Hi ShiVa YaDav,

So while you are building a new cluster, I would strongly recommend that you enable envelope encryption for secrets which are encrypted using KMS. Here is a configuration I use -> https://github.com/marcincuber/eks/blob/master/terraform-aws/cluster.tf#L44 I am mentioning it because you can only enable it when creating a cluster.

To answer your actual question, with external DNS it is a relatively simple process. Build out your new cluster with all relevant services including external DNS. Once you are ready to start migrating your services, simply remove external DNS in the old/legacy cluster. Removing external DNS won’t remove your route53 entries. Once this is done start deploying/migrating services into new cluster. External DNS runs with IAM permissions that allow UPSERT action which means that it can update existing route53 record with new load balancer entries etc. This way you won’t have any downtime and migrating will be smooth and easy. Hope that helps.

Written by

Lead Software/Infrastructure/Devops Engineer

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store