1. Auto-upgrading EKS NodeGroup to maintain the latest Kubernetes version

    TypeScript

    Auto-upgrading an Amazon EKS (Elastic Kubernetes Service) NodeGroup to maintain the latest Kubernetes version can be handled by Pulumi through its AWS provider. When creating an EKS NodeGroup, you can specify the desired Kubernetes version for your nodes or leave it undefined to default to the EKS Cluster's version. To auto-upgrade, you should use the AWS native provider's aws.eks.NodeGroup resource, setting the version property to track the EKS Cluster Kubernetes version.

    Below I will show you a Pulumi program in TypeScript that sets up an EKS Cluster with a NodeGroup that will auto-upgrade to maintain the cluster's Kubernetes version. The program uses the aws.eks.NodeGroup resource and its updateConfig property, which defines the upgrade strategy when a new Kubernetes version is available.

    Here's a detailed breakdown of the steps the Pulumi program will perform:

    1. Create an EKS Cluster.
    2. Define an IAM Role and Instance Profile for the EKS NodeGroup.
    3. Create an EKS NodeGroup associated with the cluster, with auto-upgrade configured.

    Please note that AWS might not immediately update nodes to the latest version upon release due to their gradual rollout approach. However, with this setup, your NodeGroup will automatically upgrade as updates are made available by AWS for your region.

    Now, let's go through the Pulumi TypeScript code which accomplishes this setup:

    import * as aws from "@pulumi/aws"; import * as pulumi from "@pulumi/pulumi"; import * as awsx from "@pulumi/awsx"; // Create an EKS cluster. const cluster = new aws.eks.Cluster("my-cluster", { // ... other configuration ... }); // IAM Role for our NodeGroup const nodegroupRole = new aws.iam.Role("nodegroupRole", { assumeRolePolicy: aws.iam.assumeRolePolicyForPrincipal({ Service: "ec2.amazonaws.com" }), }); // Attaching the AmazonEKSWorkerNodePolicy to the role new aws.iam.RolePolicyAttachment("nodegroupRolePolicyAttachment", { role: nodegroupRole, policyArn: aws.iam.ManagedPolicy.AmazonEKSWorkerNodePolicy, }); // ... add additional policies as needed ... // NodeGroup Instance Profile const nodegroupInstanceProfile = new aws.iam.InstanceProfile("nodegroupInstanceProfile", { role: nodegroupRole, }); // Create an EKS Node Group that auto-upgrades. const nodeGroup = new aws.eks.NodeGroup("my-nodegroup", { clusterName: cluster.name, nodeRoleArn: nodegroupRole.arn, subnetIds: awsx.ec2.Vpc.getDefault().publicSubnetIds, scalingConfig: { desiredSize: 2, maxSize: 3, minSize: 1, }, // Enabling auto-upgrade updateConfig: { // Here you can specify maxUnavailable or maxUnavailablePercentage maxUnavailable: 1, }, }, { dependsOn: [cluster] }); // Export the cluster's kubeconfig. export const kubeconfig = cluster.kubeconfig;

    In the above program:

    • We set up an EKS cluster. You need to provide additional configuration options based on your requirements, such as the VPC and subnets where the cluster should operate.
    • We create an IAM Role and Instance Profile which will be used by the worker nodes of the NodeGroup. The role is assigned the AmazonEKSWorkerNodePolicy and potentially other policies that grant the required permissions for EKS nodes.
    • We create an EKS NodeGroup with scalingConfig to define the size of the group. In the updateConfig, we set maxUnavailable to 1, which means during an update, one node at a time can be unavailable.
    • The kubeconfig is exported to allow you to interface with your cluster using kubectl.

    Make sure to replace // ... other configuration ... with your specific configuration options, such as specifying the VPC and subnets if not using the default ones provided by Pulumi.

    With this Pulumi program, you can run pulumi up to deploy these resources to AWS, and when there's a new Kubernetes version supported by EKS, your NodeGroup should automatically update based on the gradually rollout by AWS.