Release channels
Managed Service for Kubernetes provides updates through release channels.
The service supports three Kubernetes release channels. Master and node group versions are independent and you can specify different versions of Kubernetes available within a single release channel when creating them.
Warning
- If you need to upgrade both the master node and the node group, upgrade the master first.
- If the master is running on Kubernetes 1.14 and node groups are on Kubernetes 1.13, compatibility issues will affect CSI operation. For correct operation, upgrade the node groups to Kubernetes 1.14.
When creating a Kubernetes cluster, specify one of three release channels. You can't change the channel once the Kubernetes cluster is created, you can only recreate the Kubernetes cluster and specify a new release channel. The table below describes release channels and contains up-to-date information about supported Kubernetes versions.
Channel | Kubernetes versions | Automatic updates | Channel description |
---|---|---|---|
rapid |
1.17, 1.18, 1.19, 1.20, and 1.21 | Can't disable automatic updates. Can specify a time period for automatic updates. | Contains the latest versions of Kubernetes. Minor updates with new functions and improvements are often added. |
regular |
1.17, 1.18, 1.19, 1.20, and 1.21 | Can disable automatic updates. | Contains different versions of Kubernetes. New functions and improvements are added in chunks shortly after they appear on rapid . |
stable |
1.17, 1.18, 1.19, 1.20, and 1.21 | Can disable automatic updates. | Contains the stable version of Kubernetes. Only updates related to bug fixes or security improvements are added to the channel. |
Updates
When an update appears on a release channel, the corresponding information is displayed in the management console. You can install updates automatically or manually.
-
Automatic updates are installed in the specified period of time with no interaction from the user.
Updates are triggered and should be completed within the specified period. In some cases, when updating a node group, an update may continue beyond such period.
Automatic updates include: new Managed Service for Kubernetes functions, improvements, and fixes, as well as Kubernetes component fixes.
Alert
If Kubernetes version support ends, minor Kubernetes versions get updated as well.
-
Manual updates can be initiated by the user at any time.
These include Kubernetes minor version updates.
Read more about Kubernetes version support termination and the cluster component updateKubernetes process.
Kubernetes version support termination
When an old version of Kubernetes is no longer supported after an update:
- The master is automatically updated even if automatic updates are disabled.
- Node groups are automatically updated if automatic updates are enabled. If automatic updates are disabled, the old version of Kubernetes remains on the node groups. In this case, the user is fully responsible for solving problems related to the node group, since the old version of Kubernetes is deprecated.
Updating Kubernetes cluster components
The update process is different for masters and node groups.
Master
Depending on the type of master, it may or may not be available during an update:
- Zonal masters are unavailable during updates.
- Regional masters remain available during updates.
For more information, see Updating a cluster.
Node group
You can update node groups with additional resources by creating nodes with a new configuration.
Warning
For an update to be successful, you need enough quotas to create a new node with additional resources.
Update node group algorithm:
- An updated node is created with the configuration specified for the entire node group.
- All pods are evicted from one of the old nodes based on the pre-defined PodDisruptionBudgets policy. Then the node is deleted.
- The process is repeated until all nodes in the group are updated.
This ensures that the number of nodes in the node group never falls below the number specified when the group is created.
You can specify the maximum number of instances by which you can expand or reduce the size of the group when updating it. For more information, see Updating a node group.
Certificates
In accordance with the safety recommendations, cluster and node group certificates are issued for a year. When a certificate expires, a cluster or node group is disabled. To avoid this, Managed Service for Kubernetes automatically updates their certificates.
- Each time a cluster or node group is updated.
- For node groups with automatic updates disabled:
-
If you use Kubernetes 1.16 or higher, certificates are forcibly updated one week before the expiry.
Updates do not disrupt the operation of pods running on nodes.
This applies to nodes created or updated at least once since May 2021.
-
If the Kubernetes version is lower than 1.16, certificates are updated at any cluster or node group update.
-
For more information about updating certificates, see the Kubernetes documentation.