[EKS] [request]: Automatically updating and/or protecting core kube-system components #744
Labels
Duplicate / Merged
Duplicate issue
EKS
Amazon Elastic Kubernetes Service
Proposed
Community submitted issue
Community Note
Tell us about your request
Currently, after upgrading EKS we need to manually upgrade coredns/kube-proxy/cni plugin, as stated here https://docs.aws.amazon.com/eks/latest/userguide/update-cluster.html. Besides that, it is possible to change them in the cluster.
The advantages of this are that it is possible to adjust things and add custom information without the interference of AWS. Using an internal docker registry, for example, is possible.
Disadvantages are a manual upgrading process but also the fact that people can change anything and therefore break the cluster or run incompatible versions of components.
I am not saying locking the components completely down is the best way to do it but having a fully automated upgrade process would be much cleaner. But one can't go without the other, if they leave everything open but upgrade automatically then all changes might get lost. Maybe locking down the components but allowing certain things to be configured could be a compromise.
Note: I think it's good to get an understanding of why AWS hasn't protected these components and if they are planning to change this?
Which service(s) is this request for?
EKS
Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?
Upgrading a cluster means manual work on upgrading core kube-system components, this should be automatically done when EKS is upgraded.
The text was updated successfully, but these errors were encountered: