Profile Applicability:
Level 1
Description:
In Amazon Elastic Kubernetes Service (EKS), as well as other managed Kubernetes platforms, it is important to ensure that your Kubernetes clusters run on a supported version to maintain security, stability, and compatibility with the latest features. Kubernetes releases frequent updates that include security patches, new features, bug fixes, and performance improvements. Running a supported version ensures that your cluster can take advantage of these updates while maintaining compliance with security standards.
A supported Kubernetes version guarantees that you have access to necessary security patches and can avoid potential vulnerabilities associated with outdated versions. AWS and other cloud providers typically support specific versions of Kubernetes for a set period after their release, after which those versions are deprecated.
Rationale:
Running a supported version of Kubernetes provides the following benefits:
Security: Ensures your cluster is protected from known vulnerabilities by receiving timely patches and updates.
Feature Access: You gain access to the latest Kubernetes features and enhancements.
Compliance: Many regulatory frameworks and security standards require that you maintain up-to-date software for compliance.
Stability: Running supported versions minimizes the risk of running into bugs or issues that have been fixed in newer releases.
Maintaining Kubernetes versions within the supported lifecycle is a best practice to ensure your cluster remains secure and functional.
Impact:
Pros:
Improved Security: Protection against known vulnerabilities by ensuring timely patching and updates.
Access to New Features: Ability to leverage new features, APIs, and functionality in Kubernetes releases.
Compliance: Helps meet regulatory and security requirements by using supported software versions.
Stability: Reduces the risk of compatibility issues and bugs that may arise from using outdated versions.
Cons:
Upgrade Complexity: Upgrading Kubernetes versions may involve changes to existing resources, application code, or configurations, requiring thorough testing.
Downtime Risk: There could be a risk of downtime or service disruptions during the upgrade process, depending on the approach taken.
Default Value:
By default, Kubernetes clusters are created with a specific version that AWS EKS or other cloud providers support at the time. These clusters should be manually updated according to the supported version lifecycle and AWS guidelines for Kubernetes versions.
Pre-requisite:
AWS IAM Permissions:
eks:DescribeCluster
eks:UpdateClusterVersion
eks:ListUpdates
eks:CreateCluster
eks:UpdateClusterConfig
AWS CLI installed and configured.
Basic knowledge of Kubernetes versions and EKS configuration.
Remediation
Test Plan:
Using AWS Console:
Sign in to the AWS Management Console.
Navigate to EKS under Services.
In the EKS Dashboard, select your Kubernetes cluster.
Under Cluster Version, check if the current version is one of the supported versions.
If the Kubernetes version is not supported, upgrade the cluster to a supported version:
Go to Cluster Configuration and click on Update Version.
Select a supported Kubernetes version from the dropdown and follow the prompts to upgrade.
Using AWS CLI:
To check the current Kubernetes version of your cluster, run:
aws eks describe-cluster --name <cluster-name> --query "cluster.version"
To see a list of available supported versions for your cluster, run:
aws eks describe-cluster-version --name <cluster-name> --query "cluster.version"
To upgrade your Kubernetes version to a supported one, run:
aws eks update-cluster-version --name <cluster-name> --kubernetes-version <new-version>
Verify the update by running:
aws eks describe-cluster --name <cluster-name> --query "cluster.version"
Implementation Steps:
Using AWS Console:
Log in to the AWS Management Console and navigate to Amazon EKS.
Select your cluster from the EKS Dashboard.
In the Cluster Configuration section, verify that your cluster is running a supported version of Kubernetes.
If your version is deprecated, click on Update Version and select the latest supported version.
Follow the prompts to upgrade the cluster.
Once the upgrade is complete, verify the new version in the Cluster Version section.
Using AWS CLI:
Check the current Kubernetes version:
aws eks describe-cluster --name <cluster-name> --query "cluster.version"
If the version is not supported, run the following to upgrade the cluster to the latest supported version:
aws eks update-cluster-version --name <cluster-name> --kubernetes-version <new-version>
To verify the version update:
aws eks describe-cluster --name <cluster-name> --query "cluster.version"
Monitor the upgrade process and ensure the cluster is functioning as expected after the version upgrade.
Backout Plan:
Console Process
Check Kubernetes Version:
Go to your Kubernetes cluster in the management console (e.g., EKS, AKS, GKE).
Find and note the current Kubernetes version.
Upgrade Cluster:
If your version is outdated, use the Upgrade option available in the console for your cloud provider.
CLI Process
Check Current Version:
kubectl version --short
Upgrade Cluster:
For AWS EKS:
aws eks update-cluster-version --name <cluster-name> --kubernetes-version <new-version>
For Azure AKS:
az aks upgrade --resource-group <resource-group> --name <cluster-name> --kubernetes-version <new-version>
For Google GKE:
bash
gcloud container clusters upgrade <cluster-name> --master --cluster-version <
Note :
Version Compatibility: Always ensure that your applications and workloads are compatible with the new Kubernetes version before upgrading. Test the upgrade in a staging environment before applying it to production.
Backup: Ensure that critical data or configurations are backed up prior to the upgrade to avoid data loss or configuration issues.