We have started rolling out AKS and EKS 1.23. This brings our supported AKS platforms to v1.22.12 and EKS to v1.22.13.
Upon writing we have already upgraded all non-production clusters. Production clusters will follow next week after some extra validation.
Update 2022-11-24: All clusters have now been upgraded.
Important changes between K8s 1.22 and 1.23
For more detailed info on what’s new and changed, please make sure to check the Kubernetes 1.23 release announcement and the full Kubernetes 1.23.x changelog.
Here’s a small list of some major themes:
- HorizontalPodAutoscaler v2 graduates to GA
- Kubernetes graduated the HorizontalPodAutoscaler
autoscaling/v2stable API while theautoscaling/v2beta2API is now deprecated and planned for removal in K8sv1.26
- Kubernetes graduated the HorizontalPodAutoscaler
- Generic Ephemeral Volume feature graduates to GA
- Ephemeral containers are temporary containers that run in the same namespace as an existing pod, useful for interactive debugging of distroless images.
- PodSecurity graduates to Beta (PSA)
- PSA replaces the deprecated Pod Security Policies (PSP)
EKS specific changes
- Enabled volume migration from in-tree to CSI drivers
- This is transparent to the user where in-tree APIs are translated to equivalent CSI APIs for existing Persistent volumes
- Our Storage Classes have been updated to use CSI drivers by default
In the process of upgrading EKS the following components have also been upgraded:
- KubeProxy to
v1.23.8 - Cluster Autoscaler to
v1.23.1 - AWS VPC CNI to
v1.12.0 - AWS EBS CSI driver to
v1.13.0 - AWS EFS CSI driver to
v1.4.5
Actions to take
It is recommended to migrate your HorizontalPodAutoscaler resources to the stable autoscaling/v2 API.
Kubernetes stopped supporting dockershim in v1.20 and will be removed in v1.24. AWS EKS AMIs will have containerd as the only available runtime. There’s a kubectl plugin available to detect whether you have workloads mounting the Docker socket volume. For more info, check this AWS page. Although we don’t expect this to be an issue with our customers, before migrating to v1.24 we will also perform these checks.