Upgrading the Anjuna Nitro Kubernetes Tools

In the previous sections, you learned how to create an EKS cluster and automatically convert Kubernetes pods into Nitro Enclaves. In this section, you will learn how to upgrade your EKS cluster with the new version of the Anjuna Nitro Kubernetes Tools without recreating the cluster.

Prerequisites

You must have created an EKS cluster using the Anjuna Nitro Kubernetes Tools (see section Creating an AWS EKS cluster).

If you destroyed the cluster (using the ./anjuna-k8s.sh --destroy-eks-cluster command), you can recreate a new cluster by following the instructions in Getting Started with the Anjuna Nitro Kubernetes tools.

The scripts and commands shown in this page require a small number of environment variables. Make sure you define those variables with the same values than when you created the cluster:

export EKS_REGION=<your-region>
export PROJECT_NAME=anjuna-eks

In addition, set the ANJUNA_VERSION variable to the new version of the Anjuna Nitro Kubernetes tools:

export ANJUNA_VERSION=1.12.0005

Download the Anjuna Nitro Kubernetes Tools

  • Create a new directory for the new version of the Anjuna Nitro Kubernetes Tools:

$ mkdir <new-directory>
$ cd <new-directory>

  • Download the Anjuna Nitro Kubernetes Tools using wget:

$ wget https://s3-us-west-1.amazonaws.com/anjuna-security.nitro/release-1.12/0005/anjuna-k8s-toolset.1.12.0005.tar.gz

  • Set up a working environment:

$ tar xf anjuna-k8s-toolset.1.12.0005.tar.gz
$ ./anjuna-k8s.sh --setup-workspace

Update the EKS cluster with the new Anjuna Nitro Kubernetes Tools

  • Import the updated Docker images for the Anjuna Nitro Kubernetes Tools:

$ ./anjuna-k8s.sh --import-images ${ANJUNA_VERSION}

  • Log in to ECR:

$ AWS_ACTID=$(aws sts get-caller-identity | jq -r ".Account")
$ aws ecr get-login-password | docker login --username AWS \
  --password-stdin ${AWS_ACTID}.dkr.ecr.${EKS_REGION}.amazonaws.com

  • Upload the Anjuna Nitro Kubernetes Docker images to ECR:

$ ./anjuna-k8s.sh --push-images-ecr ${PROJECT_NAME} ${ANJUNA_VERSION}

  • Configure and deploy the Anjuna Webhook:

$ ./anjuna-k8s.sh --generate-webhook-cert
$ ./anjuna-k8s.sh --deploy-webhook

Congratulations, you have upgraded your EKS cluster with the latest version of the Anjuna Nitro Kubernetes Tools.

If you have some existing running Nitro enclaves, you must stop those pods and re-deploy them for the new version of the Anjuna Nitro Runtime to be active in Nitro Enclaves.