Upgrade AKS and EKS clusters to 1.20

We have started rolling out AKS and EKS 1.20. This brings AKS on Kubernetes v1.20.7 and EKS on Kubernetes v1.20.4-eks-6b7464.

In the process of upgrading EKS the following components have also been upgraded:

  • KubeProxy from v1.19.6 to v1.20.4-eksbuild.2
  • CoreDNS from v1.8.0 to v1.8.3-eksbuild.1
  • Cluster Autoscaler from v1.19.1 to v1.20.0

Upon writing upgrades of all non-production clusters have already been rolled out. Production clusters will follow in the next week(s) after some extra validation, so you can expect to be contacted by an engineer to determine an upgrade window.

Important changes between K8s 1.19 and 1.20

For more detailed info on what’s new and changed, please make sure to check the Kubernetes 1.20 release announcement and full Kubernetes 1.20.x changelog.

Here’s a small list of some major themes:

  • The TTL controller is now enabled, which means you can automatically clean up Jobs which are Completed or Failed after a certain amount of time. Just specify a time via ttlSecondsAfterFinished in the Job spec.

  • Kubectl debug graduates to beta

    The kubectl alpha debug command now becomes kubectl debug as a convenient way to debug workloads:

    • Insert a debug container in clusters that don’t have ephemeral containers enabled
    • Modify a crashing container for easier debugging by changing its image, for example to busybox, or its command, for example, to sleep 1d so you have time to kubectl exec
    • Inspect configuration files on a node’s host filesystem

    For more info on this enhancement, check the debug running pods documentation.

  • Dockershim deprecation

    The Docker container runtime, used through the dockershim, has now been officially deprecated. However there’s no need to panic, this doesn’t mean anything to you as developer. Any Docker-produced image will still keep on working.

  • Volume Snapshots moves to GA

    When using CSI drivers it is possible to attach volumes to a Pod, created from snapshots. However for now we still use the in-tree EBS driver instead of the newer CSI one. We will make this feature available in the coming months.

  • API Priority and Fairness

    Kubernetes 1.20 now enables API Priority and Fairness by default, which allows kube-apiserver to categorize incoming requests by priority levels.

  • Process ID Limits has now graduated to general availability.

  • Exec Probe Timeout Handling

    A longstanding bug regarding exec probes, where the field timeoutSeconds was not respected, has now been been fixed. Before, probes would run indefinitely, even past their configured deadline, until a result was returned. Now, the default value of 1 second will be applied if a value is not specified and existing pod definitions may no longer be sufficient if a probe takes longer than one second.

    For more details, review the updated probes documentation.

And there’s much more to be found in the full Kubernetes 1.20.x changelog!

Actions to take

You should start moving your Ingresses to the new GA apiVersion of networking.k8s.io/v1. It’s important to note that apiVersion extensions/v1beta1 for Ingress has been deprecated for a while and will be removed in K8s 1.22!

Check out the deprecated API migration guide for more details. The upstream Ingress page is also an interesting source.

If necessary for your workloads, a Skyscrapers engineer will get in contact in the coming days to plan an upgrade window for production.