This project provides automated management of Amazon EKS clusters, including:
- Cluster version monitoring and upgrades
- EKS addon version management (vpc-cni, kube-proxy, coredns, aws-ebs-csi-driver, etc.)
- Managed node group version updates with Pod Disruption Budget (PDB) respect
- Monitors EKS cluster versions against latest available versions
- Checks upgrade readiness insights before upgrading
- Automatically upgrades development clusters (when enabled)
- Sends email notifications for all cluster status changes
- Discovers all EKS addons in each cluster
- Checks for available addon updates
- Preserves authentication configuration (Pod Identity, IRSA)
- Updates addons automatically while maintaining compatibility
- Sends consolidated notifications per cluster
- Discovers all managed node groups in each cluster
- Compares node group versions with cluster versions
- Updates node groups to match cluster version with latest AMI
- Respects Pod Disruption Budgets (never uses force flag)
- Provides manual force update instructions when PDB blocks updates
- Sends consolidated notifications per cluster
The solution consists of two Lambda functions:
-
eks-version-checker (Runs Fridays at 5 PM UTC)
- Checks cluster versions
- Manages addon updates
- Sends notifications
-
eks-nodegroup-version-manager (Runs Fridays at 6 PM UTC)
- Updates node group versions
- Respects Pod Disruption Budgets
- Sends notifications
The 1-hour delay ensures addons are updated before node groups are replaced.
The solution processes only development clusters by checking:
- Cluster tags:
EnvironmentorEnvcontaining "dev" or "development" - Cluster name: Contains "dev" or "development"
Production clusters are automatically skipped.
- AWS CLI installed and configured
- An S3 bucket for CloudFormation template upload
- At least one EKS cluster tagged as development
- IAM permissions to create CloudFormation stacks, Lambda functions, IAM roles, SNS topics, and EventBridge schedules
# Deploy with default settings (no auto-upgrade)
./deploy.sh YOUR-BUCKET-NAME us-east-1 your-email@example.com false
# Deploy with auto-upgrade enabled
./deploy.sh YOUR-BUCKET-NAME us-east-1 your-email@example.com trueSee DEPLOYMENT.md for detailed deployment instructions.
| Parameter | Required | Default | Description |
|---|---|---|---|
NotificationEmail |
Yes | - | Email address for SNS notifications |
EnableAutoUpgrade |
No | false |
Enable automatic upgrades for development clusters |
Tag your development clusters with one of:
Environment: dev
Environment: development
Env: dev-us-east-1Or include "dev" in the cluster name:
my-dev-clusterdevelopment-cluster
You'll receive consolidated email notifications for:
- Up-to-date clusters
- Available upgrades
- Blocked upgrades (with insights)
- Initiated upgrades
- Up-to-date addons
- Successfully updated addons
- Failed addon updates with error details
- Up-to-date node groups
- Updating node groups with update IDs
- Failed updates with PDB guidance
If you see "Member must have length less than or equal to 51200":
- The template is 55,594 bytes and exceeds CloudFormation's inline limit
- Solution: Upload to S3 first (see deployment instructions)
If node group updates fail due to Pod Disruption Budgets:
- Review your PDB configurations
- Consider temporarily relaxing PDB constraints
- Use the force flag manually if needed (see notification email for command)
- Check SNS subscription is confirmed (check your email)
- Verify Lambda has permission to publish to SNS topic
- Check CloudWatch logs for errors
- Ensure clusters are properly tagged as development
Approximate monthly costs:
- Lambda Execution: ~$0.20/month
- CloudWatch Logs: ~$0.50/month
- SNS: ~$0.50/month
- EventBridge Scheduler: Free tier
- Total: ~$1.20/month
Actual costs vary based on number of clusters, addons, and node groups.
- DEPLOYMENT.md - Detailed deployment guide
- code.py - Addon management Lambda source code
- nodegroup_code.py - Node group management Lambda source code
- template.yaml - CloudFormation template
This project is licensed under the MIT License - see the LICENSE file for details.