Amazon EKS
User Guide

Updating an Existing Worker Node Group

This topic helps you to update an existing AWS CloudFormation worker node stack with a new AMI. You can use this procedure to update your worker nodes to a new version of Kubernetes following a cluster update, or you can update to the latest Amazon EKS-optimized AMI for an existing Kubernetes version.

The latest default Amazon EKS worker node AWS CloudFormation template is configured to launch an instance with the new AMI into your cluster before removing an old one, one at a time. This configuration ensures that you always have your Auto Scaling group's desired count of active instances in your cluster during the rolling update.

Note

This method is not supported for worker node groups that were created with eksctl. If you created your cluster or worker node group with eksctl, see Migrating to a New Worker Node Group.

To update an existing worker node group

  1. Determine your cluster's DNS provider.

    kubectl get deployments -l k8s-app=kube-dns -n kube-system

    Output (this cluster is using kube-dns for DNS resolution, but your cluster may return coredns instead):

    NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE kube-dns 1 1 1 1 31m
  2. If your current deployment is running fewer than two replicas, scale out the deployment to two replicas. Substitute coredns for kube-dns if your previous command output returned that instead.

    kubectl scale deployments/kube-dns --replicas=2 -n kube-system
  3. (Optional) If you are using the Kubernetes Cluster Autoscaler, scale the deployment down to zero replicas to avoid conflicting scaling actions.

    kubectl scale deployments/cluster-autoscaler --replicas=0 -n kube-system
  4. Determine the instance type and desired instance count of your current worker node group. You will enter these values later when you update the AWS CloudFormation template for the group.

    1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

    2. Choose Launch Configurations in the left navigation, and note the instance type for your existing worker node launch configuration.

    3. Choose Auto Scaling Groups in the left navigation and note the Desired instance count for your existing worker node Auto Scaling group.

  5. Open the AWS CloudFormation console at https://console.aws.amazon.com/cloudformation.

  6. Select your worker node group stack, and then choose Actions, Update stack.

  7. For Choose a template, select Specify an Amazon S3 template URL.

  8. Paste the following URL into the text area to ensure that you are using the latest version of the worker node AWS CloudFormation template, and then choose Next:

    https://amazon-eks.s3-us-west-2.amazonaws.com/cloudformation/2019-02-11/amazon-eks-nodegroup.yaml
  9. On the Specify Details page, fill out the following parameters, and choose Next:

    • NodeAutoScalingGroupDesiredCapacity – Enter the desired instance count that you recorded in Step 4, or enter a new desired number of nodes to scale to when your stack is updated.

    • NodeAutoScalingGroupMaxSize – Enter the maximum number of nodes to which your worker node Auto Scaling group can scale out. This value must be at least one node greater than your desired capacity so that you can perform a rolling update of your worker nodes without reducing your node count during the update.

    • NodeInstanceType – Choose the instance type your recorded in Step 4, or choose a different instance type for your worker nodes.

      Note

      The supported instance types for the latest version of the Amazon VPC CNI plugin for Kubernetes are shown here. You may need to update your CNI version to take advantage of the latest supported instance types. For more information, see Amazon VPC CNI Plugin for Kubernetes Upgrades.

      Important

      Some instance types might not be available in all regions.

    • NodeImageId – Enter the current Amazon EKS worker node AMI ID for your Region. The AMI IDs for the latest Amazon EKS-optimized AMI (with and without GPU support) are shown in the following table.

      Note

      The Amazon EKS-optimized AMI with GPU support only supports P2 and P3 instance types. Be sure to specify these instance types in your worker node AWS CloudFormation template. By using the Amazon EKS-optimized AMI with GPU support, you agree to NVIDIA's end user license agreement (EULA).

      Kubernetes version 1.12.7Kubernetes version 1.11.9Kubernetes version 1.10.13
      Kubernetes version 1.12.7
      Region Amazon EKS-optimized AMI with GPU support
      US West (Oregon) (us-west-2) ami-0923e4b35a30a5f53 ami-0bebf2322fd52a42e
      US East (N. Virginia) (us-east-1) ami-0abcb9f9190e867ab ami-0cb7959f92429410a
      US East (Ohio) (us-east-2) ami-04ea7cb66af82ae4a ami-0118b61dc2312dee2
      EU (Frankfurt) (eu-central-1) ami-0d741ed58ca5b342e ami-0c57db5b204001099
      EU (Stockholm) (eu-north-1) ami-0c65a309fc58f6907 ami-09354b076296f5946
      EU (Ireland) (eu-west-1) ami-08716b70cac884aaa ami-0fbc930681258db86
      EU (London) (eu-west-2) ami-0c7388116d474ee10 ami-0d832fced2cfe0f7b
      EU (Paris) (eu-west-3) ami-0560aea042fec8b12 ami-0f8fa088b406ebba2
      Asia Pacific (Tokyo) (ap-northeast-1) ami-0bfedee6a7845c26d ami-08e41cc84f4b3f27f
      Asia Pacific (Seoul) (ap-northeast-2) ami-0a904348b703e620c ami-0c43b885e33fdc29e
      Asia Pacific (Mumbai) (ap-south-1) ami-09c3eb35bb3be46a4 ami-0d3ecaf4f3318c714
      Asia Pacific (Singapore) (ap-southeast-1) ami-07b922b9b94d9a6d2 ami-0655b4dbbe2d46703
      Asia Pacific (Sydney) (ap-southeast-2) ami-0f0121e9e64ebd3dc ami-07079cd9ff1b312da
      Kubernetes version 1.11.9
      Region Amazon EKS-optimized AMI with GPU support
      US West (Oregon) (us-west-2) ami-05ecac759c81e0b0c ami-08377056d89909b2a
      US East (N. Virginia) (us-east-1) ami-02c1de421df89c58d ami-06ec2ea207616c078
      US East (Ohio) (us-east-2) ami-03b1b6cc34c010f9c ami-0e6993a35aae3407b
      EU (Frankfurt) (eu-central-1) ami-0c2709025eb548246 ami-0bf09c13f4204ce9d
      EU (Stockholm) (eu-north-1) ami-084bd3569d08c6e67 ami-0a1714bb5be631b59
      EU (Ireland) (eu-west-1) ami-0e82e73403dd69fa3 ami-0b4d0f56587640d5a
      EU (London) (eu-west-2) ami-0da9aa88dd2ec8297 ami-00e98f9e6fd2319e5
      EU (Paris) (eu-west-3) ami-099369bc73d1cc66f ami-0039e2556e6290828
      Asia Pacific (Tokyo) (ap-northeast-1) ami-0d555d5f56c843803 ami-07fc636e8f6d3e18b
      Asia Pacific (Seoul) (ap-northeast-2) ami-0144ae839b1111571 ami-002057772097fcef9
      Asia Pacific (Mumbai) (ap-south-1) ami-02071c0110dc365ba ami-04fe7f4c75aac7196
      Asia Pacific (Singapore) (ap-southeast-1) ami-00c91afdb73cf7f93 ami-08d5da0b12751a31f
      Asia Pacific (Sydney) (ap-southeast-2) ami-05f4510fcfe56961c ami-04024dd8e0b9e36ff
      Kubernetes version 1.10.13
      Region Amazon EKS-optimized AMI with GPU support
      US West (Oregon) (us-west-2) ami-05a71d034119ffc12 ami-0901518d7557125c8
      US East (N. Virginia) (us-east-1) ami-03a1e71fb42fc37dd ami-00f74c3728d4ca27d
      US East (Ohio) (us-east-2) ami-093d55c2ba99ab2c8 ami-0a788defb66cdfffb
      EU (Frankfurt) (eu-central-1) ami-03bdf8079f6c013c5 ami-0a8536a894bd4ea06
      EU (Stockholm) (eu-north-1) ami-0be77fe86d741fc81 ami-05baf7a6c293fe2ed
      EU (Ireland) (eu-west-1) ami-06368da7f495b68e9 ami-0f6f3929a9d7a418e
      EU (London) (eu-west-2) ami-0f1f2189b4741bc60 ami-0a12396b818bc2383
      EU (Paris) (eu-west-3) ami-03a9acb0f6e0d424d ami-086d5edcaacd0ccfd
      Asia Pacific (Tokyo) (ap-northeast-1) ami-0c9fb6a3fda95d373 ami-073f06a1edd22ae2e
      Asia Pacific (Seoul) (ap-northeast-2) ami-00ea4ea959f28b4cf ami-0baff950f5217e54e
      Asia Pacific (Mumbai) (ap-south-1) ami-0f07478f5c5eb9e20 ami-033bd2c2a3431923e
      Asia Pacific (Singapore) (ap-southeast-1) ami-05dac5d0ada75e22f ami-09defa93988984fa1
      Asia Pacific (Sydney) (ap-southeast-2) ami-00513f18e1900ce1e ami-00d9364d705e902c9

      Note

      The Amazon EKS worker node AMI is based on Amazon Linux 2. You can track security or privacy events for Amazon Linux 2 at the Amazon Linux Security Center or subscribe to the associated RSS feed. Security and privacy events include an overview of the issue, what packages are affected, and how to update your instances to correct the issue.

  10. (Optional) On the Options page, tag your stack resources. Choose Next.

  11. On the Review page, review your information, acknowledge that the stack might create IAM resources, and then choose Update.

    Note

    Wait for the update to complete before performing the next steps.

  12. If your cluster's DNS provider is kube-dns, scale in the kube-dns deployment to one replica.

    kubectl scale deployments/kube-dns --replicas=1 -n kube-system
  13. (Optional) If you are using the Kubernetes Cluster Autoscaler, scale the deployment back to one replica.

    kubectl scale deployments/cluster-autoscaler --replicas=1 -n kube-system
  14. (Optional) Verify that you are using the latest version of the Amazon VPC CNI plugin for Kubernetes. You may need to update your CNI version to take advantage of the latest supported instance types. For more information, see Amazon VPC CNI Plugin for Kubernetes Upgrades.