Upgrading using your own AMI or reduced permissions

You learn the prerequisite for using your own AMI, the risks of using your own AMI, and the steps involved in upgrading.

You can upgrade the Amazon Elastic Kubernetes Service (EKS) using your own Amazon Machine Image (AMI) if you meet either one of the following conditions:
  • You are in reduced permissions mode.
  • You have obtained the CDW_CUSTOM_AMI entitlement.
The option to enter your own AMI name does not appear when you perform the upgrade steps in this document unless you meet one of these conditions.

Using your own AMI to upgrade worker executors is error-prone due to EKS version matching requirements, and therefore not recommended. Cloudera recommends that you upgrade to the recommended EKS instead of using your own AMI. If you decide to use your own AMI, you must choose the AMI version that matches the EKS version used by Cloudera Data Warehouse (CDW). Using your own AMI, you can upgrade only to the next minor EKS version, so more than one upgrade might be required to match the EKS version used by CDW.

If you do not use a custom AMI in step 4 below, but use reduced permissions, you must upgrade three times from EKS v1.17 to get to v.1.20.

  • Check that you are using the reduced permissions mode, or that you have obtained the CDW_CUSTOM_AMI entitlement.
  • Perform this workaround described in the known issue DWX-8573: EKS upgrade from DWX UI to K8s v1.20 fails in reduced permissions mode. In AWS, add the following permissions to your Reduced permissions mode JSON IAM permissions policy right after "iam:PutRolePolicy":
    {
     ...
                    "cloudformation:GetTemplate",
                    "cloudformation:GetTemplateSummary",
                    "iam:GetRole",
                    "eks:ListUpdates",
                    "ec2:CreateLaunchTemplateVersion",
                    "ec2:DescribeLaunchTemplateVersions",
                    "ec2:DescribeLaunchTemplates",
                    "autoscaling:UpdateAutoScalingGroup",
                    "autoscaling:DeleteAutoScalingGroup",
                    "ec2:RunInstances",
                    "autoscaling:DescribeScalingActivities",
                    "autoscaling:TerminateInstanceInAutoScalingGroup",
                    "autoscaling:DescribeScheduledActions",
                    "autoscaling:SetDesiredCapacity",
                    "iam:PassRole",
                    "rds:DescribeDBInstances",
                    "ec2:DescribeInstances"
    ...
    }
  1. In the CDW service, go to the Environments tab.
  2. Locate the environment on AWS for upgrading the Kubernetes version.
  3. Click Upgrade.
    In reduced permissions mode, the option to upgrade using a custom AMI appears:
  4. Select Use custom AMI.
    A text box appears for entering the your AMI version.
    You can upgrade only to the next minor version for each environment upgrade, for example from 1.18 to 1.19. For example, to upgrade to EKS 1.20, you must upgrade three times from EKS 1.17.
  5. Enter an AMI version that is consistent with the CDW upgrade to the EKS version and region of the activated cluster.
  6. Click Upgrade to start the upgrade process.