Help improve this page
To contribute to this user guide, choose the Edit this page on GitHub link that is located in the right pane of every page.
Rollback cluster to previous Kubernetes version
With Amazon EKS version rollback, you can revert your cluster’s Kubernetes control plane to the previous minor version after performing an in-place upgrade. If you encounter issues after upgrading, such as application incompatibilities, deprecated API usage, or unexpected behavior, you can roll back to restore your cluster to a known good state.
During a rollback, Amazon EKS reverts the Kubernetes API server and control plane components to the previous version while preserving all etcd data, customer workloads, and persistent volumes.
What gets rolled back
-
Kubernetes API server version
-
Control plane components and their configurations
-
Platform version (reverts to the latest platform version for the previous Kubernetes version)
-
EKS Auto Mode worker nodes. For clusters running EKS Auto Mode, EKS automatically manages the rollback of Auto Mode worker nodes before reverting the control plane. For more information, see Rollback EKS Auto Mode clusters.
What does NOT get rolled back
-
etcd data. All cluster state, resources, and configurations are preserved.
-
Customer workloads. Your pods, deployments, and services continue running.
-
EKS add-ons. Add-on versions remain unchanged. You manage these separately.
-
Persistent volumes and data. All customer data remains intact.
-
Self-managed nodes and hybrid nodes. You are responsible for rolling these back.
-
Managed Node Groups. You must roll back these separately using the UpdateNodegroupVersion API.
Prerequisites
Before you can roll back a cluster, all of the following conditions must be met:
| Requirement | Details |
|---|---|
|
7-day window |
The rollback must be initiated within 7 days of the upgrade completing. After 7 days, rollback is no longer available. |
|
Upgraded cluster |
The cluster must have been upgraded to its current version through in-place upgrade. Clusters created at their current version cannot be rolled back. |
|
Single version only |
You can only rollback by one minor version (N to N-1). If you upgraded from 1.31 to 1.32 and then to 1.33, you can only rollback to 1.32, not to 1.31. |
|
Supported version |
Version rollback is available for currently supported EKS versions. |
|
Extended support policy |
To rollback to a version that is in extended support, you must first change the cluster’s upgrade policy to |
|
No end-of-extended-support auto-upgrade |
If your cluster was automatically upgraded at the end of extended support, you cannot roll back to the previous version. If your cluster was automatically upgraded at the end of standard support, you can roll back but must first change the upgrade policy to |
|
Cluster status |
The cluster must be in |
|
EKS feature compatibility |
If an EKS feature enabled on your cluster is not supported on the previous version, the rollback request fails. This check cannot be bypassed with |
In addition to the preceding requirements, certain conditions make rollback impossible even with the --force flag. These include: the cluster was created at the current version, more than 7 days have passed since the upgrade, the cluster has already been upgraded again to a newer version, or a backward-incompatible EKS feature was enabled at the current version boundary.
Summary
The high-level summary of the Amazon EKS cluster rollback process is as follows:
-
Review rollback readiness insights to identify any issues that could affect the rollback.
-
Resolve any blocking issues (ERROR status insights) or use
--forceto bypass insight checks. -
Verify your applications, custom controllers, and third-party tools are compatible with the previous Kubernetes version.
-
If your worker nodes are running the same Kubernetes version as the control plane, roll back the worker nodes first.
-
If you have add-ons running versions incompatible with the previous Kubernetes version, downgrade them to a compatible version.
-
Initiate the control plane rollback.
-
Monitor the rollback progress.
Important
For clusters running EKS Auto Mode, step 4 is handled automatically. When you initiate the rollback, EKS rolls back Auto Mode nodes before the control plane. For more information, see Rollback EKS Auto Mode clusters.
Step 1: Review rollback readiness insights
Amazon EKS automatically evaluates your cluster against a set of point-in-time rollback readiness checks and surfaces any issues through cluster insights under the ROLLBACK_READINESS category. These insights appear after you perform an upgrade and remain available during the 7-day rollback eligibility window.
Viewing rollback readiness insights
AWS Console:
-
Open the Amazon EKS console.
-
Select your cluster.
-
Navigate to the Upgrade insights tab. Rollback readiness insights appear here after an upgrade.
-
Review any insights with ERROR or WARNING status.
AWS CLI:
aws eks list-insights \ --cluster-name my-cluster \ --region us-west-2 \ --filter '{"categories": ["ROLLBACK_READINESS"]}'
To get details on a specific insight:
aws eks describe-insight \ --cluster-name my-cluster \ --region us-west-2 \ --id <insight-id>
Refreshing insights
EKS refreshes insights every 24 hours. You can manually trigger a refresh after resolving issues using the Refresh button in the Amazon EKS console, or by using the CLI:
aws eks start-insights-refresh \ --cluster-name my-cluster \ --region us-west-2
Note
EKS automatically refreshes insights when you initiate a rollback to ensure checks are run against the latest cluster state.
Insight status behavior
| Status | Meaning | Effect on rollback |
|---|---|---|
|
PASSING |
No issues detected for this check |
Rollback allowed |
|
WARNING |
Potential issue detected, not blocking |
Rollback allowed (advisory only) |
|
ERROR |
Blocking issue detected |
Rollback blocked until resolved, or use |
|
UNKNOWN |
Unable to determine status |
Rollback blocked until resolved, or use |
Insights with ERROR or UNKNOWN status block the rollback. Insights with PASSING or WARNING status do not prevent you from rolling back.
Rollback readiness checks
Amazon EKS performs a set of checks as part of rollback readiness insights. These checks evaluate API usage compatibility (including field-level change detection), cluster health, kubelet version skew, kube-proxy version skew, and add-on version compatibility. For clusters running EKS Auto Mode, additional checks evaluate NodePool disruption budgets, do-not-disrupt annotations, and PodDisruptionBudget configurations.
Using the --force flag
If rollback readiness insights show ERROR status and you want to proceed without resolving the issues, you can use the --force flag to bypass all insight checks:
aws eks update-cluster-version \ --name my-cluster \ --kubernetes-version 1.30 \ --force \ --region us-west-2
Warning
Using --force bypasses all insight checks (ERROR, WARNING, UNKNOWN) and proceeds directly with the rollback. EKS cannot guarantee the safety of the rollback when insight checks are bypassed. You accept full responsibility for any issues that arise.
The --force flag only bypasses insight checks. It does not bypass prerequisite validations such as the 7-day window, creation version check, or sequential rollback check. For Auto Mode clusters, --force does not override disruption controls. NodePool disruption budgets, PDBs, and do-not-disrupt annotations are still honored.
Step 2: Prepare worker nodes
Before rolling back the control plane, ensure your worker nodes are compatible with the target version. The Kubernetes version skew policy requires that worker nodes cannot run a version newer than the control plane.
EKS Auto Mode
No action required. When you initiate the rollback, EKS automatically rolls back Auto Mode nodes before the control plane. For more information, see Rollback EKS Auto Mode clusters.
Managed Node Groups (MNG)
You must roll back your managed node groups to the previous version before rolling back the control plane. Use the UpdateNodegroupVersion API:
aws eks update-nodegroup-version \ --cluster-name my-cluster \ --nodegroup-name my-nodegroup \ --kubernetes-version 1.30 \ --region us-west-2
The node group update respects your configured update settings (maxUnavailable or maxUnavailablePercentage) and update strategy (Rolling or Force).
Self-managed nodes and hybrid nodes
You are responsible for rolling back self-managed nodes and hybrid nodes. Update your node AMIs or configurations to use the previous Kubernetes version before rolling back the control plane.
Fargate
Version rollback is not supported for Fargate worker nodes. You can roll back the control plane of a cluster that uses Fargate, but Fargate pods running the same Kubernetes version as the control plane trigger the kubelet version skew insight with ERROR status.
EKS cannot automatically rollback Fargate pods to an older kubelet version.
Workaround: If you have Fargate pods running the same Kubernetes version as the control plane, delete those pods before initiating the rollback. Then roll back your control plane. Any remaining pods launch with the rolled-back version when you redeploy them.
Alternatively, use --force to bypass the insight check. However, proceeding with a kubelet version skew violation might result in unexpected behavior for your Fargate workloads until those pods are replaced.
Step 3: Rollback the cluster control plane
You can initiate a rollback using the AWS Console, AWS CLI, or the EKS API.
Rollback cluster using the AWS Console
-
Open the Amazon EKS console
. -
Select your cluster.
-
Choose the Actions dropdown.
-
Choose Rollback cluster version.
-
Review the rollback summary, including any insight warnings.
-
Choose Rollback version.
The rollback takes several minutes to complete. For Auto Mode clusters, the node rollback phase might take longer. For more information, see Rollback EKS Auto Mode clusters.
Rollback cluster using the AWS CLI
Use the existing update-cluster-version command with the previous (N-1) Kubernetes version:
aws eks update-cluster-version \ --name my-cluster \ --kubernetes-version 1.30 \ --region us-west-2
Example response:
{ "update": { "id": "e4091a28-ea14-48fd-a8c7-975aeb469e8a", "status": "InProgress", "type": "VersionRollback", "params": [ { "type": "Version", "value": "1.30" }, { "type": "PlatformVersion", "value": "eks.16" } ], "createdAt": "2026-05-12T16:56:01.082000-04:00", "errors": [] } }
Note
EKS runs an insight refresh before performing the rollback if insight data is stale.
Step 4: Monitor rollback progress
You can monitor the status of your cluster rollback using the Amazon EKS console or the AWS CLI.
AWS CLI:
aws eks describe-update \ --name my-cluster \ --region us-west-2 \ --update-id e4091a28-ea14-48fd-a8c7-975aeb469e8a
AWS Console:
-
Open the Amazon EKS console.
-
Select your cluster.
-
Navigate to the Update history tab.
-
Locate the update ID associated with the rollback to view its current status.
Status transitions
For standard clusters (without Auto Mode):
InProgress → Successful InProgress → Failed
For Auto Mode clusters, the cluster status remains ACTIVE while nodes are rolling back and changes to UPDATING only when the control plane rollback begins. Use describe-update to track the overall rollback progress. For more information, see Rollback EKS Auto Mode clusters.
When a Successful status is displayed, the rollback is complete.
Considerations and warnings
Insights are best-effort and point-in-time
Cluster insights are evaluated at the time rollback is triggered. If you make changes to your cluster after insights are checked but before the rollback completes (for example, creating resources using new APIs), those changes are not captured by the initial insight check and could cause issues after rollback completes.
etcd data preservation
EKS preserves etcd data during rollback. Incompatible resources bypassed using the --force flag remain persisted and are not garbage collected.
Extended support charges
If you roll back from a version under standard support to a version under extended support, your cluster begins incurring extended support charges. For example, if you upgrade from 1.30 (extended support) to 1.31 (standard support) and then roll back to 1.30, extended support charges resume.
Shared responsibility model for rollback
EKS rolls back the Kubernetes control plane to the desired version. As part of the shared responsibility model, you are responsible for verifying application compatibility with the previous version:
-
EKS is responsible for safely reverting the control plane components.
-
You are responsible for ensuring your applications, configurations, and dependencies are compatible with the previous version.
-
You must review any incompatibilities between versions, assess your cluster for exposure, and mitigate any issues.
CloudFormation stack rollback behavior
If a CloudFormation stack update fails and triggers a stack rollback, the revert to a previous template version that specifies a lower Kubernetes version does not trigger a cluster version rollback. Version rollback must be explicitly initiated through the UpdateClusterVersion API, CLI, or console.
Rollback and add-ons
EKS does not automatically rollback add-on versions during a cluster version rollback. You must manage add-on versions separately.
Before rolling back the control plane:
-
Check add-on compatibility with the target version using the rollback readiness insights.
-
If an add-on version is incompatible with the previous Kubernetes version, downgrade it first:
aws eks update-addon \ --cluster-name my-cluster \ --addon-name vpc-cni \ --addon-version v1.12.0-eksbuild.2 \ --region us-west-2
+ . After the control plane rollback completes, verify all add-ons are functioning correctly.
Note
Rollback readiness insights only check EKS-managed add-on versions. For self-managed add-ons, you are responsible for validating compatibility with the target version before rolling back.