Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

How to properly uninstall EKS unmanaged add-ons?

0

Description

Last year, AWS announced the option to not have the unmanaged EKS addons VPC CNI, CoreDNS and kube-proxy: https://aws.amazon.com/about-aws/whats-new/2024/06/amazon-eks-cluster-creation-flexibility-networking-add-ons/

While it's possible to opt-out of the initial creation, I do not find information about how to properly uninstall these addons. As I bring my own networking solution, I want to uninstall kube-proxy and VPC CNI in my clusters that have been created before the new option existed. I want to delete all addon resources incl. configmaps, RBAC etc., it's not enough to just delete the respective daemonsets.

What I tried so far

$ aws eks list-addons --cluster-name eks
{
    "addons": []
}

$ helm list -A
NAME    NAMESPACE       REVISION        UPDATED STATUS  CHART   APP VERSION

Manage kube-proxy in Amazon EKS clusters does not help. It only shows how to update the kube-proxy image. This is done directly, so it seems like there is no reconciliation in place.

Update the Amazon VPC CNI (self-managed add-on) explains (in the update procedure) that the resources come from aws/amazon-vpc-cni-k8s. So I can use kubectl delete instead of kubectl apply to install everything related to VPC CNI? How would this affect Fargate nodes?

The Amazon VPC CNI plugin for Amazon EKS is installed on Fargate nodes. You can’t use Alternate CNI plugins for Amazon EKS clusters with Fargate nodes.

From https://docs.aws.amazon.com/eks/latest/userguide/fargate.html

There's been some discussions/workarounds in https://github.com/aws/containers-roadmap/issues/923, but nothing sophisticated enough (I agree on a user's take: Bash scripts to work around this is not a feature)

Context

Topics
DevOpsContainers
Tags
DevOpsAmazon Elastic Kubernetes Service
Language
English
asked a year ago549 views
2 Answers
0
Accepted Answer

Easiest way is to just install the equivalent EKS addons using the overwrite flag - which take over ownership of the unmanaged addons. Then delete the EKS addons.

AWS
answered a year ago
  • Mikel Muennekhoff
    a year ago

    Thanks for sharing! How I managed to remove addons:

    $ aws eks create-addon --cluster-name "$CLUSTER_NAME" --addon-name "$ADDON_NAME" --resolve-conflicts none
...
$ aws eks delete-addon --cluster-name "$CLUSTER_NAME" --addon-name "$ADDON_NAME" --no-preserve
...
0

To properly uninstall unmanaged EKS add-ons like VPC CNI, CoreDNS, and kube-proxy, follow these steps:

  1. For VPC CNI:

    • Use kubectl to delete all associated resources including the DaemonSet, ConfigMap, ClusterRole, and ClusterRoleBinding.
    • Refer to the aws/amazon-vpc-cni-k8s GitHub repository for the complete list of resources to remove.
    • Be cautious when removing VPC CNI if you have Fargate nodes, as they require this plugin.

  2. For kube-proxy:

    • Delete the kube-proxy DaemonSet, ConfigMap, and related RBAC resources using kubectl.
    • Ensure you have an alternative networking solution ready.

  3. For CoreDNS:

    • Remove the CoreDNS Deployment, ConfigMap, and associated RBAC resources with kubectl.
    • Have an alternative DNS solution prepared.

Important considerations:

  • Back up your cluster configuration before making changes.
  • Test the uninstallation process in a non-production environment first.
  • Ensure alternative solutions are in place for networking and DNS.
  • Be aware that removing these components may impact cluster functionality, especially for Fargate nodes.

Remember, while it's possible to remove these components, doing so can affect cluster stability and functionality. Always thoroughly test and understand the implications before applying changes to production clusters.
Sources
Amazon EKS examples using AWS CLI - AWS SDK Code Examples
Remove an Amazon EKS add-on from a cluster - Amazon EKS
DeleteAddon - Amazon EKS

answered a year ago
  • Mikel Muennekhoff
    a year ago

    GenAI generated closely to my input. I can't tell if this is hallucination or not. I don't trust this without expert human review

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content