FAQs: Amazon Linux 2023 with Amazon EKS

Q: Can I use Docker as a container runtime with an Amazon EKS optimized AL2023 AMI?

Amazon EKS doesn't support Docker as a container runtime in AL2023 for any supported Amazon EKS versions. AWS removed this support with Amazon EKS version 1.24 or later in Amazon Linux 2 (AL2).

Q: Are there major changes that I must consider when I use AL2023 to bootstrap a node?

AL2023 uses a new node initialization process, called nodeadm, that uses a YAML configuration schema. For more information, see nodeadm on the GitHub website.

You must explicitly provide additional cluster details when you do either of the following actions:

• Create a self-managed node group.
• Specify an AMI in your launch template to create a managed node group.

To bootstrap the node in a self-managed node group, include at least the apiServerEndpoint, certificateAuthority, and cidr required parameters. In AL2, Amazon EKS uses the DescribeCluster API call to get these parameters. In AL2023, the API call can throttle during large node scale ups. To avoid excessive DescribeCluster API calls, you must include these parameters. For more information, see How do I use custom user data with AL2023 Amazon EKS nodes?

Q: Are there changes that I must consider for Amazon EKS add-ons when I use AL2023?

Make sure that you have the Amazon VPC CNI add-on version 1.16.2 or later. For more information, see amazon-vpc-cni-k8s on the GitHub website.

Q: Are there changes that I must consider for service accounts when I use AL2023?

AL2023 requires Instance Metadata Service Version 2 (IMDSv2). For IMDSv2, the default hop count for managed node groups is set to 1. So, the containers can't use IMDS to access the node's credentials. If your container must access the node's credentials, then manually override HttpPutResponseHopLimit in the custom launch template and increase it to 2. Or, you can use Amazon EKS Pod Identity to provide the credentials.

Q: Are there changes that I must consider for third-party add-ons when I use AL2023?

Some third-party add-ons, such as node termination handler, might use the underlying node metadata. In AL2023, the default hop count for managed node groups is set to 1, so the add-ons can't access the node's metadata. To resolve this issue, increase the hop limit of the instance to 2.

Q: What AMI do I use for accelerated workloads on Amazon EKS?

The existing Amazon EKS-optimized AL2 GPU AMI (AL2_x86_64_GPU) provides support for both AWS Neuron devices and NVIDIA GPUs in the same AMI. Starting with the accelerated AL2023 AMIs, you can choose the following discrete AMI variants:

• AL2023_x86_64_NEURON
• AL2023_ARM_64_NVIDIA

Each variant is optimized for its associated accelerated devices. For more information, see Amazon EKS optimized Amazon Linux 2023 accelerated AMIs now available.

Q: Where can I find the latest official documentation on how to use Amazon Linux 2023 with Amazon EKS?

For the most up-to-date information, including new features, known issues, and detailed configuration guidance, see Upgrade from Amazon Linux 2 to Amazon Linux 2023. It's a best practice to check this documentation regularly, especially before you perform a migration or upgrade.