Amazon EKS
User Guide

Updating an Existing Worker Node Group

This topic helps you to update an existing AWS CloudFormation worker node stack with a new AMI. You can use this procedure to update your worker nodes to a new version of Kubernetes following a cluster update, or you can update to the latest Amazon EKS-optimized AMI for an existing Kubernetes version.

The latest default Amazon EKS worker node AWS CloudFormation template is configured to launch an instance with the new AMI into your cluster before removing an old one, one at a time. This configuration ensures that you always have your Auto Scaling group's desired count of active instances in your cluster during the rolling update.

Note

This method is not supported for worker node groups that were created with eksctl. If you created your cluster or worker node group with eksctl, see Migrating to a New Worker Node Group.

To update an existing worker node group

  1. Determine your cluster's DNS provider.

    kubectl get deployments -l k8s-app=kube-dns -n kube-system

    Output (this cluster is using kube-dns for DNS resolution, but your cluster may return coredns instead):

    NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE kube-dns 1 1 1 1 31m
  2. If your current deployment is running fewer than two replicas, scale out the deployment to two replicas. Substitute coredns for kube-dns if your previous command output returned that instead.

    kubectl scale deployments/kube-dns --replicas=2 -n kube-system
  3. (Optional) If you are using the Kubernetes Cluster Autoscaler, scale the deployment down to zero replicas to avoid conflicting scaling actions.

    kubectl scale deployments/cluster-autoscaler --replicas=0 -n kube-system
  4. Determine the instance type and desired instance count of your current worker node group. You will enter these values later when you update the AWS CloudFormation template for the group.

    1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

    2. Choose Launch Configurations in the left navigation, and note the instance type for your existing worker node launch configuration.

    3. Choose Auto Scaling Groups in the left navigation and note the Desired instance count for your existing worker node Auto Scaling group.

  5. Open the AWS CloudFormation console at https://console.aws.amazon.com/cloudformation.

  6. Select your worker node group stack, and then choose Actions, Update stack.

  7. For Choose a template, select Specify an Amazon S3 template URL.

  8. Paste the following URL into the text area to ensure that you are using the latest version of the worker node AWS CloudFormation template, and then choose Next:

    https://amazon-eks.s3-us-west-2.amazonaws.com/cloudformation/2019-02-11/amazon-eks-nodegroup.yaml
  9. On the Specify Details page, fill out the following parameters, and choose Next:

    • NodeAutoScalingGroupDesiredCapacity – Enter the desired instance count that you recorded in Step 4, or enter a new desired number of nodes to scale to when your stack is updated.

    • NodeAutoScalingGroupMaxSize – Enter the maximum number of nodes to which your worker node Auto Scaling group can scale out. This value must be at least one node greater than your desired capacity so that you can perform a rolling update of your worker nodes without reducing your node count during the update.

    • NodeInstanceType – Choose the instance type your recorded in Step 4, or choose a different instance type for your worker nodes.

      Note

      The supported instance types for the latest version of the Amazon VPC CNI plugin for Kubernetes are shown here. You may need to update your CNI version to take advantage of the latest supported instance types. For more information, see Amazon VPC CNI Plugin for Kubernetes Upgrades.

      Important

      Some instance types might not be available in all regions.

    • NodeImageId – Enter the current Amazon EKS worker node AMI ID for your Region. The AMI IDs for the latest Amazon EKS-optimized AMI (with and without GPU support) are shown in the following table.

      Note

      The Amazon EKS-optimized AMI with GPU support only supports P2 and P3 instance types. Be sure to specify these instance types in your worker node AWS CloudFormation template. By using the Amazon EKS-optimized AMI with GPU support, you agree to NVIDIA's end user license agreement (EULA).

      Kubernetes version 1.13.7Kubernetes version 1.12.7Kubernetes version 1.11.9Kubernetes version 1.10.13
      Kubernetes version 1.13.7
      Region Amazon EKS-optimized AMI with GPU support
      US East (Ohio) (us-east-2) ami-0485258c2d1c3608f ami-0ccac9d9b57864000
      US East (N. Virginia) (us-east-1) ami-0f2e8e5663e16b436 ami-0017d945a10387606
      US West (Oregon) (us-west-2) ami-03a55127c613349a7 ami-08335952e837d087b
      Asia Pacific (Mumbai) (ap-south-1) ami-0a9b1c1807b1a40ab ami-005b754faac73f0cc
      Asia Pacific (Tokyo) (ap-northeast-1) ami-0fde798d17145fae1 ami-04cf69bbd6c0fae0b
      Asia Pacific (Seoul) (ap-northeast-2) ami-07fd7609df6c8e39b ami-0730e699ed0118737
      Asia Pacific (Singapore) (ap-southeast-1) ami-0361e14efd56a71c7 ami-07be5e97a529cd146
      Asia Pacific (Sydney) (ap-southeast-2) ami-0237d87bc27daba65 ami-0a2f4c3aeb596aa7e
      EU (Frankfurt) (eu-central-1) ami-0b7127e7a2a38802a ami-0fbbd205f797ecccd
      EU (Ireland) (eu-west-1) ami-00ac2e6b3cb38a9b9 ami-0f9571a3e65dc4e20
      EU (London) (eu-west-2) ami-0147919d2ff9a6ad5 ami-032348bd69c5dd665
      EU (Paris) (eu-west-3) ami-0537ee9329c1628a2 ami-053962359d6859fec
      EU (Stockholm) (eu-north-1) ami-0fd05922165907b85 ami-0641def7f02a4cac5
      Kubernetes version 1.12.7
      Region Amazon EKS-optimized AMI with GPU support
      US East (Ohio) (us-east-2) ami-0fe61ae4c397e710d ami-067d88fb64d3d7990
      US East (N. Virginia) (us-east-1) ami-0e380e0a62d368837 ami-06e46a15650294dfa
      US West (Oregon) (us-west-2) ami-0355c210cb3f58aa2 ami-084e8e620163aa50e
      Asia Pacific (Mumbai) (ap-south-1) ami-01b6a163133c31994 ami-09ad3a49fb13389a0
      Asia Pacific (Tokyo) (ap-northeast-1) ami-0a9b3f8b4b65b402b ami-0cd09d7293f31df8a
      Asia Pacific (Seoul) (ap-northeast-2) ami-069f6a654a8795f72 ami-006549812c03748cb
      Asia Pacific (Singapore) (ap-southeast-1) ami-03737a1ac334a5767 ami-01be8fddd9b16320c
      Asia Pacific (Sydney) (ap-southeast-2) ami-07580768e8538626f ami-0a1bf783357dd8492
      EU (Frankfurt) (eu-central-1) ami-0ee5ca4231511cafc ami-0ae5976723472b6d4
      EU (Ireland) (eu-west-1) ami-0404d23c7e8188740 ami-042f9abf2f96a0097
      EU (London) (eu-west-2) ami-07346d8553f83f9d6 ami-0b87e9246afd42760
      EU (Paris) (eu-west-3) ami-038cb36289174bac4 ami-0d9405868a6e9ee11
      EU (Stockholm) (eu-north-1) ami-03e60b5a990893129 ami-0122b7e2a6736e3c5
      Kubernetes version 1.11.9
      Region Amazon EKS-optimized AMI with GPU support
      US East (Ohio) (us-east-2) ami-03c6648b74285020f ami-0b87186dda80931ee
      US East (N. Virginia) (us-east-1) ami-0a5f5d5b0f6f58199 ami-07207754196c1a8fc
      US West (Oregon) (us-west-2) ami-057d1c0dcb254a878 ami-052da6a4e0ae156ad
      Asia Pacific (Mumbai) (ap-south-1) ami-00f1adebe5ab9a431 ami-04645af6384529c5d
      Asia Pacific (Tokyo) (ap-northeast-1) ami-0a0b6606652f9b3b9 ami-0a8f4e1f9bf09a81f
      Asia Pacific (Seoul) (ap-northeast-2) ami-0c84b3f055cda1afb ami-01db6bb089f6adfcf
      Asia Pacific (Singapore) (ap-southeast-1) ami-05e92412054db3f87 ami-0e001196bd450aa0c
      Asia Pacific (Sydney) (ap-southeast-2) ami-07eb76498b1ba6cd6 ami-0c7132a332aa55aa6
      EU (Frankfurt) (eu-central-1) ami-0234bc9c2b341aa02 ami-05cb4f6e8be8b83f1
      EU (Ireland) (eu-west-1) ami-06902949103360023 ami-02f337476a5c33f1b
      EU (London) (eu-west-2) ami-0db100ad46c7966d2 ami-0aa2208dbb9bb7cc5
      EU (Paris) (eu-west-3) ami-052046d313576d0ba ami-0f6ea479cb4e7a4d2
      EU (Stockholm) (eu-north-1) ami-02ebf24da505128f9 ami-078c260b9a737fc35
      Kubernetes version 1.10.13
      Region Amazon EKS-optimized AMI with GPU support
      US East (Ohio) (us-east-2) ami-0523ec257fff1261d ami-006382264ad5fc773
      US East (N. Virginia) (us-east-1) ami-01c1c96b9aa69de37 ami-0f1b9925c9ace2043
      US West (Oregon) (us-west-2) ami-021dd1fb7ba7e6e51 ami-0c3c59a4a7bea5678
      Asia Pacific (Mumbai) (ap-south-1) ami-04c2ed5ff15a580f4 ami-0ea42cc96a8375851
      Asia Pacific (Tokyo) (ap-northeast-1) ami-02ffa4511b4baa5fa ami-00f64026212ad62c0
      Asia Pacific (Seoul) (ap-northeast-2) ami-06295f3e6390dae00 ami-060b7aed71dfaa5f5
      Asia Pacific (Singapore) (ap-southeast-1) ami-07f8ccb046b3ce697 ami-029b65710f075da3d
      Asia Pacific (Sydney) (ap-southeast-2) ami-03ebcd449b224e0a3 ami-0f13220d49a34e787
      EU (Frankfurt) (eu-central-1) ami-0c40973ffcf8bca40 ami-08d32cef88aa48343
      EU (Ireland) (eu-west-1) ami-06a96b4cfd627430b ami-058a8eec818dc3910
      EU (London) (eu-west-2) ami-03356e704fb004162 ami-0cd6f7f1f7ceedc27
      EU (Paris) (eu-west-3) ami-0eb77a4ca7135122b ami-01e3c54f23b6b02b3
      EU (Stockholm) (eu-north-1) ami-028df8ba9b8603bdd ami-0d1ee923abbb8cf6c

      Note

      The Amazon EKS worker node AMI is based on Amazon Linux 2. You can track security or privacy events for Amazon Linux 2 at the Amazon Linux Security Center or subscribe to the associated RSS feed. Security and privacy events include an overview of the issue, what packages are affected, and how to update your instances to correct the issue.

  10. (Optional) On the Options page, tag your stack resources. Choose Next.

  11. On the Review page, review your information, acknowledge that the stack might create IAM resources, and then choose Update.

    Note

    Wait for the update to complete before performing the next steps.

  12. If your cluster's DNS provider is kube-dns, scale in the kube-dns deployment to one replica.

    kubectl scale deployments/kube-dns --replicas=1 -n kube-system
  13. (Optional) If you are using the Kubernetes Cluster Autoscaler, scale the deployment back to one replica.

    kubectl scale deployments/cluster-autoscaler --replicas=1 -n kube-system
  14. (Optional) Verify that you are using the latest version of the Amazon VPC CNI plugin for Kubernetes. You may need to update your CNI version to take advantage of the latest supported instance types. For more information, see Amazon VPC CNI Plugin for Kubernetes Upgrades.