Is there any guidance on how to ugprade an EKS clu...
# awsb
brief-church-51632
07/12/2024, 1:15 AMIs there any guidance on how to ugprade an EKS cluster that uses a Managed Node Group? I updated the EKS cluster version and hoped that pulumi would update the EKS cluster and then the worker AMIs used by the node group, but only the EKS cluster got upgraded.
🎯 1
brief-church-51632
07/12/2024, 1:45 AMI also noticed that upgrading the k8s version doesn't update the version of the addons that pulumi automatically installed when I set the cluster up. For example, I'm upgrading from 1.27 to 1.28 and my kube-proxy is still at 1.28. What do I need to do to upgrade these?
q
quick-house-41860
07/12/2024, 9:24 AMHey, are you using the aws classic EKS cluster resource or the EKS cluster component?
You mentioned that your kube-proxy is still at version 1.28 after upgrading, I assume you mean 1.27, right?
b
brief-church-51632
07/12/2024, 5:47 PMI am using
pulumi_eks.Clusterbrief-church-51632
07/12/2024, 5:50 PMv1.27.6-minimal-eksbuild.2q
quick-house-41860
07/15/2024, 9:22 AMYou're right that the node group version isn't auto updated right now. As a workaround you could set the Managed Node Group version to the version output of the EKS cluster like so:
Copy code
const cluster = new eks.Cluster("example-managed-nodegroups", {
skipDefaultNodeGroup: true,
deployDashboard: false,
vpcId: eksVpc.vpcId,
publicSubnetIds: eksVpc.publicSubnetIds,
privateSubnetIds: eksVpc.privateSubnetIds,
instanceRoles: [role],
version: "1.29",
});
const managedNodeGroup0 = eks.createManagedNodeGroup("example-managed-ng0", {
cluster: cluster,
nodeRole: role,
enableIMDSv2: true,
version: cluster.eksCluster.version, // <- this makes the version propagate to the node group
});quick-house-41860
07/15/2024, 9:24 AMThis should also explain kube-proxy being of an older version as it follows the kubelets version. Could you try updating the node group version like I mentioned above? After that kube-proxy should be updated as well
b
brief-church-51632
07/15/2024, 10:02 AMack - I'll give that a shot. Will pulumi take care to update the eks cluster before upgrading the node group? Or should I do it over two pulumi runs?
q
quick-house-41860
07/15/2024, 10:27 AMIt should because the node group has a dependency on the cluster.
b
brief-church-51632
07/15/2024, 6:07 PMthanks! that worked. I'm upgrading from 1.27 to 1.28. But I'm seeing that my kubeproxy pods are still on 1.27 (
v1.27.1-minimal-eksbuild.1q
quick-house-41860
07/15/2024, 7:48 PMOh you're right. I just dug a bit deeper and the EKS service doesn't auto upgrade the add ons it adds itself.
As a workaround you need to specify the versions for the EKS platform addons (
kube-proxycoredns Copy code
const kubeProxyVersion = aws.eks.getAddonVersionOutput({
addonName: "kube-proxy",
kubernetesVersion: cluster.eksCluster.version,
mostRecent: true, // whether to return the default version or the most recent version for the specified kubernetes version
}).apply((addonVersion) => addonVersion.version);
const example = new aws.eks.Addon("example", {
clusterName: cluster.eksCluster.name,
addonName: "kube-proxy",
addonVersion: kubeProxyVersion,
});b
brief-church-51632
07/15/2024, 8:13 PMthis means I have to disable addons in the pulumi eks cluster object which will tear down my eks cluster right?
q
quick-house-41860
07/15/2024, 8:16 PMNo you don't. This should "adopt" the addons instead of recreating them.
b
brief-church-51632
07/16/2024, 7:04 PMI'll also create an issue to track this enhancementdo you have a pointer to the issue?
q
quick-house-41860
07/16/2024, 8:30 PMUh sorry, missed sending it. It's this one here: https://github.com/pulumi/pulumi-eks/issues/1254
🙏 1
7 Views