ishenwei/nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a96baa8fb732f5cfcd1dc7fbc4ca7660c8f320e7
nexus/knowledgebase/csd-wiki/ICSD/EKS-upgrade-from-version-1.29-to-1.30_709421239.md
weishen 3f2e1765d8 Auto-sync: 2026-04-18 17:09
2026-04-18 17:09:43 +08:00

33 lines
2.6 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# EKS-upgrade-from-version-1.29-to-1.30_709421239
1. Upgrade coredns,kube-proxy,aws-node add-ons before EKS upgrade.
[https://docs.aws.amazon.com/eks/latest/userguide/managing-coredns.html](https://docs.aws.amazon.com/eks/latest/userguide/managing-coredns.html "https://docs.aws.amazon.com/eks/latest/userguide/managing-coredns.html")
[https://docs.aws.amazon.com/eks/latest/userguide/managing-vpc-cni.html](https://docs.aws.amazon.com/eks/latest/userguide/managing-vpc-cni.html "https://docs.aws.amazon.com/eks/latest/userguide/managing-vpc-cni.html")
[https://docs.aws.amazon.com/eks/latest/userguide/managing-kube-proxy.html](https://docs.aws.amazon.com/eks/latest/userguide/managing-kube-proxy.html "https://docs.aws.amazon.com/eks/latest/userguide/managing-kube-proxy.html")
**If custom networking(non-routable CIDR) is enabled on this farm, please re-enable it after updating VPC CNI plugin.**
`kubectl set env daemonset aws-node -n kube-system AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG=` `true`
2. Upgrade EKS Cluster from 1.30 to 1.31,you may refer to [How to upgrade EKS in SaaS](https://rndwiki.houston.softwaregrp.net/confluence/display/SMA/How+to+upgrade+EKS+in+SaaS)
3. Run attached script,it will automatically create New Worker nodes and add tags.
`nohup sh create-eks-worker.sh &`
4. Taint all the 1.30 worker nodes
`nodes=$(kubectl get nodes | grep -i v1.``30` `| awk ` `'{print $1}'``)`
`for` `node in $nodes`
`do`
`kubectl taint nodes ${node} podReScheduler=value:NoSchedule`
`done`
5. Upgrade ESM 25.2.2 for OMT,SMAX,CMS,OOMT and Audit.
6. Check if there is any pods still on 1.30 worker nodes,if so,manually restart it.
`nodes=$(kubectl get nodes | grep -i v1.``30` `| awk ` `'{print $1}'``)`
`for` `node in $nodes`
`do`
`kubectl get po -o wide -A | grep -i $node | grep -v ` `'aws-node-\|kube-proxy-\|ebs-csi-node\|twistlock-defender\|itom-prometheus-node-exporter-\|itom-throttling-controller\|Completed'` `| awk ` `'{print $1,$2}'`
`done`
Or you can use attached script to rolling restart the pods by namespace
`Usage: ./rollingMigratePodsByNamespace.sh namespace1 namespace2 . .`
`nohup sh rollingMigratePodsByNamespace.sh audit core kube-system &`
7. **Terminate old 1.29 worker nodes**
8. After all old worknodes not displayed in the output of: kubectl get no, install qualys agents on the new worknodes, you can achieve this by copying the attached shell script to bastion and run it with(except for us24-prod): sh install\_qualys\_agent.sh **<farmName>**
9. SSH to one of the new worknode, check the qualys is installed by typing: **service qualys-cloud-agent status**
Reference in New Issue View Git Blame Copy Permalink