The upgrade process (docs) follows the general procedure of:
- Upgrading the Kubernetes control plane with `kubeadm` (Kubernetes components and add-ons excluding the CNI)
- If applicable upgrading the CNI network plugin
- Upgrading the Kubernetes packages (`kubelet, kubeadm, kubectl`) on the control plane and worker nodes
- Upgrading the `kubelet` config on worker nodes with `kubeadm`
# check cluster nodes and version
kubectl get no -owide- Control-plane node:
# drain to prepare kubelet upgrade
kubectl drain $control_plane --ignore-daemonsets --delete-emptydir-data --disable-eviction
# --disable-eviction bypass checking PodDisruptionBudgets
# --delete-emptydir-data allow delete Pods with local storage
# $control_plane node should have SchedulingDisabled
kubectl get no -owide
ssh $control_plane -oStrictHostKeyChecking=no
# Update the package index
sudo apt-get update -y
# find the latest patch release version for Kubernetes using OS package manager e.g: 1.30.2
sudo apt-cache madison kubeadm | grep 1.30.2 # the same as apt list -a <package name>
v=1.30.2-1.1
# skip unhold upgrade kubeadm kubectl kubelet
sudo apt-get install -y --allow-change-held-packages kubeadm=$v kubectl=$v kubelet=$v
# The cri-socket annotation is used by kubeadm to find the container runtime socket perform the control plane upgrade.
# ensure the node is annotated with cri-socket otherwise annotate the node
kubectl get no NODE -oyaml | grep -A8 annotations
kubectl annotate no NODE kubeadm.alpha.kubernetes.io/cri-socket="unix:///var/run/containerd/containerd.sock"
# generate plan: pre-flight checks and validate if the cluster is upgreadable, and fetches the versions you can upgrade to
sudo kubeadm upgrade plan 1.30.2
# apply the upgrade: The upgrade command is idempotent
sudo kubeadm upgrade apply 1.30.2
...
[upgrade/staticpods] Preparing for "kube-apiserver" upgrade
[upgrade/staticpods] Renewing apiserver certificate
[upgrade/staticpods] Renewing apiserver-kubelet-client certificate
[upgrade/staticpods] Renewing front-proxy-client certificate
[upgrade/staticpods] Renewing apiserver-etcd-client certificate
.....
kubectl uncordon $control_plane
# For the other control plane nodes
sudo kubeadm upgrade node- For each Worker node:
# drain node, necessar for kubelet upgrade
kubectl drain $worker --ignore-daemonsets --delete-emptydir-data --disable-eviction
# --disable-eviction bypass checking PodDisruptionBudgets
# --delete-emptydir-data allow delete Pods with local storage
ssh $worker -oStrictHostKeyChecking=no
# Update the package index
sudo apt-get update -y
# find the latest patch release version for Kubernetes using OS package manager e.g: 1.30.2
sudo apt-cache madison kubeadm | grep 1.30.2 # the same as apt list -a <package name>
# set desire version
v=1.30.2-1.1
sudo apt-get install -y --allow-change-held-packages kubeadm=$v kubectl=$v kubelet=$v
# if needed reload the systemd manager configuration and restart kubelet.service
sudo systemctl daemon-reload
sudo systemctl restart kubelet
kubectl uncordon $worker1
On the First control plane node: run
kubeadm upgrade applyit update cluster components.On Other the other control plane nodes: run
kubeadm upgrade nodeit updates only that node to match the new cluster version.Infer the first control plane node: