[Bug] kube-proxy update will use non-existent add-on version depending on cluster version

[buttcakes]

What were you trying to accomplish?

Upgraded an EKS cluster in to 1.32. Attempted to use eksctl to upgrade kube-proxy:

eksctl utils update-kube-proxy --cluster=foobar --region $region

This resulted in the kube-proxy daemonset being set to use non-existent kube-proxy image v1.32.8-eksbuild.1. The latest advertised by EKS at the time for cluster version 1.32 is v1.32.6-eksbuild.8. This resulted in kube-proxy crashing in ImagePullBackOff and loss of some east/west network connectivity.

Summary of the bug:

EKS reports server version as v1.32.8

$ kubectl version
Server Version: v1.32.8-eks-e386d34

aws eks describe-addon-versions --kubernetes-version 1.32 --region us-east-1 --addon-name kube-proxy shows the latest kube-proxy version as v1.32.6-eksbuild.8

This code will use the latest of either the version returned by EKS API, or a version made up based on the k8s control plane full semver. If the control plane version contains a patch release that is ahead of the latest published addon version, eksctl ends up using a non-existent version.

Logs

Anything else we need to know?

Versions

$ eksctl info

[github-actions]

Hello buttcakes 👋 Thank you for opening an issue in eksctl project. The team will review the issue and aim to respond within 1-5 business days. Meanwhile, please read about the Contribution and Code of Conduct guidelines here. You can find out more information about eksctl on our website

[sapphirew]

Thanks for reporting this issue to us! A fix has been merged. eksctl will always use the latest available version from the managed addon API instead of comparing with cluster version. This will be included in the next release.

In the meantime, you could consider switching to managed addons for kube-proxy:

eksctl create addon --cluster <cluster-name> --name kube-proxy --region <region>

Managed addons are the recommended approach for managing lifecyles of EKS addons.