Upgrade EKS Control Plane¶
This section will walk you through the steps required to upgrade the control plane of an EKS cluster.
What You’ll Need¶
- A configured management environment.
- An existing EKS cluster.
- An existing Rok deployment.
Check Your Environment¶
Before you start upgrading the EKS control plane, follow the next steps to ensure that your environment meets the requirements:
Get the Kubernetes version of your cluster control plane by inspecting the
Server Version
in the following command:root@rok-tools:~# kubectl version --short Client Version: v1.23.17 Server Version: v1.22.15-eks-fb459a0Get the Kubernetes version of your nodes:
root@rok-tools:~# kubectl get nodes -o json | \ > jq -r '.items[].status.nodeInfo.kubeletVersion' v1.22.15-eks-ba74326 v1.22.15-eks-ba74326Verify that the Kubernetes minor version of your nodes found in step 2 is the same as the control plane’s current minor version found in step 1. Otherwise, first update your node group to the control plane’s current version and return to follow this guide.
Note
For example, if your control plane is running version 1.22 and any of your nodes are running a previous version, update your nodes to version 1.22 before updating your control plane’s Kubernetes version to 1.23.
Get the Rok version running in your EKS cluster:
root@rok-tools:~# kubectl get -n rok rokcluster rok -o json | \ > jq -r '.status.version' release-2.0-l0-release-2.0.2Ensure that the version you found matches the latest Rok version
release-2.0-l0-release-2.0.2
. Otherwise, first upgrade your Rok cluster to the latest Rok version and return to follow this guide.Attention
If you use EBS volumes in an existing cluster, install the EBS CSI driver in your cluster before you upgrade your cluster to version 1.23, by following the a-c steps below. Otherwise skip them and continue with the rest of the guide.
- Follow the Create IAM Role for EBS CSI Driver guide.
- Follow the Deploy EBS CSI Driver guide.
- Return to this guide and proceed to the Procedure.
Procedure¶
Ensure that the proper pod security policies are in place. Get the default security policy and ensure that no error appears:
root@rok-tools:~# kubectl get psp eks.privileged NAME PRIV CAPS SELINUX RUNASUSER FSGROUP SUPGROUP READONLYROOTFS VOLUMES eks.privileged true * RunAsAny RunAsAny RunAsAny RunAsAny false *Edit your CoreDNS manifest and remove the line comprising only of the word
upstream
. Leave it as it is, if there is no such line:root@rok-tools:~# kubectl edit configmap coredns -n kube-system -o yamlFor example, the following CoreDNS manifest contains a line only with the word
upstream
that you should remove:apiVersion: v1 data: Corefile: | .:53 { errors health kubernetes cluster.local in-addr.arpa ip6.arpa { pods insecure upstream # <-- Remove this line fallthrough in-addr.arpa ip6.arpa } prometheus :9153 forward . /etc/resolv.conf cache 30 loop reload loadbalance } kind: ConfigMap ...Open your browser, and go to the Amazon EKS console at https://console.aws.amazon.com/eks/home#/clusters.
Find your cluster in the list and select the Update now button next to the Kubernetes version in the Kubernetes version column.
Update the control plane of your EKS cluster to the new Kubernetes version by clicking on Update.
Note
You can update only one minor version at a time. Therefore, if you want to update to 1.23 and your current version is two versions behind, then you must first update your cluster to 1.22 and then update it from 1.22 to 1.23.
Your update is complete when your cluster status appears as Active. The update may take quite some time.
Verify¶
Ensure that your cluster is active:
root@rok-tools:~# aws eks describe-cluster --name ${EKS_CLUSTER?} \ > --query cluster.status --output text ACTIVEGet the Kubernetes version of your cluster control plane by inspecting the
Server Version
in the following command and ensure that it matches the new Kubernetes version. Choose one of the following options, based on the upgrade you’ve made:root@rok-tools:~# kubectl version --short Client Version: v1.23.17 Server Version: v1.23.13-eks-fb459a0root@rok-tools:~# kubectl version --short Client Version: v1.23.17 Server Version: v1.22.15-eks-fb459a0