ishenwei/nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
feea929082175a2df7332ffbc87fdabb7dd7d4ca
nexus/knowledgebase/csd-wiki/ICSD/EKS-upgrade-from-version-1.29-to-1.30_709421239.md
weishen 3f2e1765d8 Auto-sync: 2026-04-18 17:09
2026-04-18 17:09:43 +08:00

2.6 KiB
Raw Blame History

EKS-upgrade-from-version-1.29-to-1.30_709421239

  1. Upgrade coredns,kube-proxy,aws-node add-ons before EKS upgrade.

    https://docs.aws.amazon.com/eks/latest/userguide/managing-coredns.html
    https://docs.aws.amazon.com/eks/latest/userguide/managing-vpc-cni.html
    https://docs.aws.amazon.com/eks/latest/userguide/managing-kube-proxy.html

    If custom networking(non-routable CIDR) is enabled on this farm, please re-enable it after updating VPC CNI plugin.
    kubectl set env daemonset aws-node -n kube-system AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG= true

  2. Upgrade EKS Cluster from 1.30 to 1.31,you may refer to How to upgrade EKS in SaaS

  3. Run attached script,it will automatically create New Worker nodes and add tags. nohup sh create-eks-worker.sh &

  4. Taint all the 1.30 worker nodes
    nodes=$(kubectl get nodes | grep -i v1.``30 | awk  '{print $1}'``)
    for node in $nodes
    do
    kubectl taint nodes ${node} podReScheduler=value:NoSchedule

    done

  5. Upgrade ESM 25.2.2 for OMT,SMAX,CMS,OOMT and Audit.

  6. Check if there is any pods still on 1.30 worker nodes,if so,manually restart it. nodes=$(kubectl get nodes | grep -i v1.``30 | awk  '{print $1}'``)
    for node in $nodes
    do
    kubectl get po -o wide -A | grep -i $node | grep -v  'aws-node-\|kube-proxy-\|ebs-csi-node\|twistlock-defender\|itom-prometheus-node-exporter-\|itom-throttling-controller\|Completed' | awk  '{print $1,$2}'
    done Or you can use attached script to rolling restart the pods by namespace
    Usage: ./rollingMigratePodsByNamespace.sh namespace1 namespace2 . .
    nohup sh rollingMigratePodsByNamespace.sh audit core kube-system &

  7. Terminate old 1.29 worker nodes

  8. After all old worknodes not displayed in the output of: kubectl get no, install qualys agents on the new worknodes, you can achieve this by copying the attached shell script to bastion and run it with(except for us24-prod): sh install_qualys_agent.sh

  9. SSH to one of the new worknode, check the qualys is installed by typing: service qualys-cloud-agent status

Reference in New Issue View Git Blame Copy Permalink