Amazon EKS
User Guide

Updating an Existing Worker Node Group

This topic helps you to update an existing AWS CloudFormation worker node stack with a new AMI. You can use this procedure to update your worker nodes to a new version of Kubernetes following a cluster update, or you can update to the latest Amazon EKS-optimized AMI for an existing Kubernetes version.

The latest default Amazon EKS worker node AWS CloudFormation template is configured to launch an instance with the new AMI into your cluster before removing an old one, one at a time, so you always have your Auto Scaling group's desired count of active instance in your cluster during the rolling update.

To update an existing worker node group

  1. Determine your cluster's DNS provider.

    kubectl get deployments -l k8s-app=kube-dns -n kube-system

    Output (this cluster is using kube-dns for DNS resolution, but your cluster may return coredns instead):

    NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE kube-dns 1 1 1 1 31m
  2. If your current deployment is running fewer than 2 replicas, scale out the deployment to 2 replicas. Substitute coredns for kube-dns if your previous command output returned that instead.

    kubectl scale deployments/kube-dns --replicas=2 -n kube-system
  3. (Optional) If you are using the Kubernetes Cluster Autoscaler, scale the deployment down to 0 replicas to avoid conflicting scaling actions.

    kubectl scale deployments/cluster-autoscaler --replicas=0 -n kube-system
  4. Determine the instance type and desired instance count of your current worker node group. You will enter these values later when you update the AWS CloudFormation template for the group.

    1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

    2. Choose Launch Configurations in the left navigation, and note the instance type for your existing worker node launch configuration.

    3. Choose Auto Scaling Groups in the left navigation and note the Desired instance count for your existing worker node Auto Scaling group.

  5. Open the AWS CloudFormation console at https://console.aws.amazon.com/cloudformation.

  6. Select your worker node group stack, and then choose Actions, Update stack.

  7. For Choose a template, select Specify an Amazon S3 template URL.

  8. Paste the following URL into the text area (to ensure that you are using the latest version of the worker node AWS CloudFormation template) and choose Next:

    https://amazon-eks.s3-us-west-2.amazonaws.com/cloudformation/2019-02-11/amazon-eks-nodegroup.yaml
  9. On the Specify Details page, fill out the following parameters accordingly, and choose Next:

    • NodeAutoScalingGroupDesiredCapacity: Enter the desired instance count that you recorded in Step 4, or enter a new desired number of nodes to scale to when your stack is updated.

    • NodeAutoScalingGroupMaxSize: Enter the maximum number of nodes to which your worker node Auto Scaling group can scale out. This value must be at least 1 node greater than your desired capacity so that you can perform a rolling update of your worker nodes without reducing your node count during the update.

    • NodeInstanceType: Choose the instance type your recorded in Step 4, or choose a different instance type for your worker nodes.

      Note

      The supported instance types for the latest version of the Amazon VPC CNI plugin for Kubernetes are shown here. You may need to update your CNI version to take advantage of the latest supported instance types. For more information, see Amazon VPC CNI Plugin for Kubernetes Upgrades.

    • NodeImageId: Enter the current Amazon EKS worker node AMI ID for your Region. The AMI IDs for the latest Amazon EKS-optimized AMI (with and without GPU support) are shown in the following table.

      Note

      The Amazon EKS-optimized AMI with GPU support only supports P2 and P3 instance types. Be sure to specify these instance types in your worker node AWS CloudFormation template. Because this AMI includes third-party software that requires an end user license agreement (EULA), you must subscribe to the AMI in the AWS Marketplace and accept the EULA before you can use the AMI in your worker node groups. To subscribe to the AMI, visit the AWS Marketplace.

      Kubernetes version 1.11

      Region Amazon EKS-optimized AMI with GPU support
      US West (Oregon) (us-west-2) ami-0c28139856aaf9c3b ami-06045aa686f46dd58
      US East (N. Virginia) (us-east-1) ami-0eeeef929db40543c ami-0558da965e2fc68b0
      US East (Ohio) (us-east-2) ami-0484545fe7d3da96f ami-0c3afad2ea917168e
      EU (Frankfurt) (eu-central-1) ami-032ed5525d4df2de3 ami-0939712219b80b525
      EU (Stockholm) (eu-north-1) ami-0154b2479ba20f8bb ami-18bf3666
      EU (Ireland) (eu-west-1) ami-098fb7e9b507904e7 ami-014969e8d07b2fc9f
      EU (London) (eu-west-2) ami-0d69ab00cb41d6eda ami-0bb14a7e038ad534c
      EU (Paris) (eu-west-3) ami-018ebb030cf6ae00b ami-0a3db0dbd972b38f2
      Asia Pacific (Tokyo) (ap-northeast-1) ami-07fdc9272ce5b0ce5 ami-0880d3b662781d6d6
      Asia Pacific (Seoul) (ap-northeast-2) ami-091e0e1906e653417 ami-0c3db49d90afa0f1e
      Asia Pacific (Mumbai) (ap-south-1) ami-0b6f791fc54125a8a ami-00b37b9a91efc5fff
      Asia Pacific (Singapore) (ap-southeast-1) ami-038d55c26bf01998f ami-0c903ead334faa6a3
      Asia Pacific (Sydney) (ap-southeast-2) ami-0e07b5081bb77d540 ami-02d7e0f064bd7d8e0

      Kubernetes version 1.10

      Region Amazon EKS-optimized AMI with GPU support
      US West (Oregon) (us-west-2) ami-0e7ee8863c8536cce ami-02e0b615d7749e016
      US East (N. Virginia) (us-east-1) ami-09a7630ca9ee4ee22 ami-00cce60e4c241de4c
      US East (Ohio) (us-east-2) ami-02a8a05e480e902e2 ami-0bbfeb020c5ec10ee
      EU (Frankfurt) (eu-central-1) ami-0b8d223ce03e6fabc ami-0c1746c6d5d61b4d3
      EU (Stockholm) (eu-north-1) ami-09be5053dbb1a515d ami-63aa231d
      EU (Ireland) (eu-west-1) ami-0103822d44fc52f97 ami-08d23ed2de9320c90
      EU (London) (eu-west-2) ami-017c4d847b606e125 ami-0f136e808b9365a1c
      EU (Paris) (eu-west-3) ami-0c7fc5c0784b58207 ami-0b6c4fac3cdcc191d
      Asia Pacific (Tokyo) (ap-northeast-1) ami-0e831f9f650f2f8ab ami-061f5b653b1a98557
      Asia Pacific (Seoul) (ap-northeast-2) ami-0378f1fac83cbf438 ami-0a8159b97b9a7e078
      Asia Pacific (Mumbai) (ap-south-1) ami-0ac369c3b2206d2ea ami-03ba4c3cea82ce746
      Asia Pacific (Singapore) (ap-southeast-1) ami-0fa3f3282eb89b795 ami-02aa3e8ad27163456
      Asia Pacific (Sydney) (ap-southeast-2) ami-01d0ab2e9506b8db0 ami-0679fa5d74309eb79

      Note

      The Amazon EKS worker node AMI is based on Amazon Linux 2. You can track security or privacy events for Amazon Linux 2 at the Amazon Linux Security Center or subscribe to the associated RSS feed. Security and privacy events include an overview of the issue, what packages are affected, and how to update your instances to correct the issue.

  10. (Optional) On the Options page, tag your stack resources. Choose Next.

  11. On the Review page, review your information, acknowledge that the stack might create IAM resources, and then choose Update.

    Note

    Wait for the update to complete before performing the next steps.

  12. If your cluster's DNS provider is kube-dns, scale in the kube-dns deployment to 1 replica.

    kubectl scale deployments/kube-dns --replicas=1 -n kube-system
  13. (Optional) If you are using the Kubernetes Cluster Autoscaler, scale the deployment back to 1 replica.

    kubectl scale deployments/cluster-autoscaler --replicas=1 -n kube-system
  14. (Optional) Verify that you are using the latest version of the Amazon VPC CNI plugin for Kubernetes. You may need to update your CNI version to take advantage of the latest supported instance types. For more information, see Amazon VPC CNI Plugin for Kubernetes Upgrades.