/
K3s - Upgrade

K3s - Upgrade

Owned by Space Sync for Confluence
Last updated: Dec 19, 2023 by Ashima Agarwal
5 min read

Prerequisites

  1. Access to all nodes of the cluster through one of the following methods
    - Rancher
    - SSH protocol
    - AWS Session Manager

  2. The K3s version tag you wish to upgrade to: https://github.com/k3s-io/k3s/releases

  3. The system-upgrade-controller file that will be used to upgrade the K3s cluster:
    https://assets.master.k3s.getvisibility.com/system-upgrade-controller/v0.10.0/system-upgrade-controller.yaml

  4. The Bundle file for the K3s upgrade in the Air-Gap Environment

  5. Make sure you push all new docker images to the ECR gv-public docker registry that you need to install the new k3s version. See here Secure Mode

Focus/Synergy services

Updates and custom settings are automatically applied to all backend services using Fleet as long as the cluster has access to the public internet and can connect to the management server.

In case there’s no internet connection or the management server is down, the cluster agent will keep trying to reach the management server until a connection can be established.

Upgrading K3s to 1.24

  1. Log in to Rancher or one of the master nodes of the cluster to use kubectl CLI

  2. List the node name and the K3s version:

    kubectl get nodes

  3. Add the label k3s-upgrade=true to the nodes:
    Note: In the case of a multi-node cluster, each node will be updated with the label mentioned above

    kubectl label node --all k3s-upgrade=true

  4. Deploy the system-upgrade-controller :

    kubectl apply -f https://assets.master.k3s.getvisibility.com/system-upgrade-controller/v0.10.0/system-upgrade-controller.yaml

  5. Create upgrade-plan.yaml file.
    Note: the key version has the version of the K3s that the cluster will be upgraded to.

  6. Run the upgrade plan.
    The upgrade controller should watch for this plan and execute the upgrade on the labeled nodes

  7. Once the plan is executed, all pods will restart and will take a few minutes to recover.
    Check the status of all the pods:

  8. Check if the K3s version has been upgraded:

  9. Delete the system-upgrade-controller :

Demo Video

Here is the demo video that showcases the steps that need to be performed to upgrade K3s:

Upgrading K3s - AirGap (Manual Approach)

  1. Take a shell session to each of the cluster nodes (VMs)

  2. Download and Extract the bundle file: tar -xf gv-platform-$VERSION.tar to all the VMs

  3. Perform the following steps in each of the VMs to Upgrade K3s:

  4. Restart the k3s service across each of the nodes
    Master nodes:

    Worker nodes:

  5. Wait for a few minutes for the pods to recover.

  6. Check the k3s version across the nodes

Demo Video

Here is the demo video that showcases the steps that need to be performed to upgrade K3s in the Air Gap environment:

Upgrading K3s to 1.26

For the Platform Team: Local Cluster K3s Upgrade

If you are upgrading K3s of the local cluster, you would need to remove the existing PodSecurityPolicy resources.

We have only one of them under the chart aws-node-termination-handler

  1. Patch the helm Chart to disable the psp resource.

  2. This will trigger the removal of the PSP resource

The traefik is deployed as daemonset in the local clusters. You would need to restart the daemonset instead when following the steps given in Post Upgrade Patch

 

  • Deploy the system-upgrade-controller :

  • Create the upgrade plan
    Note: the key version has the version of the K3s that the cluster will be upgraded to.

     

    If you are also running a worker node then execute this too:

  • Run the upgrade plan:

     

    In the case of a Worker node execute this too:

  • Once the plan is executed, all pods will restart and take a few minutes to recover
    Check the status of all the pods:

  • Check if the K3s version has been upgraded:

  • Delete the system-upgrade-controller :

Reference: Apply upgrade: https://docs.k3s.io/upgrades/automated#install-the-system-upgrade-controller

Post Upgrade Patch

We have seen an issue with Traefik not able to access any resources after the upgrade is implemented. Follow these steps to implement the fix

  • Run this patch to add traefik.io to the apiGroup of the ClusterRole traefik-kube-system

  • Add the missing CRDs

  • Restart traefik deployment

If you are unable to access the Keycloak or the Product UI then it might be a cache issue. Try the Private window of the browser you are using.

Reference: K3s v1.27.7+k3s1 and v1.28.3+k3s1 bundle old Traefik CRDs, causing kubernetes api connection issues · Issue #8755 · k3s-io/k3s

Upgrading K3s - AirGap (Manual Approach)

Follow these steps to upgrade k3s: K3s - Upgrade | Upgrading K3s AirGap (Manual Approach)

Post Upgrade Patch

  • Run this patch to add traefik.io to the apiGroup of the ClusterRole traefik-kube-system

  • Add the missing CRDs

  • Restart traefik deployment

Reference: K3s v1.27.7+k3s1 and v1.28.3+k3s1 bundle old Traefik CRDs, causing kubernetes api connection issues · Issue #8755 · k3s-io/k3s

Certificates

By default, certificates in K3s expire in 12 months. If the certificates are expired or have fewer than 90 days remaining before they expire, the certificates are rotated when K3s is restarted.

Related content

Install/Upgrade notes for GetVisibility Essentials chart
Install/Upgrade notes for GetVisibility Essentials chart
GV-KnowledgeBase
More like this
Flink-jobmanager stuck in CLBO
Flink-jobmanager stuck in CLBO
GV-KnowledgeBase
Read with this
K3s Update
K3s Update
GV-KnowledgeBase
More like this
DSPM DRA - Setting up access to the platform
DSPM DRA - Setting up access to the platform
GV-KnowledgeBase
Read with this
Installation - Upgrade K3s - Focus
Installation - Upgrade K3s - Focus
GV-KnowledgeBase
More like this
Install Synergy/Focus/Enterprise using Helm without Rancher
Install Synergy/Focus/Enterprise using Helm without Rancher
GV-KnowledgeBase
Read with this

Classified as Getvisibility - Partner/Customer Confidential