Skip to content

refresh — the EKS upgrade companion

refresh is a Go CLI for the EKS cluster upgrade and patching lifecycle. It turns "I think we're behind on patches" into a safe, repeatable loop:

  • Statuswhat's stale across the fleet?

    refresh status reports patch posture across every cluster and region: version skew, stale AMIs, add-ons behind, and extended-support exposure.

  • Readinessam I safe to upgrade?

    refresh cluster upgrade-check reads EKS Cluster Insights and the local version-skew picture. Read-only; it mutates nothing.

  • Patchroll it, safely

    refresh nodegroup update / refresh addon update patch with pre-flight health gates, dry-run previews, live monitoring, and post-roll verification.

  • Upgradeorchestrate the whole thing

    refresh cluster upgrade sequences control plane → add-ons → nodegroups, with a health gate after every phase.

Why refresh

The product is the upgrade workflow, with safety first:

  • Pre-flight health gates — capacity, node readiness, PodDisruptionBudgets, and critical-workload checks run before anything mutates.
  • Dry-run everything — preview exactly what would change (including the AMI changelog and which PDBs would constrain a scale-down) before you commit.
  • Live monitoring + verification — watch rollouts in real time, then confirm nodes came back Ready with no newly-stuck pods.
  • Built for CI/cron — unattended flags, machine-readable output, and a documented exit-code contract.

It intentionally does not try to be a general EKS browser or a cost tool — that's k9s/the console/Kubecost territory. refresh does the upgrade loop well.

Install

brew install dantech2000/tap/refresh

go install github.com/dantech2000/refresh@latest

See the installation guide for binary downloads (with signature verification), shell completion, and the man page.

A 30-second tour

# What's stale across all regions?
refresh status -A

# Am I ready to upgrade prod?
refresh cluster upgrade-check -c prod

# Preview a nodegroup AMI roll (with release notes), then do it
refresh nodegroup update -c prod --dry-run --changelog
refresh nodegroup update -c prod --yes --require-healthy

# Patch every add-on, in dependency-safe order
refresh addon update --all --dependency-order --wait

Next: the quickstart walks through a first run end to end, and the upgrade lifecycle explains how the four stages fit together.