Yandex Cloud
  • Services
  • Solutions
  • Why Yandex Cloud
  • Pricing
  • Documentation
  • Contact us
Get started
Language / Region
© 2022 Yandex.Cloud LLC
Yandex Managed Service for Kubernetes
  • Comparison with other Yandex Cloud services
  • Getting started
  • Step-by-step instructions
    • All instructions
    • Configuring security groups
    • Connecting to a node over SSH
    • Creating a configuration file
    • Updating Kubernetes
    • Installing applications
      • Basics of working with Cloud Marketplace
      • Installing Metrics Provider
    • Network scenarios
      • Granting access to an app running in a Kubernetes cluster
      • Configuring the Calico network policy controller
      • Configuring the Cilium network policy controller
      • Configuring Node Local DNS for the Cilium network policy controller
    • Encrypting secrets
    • Automatic scaling
    • Working with persistent volumes
      • Dynamic volume provisioning
      • Static volume provisioning
      • Managing storage classes
      • Expanding a pod volume
      • Expanding a StatefulSet controller volume
      • Mounting a volume in Block mode
      • Integration with Object Storage
    • Managing a Kubernetes cluster
      • Adding Kubernetes cluster credentials to the kubectl configuration file
      • Getting information about a Kubernetes cluster
      • Creating a Kubernetes cluster
      • Editing a Kubernetes cluster
      • Creating a namespace in a Kubernetes cluster
      • Deleting a Kubernetes cluster
    • Managing a node group
      • Getting information about a node group
      • Creating a node group
      • Changing a node group
      • Managing cluster node labels
      • Deleting a node group
    • Connecting external nodes to the cluster
  • Practical guidelines
    • All tutorials
    • Integration with Container Registry
    • Running workloads with GPUs
    • Installing the NGINX Ingress controller with Let's Encrypt®
    • Configuring the Application Load Balancer Ingress controller
    • Backup to Object Storage
    • Horizontal application scaling in a cluster
    • Working with snapshots
    • Integration with a corporate DNS zone
    • Automatic DNS scaling by cluster size
    • Setting up local DNS caching
    • Configuring Fluent Bit for Yandex Cloud Logging
    • Syncing with Yandex Lockbox secrets
  • Concepts
    • Relationship between service resources
    • Release channels and updates
    • Encrypting secrets
    • Using Kubernetes API objects
      • Volumes
      • Service
    • Node groups
      • Cluster autoscaler
      • Evicting pods from nodes
      • Dynamic resource allocation for a node
      • Node groups with GPUs
    • Network in Managed Service for Kubernetes
    • External cluster nodes
    • Network settings and cluster policies
    • Automatic scaling
    • Quotas and limits
    • Recommendations for using Managed Service for Kubernetes
  • Access management
  • Pricing policy
  • API reference
    • Authentication in the API
    • gRPC
      • Overview
      • ClusterService
      • NodeGroupService
      • VersionService
      • OperationService
    • REST
      • Overview
      • Cluster
        • Overview
        • create
        • delete
        • get
        • list
        • listNodeGroups
        • listNodes
        • listOperations
        • start
        • stop
        • update
      • NodeGroup
        • Overview
        • create
        • delete
        • get
        • list
        • listNodes
        • listOperations
        • update
      • Version
        • Overview
        • list
  • Questions and answers
    • General questions
    • Data storage
    • Configuring and updating
    • Automatic scaling
    • Resources
    • Logs
    • All questions on one page
  1. Concepts
  2. Release channels and updates

Release channels

Written by
Yandex.Cloud
  • Updates
    • Kubernetes version support termination
    • Updating Kubernetes cluster components

Managed Service for Kubernetes provides updates through release channels.

The service supports three Kubernetes release channels. Master and node group versions are independent and you can specify different versions of Kubernetes available within a single release channel when creating them.

Warning

  • If you need to upgrade both the master node and the node group, upgrade the master first.
  • If the master is running on Kubernetes 1.14 and node groups are on Kubernetes 1.13, compatibility issues will affect CSI operation. For correct operation, upgrade the node groups to Kubernetes 1.14.

When creating a Kubernetes cluster, specify one of three release channels. You can't change the channel once the Kubernetes cluster is created, you can only recreate the Kubernetes cluster and specify a new release channel. The table below describes release channels and contains up-to-date information about supported Kubernetes versions.

Channel Kubernetes versions Automatic updates Channel description
rapid 1.17, 1.18, 1.19, 1.20, and 1.21 Can't disable automatic updates. Can specify a time period for automatic updates. Contains the latest versions of Kubernetes. Minor updates with new functions and improvements are often added.
regular 1.17, 1.18, 1.19, 1.20, and 1.21 Can disable automatic updates. Contains different versions of Kubernetes. New functions and improvements are added in chunks shortly after they appear on rapid.
stable 1.17, 1.18, 1.19, 1.20, and 1.21 Can disable automatic updates. Contains the stable version of Kubernetes. Only updates related to bug fixes or security improvements are added to the channel.

Updates

When an update appears on a release channel, the corresponding information is displayed in the management console. You can install updates automatically or manually.

  • Automatic updates are installed in the specified period of time with no interaction from the user.

    Updates are triggered and should be completed within the specified period. In some cases, when updating a node group, an update may continue beyond such period.

    Automatic updates include: new Managed Service for Kubernetes functions, improvements, and fixes, as well as Kubernetes component fixes.

    Alert

    If Kubernetes version support ends, minor Kubernetes versions get updated as well.

  • Manual updates can be initiated by the user at any time.

    These include Kubernetes minor version updates.

Read more about Kubernetes version support termination and the cluster component updateKubernetes process.

Kubernetes version support termination

When an old version of Kubernetes is no longer supported after an update:

  • The master is automatically updated even if automatic updates are disabled.
  • Node groups are automatically updated if automatic updates are enabled. If automatic updates are disabled, the old version of Kubernetes remains on the node groups. In this case, the user is fully responsible for solving problems related to the node group, since the old version of Kubernetes is deprecated.

Updating Kubernetes cluster components

The update process is different for masters and node groups.

Master

Depending on the type of master, it may or may not be available during an update:

  • Zonal masters are unavailable during updates.
  • Regional masters remain available during updates.

For more information, see Updating a cluster.

Node group

You can update node groups with additional resources by creating nodes with a new configuration.

Warning

For an update to be successful, you need enough quotas to create a new node with additional resources.

Update node group algorithm:

  1. An updated node is created with the configuration specified for the entire node group.
  2. All pods are evicted from one of the old nodes based on the pre-defined PodDisruptionBudgets policy. Then the node is deleted.
  3. The process is repeated until all nodes in the group are updated.

This ensures that the number of nodes in the node group never falls below the number specified when the group is created.

You can specify the maximum number of instances by which you can expand or reduce the size of the group when updating it. For more information, see Updating a node group.

Certificates

In accordance with the safety recommendations, cluster and node group certificates are issued for a year. When a certificate expires, a cluster or node group is disabled. To avoid this, Managed Service for Kubernetes automatically updates their certificates.

  • Each time a cluster or node group is updated.
  • For node groups with automatic updates disabled:
    • If you use Kubernetes 1.16 or higher, certificates are forcibly updated one week before the expiry.

      Updates do not disrupt the operation of pods running on nodes.

      This applies to nodes created or updated at least once since May 2021.

    • If the Kubernetes version is lower than 1.16, certificates are updated at any cluster or node group update.

For more information about updating certificates, see the Kubernetes documentation.

Was the article helpful?

Language / Region
© 2022 Yandex.Cloud LLC
In this article:
  • Updates
  • Kubernetes version support termination
  • Updating Kubernetes cluster components