AWS Logo
Menu

Amazon EKS Upgrade release notes (v1.28 to v1.29)

Key items to keep in mind for EKS version upgrade from v1.28 to v1.29

Gladwin Neo
Amazon Employee
Published Nov 28, 2024

Overview

As one of the largest and most popular open-source projects for building cloud-native applications, the Kubernetes project is continually integrating new features, design requests, and bug fixes through version upgrades. New version updates are available on average every three months.
Amazon Elastic Kubernetes Service (EKS) is a managed Kubernetes platform provided by AWS to enable customers to deploy, manage, and scale Kubernetes clusters on the AWS Cloud. As EKS is based on open-source Kubernetes, AWS constantly updates EKS to ensure compatibility with the latest version of Kubernetes, while providing backward compatibility for older versions.
At AWS, Containers Specialists work closely with customers daily to help them with the migration and upgrades of large-scale EKS deployments. In this simple blog post, we have consolidated a list of key items to take note of as you go through the EKS upgrade from v1.28 to v1.29.

Dependencies & Considerations

1. API Deprecations

The flowcontrol.apiserver.k8s.io/v1beta2 API version of FlowSchema and PriorityLevelConfiguration is no longer served in Kubernetes v1.29. If you have manifests or client software that uses this deprecated beta API group, you should change these before upgrading to v1.29.

2. Node Status Field Deprecation

The .status.kubeProxyVersion field for node objects is now deprecated. The Kubernetes project is proposing to remove this field in a future release. This field has not been accurate and has historically been managed by kubelet, which doesn't actually know the kube-proxy version or whether kube-proxy is running. If you've been using this field in client software, it's recommended to stop as the information isn't reliable.

3. Legacy Service Account Token Cleanup

Kubernetes v1.29 introduces the LegacyServiceAccountTokenCleanUp feature to reduce potential attack surfaces. This feature labels legacy auto-generated secret-based tokens as invalid if they haven't been used for a long time (1 year by default) and automatically removes them if use is not attempted for a long time after being marked as invalid (1 additional year by default). You can identify such tokens by running: kubectl get cm kube-apiserver-legacy-service-account-token-tracking -n kube-system

Add-on Version Requirements

Add-onRecommended version for EKS cluster v1.27
VPC CNIv1.18.6-eksbuild.1
CoreDNSv1.11.3-eksbuild.1
kube-proxyv1.29.9-minimal-eksbuild.1
Please refer to the following reference links for add-on versions, pre-requisites and update instructions
Apart from the above mentioned core add-ons, you might also be running other add-ons like AWS Load Balancer controller, EBS CSI driver, Cluster Autoscaler, Karpenter, Prometheus, etc. These add-ons will also need to be validated individually for version compatibility.
For more best practices on EKS Cluster Upgrades, refer to the official AWS EKS documentation here.

About the Author

Gladwin Neo, Associate Containers Specialist Solutions Architect, AWS Singapore

Gladwin Neo is a Containers Solutions Architect at AWS. He is a tech enthusiast with a passion for containers. He is now focusing on helping customers from a wide range of industries to modernize their workloads through the use of Containers technologies in AWS which includes Elastic Container Service (ECS) and Elastic Kubernetes Service (EKS).
 

Any opinions in this post are those of the individual author and may not reflect the opinions of AWS.

Comments