Upgrading an Amazon EKS (Elastic Kubernetes Service) cluster can seem daunting, especially in a production environment. However, with a well-defined strategy and the right tools, the process can be smooth and minimally disruptive. In this post, I'll walk you through the upgrade process from version 1.27 to 1.28 using Terraform, ensuring your EKS cluster remains functional and resilient throughout.
Why Upgrading EKS Matters
EKS clusters need to stay updated to leverage the latest features, security patches, and performance improvements. However, EKS-managed clusters can only be upgraded one minor version at a time, making a systematic approach essential.
The Upgrade Process
If you're managing your EKS cluster configuration with Terraform, it's essential to understand that EKS-managed clusters can only undergo upgrades one minor version at a time. The terraform-aws-eks module is specifically designed to handle upgrades in the correct order when changing the cluster version.
Here's a simplified overview of what we'll cover:
- Upgrading the EKS Cluster Version
- Updating EKS Add-ons
- Upgrading EKS Managed Node Groups
- Upgrade Other Resources (e.g., Karpenter)
Step 1: Upgrading the Control Plane
The control plane is the brain of your Kubernetes cluster, managing all the operations within the cluster. To upgrade:
Update the Control Plane: This is the first step in the upgrade process. The control plane version dictates the compatibility of the cluster's components.
Initiate the Upgrade: Use Terraform to apply the new configuration. This ensures that the control plane updates to the desired version without manual intervention.
module "eks" {
source = "terraform-aws-modules/eks/aws"
version = "~> 20.0"
cluster_name = local.name
cluster_version = "1.27" => "1.28"
cluster_endpoint_public_access = true
cluster_addons = {
coredns = {
most_recent = true
}
kube-proxy = {
most_recent = true
}
vpc-cni = {
most_recent = true
}
}
Step 2: Updating EKS Add-ons
Add-ons in EKS are additional features that enhance your cluster's capabilities, such as DNS management or monitoring tools. These add-ons are tightly coupled with the cluster's version.
Automatic Compatibility: When the control plane is updated, EKS automatically aligns the add-on versions with the new cluster version.
Verify Add-on Versions: Ensure that each add-on is updated and compatible with the new version of the control plane.
Step 3: Upgrading EKS Managed Node Groups
Node groups are the workers in your cluster, running your applications. These groups need to be in sync with the control plane.
Node Group Update Process: After the control plane is updated, node groups are updated to match the new version. This ensures that all nodes run the compatible Kubernetes version.
Minimize Disruption: EKS handles node group updates in a way that minimizes disruption. By default, it limits the number of unavailable nodes during the upgrade to 33%, ensuring that most of your applications remain operational.
Ensuring Minimal Disruption
Our upgrade approach prioritizes minimal disruption, making it suitable for production environments. By systematically updating the control plane, add-ons, and node groups, you ensure that your cluster remains functional and efficient throughout the upgrade process.
Upgrade Other Resources
If you are using additional tools like Karpenter, an open-source cluster autoscaler, you will need to upgrade these as well:
- Verify the compatibility of these resources with the new EKS version.
Conclusion
Upgrading your EKS cluster is paramount to maintaining security, stability, and accessing the latest Kubernetes features. It's imperative to follow the recommended upgrade procedure to seamlessly transition from v1.27 to v1.28 while mitigating disruptions. Before implementing upgrades in production, thorough testing in a staging environment is essential. Leveraging the terraform-aws-eks module can streamline the upgrade process, ensuring efficiency and accuracy. Stay informed about Kubernetes releases and adhere to best practices to uphold the success of your AWS EKS deployment.
Top comments (0)