Add-on readiness

EKS add-on readiness checklist

Validate managed add-ons and platform controllers that commonly affect EKS upgrade readiness, including networking, DNS, storage, ingress, autoscaling, certificates, GitOps, and observability.

Tracked add-ons

  • Amazon VPC CNI: Pod networking and IP allocation behavior can change across EKS releases.
  • CoreDNS: DNS failures after upgrades are high-impact and often tied to stale managed add-on versions.
  • kube-proxy: Should generally track the cluster minor version to avoid networking edge cases.
  • Amazon EBS CSI Driver: Storage attach/mount behavior is a critical preflight validation point.
  • AWS Load Balancer Controller: Ingress/Service reconciliation, webhook certs, and IAM permissions can block workloads after upgrades.
  • Karpenter: Node provisioning APIs and disruption settings can change quickly; verify release notes before cluster upgrades.
  • cert-manager: CRDs and admission webhooks must be healthy before and after control-plane upgrades.
  • ingress-nginx: Ingress API and controller admission webhooks are common upgrade blockers.
  • Argo CD: GitOps controllers surface deprecated APIs and sync failures during upgrades.
  • kube-prometheus-stack: CRDs for Prometheus/Alertmanager/Grafana dashboards should be upgraded intentionally.

Preflight workflow

  • Open each add-on compatibility route for commands and source documentation.
  • Capture installed version, ownership mechanism, health, and release-note exceptions before the control-plane change.
  • Repeat validation after each hop and attach results to the change packet.