Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature] [Upgrade nodegroup] Update Bottlerocket nodes to latest AMI release version #6766

Closed
cloudkarthik99 opened this issue Jul 6, 2023 · 6 comments · Fixed by #6923
Closed

[Feature] [Upgrade nodegroup] Update Bottlerocket nodes to latest AMI release version #6766

cloudkarthik99 opened this issue Jul 6, 2023 · 6 comments · Fixed by #6923
Assignees
@TiberiuGC
Labels
kind/feature New feature or request needs-investigation priority/important-longterm Important over the long term, but may not be currently staffed and/or may require multiple releases

Comments

@cloudkarthik99
Copy link

cloudkarthik99 commented Jul 6, 2023
edited
Loading

What were you trying to accomplish?

Trying to update private EKS cluster bottlerocket nodegroup with the latest bottlerocket AMI version in the same Kubernetes Version

What happened?

eksctl upgrade nodegroup is not fetching the latest Bottlerocket AMI while it successfully does for AmazonLinux2 AMI (even when not provisining releaseVersion parameter in cluster config for AL2 NG) saying:

unchanged fields for nodegroup apigw-xlarge: the following fields remain unchanged; they are not supported by `eksctl update nodegroup`: AMIFamily, InstanceType, ScalingConfig, Labels, PrivateNetworking, Tags, IAM, ReleaseVersion

How to reproduce it?

  1. create a EKS managed nodegroup with the old bottlerocket AMI version using the below config
  2. Upgrade using eksctl upgrade npdegroup passing new AMI version in the releaseVersion parameter
  3. eksctl upgrade nodegroup is updating to latest AMI version only when nodegroup name changes or K8s version updates

eksctl cluster config:

cluster_config = <<CLUSTERCONFIG
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig

metadata:
  name: ${local.ressources_name}
  region: ${local.region}
  tags: ${jsonencode(local.common_tags)}
  version: "${var.version}" #1.23

vpc:
  subnets:
    private:
  %{for item in data.aws_subnet.vpc_subnets~}
    ${item.availability_zone}: { id: ${item.id} }
  %{endfor~}

managedNodeGroups:
  - name: ${var.nodegroup_name}
    labels: { 
      role: workers,
      project: ${lower(var.tag_project)},
      application: ${replace(lower(var.tag_application), " ", "_")},
      environment: ${local.environment}, 
      classification: ${lower(local.classification)}, # TEST or PROD
      region: ${lower(local.region)},
      k8s_dns_name: ${local.k8s_dns_name},}
    }
    instanceType: ${var.eks_instance_type}     #t3.xlarge
    minSize: ${var.eks_min_size}
    maxSize: ${var.eks_max_size}
    desiredCapacity: ${var.eks_desired_capacity}
    updateConfig:
      # https://eksctl.io/usage/eks-managed-nodes/#handling-parallel-upgrades-for-nodes
      maxUnavailablePercentage: 50
    amiFamily: ${var.ami_family}  # Bottlerocket or AmazonLinux2
    releaseVersion: 1.13.4-f549851d #old AMI Version 
    privateNetworking: true
    tags: ${jsonencode(local.common_tags)}
    iam:
      withAddonPolicies:
        autoScaler: true
        externalDNS: true
        certManager: true
        cloudWatch: true
        imageBuilder: true

cloudWatch:
  clusterLogging:
    enableTypes: ["audit", "authenticator"]

addons:
- name: aws-ebs-csi-driver
  
  CLUSTERCONFIG
}

terraform data module:

data "aws_ssm_parameter" "ami_version" {
  name = "/aws/service/bottlerocket/aws-k8s-${var.eks_version}/x86_64/latest/image_version"
}

eksctl commands:

eksctl upgrade nodegroup --name="${nodegroup_name}" --cluster="${cluster_name}" --region="${region}" --kubernetes-version="${cluster_version}"

eksctl update nodegroup -f "${config_file}"

Anything else we need to know?
Everytime we run the CI/CD pipeline, the eksctl commands get executed to create the cluster, nodegroup and upgrade nodegroup and update nodegroup commands and the cloudformation stack is checking for the latest AL2 AMI version if present and updates the EKS node group to the latest AMI releaseversion (when and only we run the pipeline not auto updates) which is not happening for Bottlerocket AMI

We don't want to stick to any particular AMI version but we want to have latest AMI release versions for the same k8s version when available and we dont want to use any operators like bottlerocket update operator as we dont want any auto updates happening.

Bottlerocket nodegroup is updating only when we change the nodegroup name or kubernetes version.

Versions
Bottlerocket OS 1.13.4 (aws-k8s-1.23)
eksctl version=0.141.0
@github-actions
Copy link
Contributor

github-actions bot commented Jul 6, 2023

Hello remo1435 👋 Thank you for opening an issue in eksctl project. The team will review the issue and aim to respond within 1-5 business days. Meanwhile, please read about the Contribution and Code of Conduct guidelines here. You can find out more information about eksctl on our website

@cloudkarthik99
Copy link
Author

@cPu1 I saw that you worked on related bottlerocket issues previously. Just tagging you so that may be you could help or suggest any workaround

@cloudkarthik99
Copy link
Author

#4666
I just wanted to mention this issue as it seems to be bit related with my issue. If not please remove it.

When I checked my CNF template of AmazonLinux2 EKS nodegroup and Bottlerocket EKS nodegroup, the default difference is ReleaseVersion parameter is absent by default in bottlerocket CNF template (I could pass the releaseVersion parameter in cluster config as I explained above but the AMI version has to be hardocoded but we want the AMI version to be latest and it should check automatically for the version (just like for AL2 )

AmazonLinux2 CNF template:

 "ManagedNodeGroup": {
      "Type": "AWS::EKS::Nodegroup",
      "Properties": {
        "AmiType": "AL2_x86_64",
        "ClusterName": "al2-cluster",
        "ForceUpdateEnabled": false,
        "InstanceTypes": [
          "t3.xlarge"
        ],
        
        "NodegroupName": "al2-nodegroup",
        "ReleaseVersion": "1.23.17-20230607",
        "ScalingConfig": {
          "DesiredSize": 3,
          "MaxSize": 6,
          "MinSize": 3
        },

Bottlerocket CNF template:

"ManagedNodeGroup": {
      "Type": "AWS::EKS::Nodegroup",
      "Properties": {
        "AmiType": "BOTTLEROCKET_x86_64",
        "ClusterName": "bottlerocket-cluster",
        "ForceUpdateEnabled": false,
        "InstanceTypes": [
          "t3.xlarge"
        ],
        
        "LaunchTemplate": {
          "Id": {
            "Ref": "LaunchTemplate"
          }
        },
        "NodegroupName": "bottlerocket-ng",
        "ScalingConfig": {
          "DesiredSize": 3,
          "MaxSize": 4,
          "MinSize": 3
        },

@TiberiuGC TiberiuGC changed the title eksctl upgrade nodegroup fails to update bottlerocket latest AMI in EKS clusters [Feature] Update bottlerocket nodes to latest AMI when using eksctl upgrade nodegroup command Jul 12, 2023
@TiberiuGC TiberiuGC added kind/feature New feature or request and removed kind/bug labels Jul 12, 2023
@TiberiuGC
Copy link
Contributor

TiberiuGC commented Jul 12, 2023
edited
Loading

Hi @remo1435 , indeed seems like updating to latest AMI release version is currently only supported for AL2 images (see code snipped below).

https://github.com/weaveworks/eksctl/blob/0feb86cd2bd6b8872e658735b5300bbe048c439d/pkg/ami/ssm_resolver.go#L82-L93

I don't know yet whether there are any deterrents in having the same behaviour for other AMI families. I've marked this as a feature request. Will discuss it internally and come back to you.

@TiberiuGC TiberiuGC changed the title [Feature] Update bottlerocket nodes to latest AMI when using eksctl upgrade nodegroup command [Feature] [Upgrade nodegroup] Update Bottlerocket nodes to latest AMI release version Jul 12, 2023
@Himangini Himangini added needs-investigation priority/important-longterm Important over the long term, but may not be currently staffed and/or may require multiple releases labels Jul 18, 2023
@Himangini
Copy link
Contributor

Spike: To come up with a proposal for this feature and understand any limitations
Timebox: 1-2 days
Document findings here

@TiberiuGC TiberiuGC self-assigned this Aug 3, 2023
@TiberiuGC TiberiuGC mentioned this issue Aug 7, 2023
Merged
7 tasks
@TiberiuGC
Copy link
Contributor

Spike: To come up with a proposal for this feature and understand any limitations Timebox: 1-2 days Document findings here

Moving forward with implementing this, as the complexity is fairly low and there don't seem to be any blockers.

@yuxiang-zhang yuxiang-zhang mentioned this issue Mar 18, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@TiberiuGC TiberiuGC

Labels
kind/feature New feature or request needs-investigation priority/important-longterm Important over the long term, but may not be currently staffed and/or may require multiple releases
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update Bottlerocket image version on nodegroup upgrade TiberiuGC/eksctl
3 participants
@Himangini @cloudkarthik99 @TiberiuGC