Logo of Trend Micro
Use the Conformity Knowledge Base AI to help improve your Cloud Posture

Check for the CoreDNS Add-On Version

Trend Micro Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 750 automated best practice checks.

Risk Level: High (not acceptable risk)

To ensure proper compatibility and functionality, it is crucial to ensure that the version of the CoreDNS add-on matches the Kubernetes version of your Amazon EKS cluster. The CoreDNS add-on, which serves as the DNS server for your cluster, should always be in sync with the Kubernetes version to maintain compatibility and take advantage of the latest features and improvements.

Performance
efficiency
Operational
excellence

CoreDNS is a flexible, extensible DNS server designed to function as the DNS system for Kubernetes clusters. When initializing an Amazon EKS cluster with at least one node, two instances of the CoreDNS image are automatically deployed, regardless of the number of nodes provisioned for the cluster. These CoreDNS pods handle name resolution for all the pods within the EKS cluster. With the CoreDNS add-on for Amazon EKS, you gain access to a robust and Kubernetes-native DNS resolution solution that seamlessly integrates with EKS. This add-on offers configuration flexibility, ensures scalability and performance, and aligns with the broader Kubernetes ecosystem. By leveraging this solution, you can rely on a dependable and efficient DNS resolution mechanism for your applications running on the EKS cluster.

Audit

To determine if the CoreDNS add-on version matches your EKS cluster's Kubernetes version, perform the following actions:

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to Amazon Elastic Kubernetes Service console at https://console.aws.amazon.com/eks/.

03 In the main navigation panel, under Amazon Elastic Kubernetes Service, choose Clusters.

04 Click on the name (link) of the Amazon EKS cluster that you want to examine.

05 In the Cluster info section, check the Kubernetes version used by the selected cluster, listed under Kubernetes version.

06 Select the Add-ons tab and check the CoreDNS add-on version installed for the selected cluster, listed under Version.

07 Based on the configuration information collected at step no. 5 and 6, check this table to determine if the CoreDNS add-on version installed on your cluster matches the cluster's Kubernetes version according to the specified table. If the CoreDNS and Kubernetes versions don't match, the selected Amazon EKS cluster might use an outdated version of the CoreDNS add-on.

08 Repeat steps no. 4 - 7 for each Amazon EKS cluster available within the current AWS region.

09 Change the AWS cloud region from the top navigation bar and repeat the Audit process for other AWS regions.

Using AWS CLI

01 Run list-clusters command (OSX/Linux/UNIX) with custom query filters to list the name of each Amazon EKS cluster available in the selected AWS region: 

aws eks list-clusters
  --region us-east-1
  --output table
  --query 'clusters'

02 The command output should return a table with the requested EKS cluster names: 

---------------------------
|      ListClusters       |
+-------------------------+
| cc-eks-webapp-cluster   |
| cc-eks-project5-cluster |
+-------------------------+

03 Run describe-cluster command (OSX/Linux/UNIX) with custom output filtering to describe the Kubernetes version used by the selected Amazon EKS cluster: 

aws eks describe-cluster 
  --region us-east-1 
  --cluster-name cc-eks-webapp-cluster 
  --query 'cluster.version'

04 The command output should return the Kubernetes version installed: 

"1.27"

05 Run describe-addon command (OSX/Linux/UNIX) with custom query filters to describe the CoreDNS add-on version installed for the selected EKS cluster: 

aws eks describe-addon 
  --region us-east-1
  --cluster-name cc-eks-webapp-cluster 
  --addon-name coredns 
  --output text 
  --query 'addon.addonVersion'

06 The command output should return the CoreDNS add-on version installed: 

v1.9.3-eksbuild.3

Based on the configuration information returned at step no. 4 and 6, check this table to determine if the CoreDNS add-on version installed on your cluster matches the cluster's Kubernetes version according to the specified table. If the CoreDNS and Kubernetes versions don't match, the selected Amazon EKS cluster might use an outdated version of the CoreDNS add-on.

07 Repeat steps no. 3 - 6 for each Amazon EKS cluster available in the selected AWS region.

08 Change the AWS cloud region by updating the --region command parameter value and repeat the Audit process for other AWS regions.

Remediation / Resolution

To ensure that the CoreDNS add-on version matches your Amazon EKS cluster's Kubernetes version, perform the following actions:

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to Amazon Elastic Kubernetes Service console at https://console.aws.amazon.com/eks/.

03 In the main navigation panel, under Amazon Elastic Kubernetes Service, choose Clusters.

04 Click on the name (link) of the Amazon EKS cluster that you want to configure.

05 Choose the Add-ons tab, select the CoreDNS add-on box, and choose Edit.

06 For Version, select the latest version of the CoreDNS add-on, as specified in this table.

07 For Select IAM role, choose Inherit from node.

08 Choose Save changes to apply the changes.

09 Repeat steps no. 4 – 7 for each Amazon EKS cluster provisioned within the current AWS region.

10 Change the AWS cloud region from the top navigation bar and repeat the Remediation process for other AWS regions.

Using AWS CLI

01 Run update-addon command (OSX/Linux/UNIX) to update the CoreDNS add-on installed on the selected EKS cluster to the latest version, as specified in this table: 

aws eks update-addon 
  --region us-east-1 
  --cluster-name cc-eks-webapp-cluster 
  --addon-name coredns 
  --addon-version v1.10.1-eksbuild.2 
  --resolve-conflicts PRESERVE

02 The command output should return the information resulted from the add-on update process: 

{
	"update": {
		"id": "abcd1234-abcd-1234-abcd-1234abcd1234abcd",
		"status": "InProgress",
		"type": "AddonUpdate",
		"params": [
			{
				"type": "AddonVersion",
				"value": "v1.10.1-eksbuild.2"
			},
			{
				"type": "ResolveConflicts",
				"value": "PRESERVE"
			}
		],
		"createdAt": "2023-07-03T17:05:32.443000+00:00",
		"errors": []
	}
}

03 Repeat steps no. 1 and 2 for each Amazon EKS cluster provisioned in the selected AWS region.

04 Change the AWS cloud region by updating the --region command parameter value and repeat the Remediation process for other AWS regions.

References

Publication date Jul 12, 2023

Related EKS rules

Unlock the Remediation Steps

Free 30-day Trial

Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

Confirmity Cloud Platform

No thanks, back to article

You are auditing:

Check for the CoreDNS Add-On Version

Risk Level: High