Help improve this page
Want to contribute to this user guide? Choose the Edit this page on GitHub link that is located in the right pane of every page. Your contributions will help make our user guide better for everyone.
Prepare for Kubernetes version upgrades with cluster insights
Amazon EKS cluster insights provide recommendations to help you follow Amazon EKS and Kubernetes best practices. Every Amazon EKS cluster undergoes automatic, recurring checks against an Amazon EKS curated list of insights. These insight checks are fully managed by Amazon EKS and offer recommendations on how to address any findings.
-
Before updating your cluster Kubernetes version, check the Cluster insights tab of the observability dashboard in the Amazon EKS console.
-
If your cluster has identified issues, review them and make appropriate fixes. The issues include links to Amazon EKS and Kubernetes.
-
After fixing issues, wait for the cluster insights to refresh. If all issues have been resolved, update your cluster.
Amazon EKS returns insights related to Kubernetes version upgrade readiness. Upgrade insights identify possible issues that could impact Kubernetes cluster upgrades. This minimizes the effort that administrators spend preparing for upgrades and increases the reliability of applications on newer Kubernetes versions. Clusters are automatically scanned by Amazon EKS against a list of possible Kubernetes version upgrade impacting issues. Amazon EKS frequently updates the list of insight checks based on reviews of changes made in each Kubernetes version release.
Amazon EKS upgrade insights speed up the testing and verification process for new versions. They also allow cluster administrators and application developers to leverage the newest Kubernetes capabilities by highlighting concerns and offering remediation advice. To see the list of insight checks performed and any relevant issues that Amazon EKS has identified, you can call the Amazon EKS ListInsights
API operation or look in the Amazon EKS console.
Cluster insights update periodically. You cannot manually refresh cluster insights. If you fix a cluster issue, it will take some time for cluster insights to update. To determine if a fix was successful, compare the time the change deployed to the "last refresh time" of the cluster insight.
View cluster insights (Console)
-
Open the Amazon EKS console
. -
From the cluster list, choose the name of the Amazon EKS cluster for which you want to see the insights.
-
Choose View dashboard.
-
Choose the Cluster Insights tab.
-
In the Upgrade Insights table, you will see the following columns:
-
Name – The check that was performed by Amazon EKS against the cluster.
-
Insight status – An insight with a status of "Error" typically means the impacted Kubernetes version is N+1 of the current cluster version, while a status of "Warning" means the insight applies to a future Kubernetes version N+2 or more. An insight with status of "Passing" means Amazon EKS has not found any issues associated with this insight check in your cluster. An insight status of "Unknown" means Amazon EKS is unable to determine if your cluster is impacted by this insight check.
-
Version – The Kubernetes version that the insight checked for possible issues.
-
Last refresh time – The time the status of the insight was last refreshed for this cluster.
-
Last transition time – The time the status of this insight last changed.
-
Description – Information from the insight check, which includes the alert and recommended actions for remediation.
-
View cluster insights (Amazon CLI)
-
Determine which cluster you would like to check for insights. The following command lists the insights for a specified cluster. Make the following modifications to the command as needed and then run the modified command:
-
Replace
region-code
with the code for your Amazon Region. -
Replace
my-cluster
with the name of your cluster.aws eks list-insights --region
region-code
--cluster-namemy-cluster
An example output is as follows.
{ "insights": [ { "id": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "name": "Deprecated APIs removed in Kubernetes vX.XX", "category": "UPGRADE_READINESS", "kubernetesVersion": "X.XX", "lastRefreshTime": 1734557315.000, "lastTransitionTime": 1734557309.000, "description": "Checks for usage of deprecated APIs that are scheduled for removal in Kubernetes vX.XX. Upgrading your cluster before migrating to the updated APIs supported by vX.XX could cause application impact.", "insightStatus": { "status": "PASSING", "reason": "No deprecated API usage detected within the last 30 days.", }, }, { "id": "a1b2c3d4-5678-90ab-cdef-EXAMPLE22222", "name": "Kubelet version skew", "category": "UPGRADE_READINESS", "kubernetesVersion": "X.XX", "lastRefreshTime": 1734557309.000, "lastTransitionTime": 1734557309.000, "description": "Checks for kubelet versions of worker nodes in the cluster to see if upgrade would cause non compliance with supported Kubernetes kubelet version skew policy.", "insightStatus": { "status": "UNKNOWN", "reason": "Unable to determine status of node kubelet versions.", }, }, { "id": "a1b2c3d4-5678-90ab-cdef-EXAMPLE33333", "name": "Deprecated APIs removed in Kubernetes vX.XX", "category": "UPGRADE_READINESS", "kubernetesVersion": "X.XX", "lastRefreshTime": 1734557315.000, "lastTransitionTime": 1734557309.000, "description": "Checks for usage of deprecated APIs that are scheduled for removal in Kubernetes vX.XX. Upgrading your cluster before migrating to the updated APIs supported by vX.XX could cause application impact.", "insightStatus": { "status": "PASSING", "reason": "No deprecated API usage detected within the last 30 days.", }, }, { "id": "a1b2c3d4-5678-90ab-cdef-EXAMPLEaaaaa", "name": "Cluster health issues", "category": "UPGRADE_READINESS", "kubernetesVersion": "X.XX", "lastRefreshTime": 1734557314.000, "lastTransitionTime": 1734557309.000, "description": "Checks for any cluster health issues that prevent successful upgrade to the next Kubernetes version on EKS.", "insightStatus": { "status": "PASSING", "reason": "No cluster health issues detected.", }, }, { "id": "a1b2c3d4-5678-90ab-cdef-EXAMPLEbbbbb", "name": "EKS add-on version compatibility", "category": "UPGRADE_READINESS", "kubernetesVersion": "X.XX", "lastRefreshTime": 1734557314.000, "lastTransitionTime": 1734557309.000, "description": "Checks version of installed EKS add-ons to ensure they are compatible with the next version of Kubernetes. ", "insightStatus": { "status": "PASSING", "reason": "All installed EKS add-on versions are compatible with next Kubernetes version."}, }, { "id": "a1b2c3d4-5678-90ab-cdef-EXAMPLEccccc", "name": "kube-proxy version skew", "category": "UPGRADE_READINESS", "kubernetesVersion": "X.XX", "lastRefreshTime": 1734557314.000, "lastTransitionTime": 1734557309.000, "description": "Checks version of kube-proxy in cluster to see if upgrade would cause non compliance with supported Kubernetes kube-proxy version skew policy.", "insightStatus": { "status": "PASSING", "reason": "kube-proxy versions match the cluster control plane version.", }, }, { "id": "a1b2c3d4-5678-90ab-cdef-EXAMPLEddddd", "name": "Deprecated APIs removed in Kubernetes vX.XX", "category": "UPGRADE_READINESS", "kubernetesVersion": "X.XX", "lastRefreshTime": 1734557315.000, "lastTransitionTime": 1734557309.000, "description": "Checks for usage of deprecated APIs that are scheduled for removal in Kubernetes vX.XX. Upgrading your cluster before migrating to the updated APIs supported by vX.XX could cause application impact.", "insightStatus": { "status": "PASSING", "reason": "No deprecated API usage detected within the last 30 days.", }, }, ], "nextToken": null, }
-
-
For descriptive information about the insight, run the following command. Make the following modifications to the command as needed and then run the modified command:
-
Replace
region-code
with the code for your Amazon Region. -
Replace
a1b2c3d4-5678-90ab-cdef-EXAMPLE22222
with an insight ID retrieved from listing the cluster insights. -
Replace
my-cluster
with the name of your cluster.aws eks describe-insight --region region-code --id
a1b2c3d4-5678-90ab-cdef-EXAMPLE22222
--cluster-name my-clusterAn example output is as follows.
{ "insight": { "id": "a1b2c3d4-5678-90ab-cdef-EXAMPLE22222", "name": "Kubelet version skew", "category": "UPGRADE_READINESS", "kubernetesVersion": "1.27", "lastRefreshTime": 1734557309.000, "lastTransitionTime": 1734557309.000, "description": "Checks for kubelet versions of worker nodes in the cluster to see if upgrade would cause non compliance with supported Kubernetes kubelet version skew policy.", "insightStatus": { "status": "UNKNOWN", "reason": "Unable to determine status of node kubelet versions.", }, "recommendation": "Upgrade your worker nodes to match the Kubernetes version of your cluster control plane.", "additionalInfo": { "Kubelet version skew policy": "https://kubernetes.io/releases/version-skew-policy/#kubelet", "Updating a managed node group": "https://docs.aws.amazon.com/eks/latest/userguide/update-managed-node-group.html", }, "resources": [], "categorySpecificSummary": { "deprecationDetails": [], "addonCompatibilityDetails": [] }, }, }
-