Skip to content

Instantly share code, notes, and snippets.

@dejanu

dejanu/k8s_upgrade.md

Last active October 1, 2024 20:48
Show Gist options
  • Save dejanu/89ec2565d3a923a368f5dc046259e2b9 to your computer and use it in GitHub Desktop.
Save dejanu/89ec2565d3a923a368f5dc046259e2b9 to your computer and use it in GitHub Desktop.
Download ZIP
Upgrading Kubernetes
Raw
k8s_upgrade.md

The upgrade process (docs) follows the general procedure of:

- Upgrading the Kubernetes control plane with kubeadm (Kubernetes components and add-ons excluding the CNI)
- If applicable upgrading the CNI network plugin
- Upgrading the Kubernetes packages (kubelet, kubeadm, kubectl) on the control plane and worker nodes
- Upgrading the kubelet config on worker nodes with kubeadm

# check cluster nodes and version
kubectl  get no  -owide
  • Control-plane node:
# drain to prepare kubelet upgrade
# --disable-eviction bypass checking PodDisruptionBudgets
# --delete-emptydir-data allow delete Pods with local storage
kubectl drain $control_plane --ignore-daemonsets --delete-emptydir-data --disable-eviction

# $control_plane node should have SchedulingDisabled
kubectl get no -owide

# ssh to control plane node
ssh $control_plane -oStrictHostKeyChecking=no

# update the package index
sudo apt-get update -y

# find the latest patch release version for Kubernetes using OS package manager e.g: 1.30.2
sudo apt-cache madison kubeadm | grep 1.30.2 # same as apt list -a <package name>

v=1.30.2-1.1
# skip unhold upgrade kubeadm kubectl kubelet
sudo apt-get install -y --allow-change-held-packages kubeadm=$v kubectl=$v kubelet=$v 

# The cri-socket annotation is used by kubeadm to find the container runtime socket perform the control plane upgrade.
# ensure the node is annotated with cri-socket otherwise annotate the node
kubectl get no NODE -oyaml | grep -A8  annotations
kubectl annotate no NODE kubeadm.alpha.kubernetes.io/cri-socket="unix:///var/run/containerd/containerd.sock"

# generate plan: pre-flight checks and validate if the cluster is upgreadable, and fetches the versions you can upgrade to
sudo kubeadm upgrade plan 1.30.2

# apply the upgrade: 
# the upgrade command is idempotent: it updates crontrol-plane components (API server, controller manager, scheduler) and includes an etcd upgrade (if necessary)
sudo kubeadm upgrade apply 1.30.2
...
[upgrade/staticpods] This can take up to 5m0s
[upgrade/staticpods] Preparing for "kube-apiserver" upgrade
[upgrade/staticpods] Renewing apiserver certificate
[upgrade/staticpods] Renewing apiserver-kubelet-client certificate
[upgrade/staticpods] Renewing front-proxy-client certificate
[upgrade/staticpods] Renewing apiserver-etcd-client certificate
.....

kubectl uncordon $control_plane

# for the other control plane nodes
sudo kubeadm upgrade node
  • For each Worker node:
# drain node, necessary for  kubelet upgrade
# --disable-eviction bypass checking PodDisruptionBudgets
# --delete-emptydir-data allow delete Pods with local storage
kubectl drain $worker --ignore-daemonsets --delete-emptydir-data --disable-eviction

ssh $worker -oStrictHostKeyChecking=no

# update the package index
sudo apt-get update -y

# find the latest patch release version for Kubernetes using OS package manager e.g: 1.30.2
sudo apt-cache madison kubeadm | grep 1.30.2 # the same as apt list -a <package name>

# set desire version
v=1.30.2-1.1

# upgrade packages
sudo apt-get install -y --allow-change-held-packages kubeadm=$v kubectl=$v kubelet=$v 

# if needed reload the systemd manager configuration and restart kubelet.service 
sudo systemctl daemon-reload
sudo systemctl restart kubelet

kubectl uncordon $worker1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment