New Kubernetes versions can introduce significant changes and security updates. When Amazon Elastic Kubernetes Service (Amazon EKS) releases a new version or a security patch, it is the user’s responsibility to be aware of updates and to perform the full update on their side. This can be a tedious and time-consuming task.
Until today, Spot Ocean users needed to manually update their AMIs after updating EKS version. Now, with Ocean’s new auto-update EKS version, users can keep the nodes in their Ocean cluster up to date automatically.
Ocean will identify whether the K8s control plane version was updated or if there is a new security patch for the version that your cluster is running on and automatically apply the new image to your cluster.
Why should I use auto update?
Auto-update streamlines your operations and improves overall efficiency while your EKS clusters are automatically and continuously updated and secure. It can also help you to:
Reduce management overhead
Up until today, once you finished upgrading your control plane, you had to review each cluster one at a time and update all the AMIs manually according to the region that the cluster was running in. In addition, in the event EKS released a new security patch, you would have needed a way to get notified about it, and following that, update the images in each cluster manually. If you were running both x86 and arm nodes in your cluster, you needed to specify the matching AMI for each dedicated Virtual Node Group.
Yet with Ocean’s new auto-update feature, Ocean can automatically take care of these upgrades, so you can spend your time on more productive tasks.
Amazon releases security patches for each version of EKS. Applying auto-update for those patches ensures that your environments is always using the most secured image in the EKS version that you are running.
Easy to stay up to date and secure
Ocean automatically takes care of every AMI update required. Opt in or opt out any time and get started by following our steps to set up EKS AMI auto-update.
Security patch update
Ocean keeps security up to date for you by automatically checking for security patches and applying them to your Ocean cluster. This ensures that your data plane stays protected against known vulnerabilities without requiring manual intervention. With timely security patch updates, you can enhance the overall security posture of your Ocean EKS infrastructure.
Major version upgrade
Automatically stay up to date with the latest EKS features, improvements, and bug fixes, and take advantage of new capabilities and enhancements without the hassle of manual upgrades. Ocean monitors the version of the control plane and compares it to your worker nodes version.
If there is a difference, Ocean will trigger the auto-update process to match the worker nodes (that are managed by Ocean) to the control plane version.
Ocean takes care of both the Ocean version and the version for different virtual node groups if needed. For example, if one virtual node group is running nodes from different architecture or Windows nodes and needs a dedicated AMI, Ocean will keep up with the requirements for the AMI.
Just say when
By default, Ocean scans for version and security updates every 24 hours. You can trigger them manually or set other definitions that match the way you operate:
Set the frequency Ocean checks for updates. Whether you prefer daily, weekly, or custom intervals, you can align the upgrade process with your operational needs.
Rolling cluster updates
Ocean provides options for rolling cluster updates, ensuring minimal disruption to your running workloads. Choose what batch size you wish to replace every time, what portion of the batch should be healthy to process to the next batch, etc. This flexibility allows you to strike a balance between maintaining service availability and keeping your clusters up to date.
How to set up Ocean for EKS AMI upgrades
Ocean allows you to upgrade your EKS clusters with ease, enhance security, and leverage the latest features by harnessing the power of Ocean’s automated EKS AMI upgrade process.
All you need to do is to follow the setup steps. Once done, Ocean automatically takes care of every AMI update required. It is easier to stay up to date and secure.