Skip to main content
Skip table of contents

Essential Upgrade Kubernetes Version

Upgrade the Kubernetes Version

When upgrading the Kubernetes version of a cluster:

  1. Upgrade the control plane first using the infrastructure specific command.

    1. NOTE the additional considerations for FIPS if using FIPS configuration.

  2. Upgrade the node pools second using the infrastructure specific command.

    1. NOTE the additional considerations for FIPS if using FIPS configuration.

  3. Build a new image if applicable.

    • If an AMI was specified when initially creating a cluster for AWS, you must build a new one with Konvoy Image Builder and set the flag(s) in the update commands. Either AMI ID --ami AMI_ID, or the lookup image flags: --ami-owner AWS_ACCOUNT_ID, --ami-base-os ubuntu-20.04, and --ami-format 'example-{{.BaseOS}}-?{{.K8sVersion}}-*'.

      ⚠️ The AMI lookup method will return an error if the lookup uses the upstream CAPA account ID.

    • If an Azure Machine Image was specified for Azure, you must build a new one with Konvoy Image Builder.

    • If a vSphere template Image was specified for vSphere, you must build a new one with Konvoy Image Builder.

    • You must build a new GCP image with Konvoy Image Builder.

  4. Upgrade the Kubernetes version of the control plane. Each cloud provider has distinctive commands. Below is the AWS command example. Select the drop-down menu next to your provider for compliant CLI.
    NOTE: The first example below is for AWS. If you created your initial cluster with a custom AMI using the --ami flag, it is required to set the --ami flag during the Kubernetes upgrade.

    CODE
    dkp update controlplane aws --cluster-name=${CLUSTER_NAME} --kubernetes-version=v1.28.7
Azure
CODE
dkp update controlplane azure --cluster-name=${CLUSTER_NAME} --kubernetes-version=v1.28.7 --compute-gallery-id <Azure Compute Gallery built by KIB for Kubernetes v1.28.7>
  • If these fields were specified in the override file during image creation, the flags must be used in upgrade:

    • --plan-offer, --plan-publisher and --plan-sku

    • CODE
      --plan-offer rockylinux-9
      --plan-publisher erockyenterprisesoftwarefoundationinc1653071250513
      --plan-sku rockylinux-9
vSphere
CODE
dkp update controlplane vsphere --cluster-name=${CLUSTER_NAME} --kubernetes-version=v1.28.7 --vm-template <vSphere template built by KIB for Kubernetes v1.28.7>
VCD
CODE
dkp update controlplane vcd --cluster-name=${CLUSTER_NAME} --kubernetes-version=v1.28.7 --catalog <tenant catalog vApp template> --vapp-template <vApp template built in vSphere KIB for Kubernetes v1.28.7>
GCP
CODE
dkp update controlplane gcp --cluster-name=${CLUSTER_NAME} --kubernetes-version=v1.28.7 --image=projects/${GCP_PROJECT}/global/images/<GCP image built by KIB for Kubernetes v1.28.7>
Pre-provisioned
CODE
dkp update controlplane preprovisioned --cluster-name=${CLUSTER_NAME} --kubernetes-version=v1.28.7
EKS
CODE
dkp update controlplane eks --cluster-name=${CLUSTER_NAME} --kubernetes-version=v1.27.9
Additional Considerations for upgrading a FIPS cluster:

If upgrading a FIPS cluster, to correctly upgrade the Kubernetes version, instead run the command shown below which contains the etcd version as well:

CODE
dkp update controlplane aws --cluster-name=${CLUSTER_NAME} --kubernetes-version=v1.28.7+fips.0 --ami=<ami-with-fips-id>

The output should be similar to the below example, with the provider name corresponding to the CLI you executed from the choices above:

CODE
Updating control plane resource controlplane.cluster.x-k8s.io/v1beta1, Kind=KubeadmControlPlane default/my-aws-cluster-control-plane
Waiting for control plane update to finish.
 ✓ Updating the control plane

Some advanced options are available for various providers. To see all the options for your particular provider, run this command dkp update controlplane aws|vsphere|preprovisioned|azure|gcp|eks --help for more advance options like the example below:

This example for AWS AMI instance type: aws: --ami, --instance-type would be some of the options mentioned in the note above.

NOTE: The command dkp update controlplane {provider} has a 30 minute default timeout for the update process to finish. If you see the error "timed out waiting for the condition“, you can check the control plane nodes version using the command kubectl get machines -o wide --kubeconfig $KUBECONFIG before trying again.

5. Upgrade the Kubernetes version of your node pools. Upgrading a nodepool involves draining the existing nodes in the nodepool and replacing them with new nodes. In order to ensure minimum downtime and maintain high availability of the critical application workloads during the upgrade process, we recommend deploying Pod Disruption Budget (Disruptions) for your critical applications. For more information, refer to Update Cluster Nodepools documentation.

a. First, get a list of all node pools available in your cluster by running the following command:

CODE
dkp get nodepool --cluster-name ${CLUSTER_NAME}

b. Select the nodepool you want to upgrade with the command below:

CODE
export NODEPOOL_NAME=my-nodepool

c. Then update the selected nodepool using the command below. Upgrading a node pool involves draining the existing nodes in the node pool and replacing them with new nodes. we recommend deploying Pod Disruption Budget (Disruptions) for your critical applications. Refer to Update Cluster Nodepools for more information.

The first example command shows AWS language, so select the drop-down menu for your provider for the correct command. Execute the update command for each of the node pools listed in the previous command:
NOTE: The first example below is for AWS. If you created your initial cluster with a custom AMI using the --ami flag, it is required to set the --ami flag during the Kubernetes upgrade.

CODE
dkp update nodepool aws ${NODEPOOL_NAME} --cluster-name=${CLUSTER_NAME} --kubernetes-version=v1.28.7
Azure
CODE
dkp update nodepool azure ${NODEPOOL_NAME} --cluster-name=${CLUSTER_NAME} --kubernetes-version=v1.28.7 --compute-gallery-id <Azure Compute Gallery built by KIB for Kubernetes v1.28.7>
  • If these fields were specified in the override file during image creation, the flags must be used in upgrade:

    • --plan-offer, --plan-publisher and --plan-sku

    • CODE
      --plan-offer rockylinux-9
      --plan-publisher erockyenterprisesoftwarefoundationinc1653071250513
      --plan-sku rockylinux-9
vSphere
CODE
dkp update nodepool vsphere ${NODEPOOL_NAME} --cluster-name=${CLUSTER_NAME} --kubernetes-version=v1.28.7 --vm-template <vSphere template built by KIB for Kubernetes v1.28.7>
VCD
CODE
dkp update nodepool vcd ${NODEPOOL_NAME} --cluster-name=${CLUSTER_NAME} --kubernetes-version=v1.28.7 --catalog <tenant catalog vApp template> --vapp-template <vApp template built in vSphere KIB for Kubernetes v1.28.7>
GCP
CODE
dkp update nodepool gcp ${NODEPOOL_NAME} --cluster-name=${CLUSTER_NAME} --kubernetes-version=v1.28.7 --image=projects/${GCP_PROJECT}/global/images/<GCP image built by KIB for Kubernetes v1.28.7>
Pre-provisioned
CODE
dkp update nodepool preprovisioned ${NODEPOOL_NAME} --cluster-name=${CLUSTER_NAME} --kubernetes-version=v1.28.7
EKS
CODE
dkp update nodepool eks ${NODEPOOL_NAME} --cluster-name=${CLUSTER_NAME} --kubernetes-version=v1.27.9
Additional Considerations for upgrading a FIPS cluster:

If upgrading a FIPS cluster, to correctly upgrade the Kubernetes version, instead run the command shown below:

CODE
dkp update nodepool aws ${NODEPOOL_NAME} --cluster-name=${CLUSTER_NAME} --kubernetes-version=v1.28.7+fips.0 --ami=<ami-with-fips-id>

The output should be similar to the following, with the name of the infrastructure provider shown accordingly:

CODE
Updating node pool resource cluster.x-k8s.io/v1beta1, Kind=MachineDeployment default/my-aws-cluster-my-nodepool
Waiting for node pool update to finish.
 ✓ Updating the my-aws-cluster-my-nodepool node pool

d. Repeat this step for each additional node pool.

When all nodepools have been updated, your upgrade is complete. For the overall process for upgrading to the latest version of DKP, refer back to Upgrade DKP for more details.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.