Upgrade EKS Control Plane¶
This section will walk you through the steps required to upgrade the control plane of an EKS cluster.
What You’ll need¶
- A configured management environment.
- An existing EKS cluster.
- An existing Rok deployment.
Check Your Environment¶
Before you start upgrading the EKS control plane, follow the next steps to ensure that your environment meets the requirements:
Get the Kubernetes version of your cluster control plane by inspecting the
Server Version
in the following command:root@rok-tools:~# kubectl version --short Client Version: v1.20.15 Server Version: v1.20.11-eks-f17b81Get the Kubernetes version of your nodes:
root@rok-tools:~# kubectl get nodes -o json | \ > jq -r '.items[].status.nodeInfo.kubeletVersion' v1.20.11-eks-f17b81 v1.20.11-eks-f17b81Verify that the Kubernetes minor version of your nodes found in step 2 is the same as the control plane’s current minor version found in step 1. Otherwise, first update your node group to the control plane’s current version and return to follow this guide.
Note
For example, if your control plane is running version 1.20 and any of your nodes are running version 1.19, update your nodes to version 1.20 before updating your control plane’s Kubernetes version to 1.21.
Get the Rok version running in your EKS cluster:
root@rok-tools:~# kubectl get -n rok rokcluster rok -o json | \ > jq -r '.status.version' release-1.5-l0-release-1.5.3Ensure that the version you found matches the latest Rok version
release-1.5-l0-release-1.5.3
. Otherwise, first upgrade your Rok cluster to the latest Rok version and return to follow this guide.
Procedure¶
Ensure that the proper pod security policies are in place. Get the default security policy and ensure that no error appears:
root@rok-tools:~# kubectl get psp eks.privileged NAME PRIV CAPS SELINUX RUNASUSER FSGROUP SUPGROUP READONLYROOTFS VOLUMES eks.privileged true * RunAsAny RunAsAny RunAsAny RunAsAny false *Edit your CoreDNS manifest and remove the line comprising only of the word
upstream
. Leave it as it is, if there is no such line:root@rok-tools:~# kubectl edit configmap coredns -n kube-system -o yamlFor example, the following CoreDNS manifest contains a line only with the word
upstream
that you should remove:apiVersion: v1 data: Corefile: | .:53 { errors health kubernetes cluster.local in-addr.arpa ip6.arpa { pods insecure upstream # <-- Remove this line fallthrough in-addr.arpa ip6.arpa } prometheus :9153 forward . /etc/resolv.conf cache 30 loop reload loadbalance } kind: ConfigMap ...Open your browser, and go to the Amazon EKS console at https://console.aws.amazon.com/eks/home#/clusters.
Find your cluster in the list and select the Update now button next to the Kubernetes version in the Kubernetes version column.
Update the control plane of your EKS cluster to the new Kubernetes version by clicking on Update.
Note
You can update only one minor version at a time. Therefore, if your current version is 1.19 and you want to update to 1.21, then you must first update your cluster to 1.20 and then update it from 1.20 to 1.21.
Your update is complete when your cluster status appears as Active. The update may take quite some time.
Verify¶
Ensure that your cluster is active:
root@rok-tools:~# aws eks describe-cluster --name ${EKS_CLUSTER?} \ > --query cluster.status --output text ACTIVEGet the Kubernetes version of your cluster control plane by inspecting the
Server Version
in the following command and ensure that it matches the new Kubernetes version. Choose one of the following options, based on the upgrade you’ve made:root@rok-tools:~# kubectl version --short Client Version: v1.20.11 Server Version: v1.21.5-eks-bc4871broot@rok-tools:~# kubectl version --short Client Version: v1.20.15 Server Version: v1.20.11-eks-f17b81