Upgrading using your own AMI or reduced permissions
You learn the prerequisite for using your own AMI, the risks of using your own AMI, and the steps involved in upgrading.
- You are in reduced permissions mode.
- You have obtained the CDW_CUSTOM_AMI entitlement.
Using your own AMI to upgrade worker executors is error-prone due to EKS version matching requirements, and therefore not recommended. Cloudera recommends that you upgrade to the recommended EKS instead of using your own AMI. If you decide to use your own AMI, you must choose the AMI version that matches the EKS version used by Cloudera Data Warehouse (CDW). Using your own AMI, you can upgrade only to the next minor EKS version, so more than one upgrade might be required to match the EKS version used by CDW.
If you do not use a custom AMI in step 4 below, but use reduced permissions, you must upgrade three times from EKS v1.17 to get to v.1.20.
- Check that you are using the reduced permissions mode, or that you have obtained the CDW_CUSTOM_AMI entitlement.
-
Perform this workaround described in the known issue DWX-8573: EKS upgrade from DWX UI to K8s v1.20 fails in reduced permissions mode. In AWS, add the following permissions to your Reduced permissions mode JSON IAM permissions policy right after "iam:PutRolePolicy":
{ ... "cloudformation:GetTemplate", "cloudformation:GetTemplateSummary", "iam:GetRole", "eks:ListUpdates", "ec2:CreateLaunchTemplateVersion", "ec2:DescribeLaunchTemplateVersions", "ec2:DescribeLaunchTemplates", "autoscaling:UpdateAutoScalingGroup", "autoscaling:DeleteAutoScalingGroup", "ec2:RunInstances", "autoscaling:DescribeScalingActivities", "autoscaling:TerminateInstanceInAutoScalingGroup", "autoscaling:DescribeScheduledActions", "autoscaling:SetDesiredCapacity", "iam:PassRole", "rds:DescribeDBInstances", "ec2:DescribeInstances" ... }