...
Access to all nodes of the cluster through one of the following methods
- Rancher
-SSHprotocol
- AWSSession ManagerThe K3s version tag you wish to upgrade to: https://github.com/k3s-io/k3s/releases
The
system-upgrade-controllerfile that will be used to upgrade the K3s cluster:
https://assets.master.k3s.getvisibility.com/system-upgrade-controller/v0.10.0/system-upgrade-controller.yamlThe Bundle file for the K3s upgrade in the Air-Gap Environment
Focus/Synergy services
Updates and custom settings are automatically applied to all backend services using Fleet as long as the cluster has access to the public internet and can connect to the management server.
In case there’s no internet connection or the management server is down, the cluster agent will keep trying to reach the management server until a connection can be established.
Upgrading K3s (Automated Approach)
Log in to Rancher or one of the master nodes of the cluster to use
kubectlCLIList the node name and the K3s version:
Code Block kubectl get nodes
Add the label
k3s-upgrade=trueto the nodes:
Note: In the case of a multi-node cluster, each node will be updated with the label mentioned aboveCode Block kubectl label node --all k3s-upgrade=true
Deploy the
system-upgrade-controller:Code Block kubectl apply -f https://assets.master.k3s.getvisibility.com/system-upgrade-controller/v0.10.0/system-upgrade-controller.yaml
Create
upgrade-plan.yamlfile.
Note: the keyversionhas the version of the K3s that the cluster will be upgraded to.Code Block cat > upgrade-plan.yaml << EOF --- apiVersion: upgrade.cattle.io/v1 kind: Plan metadata: name: k3s-latest namespace: system-upgrade spec: concurrency: 1 version: v1.24.9+k3s2 nodeSelector: matchExpressions: - {key: k3s-upgrade, operator: Exists} serviceAccountName: system-upgrade upgrade: image: docker.io/rancher/k3s-upgrade EOFRun the upgrade plan.
The upgrade controller should watch for this plan and execute the upgrade on the labeled nodesCode Block kubectl apply -f upgrade-plan.yaml
Once the plan is executed, all pods will restart and will take a few minutes to recover.
Check the status of all the pods:Code Block watch kubectl get pods -A
Check if the K3s version has been upgraded:
Code Block kubectl get nodes
Delete the
system-upgrade-controller:Code Block kubectl delete -f https://assets.master.k3s.getvisibility.com/system-upgrade-controller/v0.10.0/system-upgrade-controller.yaml
Certificates
By default, certificates in K3s expire in 12 months. If the certificates are expired or have fewer than 90 days remaining before they expire, the certificates are rotated when K3s is restarted.
Demo Video
Here is the demo video that showcases the steps that need to be performed to upgrade K3s:
...
Upgrading K3s - AirGap (Manual Approach)
Take a shell session to each of the cluster nodes (VMs)
Download and Extract the bundle file:
tar -xf gv-platform-$VERSION.tarto all the VMsPerform the following steps in each of the VMs to Upgrade K3s:
Code Block $ mkdir -p /var/lib/rancher/k3s/agent/images/ $ gunzip -c assets/k3s-airgap-images-amd64.tar.gz > /var/lib/rancher/k3s/agent/images/airgap-images.tar $ cp assets/k3s /usr/local/bin && chmod +x /usr/local/bin/k3sRestart the k3s service across each of the nodes
Master nodes:Code Block $ systemctl restart k3s.serviceWorker nodes:
Code Block $ systemctl restart k3s-agent.serviceWait for a few minutes for the pods to recover.
Code Block watch kubectl get pods -ACheck the k3s version across the nodes
Code Block kubectl get nodes
Demo Video
Here is the demo video that showcases the steps that need to be performed to upgrade K3s in the Air Gap environment:
...
Certificates
By default, certificates in K3s expire in 12 months. If the certificates are expired or have fewer than 90 days remaining before they expire, the certificates are rotated when K3s is restarted.