TheKoguryo's Tech Blog

 Version 2023.11.20

Warning

This content has been generated by machine translation. The translations are automated and have not undergone human review or validation.

1.7 Kubernetes Supported Versions and Upgrades

Kubernetes supported version

Kubernetes version is expressed as x.y.z, where x stands for major, y for minor, and z for patch version, respectively. Open source Kubernetes also supports the current version and up to two previous versions. OKE also supports the latest version supported by OKE, up to two previous minor versions. The supported versions as of today are as follows.

  • 1.20.11
  • 1.19.15
  • 1.18.10

We support the previous version only for 30 days after the new version is released. For example, 1.20.11 and 1.19.15 from OKE were released on October 8, 2021, and the existing versions 1.20.8 and 1.19.12 will only be supported until November 7, 2021, 30 days later, respectively. Please refer to the following link for the current supported version.

Version control unit

OKE cluster consists of Control Plane and Worker Node. Once the version of Control Plane is decided, Worker Node can use the same or lower version of Control Plane. As long as it’s compatible, of course.

A worker node can have a version per node pool. You can create multiple node pools, each with a different version.

Upgrade version

When a new version of OKE is released, the version upgrade is as follows:

  1. Control Plane Upgrade
    • Upgrading the OKE cluster unit from the OCI service console only upgrades the Control Plane
    • Automatically upgraded with no downtime to Oracle-managed areas
    • If you upgrade the OKE cluster, i.e. the Control Plane upgrades, you cannot downgrade back to the previous version.
  2. Upgrade Worker Nodes
    • Upgrade by node pool unit in OCI service console
    • Upgrade method
      • in-place upgrade
        1. The target existing node pool is version upgraded in the OCI console, actual nodes are not automatically upgraded
        2. Prevent new containers from being created on a specific node with the kubectl drain command
        3. Terminate the drained node from the OCI service console
        4. A new node is automatically created by node self-healing, and the created new node is the upgraded version specified in the node pool
        5. Proceed in order for existing nodes
      • out-of-place upgrades
        1. Add new version of Node Pool
        2. Remove nodes from the existing node pool with the kubectl command. When all containers are moved by Kubernetes, the nodes are deleted one by one.
        3. When all existing nodes are removed, the existing node pool is deleted.

Mixing Node Pool Unit Versions

For testing purposes, with the 1.18.10, 1.19.12, 1.19.15, ,1.20.8, and 1.20.11 versions available, the test is conducted based on the 1.19.12 version of the OKE cluster.

  • test environment
    • OKE cluster - oke-cluster-1 version: 1.19.12
    • Control Plane Version: 1.19.12
    • Node Pool - poo1 Version: 1.19.12
  1. Go to the OKE cluster detail screen.

  2. Go to Resources > Node Pools in the lower left.

    image-20211112234127339

  3. Currently pool1 has version 1.19.12. Click Add Node Pool to create an additional Node Pool.

  4. Enter the information for creating a new Node Pool.

    • Name: new Node Pool name
    • Version: Select version 1.18.10 to see the generic version mix.
      • If you look at the available versions, you can see that only the current OKE cluster version or lower can be selected. Currently, available versions 1.19.15, ,1.20.8, and 1.20.11 are not visible when creating an OKE cluster.

    image-20211113213658732

    • Input the necessary information when creating similarly to when creating for the first time. Here is an example.
      • Shape: VM.Standard.E3.Flex
      • Placement Configuration: Specify the AD where the worker node is located and the subnet for the node
      • Advanced Options:
        • Add an SSH Key: Publich Key for SSH access to Node
  5. When you request creation, the actual Node VM is created, and it takes a little time until it is ready, as in the previous installation.

  6. If you create an additional Node Pool, as shown in the figure, mixing of the two versions is supported in the same OKE cluster, so you can vary the VM size and location (AD, subnet) per pool, as seen when adding a Node Pool.

    image-20211113214756784

  7. Querying the node with kubectl gives the same result.

    oke_admin@cloudshell:~ (ap-seoul-1)$ kubectl get nodes
    NAME          STATUS   ROLES   AGE     VERSION
    10.0.10.185   Ready    node    23h     v1.19.12
    10.0.10.226   Ready    node    23h     v1.19.12
    10.0.10.234   Ready    node    6m53s   v1.18.10
    10.0.10.43    Ready    node    6m30s   v1.18.10
    10.0.10.44    Ready    node    23h     v1.19.12
    10.0.10.78    Ready    node    6m41s   v1.18.10
    

Upgrade OKE cluster version

Upgrade Control Plane

As above, it is assumed that a new version has been released while using version 1.19.12. Then, as described above, the existing version is supported for 30 days according to the technical support policy, so you need to upgrade after verifying the version in the meantime.

  1. If upgrade is available, the Upgrade Available button is activated on the OKE cluster detail screen.

    image-20211113220154711

  2. If you click the Upgrade Available button, you can start the upgrade with the following information. We will select the latest version, v1.20.11.

    image-20211113220342324

  3. Select your version and click the Upgrade button below to start the upgrade.

  4. The cluster status will show as UPDATING and the upgrade will proceed. The Oracle-managed Control Plane internally upgrades sequentially. The Worker Node where the actual application runs is upgraded without stopping the service.

  5. At the time of testing, the upgrade was completed in 10 to 15 minutes.

    image-20211113222524340

Worker Node upgrade - in-place upgrade

Only the control plane has been upgraded due to the upgrade of the OKE cluster, and now it is possible to upgrade in units of node pools. The in-place upgrade method upgrades in the following order: Node Pool Upgrade -> Existing Node Drain > POD Movement Confirmation -> Existing Node VM Termination.

Node Pool Upgrade

  1. Go to the detail page of the node pool you want to upgrade.

  2. Click Edit to edit, the edit page will appear on the right.

    In the Version field, the cluster version and node pool version are displayed, and the upgradeable version is displayed.

    image-20211113232813128

  3. Select the same 1.20.11 as the cluster and click Save Change to save it.

  4. If you go to Resources > Work Requests, the node pool upgrade will be completed in 2-3 seconds.

    image-20211113233500740

  5. The actual Worker Node has not been upgraded yet.

    If you go to Resources > Nodes, the original version is the same.

    image-20211113233637855

Node Drain

  1. Check Worker Node and deployed POD with kubectl command.

    oke_admin@cloudshell:~ (ap-seoul-1)$ kubectl get nodes
    NAME          STATUS   ROLES   AGE   VERSION
    10.0.10.185   Ready    node    24h   v1.19.12
    10.0.10.226   Ready    node    24h   v1.19.12
    10.0.10.44    Ready    node    24h   v1.19.12
    oke_admin@cloudshell:~ (ap-seoul-1)$ kubectl get pod -o wide
    NAME                             READY   STATUS    RESTARTS   AGE   IP             NODE          NOMINATED NODE   READINESS GATES
    nginx-bvs-pvc-7b574c9c5c-b46nd   1/1     Running   0          72m   10.244.1.4     10.0.10.44    <none>           <none>
    nginx-fss-pvc-9fb98454f-5t5bh    1/1     Running   0          39m   10.244.0.137   10.0.10.226   <none>           <none>
    nginx-fss-pvc-9fb98454f-7tsjf    1/1     Running   0          39m   10.244.1.8     10.0.10.44    <none>           <none>
    nginx-fss-pvc-9fb98454f-fzlxj    1/1     Running   0          40m   10.244.0.136   10.0.10.226   <none>           <none>
    
  2. Remove one node from the schedule with the command kubectl drain <node_name> --ignore-daemonsets --delete-emptydir-data as shown below.

    If there is a Pod using emptydir, an error occurs when draining. Because emptydir is used for temporary data, drain it through the –delete-emptydir-data option. During testing, a related issue occurred while elasticsearch was installed.

    See also: https://pet2cattle.com/2021/08/cannot-delete-pods-with-local-storage

    oke_admin@cloudshell:~ (ap-seoul-1)$ kubectl drain 10.0.10.44 --ignore-daemonsets --delete-emptydir-data
    node/10.0.10.44 already cordoned
    WARNING: ignoring DaemonSet-managed Pods: kube-system/csi-oci-node-7hc28, kube-system/kube-flannel-ds-b4dp6, kube-system/kube-proxy-f8qmp, kube-system/proxymux-client-6qs4x
    evicting pod default/nginx-fss-pvc-9fb98454f-7tsjf
    evicting pod default/nginx-bvs-pvc-7b574c9c5c-b46nd
    pod/nginx-bvs-pvc-7b574c9c5c-b46nd evicted
    pod/nginx-fss-pvc-9fb98454f-7tsjf evicted
    node/10.0.10.44 evicted
    
  3. As shown below, you can see that Node 44 is excluded from container scheduling. After confirming that the POD has moved to another node, proceed to the next operation.

    oke_admin@cloudshell:~ (ap-seoul-1)$ kubectl get nodes
    NAME          STATUS                     ROLES   AGE   VERSION
    10.0.10.185   Ready                      node    25h   v1.19.12
    10.0.10.226   Ready                      node    25h   v1.19.12
    10.0.10.44    Ready,SchedulingDisabled   node    25h   v1.19.12
    oke_admin@cloudshell:~ (ap-seoul-1)$ kubectl get pod -o wide
    NAME                             READY   STATUS    RESTARTS   AGE     IP             NODE          NOMINATED NODE   READINESS GATES
    nginx-bvs-pvc-7b574c9c5c-9smhh   1/1     Running   0          3m20s   10.244.0.138   10.0.10.226   <none>           <none>
    nginx-fss-pvc-9fb98454f-5t5bh    1/1     Running   0          45m     10.244.0.137   10.0.10.226   <none>           <none>
    nginx-fss-pvc-9fb98454f-8zkn2    1/1     Running   0          3m20s   10.244.0.6     10.0.10.185   <none>           <none>
    nginx-fss-pvc-9fb98454f-fzlxj    1/1     Running   0          46m     10.244.0.136   10.0.10.226   <none>           <none>
    
  4. Check the node name of the node to be shut down.

    oke_admin@cloudshell:~ (ap-seoul-1)$ kubectl get nodes -L displayName
    NAME          STATUS                     ROLES   AGE   VERSION    DISPLAYNAME
    10.0.10.185   Ready                      node    25h   v1.19.12   oke-cxdb6ehmxsa-nqi4muu267q-siouvw2ymqq-0
    10.0.10.226   Ready                      node    25h   v1.19.12   oke-cxdb6ehmxsa-nqi4muu267q-siouvw2ymqq-1
    10.0.10.44    Ready,SchedulingDisabled   node    25h   v1.19.12   oke-cxdb6ehmxsa-nqi4muu267q-siouvw2ymqq-2
    
  5. On the Node Pool details screen, click the name of the node to be shut down to navigate to the Compute instance.

    image-20211114000229424

  6. Terminate the Compute instance corresponding to the Node. The boot volume is also shut down.

    image-20211114000518633

    image-20211114000539706

  7. New Nodes are automatically created by Node self-healing. If you look at Work Requests, a rebalance (NODEPOLL_RECONCILE) operation occurs as shown below, and nodes are re-created according to the specified number.

    image-20211114001604028

  8. The newly created node is created with the upgraded version specified in the Node Pool.

  9. If you query the node with the kubectl command, a new node is created with version 1.20.2. Due to the deprecation of the docker runtime, for reference, the container runtime has been changed to cri-o since 1.20.

    oke_admin@cloudshell:~ (ap-seoul-1)$ kubectl get nodes -o wide
    NAME          STATUS   ROLES   AGE     VERSION    INTERNAL-IP   EXTERNAL-IP   OS-IMAGE                  KERNEL-VERSION                    CONTAINER-RUNTIME
    10.0.10.170   Ready    node    7m25s   v1.20.11   10.0.10.170   <none>        Oracle Linux Server 7.9   5.4.17-2102.206.1.el7uek.x86_64   cri-o://1.20.2
    10.0.10.185   Ready    node    25h     v1.19.12   10.0.10.185   <none>        Oracle Linux Server 7.9   5.4.17-2102.206.1.el7uek.x86_64   docker://19.3.11
    10.0.10.226   Ready    node    25h     v1.19.12   10.0.10.226   <none>        Oracle Linux Server 7.9   5.4.17-2102.206.1.el7uek.x86_64   docker://19.3.11
    
  10. Proceed all in order for the existing node.

  11. Completion Results

    oke_admin@cloudshell:~ (ap-seoul-1)$ kubectl get nodes -o wide
    NAME          STATUS   ROLES   AGE     VERSION    INTERNAL-IP   EXTERNAL-IP   OS-IMAGE                  KERNEL-VERSION                    CONTAINER-RUNTIME
    10.0.10.128   Ready    node    6m10s   v1.20.11   10.0.10.128   <none>        Oracle Linux Server 7.9   5.4.17-2102.206.1.el7uek.x86_64   cri-o://1.20.2
    10.0.10.146   Ready    node    35s     v1.20.11   10.0.10.146   <none>        Oracle Linux Server 7.9   5.4.17-2102.206.1.el7uek.x86_64   cri-o://1.20.2
    10.0.10.170   Ready    node    23m     v1.20.11   10.0.10.170   <none>        Oracle Linux Server 7.9   5.4.17-2102.206.1.el7uek.x86_64   cri-o://1.20.2
    

Worker Node upgrade - out-of-place upgrade

Only the control plane has been upgraded due to the upgrade of the OKE cluster, and now it is possible to upgrade in units of node pools. The out-of-place upgrade method upgrades in the order of creating a new upgraded version of the node pool -> draining all nodes of the existing node pool -> deleting the existing node pool.

Create a new version of the Node Pool

  1. Go to the OKE cluster detail page.

  2. Go to Resources > Node Pools.

  3. Click Add Node Pool to add a new Node Pool while there is an existing version of the Node Pool as shown in the figure.

    image-20211114190748738

  4. Enter new Node Pool information to create it.

    • Name
    • Version: Select a new version
    • Shape: Node VM type
    • Number of nodes: number of nodes
    • Placement Configuration
      • AD, subnet where the node will be located
    • Add an SSH key: The private key of the key to be used for SSH access to the Node VM

    image-20211114192329684

  5. You can check the added Node Pool in the OCI service console.

Drain all nodes of the existing Node Pool

  1. Running apps are running in the existing Node Pool.

    oke_admin@cloudshell:file-storage (ap-seoul-1)$ kubectl get pod -o wide
    NAME                             READY   STATUS    RESTARTS   AGE   IP             NODE          NOMINATED NODE   READINESS GATES
    nginx-bvs-pvc-7b574c9c5c-8jj2d   1/1     Running   0          18m   10.244.0.134   10.0.10.29    <none>           <none>
    nginx-fss-pvc-9fb98454f-2jbp8    1/1     Running   0          18m   10.244.0.5     10.0.10.242   <none>           <none>
    nginx-fss-pvc-9fb98454f-nwqfd    1/1     Running   0          19m   10.244.1.5     10.0.10.61    <none>           <none>
    nginx-fss-pvc-9fb98454f-twx4h    1/1     Running   0          18m   10.244.1.6     10.0.10.61    <none>           <none>
    oke_admin@cloudshell:file-storage (ap-seoul-1)$ kubectl get nodes -L name --sort-by=.metadata.labels.name
    NAME          STATUS   ROLES   AGE     VERSION    NAME
    10.0.10.242   Ready    node    71m     v1.19.12   pool1
    10.0.10.29    Ready    node    71m     v1.19.12   pool1
    10.0.10.61    Ready    node    71m     v1.19.12   pool1
    10.0.10.12    Ready    node    4m25s   v1.20.11   pool2
    10.0.10.126   Ready    node    4m48s   v1.20.11   pool2
    10.0.10.191   Ready    node    4m42s   v1.20.11   pool2
    
  2. Remove one node from the schedule with the command kubectl drain <node_name> --ignore-daemonsets --delete-emptydir-data as shown below.

    oke_admin@cloudshell:file-storage (ap-seoul-1)$ kubectl drain 10.0.10.242 --ignore-daemonsets --delete-emptydir-data
    node/10.0.10.242 already cordoned
    WARNING: ignoring DaemonSet-managed Pods: kube-system/csi-oci-node-l62xw, kube-system/kube-flannel-ds-7dv8l, kube-system/kube-proxy-zv4ks, kube-system/proxymux-client-24nmv
    evicting pod kube-system/coredns-c5d4bf466-wv8fb
    evicting pod default/nginx-fss-pvc-9fb98454f-2jbp8
    evicting pod kube-system/coredns-c5d4bf466-h5rrm
    pod/coredns-c5d4bf466-wv8fb evicted
    pod/nginx-fss-pvc-9fb98454f-2jbp8 evicted
    pod/coredns-c5d4bf466-h5rrm evicted
    node/10.0.10.242 evicted
    
  3. You can see that node 242 is excluded from container scheduling as shown below. After confirming that the POD has moved to another node, proceed to the next operation.

    oke_admin@cloudshell:file-storage (ap-seoul-1)$ kubectl get nodes -L name --sort-by=.metadata.labels.name
    NAME          STATUS                     ROLES   AGE     VERSION    NAME
    10.0.10.242   Ready,SchedulingDisabled   node    76m     v1.19.12   pool1
    10.0.10.29    Ready                      node    76m     v1.19.12   pool1
    10.0.10.61    Ready                      node    76m     v1.19.12   pool1
    10.0.10.12    Ready                      node    9m15s   v1.20.11   pool2
    10.0.10.126   Ready                      node    9m38s   v1.20.11   pool2
    10.0.10.191   Ready                      node    9m32s   v1.20.11   pool2
    oke_admin@cloudshell:file-storage (ap-seoul-1)$ kubectl get pod -o wide
    NAME                             READY   STATUS    RESTARTS   AGE   IP             NODE          NOMINATED NODE   READINESS GATES
    nginx-bvs-pvc-7b574c9c5c-8jj2d   1/1     Running   0          22m   10.244.0.134   10.0.10.29    <none>           <none>
    nginx-fss-pvc-9fb98454f-5k8wg    1/1     Running   0          57s   10.244.3.2     10.0.10.126   <none>           <none>
    nginx-fss-pvc-9fb98454f-nwqfd    1/1     Running   0          23m   10.244.1.5     10.0.10.61    <none>           <none>
    nginx-fss-pvc-9fb98454f-twx4h    1/1     Running   0          22m   10.244.1.6     10.0.10.61    <none>           <none>
    
  4. The remaining nodes in the existing node pool are also drained.

    oke_admin@cloudshell:file-storage (ap-seoul-1)$ kubectl get nodes -L name --sort-by=.metadata.labels.name
    NAME          STATUS                     ROLES   AGE   VERSION    NAME
    10.0.10.242   Ready,SchedulingDisabled   node    79m   v1.19.12   pool1
    10.0.10.29    Ready,SchedulingDisabled   node    79m   v1.19.12   pool1
    10.0.10.61    Ready,SchedulingDisabled   node    79m   v1.19.12   pool1
    10.0.10.12    Ready                      node    11m   v1.20.11   pool2
    10.0.10.126   Ready                      node    12m   v1.20.11   pool2
    10.0.10.191   Ready                      node    12m   v1.20.11   pool2
    

Delete existing node pool

  1. All nodes in the existing node pool are drained and are no longer used.

  2. In the OCI service console, go to the OKE cluster detail page.

  3. Go to Resources > Node Pools and delete the existing Node Pool.

    image-20211114201115821

  4. The upgrade is complete.

    oke_admin@cloudshell:file-storage (ap-seoul-1)$ kubectl get nodes -L name --sort-by=.metadata.labels.name
    NAME          STATUS   ROLES   AGE   VERSION    NAME
    10.0.10.12    Ready    node    18m   v1.20.11   pool2
    10.0.10.126   Ready    node    19m   v1.20.11   pool2
    10.0.10.191   Ready    node    19m   v1.20.11   pool2
    


As an individual, this article was written with my personal time. There may be errors in the content of the article, and the opinions in the article are personal opinions.

Last updated on 14 Nov 2021