Skip to content

Overview

In this self-paced exercise, you will learn how to implement a blue-green upgrade strategy to upgrade your Amazon EKS clusters.

This method allows administrators to create two EKS clusters (blue and green) that are running two different versions of Kubernetes. The "blue" cluster is running an older Kubernetes version and the "green" cluster is running a newer Kubernetes version. The user will use networking techniques, like DNS updates, to switch traffic going from the old (blue) cluster to the new (green) cluster. This simple DNS change allows the user to easily and quickly test the newer versions of Kubernetes on the green cluster and rollback to the blue cluster if needed.

Important

This exercise is applicable for stateless workloads and only a DNS update is needed to redirect networking traffic.

Watch a video showcasing this guide below.

Blue-Green Upgrade Strategy

This approach is well suited for scenarios where an extremely low blast radius is required. This upgrade strategy will essentially duplicate infrastructure costs and users need to factor this in at least for the time period the duplication infrastructure is operated. With a blue-green upgrade strategy, users have the advantage of running their applications for an extended time period (Blue/Green type) on two clusters, one with the "older" Kubernetes version and the replacement with the "newer" Kubernetes version. Administrators have the option to switch back and forth between the old and new clusters as required. The visual below describes the high level steps that need to be performed for a "blue-green" upgrade strategy.

Blue-Green Upgrade Strategy

What Will You Do by Part

Part What will you do?
1 Setup and configure the environment
2 Provision Amazon EKS Clusters
3 Create and Test workload
4 Deprovision clusters

The sequence diagram below illustrates the steps you will experience at a high level

sequenceDiagram
    participant admin as Admin
    participant blue as Blue Cluster
    participant green as Green Cluster
    participant dns as DNS Provider

    rect rgb(191, 223, 255)
    note right of admin: Step 1: Blue Cluster
    admin->>blue: Provision Blue Cluster
    admin->>blue: Deploy workload on Blue Cluster
    admin->>dns: Point DNS to blue
    end

    rect rgb(191, 223, 255)
    note right of admin: Step 2: Green Cluster
    admin->>green: Provision Green Cluster
    admin->>green: Deploy workload on Green Cluster
    end

    rect rgb(191, 223, 255)
    note right of admin: Step 3: Blue to Green
    admin->>dns: Update DNS from blue to green
    end

Assumptions

  • You have access to an Amazon AWS account with privileges to create an IAM Role with the default Full IAM Policy to allow provisioning of resources on your behalf as part of the EKS cluster lifecycle.