Upgrading Kubernetes Worker Nodes in GKE, AKS, and EKS
Upgrading Kubernetes Worker Nodes in GKE, AKS, and EKS
This article walks you through the commands for updating the worker nodes in GKE, AKS, and EKS.
Join the DZone community and get the full member experience.Join For Free
Kubernetes is a popular container orchestration platform that you can deploy on-premise or in the cloud. In this article, you will learn about Kubernetes upgrade options in Google Kubernetes Engine (GKE), Azure Kubernetes Service (AKS), and Amazon Elastic Container Service for Kubernetes (EKS).
What is a Kubernetes Cluster?
A cluster is a unit that includes several Kubernetes pods. A pod is a set of containers, with facilities to allow containers to communicate and share data between them. A cluster consists of the following components:
API server—A REST interface that can be accessed by Kubernetes resources.
Controller manager—Checks the current cluster state, compares it to the desired state and makes changes if necessary. For example, adding or removing pods to meet current loads.
Scheduler—Runs containers within a cluster, according to the policies you define in a cluster configuration, usually tied to resources required by workloads running on the cluster, or certain metrics used as triggers for scaling operations.
Kubelet—An agent that runs on every node and communicates with the cluster.
Kube-proxy—A full TCP proxy that enables nodes to communicate with the cluster and one another.
Etcd—Stores configuration data for the cluster.
Upgrading a Kubernetes Cluster
When a new Kubernetes version is released, you need to upgrade your clusters to keep up with security updates and enjoy new features. Upgrading a cluster can be a surprisingly complex operation. It has two major parts:
Upgrading the cluster—This involves several steps, including setting security policies, updating cluster version, patching kube-proxy, and updating networking components such as DNS and VPN.
Upgrading the worker nodes—This is typically performed using a rolling upgrade. You launch new nodes with the new version, and transition workloads to the new node pool.
In this article the focus is on the second part, upgrading the worker nodes. We’ll show how to do this in three popular Kubernetes cloud services—Google Kubernetes Engine (GKE), Amazon Kubernetes Service (AKS) and Elastic Kubernetes Service (EKS), also from Amazon. See this extensive guide to upgrading the Kubernetes cluster.
Upgrading Worker Nodes in a GKE Cluster
Here is how to perform a rolling update of worker nodes in a Kubernetes cluster running on GKE.
1. Creating the New Node Pool
To create the new node pool, run this command (here we are giving the new pool the name “pool-two”).
gcloud container node-pools create pool-two
2. Move Workloads from The Old Pool
First, cordon each of the old nodes to prevent new pods from being scheduled to them:
kubectl cordon <node_name>
You can now start to remove pods from the old nodes, and they will be automatically scheduled on the new nodes.
Finally, drain each of the old nodes, deleting any pods that still remain on the node:
kubectl drain <node_name> --force
3. Delete the Old Pool
Verify that all pods have safely moved to the new node pool, and delete the old pool using the following command (replacing the bolded text with the name of your existing pool).
gcloud container node-pools delete default-pool
Upgrading Worker Nodes in an AKS Cluster
An AKS cluster upgrade automatically triggers a cordon and drain of your nodes (like we saw above in GKE, but there the process is manual). If you do not have enough compute resources supporting the cluster, the operation can fail. Make sure to pause the cluster autoscaler, if you are using one, because it can conflict with the Kubernetes upgrade.
Here is how to perform an upgrade on AKS:
1. Check for Available Cluster Upgrades
To check which Kubernetes releases are available, use the command:
az aks get-upgrades
If no upgrade is available, you will get a
Table output unavailable error.
2. Upgrade the AKS Cluster
Use the following command to upgrade:
az aks upgrade
During the upgrade process, AKS adds a new node to the cluster with the required Kubernetes version, and then cordons and drains one of the old nodes. It does this one by one to avoid disruption to running services. When pods successfully move over to the new node, it creates another new node, and so on, until all workloads have migrated.
You can confirm the upgrade status by using:
az aks show
Upgrading Worker Nodes in an Amazon EKS Cluster
First, review the official documentation to see how to upgrade the cluster in Amazon EKS — it is quite involved. Once that is done, here is how to do an update of the worker nodes.
EKS can perform a rolling update of the nodes, like we saw above. However, it provides one additional, cleaner method: update the AWS CloudFormation stack for an existing worker node. This is not supported for worker node groups created using the eksctl utility—learn how to update an existing node group. Below we cover the regular rolling update method.
To perform a rolling update to a new node group using eksctl:
Install eksctl with version 0.11.1 or higher.
Use this command to get names of existing worker node groups (replace bolded text with your cluster name):
eksctl get nodegroups --cluster=default
Launch a new worker node group using the following command (replace bolded text with your own values):
Use the following command to ensure all worker nodes have successfully migrated and are "ready":
kubectl get nodes
Delete the original node group using this command (replacing bolded text with your node group and cluster name):
eksctl delete nodegroup --cluster default --name standard-workers
Upgrades are a crucial element of software development, maintenance, and security. In Kubernetes, you can upgrade a cluster or upgrade worker nodes. Hopefully, if you reached the end of this article, you have the information needed to upgrade clusters in GKE, AKS, or EKS. For more comprehensive instructions, you can take a look at the official documentation offered by each cloud provider.
Opinions expressed by DZone contributors are their own.