...
Access to all nodes of the cluster through one of the following methods
- Rancher
-SSHprotocol
- AWSSession ManagerThe K3s version tag you wish to upgrade to: https://github.com/k3s-io/k3s/releases
The
system-upgrade-controllerfile that will be used to upgrade the K3s cluster:
https://assets.master.k3s.getvisibility.com/system-upgrade-controller/v0.10.0/system-upgrade-controller.yamlThe Bundle file for the K3s upgrade in the Air-Gap Environment
Make sure you push all new docker images to the ECR
gv-publicdocker registry that you need to install the new k3s version. See here Securing K3s Secure Mode
Focus/Synergy services
Updates and custom settings are automatically applied to all backend services using Fleet as long as the cluster has access to the public internet and can connect to the management server.
...
For the Platform Team: Local Cluster K3s Upgrade
If you are upgrading K3s of the local cluster, you would need to remove the existing PodSecurityPolicy resources.
We have only one of them under the chart aws-node-termination-handler
Patch the helm Chart to disable the psp resource.
Code Block kubectl patch helmchart aws-node-termination-handler -n kube-system --type='json' -p='[{"op": "add", "path": "/spec/set/rbac.pspEnabled", "value": "false"}]'This will trigger the removal of the PSP resource
The traefik is deployed as daemonset in the local clusters. You would need to restart the daemonset instead when following the steps given in Post Upgrade Patch
Deploy the
system-upgrade-controller:Code Block kubectl apply -f https://assets.master.k3s.getvisibility.com/system-upgrade-controller/v0.13.1/system-upgrade-controller.yaml
Create the upgrade plan
Note: the keyversionhas the version of the K3s that the cluster will be upgraded to.Code Block cat > upgrade-plan-server.yaml << EOF --- # Server plan apiVersion: upgrade.cattle.io/v1 kind: Plan metadata: name: server-plan namespace: system-upgrade spec: concurrency: 1 cordon: true nodeSelector: matchExpressions: - key: node-role.kubernetes.io/control-plane operator: In values: - "true" serviceAccountName: system-upgrade upgrade: image: rancher/k3s-upgrade version: v1.26.10+k3s1 EOFIf you are also running a worker node then execute this too:
Code Block cat > upgrade-plan-agent.yaml << EOF --- # Agent plan apiVersion: upgrade.cattle.io/v1 kind: Plan metadata: name: agent-plan namespace: system-upgrade spec: concurrency: 1 cordon: true nodeSelector: matchExpressions: - key: node-role.kubernetes.io/control-plane operator: DoesNotExist prepare: args: - prepare - server-plan image: rancher/k3s-upgrade serviceAccountName: system-upgrade upgrade: image: rancher/k3s-upgrade version: v1.26.10+k3s1 EOFRun the upgrade plan:
Code Block kubectl apply -f upgrade-plan-server.yaml
In the case of a Worker node execute this too:
Code Block kubectl apply -f upgrade-plan-agent.yaml
Once the plan is executed, all pods will restart and take a few minutes to recover
Check the status of all the pods:Code Block watch kubectl get pods -A
Check if the K3s version has been upgraded:
Code Block kubectl get nodes
Delete the
system-upgrade-controller:Code Block kubectl delete -f https://assets.master.k3s.getvisibility.com/system-upgrade-controller/v0.13.1/system-upgrade-controller.yaml
...
Follow these steps to upgrade k3s: https://getvisibility.atlassian.net/wiki/spaces/GSKBTES/pages/179699758183173145/K3s+-+Upgrade#Upgrading-K3s---AirGap-(Manual-Approach)
Post Upgrade Patch
| Note |
|---|
We have seen an issue with Traefik not able to access any resources after the upgrade is implemented. Follow these steps to implement the fix |
...