K3s - Upgrade
Last updated
Was this helpful?
Last updated
Was this helpful?
Access to all nodes of the cluster through one of the following methods
- Rancher
- SSH protocol
- AWS Session Manager
The K3s version tag you wish to upgrade to:
The system-upgrade-controller file that will be used to upgrade the K3s cluster:
The Bundle file for the K3s upgrade in the Air-Gap Environment
Make sure you push all new docker images to the ECR gv-public docker registry that you need to install the new k3s version.
Updates and custom settings are automatically applied to all backend services using Fleet as long as the cluster has access to the public internet and can connect to the management server.
In case there’s no internet connection or the management server is down, the cluster agent will keep trying to reach the management server until a connection can be established.
Log in to Rancher or one of the master nodes of the cluster to use kubectl CLI
List the node name and the K3s version:
Add the label k3s-upgrade=true to the nodes:
Note: In the case of a multi-node cluster, each node will be updated with the label mentioned above
Deploy the system-upgrade-controller :
Create upgrade-plan.yaml file.
Note: the key version has the version of the K3s that the cluster will be upgraded to.
Run the upgrade plan. The upgrade controller should watch for this plan and execute the upgrade on the labeled nodes
Once the plan is executed, all pods will restart and will take a few minutes to recover. Check the status of all the pods:
Check if the K3s version has been upgraded:
Delete the system-upgrade-controller
Here is the demo video that showcases the steps that need to be performed to upgrade K3s:
video
Take a shell session to each of the cluster nodes (VMs)
Download and Extract the bundle file: tar -xf gv-platform-$VERSION.tar to all the VMs
Perform the following steps in each of the VMs to Upgrade K3s:
Restart the k3s service across each of the nodes Master nodes:
Worker nodes:
Wait for a few minutes for the pods to recover.
Check the k3s version across the nodes
Here is the demo video that showcases the steps that need to be performed to upgrade K3s in the Air Gap environment:
video
For the Platform Team: Local Cluster K3s Upgrade
If you are upgrading K3s of the local cluster, you would need to remove the existing PodSecurityPolicy resources.
We have only one of them under the chart aws-node-termination-handler
Patch the helm Chart to disable the psp resource.
kubectl patch helmchart aws-node-termination-handler -n kube-system --type='json' -p='[{"op": "add", "path": "/spec/set/rbac.pspEnabled", "value": "false"}]'
This will trigger the removal of the PSP resource
Deploy the system-upgrade-controller:
Create the upgrade plan
Note: the key version has the version of the K3s that the cluster will be upgraded to.
If you are also running a worker node then execute this too:
Run the upgrade plan:
In the case of a Worker node execute this too:
Once the plan is executed, all pods will restart and take a few minutes to recover Check the status of all the pods:
Check if the K3s version has been upgraded:
Delete the system-upgrade-controller:
We have seen an issue with Traefik not able to access any resources after the upgrade is implemented. Follow these steps to implement the fix
Run this patch to add traefik.io to the apiGroup of the ClusterRole traefik-kube-system
Add the missing CRDs
Restart traefik deployment
Follow these steps to upgrade k3s: Upgrading K3s - AirGap (Manual Approach)
Run this patch to add traefik.io to the apiGroup of the ClusterRole traefik-kube-system
Add the missing CRDs
Restart traefik deployment
By default, certificates in K3s expire in 12 months. If the certificates are expired or have fewer than 90 days remaining before they expire, the certificates are rotated when K3s is restarted.
The traefik is deployed as daemonset in the local clusters. You would need to restart the daemonset instead when following the steps given in (broken link)
Reference: Apply upgrade:
Reference:
Reference: