Rolling Cluster Node Upgrades for AWS EKS
Project Status: Used in production at Tenjin, some caveats apply.
Apply security fixes, rollout new Kubernetes versions, or replace faulty nodes on AWS.
In general terms:
- You run Kubernetes via AWS EKS
- Your cluster is made up of EC2 Auto Scaling Groups (ASG)
- You want to replace one or all nodes in those ASGs (e.g. to activate a new launch configuration)
- The replacement has to be done gracefully, node-by-node, and respects availability constraints in your cluster
You can run this tool from your CI or locally. Typically we bundle it as a script and inject secrets within the CI.
Example using standard AWS SDK credentials and an assumed role:
#!/bin/bash
set -ex
docker run --rm -it \
-e ACCESS_KEY_ID=${ACCESS_KEY_ID:?}
-e SECRET_ACCESS_KEY=${SECRET_ACCESS_KEY:?}
-e ROLE_ARN=${ROLE_ARN:?}
-e CLUSTER=your-cluster-name \
-e AUTOSCALING_GROUPS=${AUTOSCALING_GROUP:?} \
rotate-eks-asg:latest