Update an ACK Edge cluster - Container Service for Kubernetes

Outdated Kubernetes versions may have security and stability issues. When a new Kubernetes version is supported by ACK Edge, we recommend that you update your ACK Edge clusters to this version. This ensures a secure and stable environment for your clusters and allows you to benefit from the new features provided by the new version. ACK Edge uses in-place updates to update ACK Edge clusters. This topic describes the procedure and considerations for updating ACK Edge clusters.

Why ACK Edge clusters need updates

Reduced security and stability risks: New Kubernetes versions are usually released to add optimizations and patch security and stability vulnerabilities. Using outdated Kubernetes clusters may pose security and stability risks to your business.
Improved technical support and customer service: ACK Edge no longer releases security patches or repairs for outdated Kubernetes versions. In addition, ACK Edge does not guarantee the quality of technical support for outdated Kubernetes versions. You can enjoy improved technical support and customer service when using new Kubernetes versions.
New features: The iteration of open source Kubernetes introduces new features and improvements. ACK Edge clusters will also support these features to optimize your development and maintenance experience.

Considerations

Kubernetes versions

ACK Edge supports cluster updates between versions from 1.18 to 1.22. However, you can update from the current Kubernetes version only to the next version.
For example, to update the Kubernetes version of an ACK Edge cluster from 1.18 to 1.22, you must first update the cluster to 1.20, and then update the cluster to 1.22.
In an ACK Edge cluster, edge node pools and control planes can differ by at most two minor versions. For example, if the control planes run Kubernetes 1.22, the edge node pools must run at least Kubernetes 1.20. Otherwise, the cluster may not work as expected.

To view the Kubernetes version of an ACK Edge cluster, log on to the ACK console and check the Version column of the cluster on the Clusters page.

For more information about the Kubernetes versions supported by ACK Edge clusters and the features of each version, see Release notes for Kubernetes versions supported.

Features and custom configurations

If your ACK Edge cluster uses the features listed in the following table, read the considerations and suggested solutions.

Feature	Considerations	Suggested solution
Auto scaling of nodes	If auto scaling is enabled for your ACK Edge cluster, the cluster automatically updates Cluster Autoscaler to the latest version after the cluster is updated. This ensures that the auto scaling feature can function as expected. If auto scaling is enabled, nodes in swift mode may shut down and fail to be updated.	Make sure that Cluster Autoscaler is updated to the latest version. For more information, see Enable node auto scaling. If nodes in swift mode fail to be updated after the cluster is updated, we recommend that you manually remove the nodes.
Resource reservation	After you update the Kubernetes version of an ACK Edge cluster to 1.18, ACK Edge automatically configures resource reservation. If resource reservation is not configured for the cluster and the resource usage of nodes is high, ACK may fail to schedule evicted pods to the nodes after the cluster is updated.	Reserve sufficient resources on the nodes. We recommend that the CPU utilization does not exceed 50% and the memory utilization does not exceed 70%. For more information, see Resource reservation policy.
LoadBalancer configurations	ACK Edge clusters require Server Load Balancer (SLB) instances to handle external access. However, if `externalTrafficPolicy: Local` is specified for an SLB instance, traffic is forwarded only to node-local pods. If your application pods are deployed on other nodes, traffic cannot reach these pods.	If the SLB instance cannot forward traffic to the application pods, check whether externalTrafficPolicy: Local is specified for the SLB instance. For more information, see What Can I Do if the Cluster Cannot Access the IP Address of the SLB Instance Exposed by the LoadBalancer Service.
API Server	When ACK Edge updates an ACK Edge cluster, ACK Edge attempts to update the control planes without interrupting communication with the applications in the cluster. However, communication with the API server may be temporarily interrupted. The interruption affects applications that strongly rely on the API server. For example, if your application needs to list and watch resources, the watch operation is interrupted when the API server restarts. To resolve this problem, you need to configure the application to automatically retry the watch operation when an interruption occurs.	If your application does not require access to the API server, the application is not affected by cluster updates. If your application access require to the API server, you must configure a retry mechanism for the application.
Startup probes	If the pods in a cluster are configured with a startup probe, the pods may temporarily remain in the NotReady state after the kubelet is restarted.	We recommend that you deploy multiple replicated pods and spread the pods across nodes. This ensures that your application has sufficient pods when one of the nodes restarts.
kubectl	After an ACK Edge cluster is updated, we recommend that you update kubectl on your on-premises machine. Otherwise, the kubectl version may be incompatible with the API server version. As a result, the error message `invalid object doesn't have additional properties` may appear.	Install or update kubectl. For more information, see Install kubectl.

If your cluster uses custom configurations, read the descriptions in the following table.

Feature	Description
Network	To upgrade a cluster, you need to use Yum to download the required software packages. If your cluster uses custom network configurations or a custom OS image, you need to ensure that Yum can run as expected. You can run the `yum makecache` command to check the status of Yum.
OS image	Custom OS images are not strictly validated by ACK. ACK does not guarantee that your cluster can be upgraded if your cluster uses a custom OS image.
Others	If your cluster uses other custom configurations, such as swap partitions or kubelet configurations modified by using the CLI, the cluster may fail to be upgraded or the custom configurations may be lost during the upgrade.

Update procedure, methods, and duration

Update procedure

Update methods

Control planes and on-cloud node pools: ACK Edge clusters allow you to trigger updates of control planes and on-cloud node pools. The system runs the update tasks in the background. The following modes are supported:
- (Recommended) Update both control planes and on-cloud node pools: The system updates control planes and on-cloud node pools at the same time. In the background, the system first updates control planes and then on-cloud node pools (in batches).
- Update only control planes: The system updates only control planes. After control planes are updated, you need to update on-cloud node pools. For more information, see Update a node pool.
Edge node pools: You need to run update commands on all nodes one after one in each edge node pool.

Update duration

It requires about 5 minutes to update the control planes of an ACK Edge cluster.
Nodes in an on-cloud node pool are updated in batches. Each batch update requires about 5 minutes.
For an edge node pool, you need to run update commands on all nodes in the node pool. Therefore, the duration of an edge node pool update varies based on the number of nodes in the node pool.

Update procedure

Step 1: Update control planes and all on-cloud node pools

(Recommended) Update control planes and on-cloud node pools at the same time

Log on to the ACK console. In the left-side navigation pane, click Clusters.
On the Clusters page, find the cluster that you want to upgrade and choose More > Operations > Upgrade Cluster in the Actions column.
In the Update Items section of the Upgrade Cluster page, select an available Kubernetes version and set Update Mode to Control Planes and All Node Pools. In the Batch Update Policy section, specify Maximum Number of Nodes to Update per Batch and click Precheck.
After the precheck is completed, click View Details to view the report.
- If Result displays Normal, you can continue to update the cluster.
- If Result displays Abnormal, click the Troubleshoot tab and follow the suggestions to fix the issues. For more information, see Cluster check items and suggestions on how to fix cluster issues.
After the cluster passes the precheck, click Start Update.
During the update, do not add or remove nodes. To add or remove nodes, you need to first cancel the update. You can check the update progress in the Event Rotation section of the Upgrade Cluster page and perform the following operations based on your business requirements:
- Pause and resume the update: Click Pause to pause the update. To resume the update, click Continue.
  After you pause the update, the cluster remains in an intermediate state. Do not perform any operations on the cluster when the update is paused and complete the update at the earliest opportunity. The update is terminated after the cluster remains in the Paused state for seven days. ACK will automatically delete the events and logs related to the update.
- Cancel the update: Click Cancel. In the message that appears, click OK. After you cancel the update, ACK continues to update the nodes in the current batch and the update cannot be rolled back. The remaining batches are not updated.
  Note
  - If an error occurs during the update, ACK pauses the update. The cause of the failure is displayed in the lower part of the page. You can follow the suggestions to troubleshoot the error.
  - Do not modify the resources in the kube-upgrade namespace during the update unless an error occurs.
After the update is complete, you can go to the Clusters page and check the Kubernetes version of your cluster to verify that the control plane components are updated. You can also go to the cluster details page and choose Nodes > Nodes in the left-side navigation pane to view the Kubernetes version of the nodes.

Update only control planes

Important

After control planes are updated, you need to update all on-cloud node pools. For more information, see Update a node pool.

Log on to the ACK console. In the left-side navigation pane, click Clusters.
On the Clusters page, find the cluster that you want to upgrade and choose More > Operations > Upgrade Cluster in the Actions column.
In the Update Items section of the Upgrade Cluster page, select a Kubernetes version, set Upgrade Mode to Control Planes Only, and then click Precheck.
After the precheck is complete, click View Details to view the report.
- If Result displays Normal, you can continue to update the cluster.
- If Result displays Abnormal, click the Troubleshoot tab and follow the suggestions to fix the issues. For more information, see Cluster check items and suggestions on how to fix cluster issues.
After the cluster passes the precheck, click Start Update.
You can view the update progress in the lower part of the Upgrade Cluster page. After the update is complete, you can go to the Clusters page and check the Kubernetes version of your cluster to verify that control plane components are updated.

Step 2: Update edge node pools

Important

Make sure that control planes are updated.
An edge node pool is considered updated only when all nodes in the node pool are updated.

Run the following command on all nodes one at a time in the edge node pool:

 export REGION="" INTERCONNECT_MODE="" TARGET_CLUSTER_VERSION=""; export ARCH=$(uname -m | awk '{print ($1 == "x86_64") ? "amd64" : (($1 == "aarch64") ? "arm64" : "amd64")}') INTERNAL=$( [ "$INTERCONNECT_MODE" = "private" ] && echo "-internal" || echo "" ); wget http://aliacs-k8s-${REGION}.oss-${REGION}${INTERNAL}.aliyuncs.com/public/pkg/run/attach/${TARGET_CLUSTER_VERSION}/${ARCH}/edgeadm -O edgeadm; chmod u+x edgeadm;./edgeadm upgrade --interconnect-mode=${INTERCONNECT_MODE} --region=${REGION}

The following table describes the parameters.

Parameter	Description	Example
TARGET_CLUSTER_VERSION	The new Kubernetes version. Note Set the value to the Kubernetes version of the updated control planes.	1.22.15-aliyunedge.1 For more information about the Kubernetes versions supported by ACK Edge clusters, see Release notes for Kubernetes versions supported.
REGION	The region ID of the cluster.	cn-hangzhou For more information about the regions supported by ACK Edge clusters, see Supported regions.
INTERCONNECT_MODE	The network type of connections to the node. basic: public network. private: Express Connect circuits.	basic

The following output indicates that the node is updated.

FAQ about cluster updates

Does ACK Edge force cluster updates if I do not update my clusters?

No. ACK Edge clusters can only be manually updated. If you do not update an ACK Edge cluster, the cluster continues to use the original Kubernetes version. To use new features and improved technical support, we recommend that you update your clusters to the latest version.

What do I do if I fail to update an edge node?

Refer to What do I do if an edge node fails to be upgraded when I upgrade an ACK Edge cluster?

References

If your cluster fails a precheck before an update, refer to Cluster check items and suggestions on how to fix cluster issues.