Step-by-Step Guide to Upgrade a Kubernetes Cluster from v1.17.9 to v1.18.9
This tutorial explains how to safely back up a kubeadm‑managed Kubernetes cluster, upgrade the control‑plane from version 1.17.9 to 1.18.9, update master and worker nodes, verify the upgrade, and handle certificate renewal and recovery in case of failures.
Upgrade Overview
Use a kubeadm‑provisioned Kubernetes cluster.
Minor upgrades are supported; major upgrades are allowed but skipping two major versions is not recommended.
Back up all cluster resources before proceeding.
Upgrade Target
Upgrade the cluster from v1.17.9 to v1.18.9 .
<code># kubectl get nodes
NAME STATUS ROLES AGE VERSION
ecs-968f-0005 Ready node 102d v1.17.9
k8s-master Ready master 102d v1.17.9
</code>Backup the Cluster
kubeadm upgradedoes not affect workloads, but backing up the cluster is recommended. The guide uses the open‑source script k8s-backup-restore :
(1) Download the script
<code>$ mkdir -p /data
cd /data
git clone https://github.com/solomonxu/k8s-backup-restore.git
</code>(2) Run the backup
<code>cd /data/k8s-backup-restore
./bin/k8s_backup.sh
</code>To restore:
<code># mkdir -p /data/k8s-backup-restore/data/restore
$ cp devops_deployments_gitlab.yaml ../../restore/
$ cd /data/k8s-backup-restore
./bin/k8s_restore.sh
</code>Upgrade the Cluster
Master Upgrade
(1) Choose the target version
<code>$ yum list --showduplicates kubeadm --disableexcludes=kubernetes
</code>(2) Upgrade
kubeadmto 1.18.9
<code>$ yum install -y kubeadm-1.18.9-0 --disableexcludes=kubernetes
</code>(3) Verify the version
<code>$ kubeadm version
kubeadm version: &version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.9", ...}
</code>(4) Drain the master node
<code>$ kubectl cordon k8s-master
$ kubectl drain k8s-master
</code>(5) Run the upgrade plan
<code>$ kubeadm upgrade plan
</code>(6) Apply the upgrade
<code>$ kubeadm upgrade apply v1.18.9 --config kubeadm.yaml
</code>(7) Uncordon the master
<code># kubectl uncordon k8s-master
</code>Node Upgrade
(1) Upgrade
kubeadmon the node
<code>$ yum install -y kubeadm-1.18.9-0 --disableexcludes=kubernetes
</code>(2) Cordon and drain the node
<code>$ kubectl cordon ecs-968f-0005
$ kubectl drain ecs-968f-0005
</code>(3) Upgrade the node control plane
<code>$ kubeadm upgrade node
</code>(4) Upgrade
kubeletand
kubectl<code>$ yum install -y kubelet-1.18.9-0 kubectl-1.18.9-0 --disableexcludes=kubernetes
$ systemctl daemon-reload
$ systemctl restart kubelet
</code>(5) Uncordon the node
<code>$ kubectl uncordon ecs-968f-0005
</code>Verify the Cluster
Check node status
<code>$ kubectl get no
NAME STATUS ROLES AGE VERSION
ecs-968f-0005 Ready node 102d v1.18.9
k8s-master Ready master 102d v1.18.9
</code>Check certificate expiration
<code>$ kubeadm alpha certs check-expiration
... (output omitted for brevity) ...
</code>Note: kubeadm upgrade automatically renews certificates it manages on the node. To skip renewal, add the flag --certificate-renewal=false .
Failure Recovery
If an upgrade fails without rollback, you can re‑run
kubeadm upgradeor force it with
kubeadm upgrade --force. Backup files are stored under
/etc/kubernetes/tmp:
kubeadm-backup-etcd-*– etcd data backup.
kubeadm-backup-manifests-*– static pod YAML manifests.
Restore etcd data by copying the backup into the etcd data directory, and restore static pod manifests by copying them back to
/etc/kubernetes/manifests.
Ops Development Stories
Maintained by a like‑minded team, covering both operations and development. Topics span Linux ops, DevOps toolchain, Kubernetes containerization, monitoring, log collection, network security, and Python or Go development. Team members: Qiao Ke, wanger, Dong Ge, Su Xin, Hua Zai, Zheng Ge, Teacher Xia.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.