LATEST VERSION: v1.1 - RELEASE NOTES
Pivotal Container Service v1.1

Upgrade PKS

Page last updated:

This topic explains how to upgrade the Pivotal Container Service (PKS) tile and existing Kubernetes clusters. It also explains the service interruptions that can result from service changes and upgrades and from failures at the process, VM, and IaaS level.

For conceptual information about upgrading the PKS tile and PKS-provisioned Kubernetes clusters, see What Happens During PKS Upgrades.

Breaking Change: PKS v1.1 does not support ABAC. Delete any ABAC clusters before upgrading to v1.1. For more information, see Existing ABAC Clusters in the PKS v1.1 Release Notes.

WARNING: Do not manually upgrade your Kubernetes version. The PKS service includes the compatible Kubernetes version.

Prepare to Upgrade

Before you begin upgrading the PKS tile, consider your workload capacity and uptime requirements. If workers are operating too close to their capacity, the PKS upgrade can fail. View your workload resource usage in Dashboard. For more information, see Access the Dashboard.

If your clusters are near capacity for your existing infrastructure, Pivotal recommends scaling up your clusters before you upgrade. Scale up your cluster by running pks-resize or create a cluster using a larger plan. For more information, see Scale Existing Clusters.

To prevent workload downtime during a cluster upgrade, Pivotal recommends running your workload on at least three worker VMs, using multiple replicas of your workloads spread across those VMs. For more information, see Maintain Workload Uptime.

Step 1: Upgrade Ops Manager

PKS v1.1 requires Ops Manager v2.1.

  1. To upgrade to the required Ops Manager version, follow the procedure detailed in: Upgrade Ops Manager and Installed Products to v2.1.

  2. At this time, operators should add additional workloads and create an additional cluster to ensure that the PKS control plane is still functional. For more information on performing those actions, see About Workload Upgrades and Create a Cluster.

You can monitor the PKS control plane VM by clicking the Pivotal Container Service tile, selecting Status tab, and reviewing the Pivotal Container Service VM’s data points. If any data points are at capacity, scale your deployment accordingly.

Step 2: Upgrade the PKS Tile

To upgrade PKS, you follow the same Ops Manager process that you use to install the tile for the first time. Your configuration settings migrate to the new version automatically. To perform an upgrade:

  1. Review the Release Notes for the version you are upgrading to.

  2. Download the desired version of the product from Pivotal Network.

  3. Navigate to the Ops Manager Installation Dashboard and click Import a Product to upload the product file.

  4. Under the Import a Product button, click + next to Pivotal Container Service. This adds the tile to your staging area.

  5. Click the newly-added Pivotal Container Service tile.

  6. Optional: To upgrade all PKS-deployed Kubernetes clusters when you upgrade the PKS tile, follow the next steps:

    1. Click Errands.
    2. Under Post-Deploy Errands, set the Upgrade all clusters errand to Default (On). The errand upgrades a single Kubernetes cluster at a time. Upgrading PKS Kubernetes clusters can temporarily interrupt the service, as described below.

      Note: If you upgrade PKS from 1.0.x to 1.1, you must enable the Upgrade All Cluster errand. This ensures existing clusters can perform resize or delete actions after the upgrade.

      (Optional) To monitor the Upgrade all clusters errand using the BOSH CLI, do the following:
      1. Log in to the BOSH Director by running bosh -e MY-ENVIRONMENT log-in from a VM that can access your PKS deployment. For more information, see Manage PKS Deployments with BOSH.
      2. Run bosh -e MY-ENVIRONMENT tasks.
      3. Locate the task number for the errand in the # column of the BOSH output.
      4. Run bosh task TASK-NUMBER, replacing TASK-NUMBER with the task number you located in the previous step.
    3. Click Save.

      WARNING: If you set the Upgrade all clusters errand to Off, your Kubernetes cluster version will fall behind the PKS tile version. If your clusters fall more than one version behind the tile, you can no longer upgrade the clusters. You must upgrade your clusters to match the PKS tile version before the next tile upgrade.

  7. Review the other configuration panes. Click Save on any panes where you make changes. For example, if you use NSX-T, follow the instructions in Upgrade NSX-T before clicking Apply Changes for the PKS tile upgrade.

Note: When you upgrade PKS, you must place singleton jobs in the AZ you selected when you first installed the PKS tile. You cannot move singleton jobs to another AZ.

  1. Return to the Installation Dashboard. Under Pending Changes, click INSTALL Pivotal Container Service. If you changed Post-Deploy Errands, confirm that the Post-Deploy Errands setting matches the configuration you set in the previous step.

  2. Click Apply Changes.

  3. At this time, operators should add additional workloads and create an additional cluster to ensure that the PKS control plane is still functional. For more information on performing those actions, see About Workload Upgrades and Create a Cluster.

You can monitor the PKS control plane VM by clicking the Pivotal Container Service tile, selecting Status tab, and reviewing the Pivotal Container Service VM’s data points. If any data points are at capacity, scale your deployment accordingly.

Step 3: Upgrade NSX-T (Optional)

If you are deploying PKS on vSphere with NSX-T integration, NSX-T v2.1 is required.

To upgrade PKS with NSX-T, make the following configuration changes to adapt your deployment to new features that have been added in PKS 1.1.0.

  1. Create the NSX Manager Super User Principal Identity Certificate by following the procedure in Generating and Registering Certificates in Installing PKS on vSphere with NSX-T Integration.

  2. Select the NAT option if Network Address Translation needs to be enforced for the Kubernetes nodes. Clearing this option allows the nodes to have globally routable IP addresses. For more information, see NAT Topology.

  3. PKS 1.1 allows you to specify dedicated IP blocks for node and pod networking. Create these IP blocks according to the instructions in Plan IP Blocks. Enter one or more domain servers used by Kubernetes nodes. These domain servers will be used by the nodes that are created on the Node Networks that are dynamically generated at the time of cluster creation.

    Note: When upgrading NSX-T for PKS, you must use a different CIDR range for the node IP block than the one you used for the service network.

  4. (Optional) To configure a global proxy for all outgoing HTTP/HTTPS traffic from your Kubernetes clusters, do the following:

    • Under HTTP/HTTPS proxy, select Enabled.
    • Under HTTP Proxy URL, enter the URL of your HTTP/HTTPS proxy endpoint. For example, http://myproxy.com:1234.
    • (Optional) If your proxy uses basic authentication, enter the username and password in either HTTP Proxy Credentials or HTTPS Proxy Credentials.
    • Under No Proxy, enter the service network CIDR where your PKS cluster is deployed. List any additional IP addresses that should bypass the proxy.
  5. Make sure that the Enable outbound internet access checkbox is not selected. This setting is not applicable to vSphere without NSX-T integrations.

Step 4: Upgrade vCenter (Optional)

  1. If you are deploying PKS on vSphere, consult vSphere Version Requirements and upgrade vSphere if necessary.

  2. At this time, operators should add additional workloads and create an additional cluster to ensure that the PKS control plane is still functional. For more information on performing those actions, see About Workload Upgrades and Create a Cluster.

You can monitor the PKS control plane VM by clicking the Pivotal Container Service tile, selecting Status tab, and reviewing the Pivotal Container Service VM’s data points. If any data points are at capacity, scale your deployment accordingly.

Upgrade Kubernetes Clusters

If you set the Upgrade all clusters errand to Default (On), your PKS-deployed Kubernetes clusters are upgraded automatically when the PKS tile upgrade runs.

If you set the Upgrade all clusters errand to Off, you can upgrade all PKS-deployed Kubernetes clusters by setting the Upgrade all clusters errand to On and clicking Apply Changes.

Note: If you upgrade PKS from 1.0.x to 1.1, you must enable the Upgrade All Cluster errand. This ensures existing clusters can perform resize or delete actions after the upgrade.

Service Interruptions

Service changes and upgrades and failures at the process, VM, and IaaS level can cause outages in the PKS service, as described below.

Read this section if:

  • You are experiencing a service interruption and are wondering why.
  • You are planning to update or change a Kubernetes cluster and want to know if it might cause a service interruption.

Stemcell or Service Upgrade

An operator updates a stemcell version or the PKS tile version.

  • Impact: The PKS API experiences downtime while the new stemcell is applied to the Pivotal Container Service VM.

    • Required Actions: None. If the update deploys successfully, apps reconnect automatically.
  • Impact: Workloads running on single node clusters experience downtime.

    • Required Actions: None. If the update deploys successfully, workloads resume automatically. For more information, see Maintain Workload Uptime.

Please send any feedback you have to pks-feedback@pivotal.io.

Create a pull request or raise an issue on the source for this page in GitHub