Upgraded cluster add-ons

The following updates have been rolled out to all clusters. As usual there are also improvements across various other add-ons, ensuring enhanced performance and security:

• alloy v1.14.0 (chart v1.6.2)
• amazon-eks-ami v20260304
• aws-load-balancer-controller v3.1.0
  • NLB Gateways now support passthrough, termination, and re-encryption TLS modes
  • Fixed a critical bug that incorrectly removed regex-based listener rules
• aws-mountpoint-s3-csi-driver v2.4.0-eksbuild.1
• aws-vpc-cni v1.21.1-eksbuild.5
• cert-manager v1.20.0
  • Azure Private DNS zone support for DNS-01 challenges
  • OtherNames feature promoted to beta (now enabled by default)
  • Security fix for DNS caching vulnerability that could cause controller panics
• eks-node-monitoring-agent v1.6.1-eksbuild.1
• fluent-bit v4.2.3 (chart v0.56.0)
• flux v2.8.3
  • Helm v4 support with server-side apply and kstatus-based health checking
  • New CancelHealthCheckOnNewRevision feature gate reduces mean time to recovery
  • Inventory tracking in .status.inventory for HelmRelease resources
  • Cosign v3 support for verifying OCI artifacts and container images
  • Breaking: Deprecated Flux APIs v1beta2 and v2beta2 have been removed
• kube-prometheus-stack v82.10.3
• kube-proxy v1.34.5-eksbuild.2
• ingress-nginx v1.14.5 (chart v4.14.5)
  • Security fix for CVE-2026-4342
• grafana-loki v3.6.7 (chart v6.55.0)
• secrets-store-csi-driver v1.5.6
• secrets-store-csi-driver-provider-aws v2.2.2
• tailscale v1.94.2
• grafana-tempo v2.10.1 (chart v2.0.0)
• traefik v3.6.10 (chart v39.0.5)
  • Security fixes for CVE-2026-29777 and CVE-2026-27141
• velero v1.17.1 (chart v11.4.0)