Eksctl: eskctl upgrade cluster with DaemonSets
I am upgrading my EKS cluster from K8S 1.11 to 1.12 using eksctl.
As outlined in the help documentation I first updated the Control plane
eksctl update cluster --name=<clusterName>
This went off successfully.
Then I created the new Nodegroup
eksctl create nodegroup --cluster=<clusterName>
This was successful as well.
Then I executed the deletion of the old Node group
eksctl delete nodegroup --cluster=<clusterName> --name=<oldNodeGroupName>
This gave the following output:
[ℹ] combined include rules: ng-0d367cb7
[ℹ] 1 nodegroup (ng-0d367cb7) was included (based on the include/exclude rules)
[ℹ] will delete 1 nodegroups from auth ConfigMap in cluster "vtest"
[!] removing nodegroup from auth ConfigMap: instance role ARN "..." not found in auth ConfigMap
[ℹ] will drain 1 nodegroups in cluster "vtest"
[!] ignoring DaemonSet-managed Pods: default/falco-vtxh5, kube-system/aws-node-6fdjc, kube-system/kube-proxy-jswn9
[!] ignoring DaemonSet-managed Pods: default/falco-zh9v2, kube-system/aws-node-hplzg, kube-system/kube-proxy-8wsxw
[✖] Cannot evict pod as it would violate the pod's disruption budget.
In general is there anything specific needs to be done to handle DaemonSets during the upgrade?
venkyvb
All 2 comments
@venkyvb I don’t think it is the DaemonSets holding you up here. They are being ignored and don’t usually have PDB’s anyway. Probably some other service is all on that nodegroup, e.g. nginx-ingress or something else with a Pod Disruption Budget. Try moving the Pod off the nodes yourself, by draining or deleting them. Then try again. Or, if this is safe for you apps, temporarily delete the PDB and restore later.
whereisaaron
on 13 Sep 2019
@whereisaaron You are absolutely right !! I got distracted by the DaemonSet message and the issue was actually related to PDB. Thanks for the pointer !!
venkyvb
on 13 Sep 2019
Related issues
errordeveloper
·
4Comments
dewittcx
·
3Comments
jcleal
·
4Comments
whereisaaron
·
4Comments
KevinMonk
·
3Comments
Most helpful comment
@venkyvb I don’t think it is the DaemonSets holding you up here. They are being ignored and don’t usually have PDB’s anyway. Probably some other service is all on that nodegroup, e.g.
nginx-ingressor something else with a Pod Disruption Budget. Try moving the Pod off the nodes yourself, by draining or deleting them. Then try again. Or, if this is safe for you apps, temporarily delete the PDB and restore later.