Upgrade EKS Control Plane

This section will walk you through the steps required to upgrade the control plane of an EKS cluster.

What You'll need

Check Your Environment

Before you start upgrading the EKS control plane, follow the next steps to ensure that your environment meets the requirements:

  1. Get the Kubernetes version of your cluster control plane by inspecting the Server Version in the following command:

    root@rok-tools:~# kubectl version --short
    Client Version: v1.18.19
    Server Version: v1.18.19-eks-8df270
    
  2. Get the Kubernetes version of your nodes:

    root@rok-tools:~# kubectl get nodes -o json | \
    > jq -r '.items[].status.nodeInfo.kubeletVersion'
    v1.18.20-eks-8c579e
    v1.18.20-eks-8c579e
    
  3. Verify that the Kubernetes minor version of your nodes found in step 2 is the same as the control plane's current minor version found in step 1. Otherwise, first update your node group to the control plane's current version and return to follow this guide.

    Note

    For example, if your control plane is running version 1.20 and any of your nodes are running version 1.19, update your nodes to version 1.20 before updating your control plane's Kubernetes version to 1.21.

  4. Get the Rok version running in your EKS cluster:

    root@rok-tools:~# kubectl get -n rok rokcluster rok -o json | \
    > jq -r '.status.version'
    release-1.4-l0-release-1.4-rc8
    
  5. Ensure that the version you found matches the latest Rok version release-1.4-l0-release-1.4-rc8. Otherwise, first upgrade your Rok cluster to the latest Rok version and return to follow this guide.

Procedure

  1. Ensure that the proper pod security policies are in place. Get the default security policy and ensure that no error appears:

    root@rok-tools:~# kubectl get psp eks.privileged
    NAME             PRIV   CAPS   SELINUX    RUNASUSER   FSGROUP    SUPGROUP   READONLYROOTFS   VOLUMES
    eks.privileged   true   *      RunAsAny   RunAsAny    RunAsAny   RunAsAny   false            *
    
  2. Edit your CoreDNS manifest and remove the line comprising only of the word upstream. Leave it as it is, if there is no such line:

    root@rok-tools:~# kubectl edit configmap coredns -n kube-system -o yaml
    

    For example, the following CoreDNS manifest contains a line only with the word upstream that you should remove:

    apiVersion: v1
    data:
      Corefile: |
        .:53 {
            errors
            health
            kubernetes cluster.local in-addr.arpa ip6.arpa {
              pods insecure
              upstream                                # <-- Remove this line
              fallthrough in-addr.arpa ip6.arpa
            }
            prometheus :9153
            forward . /etc/resolv.conf
            cache 30
            loop
            reload
            loadbalance
        }
    kind: ConfigMap
    ...
    
  3. Open your browser, and go to the Amazon EKS console at https://console.aws.amazon.com/eks/home#/clusters.

  4. Find your cluster in the list and select the Update now button next to the Kubernetes version in the Kubernetes version column.

    ../../../_images/clusters-all-upgrade.png
  5. Update the control plane of your EKS cluster to the new Kubernetes version by clicking on Update.

    ../../../_images/cluster-upgrade.png

    Note

    You can update only one minor version at a time. Therefore, if your current version is 1.19 and you want to update to 1.21, then you must first update your cluster to 1.20 and then update it from 1.20 to 1.21.

  6. Your update is complete when your cluster status appears as Active. The update may take quite some time.

    ../../../_images/cluster-active.png

Verify

  1. Ensure that your cluster is active:

    root@rok-tools:~# aws eks describe-cluster --name ${EKS_CLUSTER?} \
    > --query cluster.status --output text
    ACTIVE
    
  2. Get the Kubernetes version of your cluster control plane by inspecting the Server Version in the following command and ensure that it matches the new Kubernetes version:

    root@rok-tools:~# kubectl version --short
    Client Version: v1.18.19
    Server Version: v1.19.13-eks-8df270
    

Summary

You have successfully upgraded the control plane of your EKS cluster.

What's Next

The next step is to upgrade the node group of your EKS cluster.