ishenwei/nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
vk/0237-ui
nexus/knowledgebase/csd-wiki/ICSD/EKS-upgrade-from-version-1.29-to-1.30_709421239.md
weishen 3f2e1765d8 Auto-sync: 2026-04-18 17:09
2026-04-18 17:09:43 +08:00

33 lines
2.6 KiB
Markdown
Raw Permalink Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# EKS-upgrade-from-version-1.29-to-1.30_709421239
1. Upgrade coredns,kube-proxy,aws-node add-ons before EKS upgrade.
[https://docs.aws.amazon.com/eks/latest/userguide/managing-coredns.html](https://docs.aws.amazon.com/eks/latest/userguide/managing-coredns.html "https://docs.aws.amazon.com/eks/latest/userguide/managing-coredns.html")
[https://docs.aws.amazon.com/eks/latest/userguide/managing-vpc-cni.html](https://docs.aws.amazon.com/eks/latest/userguide/managing-vpc-cni.html "https://docs.aws.amazon.com/eks/latest/userguide/managing-vpc-cni.html")
[https://docs.aws.amazon.com/eks/latest/userguide/managing-kube-proxy.html](https://docs.aws.amazon.com/eks/latest/userguide/managing-kube-proxy.html "https://docs.aws.amazon.com/eks/latest/userguide/managing-kube-proxy.html")
**If custom networking(non-routable CIDR) is enabled on this farm, please re-enable it after updating VPC CNI plugin.**
`kubectl set env daemonset aws-node -n kube-system AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG=` `true`
2. Upgrade EKS Cluster from 1.30 to 1.31,you may refer to [How to upgrade EKS in SaaS](https://rndwiki.houston.softwaregrp.net/confluence/display/SMA/How+to+upgrade+EKS+in+SaaS)
3. Run attached script,it will automatically create New Worker nodes and add tags.
`nohup sh create-eks-worker.sh &`
4. Taint all the 1.30 worker nodes
`nodes=$(kubectl get nodes | grep -i v1.``30` `| awk ` `'{print $1}'``)`
`for` `node in $nodes`
`do`
`kubectl taint nodes ${node} podReScheduler=value:NoSchedule`
`done`
5. Upgrade ESM 25.2.2 for OMT,SMAX,CMS,OOMT and Audit.
6. Check if there is any pods still on 1.30 worker nodes,if so,manually restart it.
`nodes=$(kubectl get nodes | grep -i v1.``30` `| awk ` `'{print $1}'``)`
`for` `node in $nodes`
`do`
`kubectl get po -o wide -A | grep -i $node | grep -v ` `'aws-node-\|kube-proxy-\|ebs-csi-node\|twistlock-defender\|itom-prometheus-node-exporter-\|itom-throttling-controller\|Completed'` `| awk ` `'{print $1,$2}'`
`done`
Or you can use attached script to rolling restart the pods by namespace
`Usage: ./rollingMigratePodsByNamespace.sh namespace1 namespace2 . .`
`nohup sh rollingMigratePodsByNamespace.sh audit core kube-system &`
7. **Terminate old 1.29 worker nodes**
8. After all old worknodes not displayed in the output of: kubectl get no, install qualys agents on the new worknodes, you can achieve this by copying the attached shell script to bastion and run it with(except for us24-prod): sh install\_qualys\_agent.sh **<farmName>**
9. SSH to one of the new worknode, check the qualys is installed by typing: **service qualys-cloud-agent status**
Reference in New Issue View Git Blame Copy Permalink