Skip to content

Request: Update EKS Multus CNI build to upstream v4.2.4 #3601

Open
Open
Request: Update EKS Multus CNI build to upstream v4.2.4#3601
Labels
enhancementfeature request
@haofeif

Description

@haofeif
haofeif
opened on Feb 24, 2026

Summary

The latest EKS-published Multus CNI image is v4.1.4-eksbuild.3, while upstream k8snetworkplumbingwg/multus-cni is at v4.2.4 (released via v4.2.0 → v4.2.4). Requesting an updated EKS build to align with the latest upstream release.

Current State

  • Latest EKS Multus build: v4.1.4-eksbuild.3 (from config/multus/v4.1.4-eksbuild.3/)
  • Latest upstream Multus: v4.2.4
  • Image: 602401143452.dkr.ecr.*.amazonaws.com/eks/multus-cni:v4.1.4-eksbuild.3_thick

Motivation

  1. Security vulnerabilities — The v4.1.4 base image contains OS-level CVEs flagged by Amazon Inspector and AWS Security Hub. Customers running security scanning tools are reporting findings against eks/multus-cni:v3.7.2-eksbuild.1 (still shipped in older AMIs) and v4.1.4-eksbuild.3.

  2. Upstream fixes since v4.1.4 — The v4.2.x releases include:

    • QUIC protocol support
    • Reliability and compatibility improvements
    • Bug fixes for network attachment handling
    • Updated dependencies and Go version

  3. Customer impact — EKS customers relying on the AWS-published Multus image cannot upgrade beyond v4.1.4 without switching to the upstream image, which is not AWS-supported.

Requested Action

Publish a new EKS Multus build based on upstream v4.2.4 (or latest stable) to:

  • 602401143452.dkr.ecr.*.amazonaws.com/eks/multus-cni
  • config/multus/ manifest in this repository

Environment

  • EKS version: 1.35
  • Current Multus: v4.1.4-eksbuild.3_thick

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementfeature request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions