Upgrade EKS Control Plane

This section will walk you through the steps required to upgrade the control plane of an EKS cluster.

What You’ll Need

Check Your Environment

Before you start upgrading the EKS control plane, follow the next steps to ensure that your environment meets the requirements:

  1. Get the Kubernetes version of your cluster control plane by inspecting the Server Version in the following command:

    root@rok-tools:~# kubectl version --short Client Version: v1.23.17 Server Version: v1.22.15-eks-fb459a0
  2. Get the Kubernetes version of your nodes:

    root@rok-tools:~# kubectl get nodes -o json | \ > jq -r '.items[].status.nodeInfo.kubeletVersion' v1.22.15-eks-ba74326 v1.22.15-eks-ba74326
  3. Verify that the Kubernetes minor version of your nodes found in step 2 is the same as the control plane’s current minor version found in step 1. Otherwise, first update your node group to the control plane’s current version and return to follow this guide.

    Note

    For example, if your control plane is running version 1.22 and any of your nodes are running a previous version, update your nodes to version 1.22 before updating your control plane’s Kubernetes version to 1.23.

  4. Get the Rok version running in your EKS cluster:

    root@rok-tools:~# kubectl get -n rok rokcluster rok -o json | \ > jq -r '.status.version' release-2.0-l0-release-2.0.2
  5. Ensure that the version you found matches the latest Rok version release-2.0-l0-release-2.0.2. Otherwise, first upgrade your Rok cluster to the latest Rok version and return to follow this guide.

Procedure

  1. Ensure that the proper pod security policies are in place. Get the default security policy and ensure that no error appears:

    root@rok-tools:~# kubectl get psp eks.privileged NAME PRIV CAPS SELINUX RUNASUSER FSGROUP SUPGROUP READONLYROOTFS VOLUMES eks.privileged true * RunAsAny RunAsAny RunAsAny RunAsAny false *
  2. Edit your CoreDNS manifest and remove the line comprising only of the word upstream. Leave it as it is, if there is no such line:

    root@rok-tools:~# kubectl edit configmap coredns -n kube-system -o yaml

    For example, the following CoreDNS manifest contains a line only with the word upstream that you should remove:

    apiVersion: v1 data: Corefile: | .:53 { errors health kubernetes cluster.local in-addr.arpa ip6.arpa { pods insecure upstream # <-- Remove this line fallthrough in-addr.arpa ip6.arpa } prometheus :9153 forward . /etc/resolv.conf cache 30 loop reload loadbalance } kind: ConfigMap ...
  3. Open your browser, and go to the Amazon EKS console at https://console.aws.amazon.com/eks/home#/clusters.

  4. Find your cluster in the list and select the Update now button next to the Kubernetes version in the Kubernetes version column.

    ../../../_images/upgrade-all-clusters.png
  5. Update the control plane of your EKS cluster to the new Kubernetes version by clicking on Update.

    ../../../_images/upgrade-cluster.png

    Note

    You can update only one minor version at a time. Therefore, if you want to update to 1.23 and your current version is two versions behind, then you must first update your cluster to 1.22 and then update it from 1.22 to 1.23.

  6. Your update is complete when your cluster status appears as Active. The update may take quite some time.

    ../../../_images/cluster-active.png

Verify

  1. Ensure that your cluster is active:

    root@rok-tools:~# aws eks describe-cluster --name ${EKS_CLUSTER?} \ > --query cluster.status --output text ACTIVE
  2. Get the Kubernetes version of your cluster control plane by inspecting the Server Version in the following command and ensure that it matches the new Kubernetes version. Choose one of the following options, based on the upgrade you’ve made:

    root@rok-tools:~# kubectl version --short Client Version: v1.23.17 Server Version: v1.23.13-eks-fb459a0
    root@rok-tools:~# kubectl version --short Client Version: v1.23.17 Server Version: v1.22.15-eks-fb459a0

Summary

You have successfully upgraded the control plane of your EKS cluster.

What’s Next

The next step is to upgrade the node group of your EKS cluster.