Hi ShiVa YaDav,

Shiva Yadav

Marcin Cuber

Jun 8, 2020·1 min read

Hi ShiVa YaDav,
So while you are building a new cluster, I would strongly recommend that you enable envelope encryption for secrets which are encrypted using KMS. Here is a configuration I use -> https://github.com/marcincuber/eks/blob/master/terraform-aws/cluster.tf#L44 I am mentioning it because you can only enable it when creating a cluster.
To answer your actual question, with external DNS it is a relatively simple process. Build out your new cluster with all relevant services including external DNS. Once you are ready to start migrating your services, simply remove external DNS in the old/legacy cluster. Removing external DNS won’t remove your route53 entries. Once this is done start deploying/migrating services into new cluster. External DNS runs with IAM permissions that allow UPSERT action which means that it can update existing route53 record with new load balancer entries etc. This way you won’t have any downtime and migrating will be smooth and easy. Hope that helps.

Shiva Yadav

Marcin Cuber

Jun 8, 2020·1 min read

Marcin Cuber

Lead Software/Infrastructure/Devops Engineer

More from Marcin Cuber

Lead Software/Infrastructure/Devops Engineer

More From Medium

Kubernetes Gitlab runners on Amazon EKS

Amazon EKS, setup external DNS with OIDC provider and kube2iam

Extending GKE With ExternalDNS

Amazon EKS and Security Groups for Pods

Amazon EKS Upgrade Journey From 1.17 to 1.18

AWS ALB Authentication with OKTA OIDC using Terraform

The 2500-year-old Technique to Make Ice in the Desert

8 weight loss hacks that helped reduce my body fat

About
Help
Legal

About

Help

Legal

Get the Medium app