Upgrading a Kubernetes cluster using kubeadm is a precise, sequential process covered in the CKA curriculum. You must upgrade from one minor version to the next (e.g., 1.26 to 1.27) without skipping versions. The operation involves two distinct phases: upgrading the Control Plane followed by the Wo…Upgrading a Kubernetes cluster using kubeadm is a precise, sequential process covered in the CKA curriculum. You must upgrade from one minor version to the next (e.g., 1.26 to 1.27) without skipping versions. The operation involves two distinct phases: upgrading the Control Plane followed by the Worker Nodes.
**1. Control Plane Upgrade:**
First, upgrade the `kubeadm` tool on the master node via the OS package manager. Run `kubeadm upgrade plan` to verify the upgrade path and version availability. Execute `sudo kubeadm upgrade apply v<version>` to upgrade the control plane components (API Server, Controller Manager, Scheduler). Finally, upgrade the `kubelet` and `kubectl` packages on the master node and restart the kubelet service.
**2. Worker Node Upgrade:**
Worker nodes are upgraded one at a time to ensure application availability (rolling update). The workflow follows a 'Drain > Upgrade > Uncordon' pattern:
* **Drain:** From the control plane, run `kubectl drain <node_name> --ignore-daemonsets` to evict pods and mark the node as unschedulable.
* **Upgrade:** SSH into the worker node and upgrade the `kubeadm` binary. Instead of 'apply', run `sudo kubeadm upgrade node` to update the local configuration. Then, upgrade `kubelet` and `kubectl` and restart the service.
* **Uncordon:** Verify the node status, then run `kubectl uncordon <node_name>` to allow the scheduler to place new pods on the updated node.
Always backup etcd before starting and refer to the specific Kubernetes version changelog.
Cluster Upgrades with Kubeadm
What is it? Cluster upgrading with kubeadm is the standardized workflow for updating a Kubernetes cluster from one minor version to the next (e.g., from v1.29 to v1.30). It involves upgrading the control plane components (API Server, Controller Manager, Scheduler, and CoreDNS) followed by the kubelets on the worker nodes. This process ensures the cluster receives the latest security patches, bug fixes, and features without significant downtime.
Why is it important? In a production environment—and in the CKA exam—maintaining the lifecycle of a cluster is critical. Kubernetes releases updates frequently. Knowing how to perform an upgrade manually ensures you can keep infrastructure secure and compliant. Incorrect upgrade procedures can lead to data loss, cluster instability, or version skew issues where components cannot communicate.
How it works The upgrade process follows a specific order to maintain cluster integrity: 1. Control Plane Node: The primary node is upgraded first. This involves upgrading the kubeadm tool itself, verifying the upgrade plan, and then applying the upgrade to the control plane components. 2. Worker Nodes: Once the control plane is stable, worker nodes are upgraded one by one (or in batches). This requires draining workloads to ensure application availability, upgrading the kubelet configuration, and restarting services.
How to answer questions regarding Cluster upgrades in the exam In the CKA exam, you will likely be asked to upgrade a specific cluster (usually the control plane node and one worker node) to a specific version. Follow this mental framework:
Step 1: Upgrade the Control Plane Node 1. SSH into the control plane node. 2. Unhold and upgrade the kubeadm binary: apt-get update && apt-get install -y --allow-change-held-packages kubeadm=1.x.x-xx. 3. Verify the plan: kubeadm upgrade plan (This tells you exactly which version you can upgrade to). 4. Apply the upgrade: sudo kubeadm upgrade apply v1.x.x. 5. Drain the node (if it runs workloads): kubectl drain <node-name> --ignore-daemonsets. 6. Upgrade kubelet and kubectl: apt-get install -y --allow-change-held-packages kubelet=1.x.x-xx kubectl=1.x.x-xx. 7. Reload and restart: sudo systemctl daemon-reload && sudo systemctl restart kubelet. 8. Uncordon the node: kubectl uncordon <node-name>.
Step 2: Upgrade Worker Nodes 1. From the control plane (or a machine with kubectl), drain the worker node: kubectl drain <worker-node> --ignore-daemonsets. 2. SSH into the worker node. 3. Upgrade kubeadm: apt-get install -y --allow-change-held-packages kubeadm=1.x.x-xx. 4. Upgrade the node configuration: sudo kubeadm upgrade node. 5. Upgrade kubelet and kubectl: apt-get install -y --allow-change-held-packages kubelet=1.x.x-xx kubectl=1.x.x-xx. 6. Restart kubelet: sudo systemctl daemon-reload && sudo systemctl restart kubelet. 7. Return to the control plane and uncordon the worker: kubectl uncordon <worker-node>.
Exam Tips: Answering Questions on Cluster upgrades with kubeadm 1. Use the Documentation: Do not memorize every flag. Search for 'kubeadm upgrade' in the Kubernetes documentation to find the Upgrading kubeadm clusters page. Copy and paste the commands provided there. 2. Check Versions Carefully: The exam question will specify exact versions (e.g., 1.30.1). Ensure you install that exact version in the apt-get install command. If you don't specify the version (e.g., =1.30.1-00), it might install the latest version, which could be higher than requested and mark the task as failed. 3. Don't Panic on Errors: If kubeadm upgrade apply fails, read the error log. It often points to a version skew or a missing flag. 4. Drain Correctly: Always use --ignore-daemonsets when draining, otherwise, the drain command will fail if DaemonSets (like kube-proxy or networking plugins) are running. 5. Time Management: Upgrades take time to download and install. Start the apt-get commands and read the next question while it processes.