[Bug] eksctl utils update-aws-node downgraded aws-node significantly instead of upgrading it #7755
Description
What were you trying to accomplish?
To perform a routine upgrade of a EKS cluster, upgrading aws-node daemonset along with it using eksctl utils update-aws-node.
What happened?
When following cluster upgrade docs (https://eksctl.io/usage/cluster-upgrade/), linking out to addon upgrades docs (https://eksctl.io/usage/addon-upgrade/), the step eksctl utils update-aws-node --cluster=<clusterName> --approve led to an unexpected downgrade of aws-node.
This is contradicting the help string of eksctl utils update-aws-node that sais Update aws-node add-on to latest released version.
I expected to get the version v1.18.1-eksbuild.1 as that looks currently recommended for 1.29 clusters via official EKS docs, but instead I got downgraded from v1.16.0-eksbuild.1 to v1.12.6
$ kubectl get ds -n kube-system aws-node -o yaml | grep image
image: 602401143452.dkr.ecr.us-east-2.amazonaws.com/amazon-k8s-cni:v1.16.0-eksbuild.1
imagePullPolicy: IfNotPresent
image: 602401143452.dkr.ecr.us-east-2.amazonaws.com/amazon/aws-network-policy-agent:v1.0.7-eksbuild.1
imagePullPolicy: IfNotPresent
image: 602401143452.dkr.ecr.us-east-2.amazonaws.com/amazon-k8s-cni-init:v1.16.0-eksbuild.1
imagePullPolicy: IfNotPresent
$ eksctl utils update-aws-node --config-file=$CLUSTER_NAME.eksctl.yaml --approve
2024-05-15 12:59:53 [ℹ] replaced "CustomResourceDefinition.apiextensions.k8s.io/eniconfigs.crd.k8s.amazonaws.com"
2024-05-15 12:59:53 [ℹ] skipped existing "kube-system:ServiceAccount/aws-node"
2024-05-15 12:59:53 [ℹ] replaced "ClusterRole.rbac.authorization.k8s.io/aws-node"
2024-05-15 12:59:54 [ℹ] replaced "ClusterRoleBinding.rbac.authorization.k8s.io/aws-node"
2024-05-15 12:59:55 [ℹ] replaced "kube-system:DaemonSet.apps/aws-node"
2024-05-15 12:59:55 [ℹ] "aws-node" is now up-to-date
$ kubectl get ds -n kube-system aws-node -o yaml | grep image
image: 602401143452.dkr.ecr.us-east-2.amazonaws.com/amazon-k8s-cni:v1.12.6
imagePullPolicy: IfNotPresent
image: 602401143452.dkr.ecr.us-east-2.amazonaws.com/amazon-k8s-cni-init:v1.12.6
imagePullPolicy: IfNotPresent
How to reproduce it?
I think it reproduces by setting up a eksctl cluster and then running the eksctl utils update-aws-node command.
Anything else we need to know?
The eksctl cluster config looks like this, plus not included nodeGroups entries.
{
"addons": [
{
"name": "aws-ebs-csi-driver",
"version": "latest",
"wellKnownPolicies": {
"ebsCSIController": true
}
}
],
"apiVersion": "eksctl.io/v1alpha5",
"availabilityZones": [
"us-east-2a",
"us-east-2b",
"us-east-2c"
],
"iam": {
"withOIDC": true
},
"kind": "ClusterConfig",
"metadata": {
"name": "bican",
"region": "us-east-2",
"version": "1.29"
},
"nodeGroups": [...]
}Versions
$ eksctl info
eksctl version: 0.176.0
kubectl version: v1.28.9
OS: linux