Upgrading Kubernetes on EKS

Did this earlier today for a client. You can’t directly upgrade from 1.29 to 1.32, so instead have to repeat these steps for each version.

Upgrading Amazon Elastic Kubernetes Service (EKS) is a crucial maintenance task that ensures security, stability, and access to the latest Kubernetes features. Given AWS’s recommendation to upgrade one minor version at a time, this guide walks through upgrading EKS from version 1.29 to 1.32 in stages.

Pre-Upgrade Considerations

Before proceeding, review the following:

Check AWS Release Notes: Review AWS Kubernetes version support to understand the changes in each version.
Ensure Add-on Compatibility: Confirm that EKS add-ons (VPC CNI, CoreDNS, kube-proxy, and EBS CSI Driver) support the next Kubernetes version.
Backup Your Cluster: Export Kubernetes manifests and take snapshots of persistent volumes if necessary.
Test in a Non-Production Environment: Always validate upgrades in a staging cluster before applying them in production.
Verify Workload Compatibility: Check for deprecated APIs and changes that may impact workloads.

Step-by-Step Upgrade Process

We will upgrade incrementally from 1.29 → 1.30 → 1.31 → 1.32.

1️⃣ Upgrade the EKS Control Plane

The control plane should be upgraded before node groups and add-ons.

Upgrade to 1.30

Run the following command to upgrade:

aws eks update-cluster-version --region <your aws region> --name <your-cluster-name> --kubernetes-version 1.30

Monitor the progress:

aws eks describe-cluster --name <your-cluster-name> --query cluster.status

Wait until the status changes from UPDATING to ACTIVE.

2️⃣ Upgrade EKS Add-ons

After upgrading the control plane, update EKS-managed add-ons to ensure compatibility.

Check Installed Add-ons

aws eks list-addons --cluster-name <your-cluster-name>

Upgrade Amazon VPC CNI (or whichever)

aws eks update-addon --cluster-name <your-cluster-name> --addon-name vpc-cni --resolve-conflicts OVERWRITE

Repeat the add-on upgrades after each minor version upgrade of the control plane.

3️⃣ Upgrade Worker Nodes

If you use managed node groups, upgrade them one at a time:

aws eks update-nodegroup-version --cluster-name <your-cluster-name> --nodegroup-name <node-group-name>

Monitor node group updates:

aws eks describe-nodegroup --cluster-name <your-cluster-name> --nodegroup-name <node-group-name>

If using self-managed nodes, manually cordon, drain, and replace nodes:

kubectl cordon <node-name>
kubectl drain <node-name> --ignore-daemonsets --delete-emptydir-data
aws autoscaling terminate-instance-in-auto-scaling-group --instance-id <instance-id> --should-decrement-desired-capacity

Repeat for each Kubernetes version.

4️⃣ Post-Upgrade Validation

After completing the upgrade to 1.32:

Verify node health:
```
kubectl get nodes
```
Check if all workloads are running:
```
kubectl get pods -A
```
Validate cluster info:
```
kubectl cluster-info
```

Ensure application logs show no errors:

kubectl logs -l app=<your-app-name> -n <namespace>

If issues arise, rollback to a previous version or adjust workloads to meet new Kubernetes requirements.

Summary

1️⃣ Upgrade control plane (one version at a time).
2️⃣ Upgrade EKS add-ons (VPC CNI, CoreDNS, kube-proxy).
3️⃣ Upgrade worker nodes (managed or self-managed).
4️⃣ Validate cluster health and workloads.

By following this staged approach, you minimise downtime and ensure a smooth transition to EKS 1.32. 🚀

Pre-Upgrade Considerations#

Step-by-Step Upgrade Process#

1️⃣ Upgrade the EKS Control Plane#

Upgrade to 1.30#

2️⃣ Upgrade EKS Add-ons#

Check Installed Add-ons#

Upgrade Amazon VPC CNI (or whichever)#

3️⃣ Upgrade Worker Nodes#

4️⃣ Post-Upgrade Validation#

Summary#