Upgrading an Amazon EKS (Elastic Kubernetes Service) cluster can seem daunting, especially in a production environment. However, with a well-defined strategy and the right tools, the process can be smooth and minimally disruptive. In this post, I’ll walk you through the upgrade process from version 1.27 to 1.28 using Terraform, ensuring your EKS cluster remains functional and resilient throughout.
Why Upgrading EKS Matters
EKS clusters need to stay updated to leverage the latest features, security patches, and performance improvements. However, EKS-managed clusters can only be upgraded one minor version at a time, making a systematic approach essential.
The Upgrade Process
The terraform-aws-eks module simplifies the upgrade process. This module ensures that components are upgraded in the correct sequence, preventing issues related to version compatibility.
Here’s a simplified overview of what we’ll cover:
Upgrading the EKS Cluster Version
Updating EKS Add-ons
Upgrading EKS Managed Node Groups
Upgrade Other Resources (e.g., Karpenter)
Step 1: Upgrading the Control Plane
The control plane is the brain of your Kubernetes cluster, managing all the operations within the cluster. To upgrade:
Update the Control Plane: This is the first step in the upgrade process. The control plane version dictates the compatibility of the cluster’s components.
Initiate the Upgrade: Use Terraform to apply the new configuration. This ensures that the control plane updates to the desired version without manual intervention.
source = “terraform-aws-modules/eks/aws”
version = “~> 20.0”
cluster_name = local.name
cluster_version = “1.27” => “1.28”
cluster_endpoint_public_access = true
cluster_addons = {
coredns = {
most_recent = true
}
kube-proxy = {
most_recent = true
}
vpc-cni = {
most_recent = true
}
}
Step 2: Updating EKS Add-ons
Add-ons in EKS are additional features that enhance your cluster’s capabilities, such as DNS management or monitoring tools. These add-ons are tightly coupled with the cluster’s version.
Automatic Compatibility: When the control plane is updated, EKS automatically aligns the add-on versions with the new cluster version.
Verify Add-on Versions: Ensure that each add-on is updated and compatible with the new version of the control plane.
Step 3: Upgrading EKS Managed Node Groups
Node groups are the workers in your cluster, running your applications. These groups need to be in sync with the control plane.
Node Group Update Process: After the control plane is updated, node groups are updated to match the new version. This ensures that all nodes run the compatible Kubernetes version.
Minimize Disruption: EKS handles node group updates in a way that minimizes disruption. By default, it limits the number of unavailable nodes during the upgrade to 33%, ensuring that most of your applications remain operational.
Ensuring Minimal Disruption
Our upgrade approach prioritizes minimal disruption, making it suitable for production environments. By systematically updating the control plane, add-ons, and node groups, you ensure that your cluster remains functional and efficient throughout the upgrade process.
Upgrade Other Resources
If you are using additional tools like Karpenter, an open-source cluster autoscaler, you will need to upgrade these as well:
Verify the compatibility of these resources with the new EKS version.
Conclusion
Upgrading an EKS cluster is a critical task that, when done correctly, keeps your Kubernetes environment secure and up-to-date. By following this guide, you can ensure a smooth transition to new versions, leveraging Terraform to automate and manage the process effectively. Keep your clusters running optimally with minimal downtime, and continue to deliver high-quality services to your users.
