How do I upgrade my Amazon EKS cluster and add-ons?

5 minute read

I want to follow best practices to upgrade my Amazon Elastic Kubernetes Service (EKS) cluster and add-ons.

Short description

Before you upgrade your cluster, verify compatibility with the new Kubernetes version. Also, you might need to update the storage drivers and add-ons to work with newer versions.

After you upgrade a Kubernetes version on your Amazon EKS cluster, you can't downgrade to a previous version. Before you upgrade the Kubernetes version, see Understand the Kubernetes version lifecycle on EKS. Confirm that your security group rules allow the required cluster communication for the subnets that you specified when you created your cluster.

Note:

A node's kubelet version can't be later than a Kubernetes version.
When you update your control plane, node groups don't automatically upgrade.
The node kubelet version can't be more than two minor versions earlier than a Kubernetes version. For example, for Kubernetes version is 1.33, the supported kubelet versions are 1.33, 1.32, and 1.31.

A minor version receives standard support in Amazon EKS for 14 months after release. Then, the version moves to extended support for 12 months.

You can use extended support to maintain a specific Kubernetes version for longer, with additional costs for each cluster hour. If you don't upgrade your cluster before the extended support period ends, then AWS automatically upgrades your cluster to the earliest currently supported version.

Extended support is activated by default. To deactivate extended support, see Prevent increased cluster costs by disabling EKS extended support. For release and support dates, see Amazon EKS Kubernetes release calendar.

Resolution

Update the Amazon EKS cluster version

Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshooting errors for the AWS CLI. Also, make sure that you're using the most recent AWS CLI version.

First, check the current Kubernetes version of your cluster control plane and nodes and you current eksctl version.

Run the following command to check the Kubernetes version of your cluster control plane:

kubectl version

Example output:

Client Version: v1.33.2
Kustomize Version: v5.6.0
Server Version: v1.32.5-eks-5d4a308

Run the following command to get the Kubernetes version of your nodes:

kubectl get nodes

Example output:

NAME                            STATUS   ROLES    AGE    VERSION
ip-10-42-177-172.ec2.internal   Ready    <none>   132m   v1.32.3-eks-473151a 
ip-10-42-177-39.ec2.internal    Ready    <none>   142m   v1.32.3-eks-473151a

Run the following command to check your eksctl version:

eksctl version

Note: You must use eksctl version 0.210.0 or later. The upgrade takes several minutes to complete.

Then, use either eksctl, the Amazon EKS console, or the AWS CLI to update your cluster.

Update the node group version

To update a managed node group, see Update a managed node group for your cluster. To update your self-managed node group, you must migrate applications to a new node group.

Update Amazon EKS add-ons

Amazon EKS doesn't automatically upgrade add-ons during a control plane upgrade. Check the compatible versions for your add-ons, and then update them. You can upgrade only one minor version at a time.

To verify whether the add-on version is compatible for the latest version of Kubernetes, run the following command:

eksctl utils describe-addon-versions —kubernetes-version 1.33 —name name-of-addon | grep AddonVersion

Note: Replace name-of-addon with the name of your add-on and 1.33 with the latest version of Kubernetes.

Verify that your current version shows in the output.

Example output:

"AddonVersions": [
                    "AddonVersion": "v1.12.1-eksbuild.2",
                    "AddonVersion": "v1.11.4-eksbuild.14",
                    "AddonVersion": "v1.11.4-eksbuild.10",
                    "AddonVersion": "v1.11.4-eksbuild.2",
                    "AddonVersion": "v1.11.3-eksbuild.3",
                    "AddonVersion": "v1.11.3-eksbuild.2",

You might need to update the following Amazon EKS add-ons:

Amazon Virtual Private Cloud Container Network Interface (Amazon VPC CNI) for Pod networking
CoreDNS for DNS resolution
kube-proxy to route your network
Amazon Elastic Block Store (Amazon EBS) and Amazon Elastic File System (Amazon EFS) Container Storage Interface (CSI) drivers for persistent storage

For more information, see AWS add-ons.

Amazon VPC CNI plugin

Check compatible Amazon VPC CNI versions for your cluster.

Then, choose one of the following options to update the add-on:

To migrate from self-managed to Amazon EKS managed add-on, see Create the Amazon VPC CNI plugin (Amazon EKS add-on).
If you have an existing Amazon EKS managed add-on, then see Update the Amazon VPC CNI plugin (Amazon EKS add-on).
To update a self-managed add-on, see Update the Amazon VPC CNI (self-managed add-on).
To configure AWS Identity and Access Management roles for service accounts (IRSA), then see Configure Amazon VPC CNI plugin to use IRSA.

kube-proxy

Check compatible kube-proxy versions for your cluster.

Then, choose one of the following options to update the add-on:

If you have an Amazon EKS managed add-on, then see Update an Amazon EKS add-on.
If you have a self-managed add-on, then see Update the Kubernetes kube-proxy self-managed add-on.

CoreDNS

Check compatible CoreDNS versions for your cluster.

Then, choose one of the following options to update the add-on:

To migrate from self-managed to Amazon EKS managed add-on, see Create the CoreDNS Amazon EKS add-on.
If you have an Amazon EKS managed add-on, then see Update the CoreDNS Amazon EKS add-on.
If you have a self-managed add-on, then see Update the CoreDNS self-managed add-on.

Amazon EBS and Amazon EFS CSI drivers

To update an Amazon EBS CSI driver or Amazon EFS CSI driver, see Update an Amazon EKS add-on.

Update AWS Load Balancer Controller

For Kubernetes version compatibility with AWS Load Balancer Controller, see Supported Kubernetes versions on the GitHub website. AWS Load Balancer Controller version 2.5.0 or later requires Kubernetes version 1.22 or later. For more information, see the aws-load-balancer-controller releases on the GitHub website. To install AWS Load Balancer Controller, see Install the controller.

Topics: Containers
Tags: Amazon Elastic Kubernetes Service
Language: English

AWS OFFICIALUpdated 10 days ago

No comments

Relevant content

Which EKS Cluster Upgrade Methods should I use?
Valmir Barros
asked 7 months ago
Node Group Upgrade Issue After AWS EKS Cluster Upgrade to v1.30
Naveen
asked 9 months ago
EKS cluster upgrade from 1.28 to 1.29
rePost-User-8112070
asked 2 years ago
Will EKS cluster running on v1.20 get auto upgraded from AWS end - Non Managed Cluster
at_sabya
asked 2 years ago
EKS v1.32 has error in Upgrade insights
Gigitsu
asked 9 months ago
How do I plan an upgrade for my Amazon EKS cluster?
AWS OFFICIALUpdated 3 months ago
How do I upgrade Amazon EKS add-ons?
AWS OFFICIALUpdated 7 months ago
How do I troubleshoot an upgrade fail with my Amazon EKS cluster?
AWS OFFICIALUpdated 3 years ago
How do I return an EKS Anywhere cluster to a working state when the cluster upgrade fails?
AWS OFFICIALUpdated 3 years ago
How to Upgrade Your EKS Cluster to the Latest Version?
EXPERT
dariush
published a year ago