Auto-upgrading EKS NodeGroup to maintain the latest Kubernetes version
TypeScriptAuto-upgrading an Amazon EKS (Elastic Kubernetes Service) NodeGroup to maintain the latest Kubernetes version can be handled by Pulumi through its AWS provider. When creating an EKS NodeGroup, you can specify the desired Kubernetes version for your nodes or leave it undefined to default to the EKS Cluster's version. To auto-upgrade, you should use the AWS native provider's
aws.eks.NodeGroup
resource, setting theversion
property to track the EKS Cluster Kubernetes version.Below I will show you a Pulumi program in TypeScript that sets up an EKS Cluster with a NodeGroup that will auto-upgrade to maintain the cluster's Kubernetes version. The program uses the
aws.eks.NodeGroup
resource and itsupdateConfig
property, which defines the upgrade strategy when a new Kubernetes version is available.Here's a detailed breakdown of the steps the Pulumi program will perform:
- Create an EKS Cluster.
- Define an IAM Role and Instance Profile for the EKS NodeGroup.
- Create an EKS NodeGroup associated with the cluster, with auto-upgrade configured.
Please note that AWS might not immediately update nodes to the latest version upon release due to their gradual rollout approach. However, with this setup, your NodeGroup will automatically upgrade as updates are made available by AWS for your region.
Now, let's go through the Pulumi TypeScript code which accomplishes this setup:
import * as aws from "@pulumi/aws"; import * as pulumi from "@pulumi/pulumi"; import * as awsx from "@pulumi/awsx"; // Create an EKS cluster. const cluster = new aws.eks.Cluster("my-cluster", { // ... other configuration ... }); // IAM Role for our NodeGroup const nodegroupRole = new aws.iam.Role("nodegroupRole", { assumeRolePolicy: aws.iam.assumeRolePolicyForPrincipal({ Service: "ec2.amazonaws.com" }), }); // Attaching the AmazonEKSWorkerNodePolicy to the role new aws.iam.RolePolicyAttachment("nodegroupRolePolicyAttachment", { role: nodegroupRole, policyArn: aws.iam.ManagedPolicy.AmazonEKSWorkerNodePolicy, }); // ... add additional policies as needed ... // NodeGroup Instance Profile const nodegroupInstanceProfile = new aws.iam.InstanceProfile("nodegroupInstanceProfile", { role: nodegroupRole, }); // Create an EKS Node Group that auto-upgrades. const nodeGroup = new aws.eks.NodeGroup("my-nodegroup", { clusterName: cluster.name, nodeRoleArn: nodegroupRole.arn, subnetIds: awsx.ec2.Vpc.getDefault().publicSubnetIds, scalingConfig: { desiredSize: 2, maxSize: 3, minSize: 1, }, // Enabling auto-upgrade updateConfig: { // Here you can specify maxUnavailable or maxUnavailablePercentage maxUnavailable: 1, }, }, { dependsOn: [cluster] }); // Export the cluster's kubeconfig. export const kubeconfig = cluster.kubeconfig;
In the above program:
- We set up an EKS cluster. You need to provide additional configuration options based on your requirements, such as the VPC and subnets where the cluster should operate.
- We create an IAM Role and Instance Profile which will be used by the worker nodes of the NodeGroup. The role is assigned the
AmazonEKSWorkerNodePolicy
and potentially other policies that grant the required permissions for EKS nodes. - We create an EKS NodeGroup with
scalingConfig
to define the size of the group. In theupdateConfig
, we setmaxUnavailable
to1
, which means during an update, one node at a time can be unavailable. - The
kubeconfig
is exported to allow you to interface with your cluster usingkubectl
.
Make sure to replace
// ... other configuration ...
with your specific configuration options, such as specifying the VPC and subnets if not using the default ones provided by Pulumi.With this Pulumi program, you can run
pulumi up
to deploy these resources to AWS, and when there's a new Kubernetes version supported by EKS, your NodeGroup should automatically update based on the gradually rollout by AWS.