8s 1.29 latest version available latest helm chart
concourse/concourse:7.10.0 ๐ŸŸข v7.12.0 v7.12.0 v17.3.1

external-secrets-operator

container image urgency latest version for k8s 1.29 latest version available latest helm chart
ghcr.io/external-secrets/external-secrets:v0.8.1 ๐ŸŸข v0.10.5 v0.10.15 v0.10.5

gatekeeper-system

| container image | urgency | latest version for k8s 1.29 | latest version available | latest helm chart | |-|-|-|-|-r | openpolicyagent/gatekeeper:v3.15.1: | ๐ŸŸ  | v3.17.1 | v3.17.1 | v3.17.1 |

ingress-controllers

container image urgency latest version for k8s 1.29 latest version available latest helm chart
debian:bookworm-slim::bookworm-20241016-slim ๐ŸŸข latest n/a
fluent/fluent-bit:3.0.2-amd64 ๐ŸŸข v3.1.10 v3.1.10 n/a
ministryofjustice/cloud-platform-custom-error-pages:1.1.5 ๐ŸŸข managed by us managed by us n/a
registry.k8s.io/ingress-nginx/controller:v1.10.1 ๐ŸŸข v1.11.3 v1.11.3 v4.11.3

kube-system

container image urgency latest version for k8s 1.29 latest version available latest helm chart
602401143452.dkr.ecr.eu-west-2.amazonaws.com/amazon-k8s-cni:v1.19.0-eksbuild.1 ๐ŸŸข v1.19.0-eksbuild.1 v1.19.0-eksbuild.1 n/a
602401143452.dkr.ecr.eu-west-2.amazonaws.com/amazon/aws-network-policy-agent:v1.1.2 ๐ŸŸข v1.1.4 v1.1.4 n/a
602401143452.dkr.ecr.eu-west-2.amazonaws.com/eks/coredns:v1.11.3-eksbuild.2 ๐ŸŸข v1.11.3-eksbuild.2 v1.11.3-eksbuild.9 n/a
602401143452.dkr.ecr.eu-west-2.amazonaws.com/eks/kube-proxy:v1.29.10-eksbuild.3 ๐ŸŸข v1.29.10-eksbuild.3 v1.31.1-minimal-eksbuild.2 n/a
docker.io/bitnami/external-dns:0.13.4-debian-11-r14 ๐ŸŸ  v0.15.x v0.15.x v0.15.x
registry.k8s.io/autoscaling/cluster-autoscaler:v1.28.5 ๐ŸŸข v1.29.4 v1.31.0 9.38.0
registry.k8s.io/descheduler/descheduler:v0.27.1 ๐ŸŸ  v0.29.x v0.29.0 0.31.0
registry.k8s.io/metrics-server/metrics-server:v0.7.1 ๐ŸŸข v0.7.2 v0.7.2 3.12.2

included with the ebs-cbs-driver in kube-system

container image urgency latest version for k8s 1.29 latest version available latest helm chart
public.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver:v1.29.1 ๐ŸŸ  v1.37.0 v1.37.0 2.37.0
public.ecr.aws/eks-distro/kubernetes-csi/external-attacher:v4.5.0-eks-1-29-7 ๐ŸŸ  v4.7.0 v1.37.0 2.37.0
public.ecr.aws/eks-distro/kubernetes-csi/external-provisioner:v4.0.0-eks-1-29-7 ๐ŸŸ  v5.1.0 v1.37.0 2.37.0
public.ecr.aws/eks-distro/kubernetes-csi/external-resizer:v1.10.0-eks-1-29-7 ๐ŸŸ  v1.12.0 v1.37.0 2.37.0
public.ecr.aws/eks-distro/kubernetes-csi/livenessprobe:v2.12.0-eks-1-29-7 ๐ŸŸ  v2.14.0 v1.37.0 2.37.0
public.ecr.aws/eks-distro/kubernetes-csi/node-driver-registrar:v2.10.0-eks-1-29-7 ๐ŸŸ  v2.12.0 v1.37.0 2.37.0

kuberhealthy

container image urgency latest version for k8s 1.29 latest version available latest helm chart
754256621582.dkr.ecr.eu-west-2.amazonaws.com/webops/cloud-platform-kuberhealthy-checks:1.9 ๐ŸŸข managed by us 1.9 n/a
docker.io/kuberhealthy/daemonset-check:v3.3.0 ๐ŸŸข v3.3.0 v2.7.1 104
docker.io/kuberhealthy/deployment-check:v1.9.0 ๐ŸŸข v1.9.1 v2.7.1 104
docker.io/kuberhealthy/dns-resolution-check:v1.5.0 ๐ŸŸข v1.5.0 v2.7.1 104
docker.io/kuberhealthy/kuberhealthy:v2.8.0-rc2 [pre-release] ๐ŸŸข v2.7.1 v2.7.1 104

kuberos

container image urgency latest version for k8s 1.29 latest version available latest helm chart
ministryofjustice/cloud-platform-kuberos:2.7.0 ๐ŸŸข managed by us 0.4.0 0.4.0

logging

container image urgency latest version for k8s 1.29 latest version available latest helm chart
fluent/fluent-bit:2.2.1 ๐Ÿ”ด v3.1.10 v3.1.10 0.47.11

monitoring

container image urgency latest version for k8s 1.29 latest version available latest helm chart
docker.io/bitnami/redis:7.2.4-debian-11-r5 ๐ŸŸข 7.4.1-debian-12-r2 v7.4.1-debian-12-r2 n/a
docker.io/bitnami/thanos:0.34.1-debian-12-r1 ๐ŸŸ  v0.36.1 v0.36.1 v0.36.1
docker.io/grafana/grafana:10.4.0 ๐ŸŸ  v11.3.0+security-01 v11.3.0+security-01 66.1.1
ministryofjustice/prometheus-ecr-exporter:0.2.0 ๐ŸŸข managed by us n/a 0.4.0
ghcr.io/nerdswords/yet-another-cloudwatch-exporter:v0.61.2 ๐ŸŸข v0.61.2 v0.61.2 0.38.0
quay.io/kiwigrid/k8s-sidecar:1.26.1 ๐ŸŸ  v1.28.0 v1.28.0 66.1.1
quay.io/oauth2-proxy/oauth2-proxy:v7.6.0 ๐ŸŸ  v7.7.1 v7.7.1 7.7.29
quay.io/prometheus-operator/prometheus-config-reloader:v0.72.0 ๐Ÿ”ด v0.78.1 v0.78.1 66.1.1
quay.io/prometheus-operator/prometheus-operator:v0.72.0 ๐Ÿ”ด v0.78.1 v0.78.1 66.1.1
quay.io/prometheus/alertmanager:v0.27.0 ๐ŸŸข v0.27.0 v0.27.0 60.4.0
quay.io/prometheus/node-exporter:v1.7.0 ๐ŸŸข v1.7.0 v1.8.2 60.4.0
quay.io/prometheus/prometheus:v2.51.0 ๐ŸŸข v3.0.0 v3.0.0 66.1.1
quay.io/thanos/thanos:v0.33.0 ๐Ÿ”ด v0.36.0 v0.36.0 60.4.0
registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.11.0 ๐ŸŸ  v2.13.0 2.13.0 66.1.1

overprovision

container image urgency latest version for k8s 1.29 latest version available latest helm chart
registry.k8s.io/cpa/cluster-proportional-autoscaler:1.8.6 ๐ŸŸข v1.8.9 v1.8.9 1.1.0
registry.k8s.io/pause:3.9 ๐ŸŸข v3.9 v3.9 registry

tigera-operator

container image urgency latest version for k8s 1.29 latest version available latest helm chart
quay.io/tigera/operator:v1.30.0 ๐Ÿ”ด v1.36.1 v1.36.1 3.28.0

trivy-system

container image urgency latest version for k8s 1.29 latest version available latest helm chart
ghcr.io/aquasecurity/trivy-operator:0.16.4 ๐Ÿ”ด v0.22.0 v0.22.0 0.22.0
ghcr.io/aquasecurity/trivy:0.47.0 ๐Ÿ”ด v0.57.0 v0.57.0 0.24.1

velero

container image urgency latest version for k8s 1.29 latest version available latest helm chart
velero/velero:v1.13.0 ๐Ÿ”ด v1.15.0 v1.15.0 8.0.0
This page was last reviewed on 14 November 2024. It needs to be reviewed again on 14 February 2025 by the page owner #cloud-platform .
This page was set to be reviewed before 14 February 2025 by the page owner #cloud-platform. This might mean the content is out of date.