How do I prevent configuration conflicts when I create or update my Amazon EKS managed add-ons?

5 minute read

I want to prevent configuration conflicts when I create or update my Amazon Elastic Kubernetes Service (Amazon EKS) managed add-ons.

Short description

When you use the AWS Command Line Interface (AWS CLI) to modify Amazon EKS managed add-on configurations, configuration conflicts might occur. If you don't specify how to manage these conflicts, then you receive the following error message:

"Conflicts found when trying to apply. Will not continue due to resolve conflicts mode."

To resolve this issue, take one of the following actions:

Use the Amazon EKS console that automatically manages configuration conflicts to update the configuration.
Use the AWS CLI with the resolve-conflicts OVERWRITE parameter to explicitly override the existing configuration.

Resolution

Note: If you receive errors when you run AWS CLI commands, then see Troubleshooting errors for the AWS CLI. Also, make sure that you're using the most recent AWS CLI version.

Write your configurations to a JSON file

Write your configurations to a JSON file based on the add-on that you use. For information about add-on configuration options, see amazon-vpc-cni-k8s, aws-ebs-csi-driver, and coredns on the GitHub website.

Amazon Virtual Private Cloud (Amazon VPC) CNI add-on:

cat <<EOF > example-json-file
{
    "env": {
        "MINIMUM_IP_TARGET": "example-minimum-ip-target",
        "WARM_ENI_TARGET": "example-warm-eni-target",
        "WARM_IP_TARGET": "example-ip-target"
      }
}
EOF

Note: Replace example-minimum-ip-target with the minimum number of IP addresses that each node must maintain. Also, replace example-warm-eni-target with the number of elastic network interfaces that the add-on must keep available for Pod assignment. Finally, replace example-ip-target with the number of IP addresses that the add-on must keep available for Pod assignment.

Amazon Elastic Block Store (Amazon EBS) CSI driver add-on:

cat <<EOF > example-json-file  
{  
    "node": {  
        "volumeAttachLimit": example-volume-limit  
    }  
}  
EOF

Note: Replace example-volume-limit with the maximum number of volumes that the Amazon EBS CSI driver add-on can attach to a node. This value must be less than or equal to the Amazon Elastic Compute Cloud (Amazon EC2) instance type's volume attachment quota.

CoreDNS:

cat <<EOF > example-json-file  
{  
    "resources": {  
        "limits": {  
            "cpu": "example-cpu-limit",  
            "memory": "example-memory-limit",  
        },  
        "requests": {  
            "cpu": "example-cpu-request",  
            "memory": "example-memory-request"  
        }  
    }  
}  
EOF

Note: Replace example-cpu-limit with the maximum CPU that CoreDNS can use and example-memory-limit with the maximum memory resources that CoreDNS can use. Also, replace example-cpu-request with the minimum CPU that CoreDNS requires to run and example-memory-request with the minimum memory resources that CoreDNS requires to run.

Apply the JSON file to the add-on

Use the Amazon EKS console

Complete the following steps:

Open the Amazon EKS console.
Choose the Add-ons tab.
Select your add-on, and then choose Edit
Choose Optional configuration settings.
For Configuration values, enter the configurations from your JSON file.

Use the AWS CLI

To apply the JSON file when you install the add-on for the first time, run the following create-addon command:

aws eks create-addon --addon-name add-on ---cluster-name example-cluster-name --resolve-conflicts OVERWRITE --configuration-values file://example-json-file

Note: Replace example-cluster-name with the name of your Amazon EKS cluster. Also, replace add-on with vpc-cni for the Amazon VPC CNI add-on, aws-ebs-csi-driver for the Amazon EBS CSI driver add-on, or coredns for the CoreDNS add-on. Finally, replace example-json-file with the name of your JSON configuration file.

To apply the JSON file to an existing add-on, run the following update-addon command:

aws eks update-addon --addon-name add-on ---cluster-name example-cluster-name --resolve-conflicts OVERWRITE --configuration-values file://example-json-file

Test your updates

To confirm that your add-on uses the updated configuration, run the following command based on the add-on that you use.

Amazon VPC CNI and CoreDNS:

kubectl get pods -n kube-system example-aws-node-pod-ID -o jsonpath='{.spec.containers[*].env}'

Note: Replace example-aws-node-pod-ID with your node pod ID or your coreDNS pod ID.

Amazon EBS CSI driver:

kubectl get ds -n kube-system ebs-csi-node -o jsonpath='{.spec.template.spec.containers[*].args}'

Update tolerations

When you need to update node tolerations for your add-ons, you can include them in your configuration file. Like other configuration changes, you can apply these updates using either the Amazon EKS console or the AWS CLI with the resolve-conflicts OVERWRITE parameter.

Create your toleration configuration in YAML format:

cat <<EOF > example-yaml-file
tolerations:
      - effect: example-effect
        key: example-key
        operator: example-operator
        value: example-value
EOF

Note: Replace example-yaml-file with your YAML configuration file name. Also, replace example-effect with NoSchedule, PreferNoSchedule, or NoExecute and example-operator with Equal or Exists. Finally, replace example-key with your node taint key and example-value with your node taint value.

Apply the configuration. Use either of the following options:
- Amazon EKS console: Follow the same steps in the "Use the Amazon EKS console" section.
  -or-
- AWS CLI: Use the create-addon or update-addon command with the --resolve-conflicts OVERWRITE parameter as shown in the "Use the AWS CLI" section.

Related information

Determine fields you can customize for Amazon EKS add-ons

Amazon EKS add-ons: Advanced configuration

Topics: Containers
Tags: Amazon Elastic Kubernetes Service
Language: English

AWS OFFICIALUpdated 5 months ago

No comments

Relevant content

What is the difference between updating eks/eksctl managed addons via eksctl docs vs aws docs?
jyrashi
asked 2 years ago
CloudFormation stack for EKS cluster cannot update AWS::EKS::Addon on adding tags
Accepted Answer
icelava
asked 3 years ago
How to update VPC CNI in EKS while I have ENABLE_POD_ENI and ENABLE_PREFIX_DELEGATION enabled?
Tom Lo
asked 2 years ago
EKS Addon Guardduty agent can not start
Anh
asked 9 months ago
How can I reduce the resource requests/limits for DaemonSets created by the AWS CloudWatch Observability add-on in EKS?
Yogesh
asked 8 months ago
How do I upgrade Amazon EKS add-ons?
AWS OFFICIALUpdated a year ago
FAQs: Amazon EKS add-ons
AWS OFFICIALUpdated 2 years ago
How do I configure ipvs kube-proxy mode in Amazon EKS?
AWS OFFICIALUpdated 2 years ago
How do I update the properties in Amazon EKS managed node groups?
AWS OFFICIALUpdated 6 months ago
Preventing pod and node disruption in Amazon EKS Auto Mode
EXPERT
Olawale Olaleye
published a month ago