kubeadm upgrade is a user-friendly command that wraps complex upgrading logic
behind one command, with support for both planning an upgrade and actually performing it.
The steps for performing a upgrade using kubeadm are outlined in this document. For older versions of kubeadm, please refer to older documentation sets of the Kubernetes website.
You can use kubeadm upgrade diff to see the changes that would be applied to static pod manifests.
To use kube-dns with upgrades in Kubernetes v1.13.0 and later please follow this guide.
In Kubernetes v1.15.0 and later, kubeadm upgrade apply and kubeadm upgrade node will also
automatically renew the kubeadm managed certificates on this node, including those stored in kubeconfig files.
To opt-out, it is possible to pass the flag --certificate-renewal=false. For more details about certificate
renewal see the certificate management documentation.
Note: The commandskubeadm upgrade applyandkubeadm upgrade planhave a legacy--configflag which makes it possible to reconfigure the cluster, while performing planning or upgrade of that particular control-plane node. Please be aware that the upgrade workflow was not designed for this scenario and there are reports of unexpected results.
Check which versions are available to upgrade to and validate whether your current cluster is upgradeable. To skip the internet check, pass in the optional [version] parameter
kubeadm upgrade plan [version] [flags]
| --allow-experimental-upgrades | |
| Show unstable versions of Kubernetes as an upgrade alternative and allow upgrading to an alpha/beta/release candidate versions of Kubernetes. | |
| --allow-release-candidate-upgrades | |
| Show release candidate versions of Kubernetes as an upgrade alternative and allow upgrading to a release candidate versions of Kubernetes. | |
| --config string | |
| Path to a kubeadm configuration file. | |
| --feature-gates string | |
| A set of key=value pairs that describe feature gates for various features. Options are: IPv6DualStack=true|false (ALPHA - default=false) | |
| -h, --help | |
| help for plan | |
| --ignore-preflight-errors stringSlice | |
| A list of checks whose errors will be shown as warnings. Example: 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks. | |
| --kubeconfig string Default: "/etc/kubernetes/admin.conf" | |
| The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file. | |
| --print-config | |
| Specifies whether the configuration file that will be used in the upgrade should be printed or not. | |
| --rootfs string | |
| [EXPERIMENTAL] The path to the 'real' host root filesystem. | |
Upgrade your Kubernetes cluster to the specified version
kubeadm upgrade apply [version]
| --allow-experimental-upgrades | |
| Show unstable versions of Kubernetes as an upgrade alternative and allow upgrading to an alpha/beta/release candidate versions of Kubernetes. | |
| --allow-release-candidate-upgrades | |
| Show release candidate versions of Kubernetes as an upgrade alternative and allow upgrading to a release candidate versions of Kubernetes. | |
| --certificate-renewal Default: true | |
| Perform the renewal of certificates used by component changed during upgrades. | |
| --config string | |
| Path to a kubeadm configuration file. | |
| --dry-run | |
| Do not change any state, just output what actions would be performed. | |
| --etcd-upgrade Default: true | |
| Perform the upgrade of etcd. | |
| -k, --experimental-kustomize string | |
| The path where kustomize patches for static pod manifests are stored. | |
| --feature-gates string | |
| A set of key=value pairs that describe feature gates for various features. Options are: IPv6DualStack=true|false (ALPHA - default=false) | |
| -f, --force | |
| Force upgrading although some requirements might not be met. This also implies non-interactive mode. | |
| -h, --help | |
| help for apply | |
| --ignore-preflight-errors stringSlice | |
| A list of checks whose errors will be shown as warnings. Example: 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks. | |
| --image-pull-timeout duration Default: 15m0s | |
| The maximum amount of time to wait for the control plane pods to be downloaded. | |
| --kubeconfig string Default: "/etc/kubernetes/admin.conf" | |
| The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file. | |
| --print-config | |
| Specifies whether the configuration file that will be used in the upgrade should be printed or not. | |
| -y, --yes | |
| Perform the upgrade and do not prompt for confirmation (non-interactive mode). | |
| --rootfs string | |
| [EXPERIMENTAL] The path to the 'real' host root filesystem. | |
Show what differences would be applied to existing static pod manifests. See also: kubeadm upgrade apply –dry-run
kubeadm upgrade diff [version] [flags]
| --api-server-manifest string Default: "/etc/kubernetes/manifests/kube-apiserver.yaml" | |
| path to API server manifest | |
| --config string | |
| Path to a kubeadm configuration file. | |
| -c, --context-lines int Default: 3 | |
| How many lines of context in the diff | |
| --controller-manager-manifest string Default: "/etc/kubernetes/manifests/kube-controller-manager.yaml" | |
| path to controller manifest | |
| -h, --help | |
| help for diff | |
| --kubeconfig string Default: "/etc/kubernetes/admin.conf" | |
| The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file. | |
| --scheduler-manifest string Default: "/etc/kubernetes/manifests/kube-scheduler.yaml" | |
| path to scheduler manifest | |
| --rootfs string | |
| [EXPERIMENTAL] The path to the 'real' host root filesystem. | |
Upgrade commands for a node in the cluster
The “node” command executes the following phases:
control-plane   Upgrade the control plane instance deployed on this node, if any
kubelet-config  Upgrade the kubelet configuration for this node
kubeadm upgrade node [flags]
| --certificate-renewal | |
| Perform the renewal of certificates used by component changed during upgrades. | |
| --dry-run | |
| Do not change any state, just output the actions that would be performed. | |
| --etcd-upgrade | |
| Perform the upgrade of etcd. | |
| -k, --experimental-kustomize string | |
| The path where kustomize patches for static pod manifests are stored. | |
| -h, --help | |
| help for node | |
| --kubeconfig string Default: "/etc/kubernetes/admin.conf" | |
| The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file. | |
| --kubelet-version string | |
| The *desired* version for the kubelet config after the upgrade. If not specified, the KubernetesVersion from the kubeadm-config ConfigMap will be used | |
| --skip-phases stringSlice | |
| List of phases to be skipped | |
| --rootfs string | |
| [EXPERIMENTAL] The path to the 'real' host root filesystem. | |
kubeadm upgradeWas this page helpful?
Thanks for the feedback. If you have a specific, answerable question about how to use Kubernetes, ask it on Stack Overflow. Open an issue in the GitHub repo if you want to report a problem or suggest an improvement.