EKS Support for Kubernetes 1.12 #24
Comments
|
The day preceding this issue's creation, k8s v1.13 was released. Is there a reason to work toward v1.12 rather than v1.13? |
|
i suspect the upgrade is incremental/ ladder mode ? |
|
Also will it have HPA (Horizontal Pod Autoscaling) support by default ? since EKS using 1.11 still does not have this feature. |
|
Also, for myself, I'm really excited to be able to drop my I'm happy to do these incremental upgrades as long as this public roadmap continues to be maintained—I'm guessing that the EKS team is working on finding ways to make the release process / cycle a bit tighter (it seems like 1.11 was kind of rushed because of the sec concerns, though the upgrade was quite smooth for both my clusters), and it will take a few more before it's seamless and EKS catches up to stable K8s. |
@omerfsen yes it does. |
|
Too late for 1.12, 1.13 is GA for two months already. Kubernetes has usually had four releases per year, in 2019 it is moving to five releases per year (not counting patch releases). Does AWS have a policy or goal about this? E.g. does AWS aspire to release all releases within X months of GA, or else can customers count on at least X releases per year? |
|
It would be a good idea to at least know what the commitment is regarding the releases. I understand AWS needs to catch up to 1.12 and 1.13 first before it can focus on the long run. |
|
The k8s project supports backporting security fixes for three minor revisions, so that might be a good rule of thumb: https://kubernetes.io/docs/setup/version-skew-policy/ |
|
I assume that next month I don't think that AWS will backport security patches for versions not supported by the community. Please correct me if I am wrong. |
|
Yes the 1.14 release process started in November and releases next month (25 March). Alpha releases are available for EKS testing now and code freeze is 7 March (https://github.com/kubernetes/sig-release/tree/master/releases/release-1.14). EKS has been GA for a while, is recently ISO and PCI Compliant, and has an SLA commitment. All of that is fabulous stuff and no doubt a lot of legwork for the team 👏. Now it would great to see a plan or commitment from AWS for maintaining and regularly updating the EKS service. |
As one of the other commenters noted... as we need to support incremental upgrades we can't skip 1.12. The upstream community doesn't support skip-release upgrades, either. We are matching our release support cadence to community supported releases, so we do also need to support 1.12 since that is a project-supported release. |
|
Thanks for the info @countspongebob! So EKS users should expect to every project-supported release to arrive eventually. How about @dawidmalina's concern about the possibility even the newest EKS version is out of community security support? Will AWS back-port security patches in that case? Or do you intend to always have a supported version available? |
|
One of the reasons my team switched from kops to EKS was to get a more timely release train. I am hoping that EKS will at least keep up with the oldest supported release that is getting security patches. I was pleased with the speed of rollout of the critical security fix a few weeks back, but if we aren't on a maintained release, that's going to be a lot harder to do. |
|
Any update on this? We're going to be lagging pretty far behind if this doesn't get released anytime soon. |
|
We are expecting to support 1.12.6 once it is released by the community next week, assuming it passes our internal qualification criteria. |
|
Additional clarification / deeper dive on this. We have been waiting on 1.12.6 as this fixes an important Golang vulnerability by updating to Go 1.10.8.
|
|
1.12.6 was released today (https://github.com/kubernetes/kubernetes/releases/tag/v1.12.6); my team is excited to be able to knock now 3 prod-use-blocking bugs off our tracker that are caused simply by running an old version of Kubernetes. Fingers crossed we're still on track for an update this week? |
|
Has there been any movement on this &|| a 1.11.8 patch considering the public announcement here |
|
Possibly related: |
|
Any news? |
|
The EKS FAQ states AWS supports 1.10.11 and 1.11.5, so that should demonstrate back-ported support. The fact that GKE doesn't currently support a version of 1.12 for new clusters, and kops is still at 1.11 support, to me demonstrates that this isn't just an AWS issue and that the bug fixes coming 1.12.6 are worth waiting for. |
GKE does support https://cloud.google.com/kubernetes-engine/docs/release-notes |
|
That's my poor interpretation of the GKE release notes, I stand corrected - I can indeed select 1.12.5-gke.5 for a new cluster in GKE. Thanks @anurag. |
|
amazon-eks-node-1.12-v20190327 AMI in us-west-2 got just released. Hopefully this means we will get 1.12 today :) |
|
🎉 |
|
All - we’re super excited to announce that Amazon EKS now supports Kubernetes version 1.12 for all clusters. You can create new clusters using version 1.12.6 or update existing clusters to 1.12 using the console or APIs.
Please note with this version release, EKS now supports 3 versions of Kuberentes. Starting with the next version release (1.13), EKS will begin end of life for support of Kubernetes version 1.10. If you are running 1.10 clusters, we recommend beginning the process to update to 1.11. |
|
Also, |
|
Update eksctl to 0.1.26 from https://eksctl.io/ then: |
|
Hi there: I found you must forget put kubectl non-encoded version for linux amd64 on your s3 bucket please check it, thanks! |
|
@dinos80152 you can just use the normal |
|
yes, but the docs are broken now: also something went wrong here as well: |
|
@pawelprazak can you give us more details on the IAM authenticator issue? |
|
I was expecting the command would return an actual version instead of {}
…On Mon, Apr 1, 2019 at 7:28 PM Nate Taber ***@***.***> wrote:
@pawelprazak <https://github.com/pawelprazak> can you give us more
details on the IAM authenticator issue?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#24 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAC-6k8BQXjM7kI5MjrP-fGaIa48zga4ks5vckG-gaJpZM4ZFf-K>
.
|
|
@pawelprazak I checked and the AWS This comment on the Getting Started page was probably was true back for 1.10 but reality has clearly diverged since 😄
|
|
@tabern After migrating from 1.11 to 1.12 I now frequently get: kubernetes.client.rest.ApiException: (500)
E Reason: Internal Server Error
E HTTP response headers: HTTPHeaderDict({'Audit-Id': '8680fa4a-4b8d-4508-99fe-c72fe534c652', 'Content-Type': 'application/json', 'Date': 'Tue, 16 Apr 2019 03:18:33 GMT', 'Content-Length': '268'})
E HTTP response body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"Get https://192.168.162.254:10250/containerLogs/genghis-test-44b68da2-f40c-4856-95d4-688f265a3064/genghis-7cc677b5b5-8xh89/genghis: dial tcp 192.168.162.254:10250: i/o timeout","code":500}Is there additional info I could provide? |
|
@aparamon did you update your addons including CoreDNS and KubeProxy (https://docs.aws.amazon.com/eks/latest/userguide/update-cluster.html)? |
|
Ah, I relied on |
|
Nate, why do you think this could be related to add-ons? Also, is there a
better place to discuss this? A lot of folks are subscribed to this thread.
…On Tue, 16 Apr 2019, 5:01 pm Andrey Paramonov, ***@***.***> wrote:
Ah, I relied on eksctl to do that stuff correctly! Running eksctl utils
update-coredns additionally to eksctl cluster update seemingly did the
job. Thanks!
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#24 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAPWS9BB7bunZK_PqTw1qO6PpJv4dXVcks5vhfPqgaJpZM4ZFf-K>
.
|
|
When we upgrade the EKS cluster from 1.11 to 1.12 the master node will have a downtime, does anyone know if the applications on worker node too will have a downtime |
|
@pc-rshetty it really depends on what strategy you take when you upgrade your worker nodes to the latest 1.12 AMI and how you perform pod migration which depends on many variables including what PDBs you have setup, how many replicas of those pods are running, etc... |
|
It will be a rolling upgrade using Cloud Formation template . We have enough buffer to handle failed host so pods can get created on additional nodes. My concern more is in terms of scheduler, controller etc being upgraded and its effect on the pods on worker nodes. |
No they won't. Nothing changes on the worker nodes during this window. The containers keep running. You will just in theory lose access to the k8s API so |
|
@errordeveloper yes - we've been thinking about managed Addons for a while and I've created a new roadmap item to continue this discussion - #252 |
|
@tabern Unfortunately, I keep getting "i/o timeout" even after following the upgrade procedure manually: |
|
Any news and plans for support of k8s v1.12 ? |
|
1.12 and 1.13 are supported already.
…On Thu, 22 Aug 2019, 10:26 am StereoJ, ***@***.***> wrote:
Any news and plans for support of k8s v1.12 ?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#24?email_source=notifications&email_token=AAB5MS6OHNMCBELFGC5JSKTQFZLWDA5CNFSM4GIV76FKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD44PHMY#issuecomment-523826099>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAB5MS7FUOAGKLKDBMLBQG3QFZLWDANCNFSM4GIV76FA>
.
|
and others
No description provided.
The text was updated successfully, but these errors were encountered: