Upgrade EKS to 1.15 using Terraform

Reading Time: 3 minutes

Hello Readers, In this blog, I’ll be sharing the steps to upgrade EKS using Terraform.
Here, I’m using Terraform version v0.12.9

As we know that AWS keeps updating its EKS service, and keep on deprecating the older versions, so we also need to upgrade our EKS cluster service side by side.

In this blog, I’ll be sharing the steps to upgrade the EKS cluster but before that, here are some points to note.

1. Incremental Upgrade: The EKS needs to be upgraded incrementally, i.e. you can increment the version only by 1 at a time. This means that you can follow this blog only if you are currently on EKS 1.14 version. If not, you need to upgrade to 1.14 first, and then you can follow this blog.

2. Permissions: To upgrade the cluster, the controller node, from where you are running the Terraform commands, must have eks:UpdateClusterVersion permission. You can check the IAM roles for verifying this.

Step 1: Verify the current version is 1.14

To begin with the upgrade, you first need to verify if you are on EKS version 1.14. You can verify this either from AWS Console, or run the following command from the controller node.

kubectl version --short

Step 2: Update version value to 1.15

In the Terraform variables, you need to change the value of the variable corresponds to version from 1.14 to 1.15. Here’s how you will do it.

## main.tf
resource "aws_eks_cluster" "eks_cluster" {
  name        = var.cluster_name
  version     = var.cluster_version
}

## variables.tf
variable "cluster_version" {
  description = "Kubernetes version to use for the EKS cluster."
  default     = "1.15"
}

Step 3: Apply the Terraform changes

Now, to upgrade the cluster, ssh into the controller node and trigger the following commands

cd <terraform-module-directory>
terraform init
terraform apply

Step 4: Verify the upgraded EKS version

After applying the terraform changes, you need toverify if the version has upgraded to 1.15 using the following command

kubectl version --short

## Expected output
Client Version: v1.15.0
Server Version: v1.15.0

In case your client version is lower than 1.15, you need to download the new kubectl binaries using the following command

KUBEPATH=$(which kubectl) && cd $(dirname $KUBEPATH) && curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.15.0/bin/linux/amd64/kubectl && cd - && unset KUBEPATH

Recommended versions from AWS for EKS related components

Kubernetes VersionKube-Proxy VersionCoreDNS VersionAmazon VPC CNI Version
1.15v1.15.11v1.6.6v1.6.1
Components Version for EKS 1.15

Step 5: Upgrade Kube-Proxy version

Check the current Kube-Proxy version using this command:

kubectl describe ds kube-proxy  -n kube-system | grep Image | awk -F":" '{print$3}'

If the version is less than 1.15.11 , replace us-east-1 with your EKS region and run the following command.

kubectl patch daemonset kube-proxy -n kube-system
-p '{"spec": {"template": {"spec": {"containers": [{"image": "602401143452.dkr.ecr.us-east-1.amazonaws.com/eks/kube-proxy:v1.15.11","name":"kube-proxy"}]}}}}'

Step 6: Upgrade CoreDNS version

Check the current CoreDNS version using this command:

kubectl describe deploy coredns -n kube-system | grep Image | awk -F":" '{print$3}'

If the version is less than 1.6.6 , replace us-east-1 with your EKS region and run the following command.

kubectl set image --namespace kube-system deployment.apps/coredns \
coredns=602401143452.dkr.ecr.us-east-1.amazonaws.com/eks/coredns:v1.6.6

Step 7: Upgrade Amazon VPC CNI version

Check the current Amazon VPC CNI version using this command:

kubectl describe daemonset aws-node -n kube-system | grep Image | awk -F":" '{print$3}'

If the version is less than 1.6.1, run the following command.

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/master/config/v1.6/aws-k8s-cni.yaml

Final Step: Upgrading the nodes

Terminate the nodes one by one, and they will turn up with the newer version. To verify that, run the following command

Important Note: Make sure you terminate only those nodes which are stateless. For stateful services, you’ll need to figure out a way to back up the per-node data and then re-spawn that node else there are chances to lose your data.

kubectl get nodes

You’ll see that the version of nodes is now v1.15

These concludes all the steps you need to follow for upgrading EKS to v1.15. Still, if you have any doubts or queries, feel free to contact me at yatharth.sharma@knoldus.in.

Here are my references :
1. bluematador: Perform Terraform EKS Upgrade on Kubernetes

Also, I would like to thank you for sticking to the end. If you like this blog, please do show your appreciation by giving thumbs-ups and share this blog and give me suggestions on how I can improve my future posts to suit your needs. Follow me to get updates on different technologies.

Written by 

Yatharth Sharma is a Software Consultant at Knoldus Software LLP. He has done MCA from Bharati Vidyapeeth Institute of Computer Application and Management, Paschim Vihar. He has a decent knowledge of Java Language and currently working on DevOps technologies/tools like Ansible, Jenkins, Docker, Kubernetes. Apart from programming, he loves listening to rap music.