Basically, there are 6 steps need to follow:
- checking prerequisite, like api/docker
- backup etcd and cluster both
- upgrading control plane nodes
- upgrade plugin components, like cannal/metrics server/coredns
- upgrading worker nodes
- verify cluster status.*
How does it work
kubeadm upgrade apply
- Checks that your cluster is in an upgradeable state:
The API server is reachable
All nodes are in the Ready state
The control plane is healthy - Enforces the version skew policies.
- Makes sure the control plane images are available or available to pull to the machine.
- Upgrades the control plane components or rollbacks if any of them fails to come up.
- Applies the new kube-dns and kube-proxy manifests and makes sure that all necessary RBAC rules are created.
- Creates new certificate and key files of the API server and backs up old files if they’re about to expire in 180 days.
kubeadm upgrade node on control plane nodes:
- Fetches the kubeadm ClusterConfiguration from the cluster.
- Optionally backups the kube-apiserver certificate.
- Upgrades the static Pod manifests for the control plane components.
- Upgrades the kubelet configuration for this node.
kubeadm upgrade node on worker nodes:
- Fetches the kubeadm ClusterConfiguration from the cluster.
- Upgrades the kubelet configuration for this node.