DEV Community

Cover image for Kubernetes Upgrade: 3 Key Best Practices
Gilad David Maayan
Gilad David Maayan

Posted on

Kubernetes Upgrade: 3 Key Best Practices

Kubernetes is considered the most popular container orchestration platform. The Kubernetes community provides comprehensive support for users. One of the outcomes of this support is frequent version releases. These releases lead to frequent upgrades for anyone managing a Kubernetes deployment. This article walks you through some basic information about Kubernetes and some best practices for upgrades.

Kubernetes Overview

Kubernetes is an open-source container orchestration platform that you can use to manage, deploy, and monitor containerized applications and workloads. You can run Kubernetes applications with scalable performance in different types of cloud and on-premise environments. Kubernetes is ideal for DevOps workflows because it is focused on the automation of development and deployment tasks.

Kubernetes features include:

  • Load balancing and service discovery—can detect containers by IP address or DNS name and route traffic from high load to low load regions.
  • Storage orchestration—supports any types of storage, including public and private cloud.
  • Rollout and rollback automation—enables you to specify the container state, automatically roll out new changes, and rollback on failures.
  • Bin packing automation—can specify the CPU and RAM resource utilization of each container in a pod, and use these specifications for better resource management.
  • Self-healing—can terminate unresponsive containers, replace or restart failed containers, and limit traffic until containers are ready.
  • Secret and configuration management—can update, deploy, and store secrets and application configurations without exposing sensitive information or rebuilding container images.

What Is a Kubernetes Cluster?

A Kubernetes cluster consists of one or more pods. A pod is a group of containers that perform a similar function and have different communication options for data sharing. A cluster includes the following components:

  • API server—enables other Kubernetes resources to access the cluster by using a customizable REST interface.
  • Scheduler—enables you to run containers in the cluster, based on the policies you define. These policies can include information about the required application resources, and metrics that you should evaluate to provision those resources.
  • Controller manager—monitors the current cluster state and compares it to the desired state. For instance, the controller adds another pod if the cluster needs to run three pods and there are only two running pods.
  • kubelet—an agent that runs on each node and communicates with the Kubernetes cluster.
  • kube-proxy—a full TCP proxy that enables communication between nodes and the cluster.
  • etcd—persistent storage database that stores the cluster configuration.

Kubernetes Upgrade Best Practices

A Kubernetes upgrade can be challenging, especially when you are running mission-critical workloads. The tips below can simplify the upgrade process and reduce the chance of any potential problems.

Consider Managed Services

Managed Kubernetes services can manage the upgrades for you. Many cloud vendors offer managed services that can simplify the process, or even handle the entire update process. Managed Kubernetes services include Amazon’s EKS, Azure’s AKS, and Google’s GKE.

GKE is the only service that offers fully automated upgrades. EKS offers on-demand master upgrades but requires you to update nodes manually, and AKS offers on-demand upgrades. There are also many third-party managed Kubernetes services providers. These providers usually handle the deployment, provisioning, and upgrades for you.

Managed services are a good option for organizations that do not have the required expertise to manage Kubernetes deployments on their own or want to outsource tasks. You can use managed services on-premise, and in public or private cloud deployments, depending on the vendor.

Choose the Right Upgrade Strategy

Research all possible version changes, and choose the right upgrade strategy to make your upgrade smoother. You need to update kubeapi-load-balancer and etcd separately from your masters/workers nodes. It doesn’t matter which one you upgrade first, just make sure that the upgrade version is compatible with the existing version of your clusters.

The main deployment upgrade requires you to first upgrade your masters and then your worker nodes. You need to upgrade each master independently. Then, you can upgrade your worker nodes with one of two following options:

  • Blue/green—you create a new worker pool and pause the old one. Your workload migrates to the updated pool. Once you verify the migration was successful, you can eliminate the old nodes.
  • Upgrade in place—a rolling update process in which nodes are replaced one at a time. Workloads are distributed to existing nodes if possible and redistributed after upgrade.

No matter which option you choose, you should rerun a cluster validation to verify the success of your upgrade. In addition, you may need to upgrade two additional elements—Easy-RSA, and Flannel.

Easy-RSA is a root certificate authority you can use to sign and request certificates. Flannel is a network overlay you can use to enable communication between pods. You can upgrade Flannel and Easy-RSA at any time. However, upgrading Flannel can cause a temporary network interruption.

Use Tooling

There are a couple of open-source tools you can use to automate and manage your upgrades.

Gardener is an open-source tool for creating and updating Kubernetes clusters at scale. Gardener includes a central dashboard for monitoring, debugging, and analysis. You can use the dashboard to assign clusters for auto-scaling, self-healing, and auto-updating. In addition Gardener uses the kubectl command-line tool for management.

The auto-updating feature in Gardener applies automatic patch updates. However, you still need to manually initiate minor and major upgrades, before Gardner takes over. Gardner integrates with AWS, Azure, GCP, OpenStack, and Alicloud as well as private cloud platforms.

Keel is an open-source tool that enables you to automate StatefulSet, Helm, Daemonset, and deployment updates. Keel operates as a Kubernetes service in a single container. You can control updates through application deployment files or Helm charts. You can also monitor the image registries you define and update your resources when a new image is found.

You can use Keel for major, and minor patch upgrades. You can set it either to prompt for permission or update automatically before starting the update processes. In addition, you can use Keel with any Kubernetes deployment.


Ensure that your team is proficient in your strategy when performing a Kubernetes upgrade. The upgrade can be done entirely by your team or by a third-party managed service. The best practices and information mentioned above should be followed in any upgrade type. You can also use different tools like Gardner or Keel to automate and manage your upgrades.

Top comments (0)