Upgrading PKS with NSX-T
Page last updated:
This topic explains how to upgrade the Pivotal Container Service (PKS) for environments using vSphere with NSX-T.
The supported upgrade paths to PKS v1.3.x are from PKS v1.2.5 and later. PKS v1.3.x is compatible with Ops Manager v2.3.1 or later and Ops Manager v2.4.x.
Note: Upgrading from PKS v1.2.5+ to PKS v1.3.x causes all certificates to be automatically regenerated. The old certificate authority is still trusted, and has a validity of one year. But the new certificates are signed with a new certificate authority, which is valid for four years.
This section describes the activities you must perform before upgrading PKS.
For information about PKS with NSX-T and Ops Manager compatibility, refer to the compatibility chart below:
|PKS Version||Compatible NSX-T Versions||Compatible Ops Manager Versions|
|v1.3.x||v2.2, v2.3||v2.3.1+, v2.4.x|
|v1.2.x||v2.2, v2.3||v2.2.3+, v2.3.1+|
|v1.1.6||v2.1, v2.2||v2.1.x, 2.2.x|
|v1.1.5||v2.1, v2.2||v2.1.x, v2.2.x|
|v1.1.3||v2.1||v2.1.0 - 2.1.6|
|v1.1.1||v2.1 - Advanced Edition||v2.1.0 - 2.1.6|
For more information on NSX-T product compatibility, see the VMware Product Interoperability Matrix for PKS in the VMware documentation.
Use the following table to determine your upgrade path to PKS v1.3 with NSX-T. PKS v1.3 supports NSX-T v2.3, which is the recommended NSX-T version.
|If your current version of PKS is…||Then use the following upgrade path:|
|v1.1.4 or earlier||
|v1.1.5 to v1.2.4||
|v1.2.5 or later||
If you have not already, complete the steps in the Upgrade Preparation Checklist for PKS v1.3.
This section describes the steps required to upgrade to PKS v1.3 with NSX-T v2.3.
Skip this step if you are already running PKS v1.1.5+.
Follow the procedures detailed in Upgrading PKS with NSX-T in the PKS v1.1 documentation.
Note: PKS v1.1.5 with NSX-T introduces architectural changes that require larger sized worker node VMs. Before you upgrade to PKS v1.1.5 or later, you must increase the size of the Kubernetes worker node VM. For more information on how to increase the worker node VM size, see Increase the Kubernetes Worker Node VM Size in the PKS v1.1 documentation. For more information about the architectural changes in PKS v1.1.5 with NSX-T, see NSX-T Architectural Changes in the PKS v1.1.5 Release Notes.
Skip this step if you are already running NSX-T v2.2.
To upgrade to NSX-T v2.2, follow the procedures detailed in Upgrading NSX-T in the VMware documentation.
Before you upgrade to PKS v1.2.5, you must upgrade to Ops Manager v2.3.1+.
Follow the procedures detailed in Upgrade Ops Manager and Installed Products to v2.3 or Upgrade Ops Manager and Installed Products to v2.4.
Verify that the PKS control plane remains functional by performing the following steps:
- Add more workloads and create an additional cluster. For more information about performing those actions, see About Workload Upgrades in Maintaining Workload Uptime and Creating Clusters.
- Monitor the PKS control plane VM by clicking the Pivotal Container Service tile, selecting Status tab, and reviewing the Pivotal Container Service VM’s data points. If any data points are at capacity, scale your deployment accordingly.
To upgrade PKS, you follow the same Ops Manager process that you use to install the tile for the first time.
Your configuration settings migrate to the new version automatically. Follow the steps below to perform an upgrade.
Review the Release Notes for the version you are upgrading to.
Download the desired version of the product from Pivotal Network.
Navigate to the Ops Manager Installation Dashboard and click Import a Product.
Browse to the PKS product file and select it. Uploading the file takes several minutes.
Under the Import a Product button, click + next to Pivotal Container Service. This adds the tile to your staging area.
PKS v1.3.x uses a Xenial stemcell.
If Ops Manager does not have the Xenial stemcell required for PKS, the PKS tile displays the message Missing stemcell.
Note: If the Stemcell Library in Ops Manager already has a compatible Xenial stemcell, the Missing stemcell link does not appear. You do not need to download or import a new stemcell and can skip this step.
To download and import a new Xenial stemcell, follow the steps below:
On the Pivotal Container Service tile, click on the Missing stemcell link.
In the Stemcell Library, locate Pivotal Container Service and note the required stemcell version.
Visit the Stemcells for PCF (Ubuntu Xenial) page on Pivotal Network, and download the required stemcell version for vSphere.
Return to the Installation Dashboard in Ops Manager, and click on Stemcell Library.
On the Stemcell Library page, click Import Stemcell and select the stemcell file you downloaded from Pivotal Network.
Select the PKS product and click Apply Stemcell to Products.
Verify that Ops Manager successfully applied the stemcell.
Select the Installation Dashboard link to return to the Installation Dashboard.
To verify that errands are configured correctly in the PKS tile, perform the following steps.
In the PKS tile, click Errands.
Under Post-Deploy Errands, verify that the listed errands are configured as follows:
- NSX-T Validation errand: Set to On
- Upgrade all clusters errand: Set to Default (On)
- Create pre-defined Wavefront alerts errand: Set to Default (Off)
- Run smoke tests: Set to On. The errand uses the PKS Command Line Interface (PKS CLI) to create a Kubernetes cluster and then delete it. If the creation or deletion fails, the errand fails and the installation of the PKS tile is aborted.
WARNING: If you set the Upgrade all clusters errand to Off, your Kubernetes cluster version will fall behind the PKS tile version. If your clusters fall more than one version behind the tile, you can no longer upgrade the clusters. You must upgrade your clusters to match the PKS tile version before the next tile upgrade.
If you make any changes, click Save.
Perform the following steps to complete the upgrade to the PKS tile.
Return to the Installation Dashboard in Ops Manager.
Click Review Pending Changes. For more information about this Ops Manager page, see Reviewing Pending Product Changes.
Click Apply Changes.
NSX-T v2.3 is the recommended version of NSX-T to use with PKS v1.3.
To upgrade to NSX-T v2.3, follow the procedures detailed in Upgrading NSX-T Data Center.
After you complete the upgrade to PKS v1.3.x and NSX-T v2.3, complete the following verifications and upgrades.
Update the PKS and Kubernetes CLIs on any local machine where you run commands that interact with your upgraded version of PKS.
To update your CLIs, download and re-install the PKS and Kubernetes CLI distributions that are provided with PKS on Pivotal Network.
For more information about installing the CLIs, see the following topics:
After you apply changes to the PKS tile and the upgrade is complete, verify that your Kubernetes environment is healthy and confirm that NCP is running on the master node VM.
To verify the health of your Kubernetes environment and NCP, see Verifying Deployment Health.
If you are deploying PKS on vSphere with NSX‑T, consult the chart below, and upgrade vSphere if necessary. Upgrade vSphere from version 6.5 or 6.5 U1 to 6.5 U2 or 6.7.
Note: VMware vSphere 6.7 is only supported with Ops Manager v2.3.1 or later and NSX‑T v2.3.
For more information, see Upgrading vSphere in an NSX Environment in the VMware documentation.
Please send any feedback you have to firstname.lastname@example.org.