This topic describes how to upgrade VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) from v1.13 to v1.14 on vSphere with NSX-T networking.

For instructions on upgrading TKGI with Flannel networking, see Upgrading Tanzu Kubernetes Grid Integrated Edition (Antrea and Flannel Networking).

Warning: Do not manually upgrade your Kubernetes version. TKGI includes the compatible Kubernetes version.

Overview

Before you upgrade, follow the procedures in Prepare to Upgrade below to plan and prepare your upgrade.

After you complete the preparation steps, continue to the procedures in Perform the Upgrade below. These steps guide you through the process of upgrading Ops Manager and the TKGI tile, importing a new stemcell, and applying the changes to your deployment.

After you complete the upgrade, follow the procedures in After the Upgrade below to verify that your upgraded TKGI deployment is running properly and to optionally upgrade NSX-T and vSphere.

Prerequisites

To see a list of NSX-T v3.1 versions compatible with TKGI v1.14, consult Product Snapshot in Release Notes for TKGI v1.14.

Prepare to Upgrade

To prepare for upgrading Tanzu Kubernetes Grid Integrated Edition from TKGI v1.13 to TKGI v1.14:

Perform the Upgrade

This section describes the steps required to upgrade to TKGI v1.14:

  1. Upgrade NSX-T Data Center to v3.1
  2. Upgrade Ops Manager
  3. Download and Import TKGI v1.14
  4. Download and Import Stemcells
  5. Upgrade the TKGI Tile

Upgrade NSX-T Data Center to v3.1

Tanzu Kubernetes Grid Integrated Edition v1.14 supports running on NSX-T v3.1 or later.

To upgrade NSX-T to NSX-T v3.1 or later:

  1. Confirm that you are upgrading NSX-T to a version compatible with TKGI v1.14. For a list of NSX-T v3.1 versions compatible with TKGI v1.14, see Product Snapshot in Release Notes for TKGI v1.14.

    Warning: Refer to the Release Notes for current version support, known issues, and other important information.

  2. Confirm that your vSphere v6.5, v6.7, or v7.0 installation is on the supported version and patch for NSX-T v3.1.

    1. Refer to the VMware Product Interoperability Matrices.
    2. If necessary, upgrade to the required vSphere version or patch before proceeding with the upgrade of NSX-T.

  3. Upload the NSX-T upgrade bundle using the NSX-T Manager and proceed with the upgrade process by following the instructions in the UI.

    The NSX Manager Upgrade tab with Upgrade From remote Location selected.

    For more information, refer to the Upgrading NSX-T Data Center documentation.

  4. If you set DRS mode to Manual above, restore DRS to its original setting.

  5. If you made architectural changes to your NSX-T environment that affect TKGI, such as adding or changing a VIP address, or a load balancer for the NSX-T Management Cluster, update the BOSH Director and TKGI tiles with the new or updated IP addresses:
    1. In the BOSH Director tile > vCenter Configuration pane, update NSX Address and NSX CA Cert.
    2. In the TKGI tile > Networking pane, update NSX Manager hostname and NSX Manager CA Cert.
    3. After making changes to the BOSH Director or TKGI tiles:
      1. On the Installation Dashboard in Ops Manager, click Review Pending Changes.
      2. Expand the Errands list for TKGI.
      3. Ensure that the Upgrade all clusters errand is selected.
      4. Click Apply Changes.

Upgrade Ops Manager

Each version of TKGI is compatible with multiple versions of Ops Manager. See Broadcom Support to determine if your Ops Manager version is compatible with TKGI v1.14.

Warning: If you use an automated pipeline to upgrade TKGI, see Configure Automated Ops Manager and Xenial Stemcell Downloading in Configuring the Upgrade Pipeline.

To upgrade Ops Manager:

  1. Log in to Ops Manager.

  2. Click your user name in the top right corner and navigate to Settings > Export Installation Settings.

  3. Click Export Installation Settings.

    • Ops Manager exports an encrypted archive of your current installation configuration.
    • Later, you import this configuration into to your upgraded Ops Manager. The Ops Manager Export Installation Settings tab showing there is only one option: the Export Installation Settings button.

  4. Log in to vCenter Server using the vSphere Client.

  5. Shut down the Ops Manager VM.

  6. Deploy the upgraded Ops Manager VM by following the first two steps of Deploying Ops Manager with NSX-T for TKGI:

    1. Step 1: Generate SSH Key Pair
    2. Step 2: Deploy Ops Manager for Tanzu Kubernetes Grid Integrated Edition

  7. Using a browser, navigate to the newly-deployed Ops Manager web interface.

  8. On the welcome page, select Import Existing Installation. The Ops Manager Welcome page showing Authentication System options and the Import Existing Installation button.

  9. Browse to and select the installation configuration archive you exported.

  10. Log in to Ops Manager

  11. Click Apply Changes. The Ops Manager Review Pending Changes page, with options to select which product updates to apply, and the Apply Changes button.

  12. Verify that the BOSH Director for vSphere tile shows the upgrade version. The Ops Manager Installation Dashboard page with the BOSH Director and tiles.

Download and Import TKGI v1.14

When you upgrade TKGI, your configuration settings typically migrate to the new version automatically. To download and import a TKGI version:

  1. Download the target version of the product from Broadcom Support.

  2. Import the target version of the TKGI tile to the Ops Manager Installation Dashboard. The Ops Manager Installation Dashboard page after importing and applying the TKGI tile.

  3. Click Review Pending Changes.

  4. Expand the Errands dropdown and activate or deactivate Upgrade all clusters errand

    • See Deciding Between Full and Two-Phase Upgrade to decide whether to upgrade TKGI-provisioned Kubernetes clusters along with TKGI, or upgrade them later.
    • VMware recommends that you upgrade Kubernetes clusters along with TKGI if possible.
    • Activate the Upgrade all clusters errand to upgrade clusters along with TKGI.

      Warning: Deactivating the Upgrade all clusters errand causes the TKGI version tagged in your Kubernetes clusters to fall behind the TKGI tile version. If you deactivate the Upgrade all clusters errand when upgrading the TKGI tile, you must upgrade all your Kubernetes clusters before the next TKGI upgrade.

  5. Set the Run smoke tests errand to On. The errand uses the TKGI CLI to create a Kubernetes cluster and then delete it. If the creation or deletion fails, the errand fails and the installation of the TKGI tile is aborted.

Download and Import Stemcells

TKGI requires a Xenial stemcell. A stemcell for Windows 2019 is also required if you intend to create Windows worker-based clusters. For information about Windows stemcells, see Configuring Windows Worker-Based Clusters.

Warning: If you use an automated pipeline to upgrade TKGI, see Configure Automated Ops Manager and Xenial Stemcell Downloading in Configuring the Upgrade Pipeline.

If Ops Manager does not have the Xenial stemcell required for TKGI v1.14, the TKGI tile displays the message Missing stemcell. To download and import a new Xenial stemcell, follow the steps below:

  1. On the TKGI tile, click the Missing stemcell link.

    Verify stemcell assignment

  2. In the Stemcell Library, locate the TKGI tile and note the required stemcell version.

  3. Navigate to the Stemcells (Ubuntu Xenial) page on Broadcom Support and download the required stemcell version for your IaaS.

  4. Return to the Installation Dashboard in Ops Manager and click Stemcell Library.

  5. On the Stemcell Library page, click Import Stemcell and select the stemcell file you downloaded from Broadcom Support.

  6. Select the TKGI tile and click Apply Stemcell to Products.

  7. Verify that Ops Manager successfully applied the stemcell. The stemcell version you imported and applied appears in the Staged column for TKGI.

  8. Return to the Installation Dashboard.

Upgrade the TKGI Tile

To complete the upgrade of the TKGI tile:

  1. Return to the Installation Dashboard in Ops Manager.

  2. Click Review Pending Changes. For more information about this Ops Manager page, see Reviewing Pending Product Changes.

  3. Click Apply Changes. The Ops Manager Review Pending Changes page, with options to select which product updates to apply, and the Apply Changes button.

  4. (Optional) If you activated the Upgrade all clusters errand, you can use the BOSH CLI to monitor its progress:

    1. Log in to the BOSH Director by running bosh -e MY-ENVIRONMENT log-in from a VM that can access your TKGI deployment. For more information, see Using BOSH Diagnostic Commands in Tanzu Kubernetes Grid Integrated Edition.
    2. Run bosh -e MY-ENVIRONMENT tasks.
    3. Locate the task number for the errand in the # column of the BOSH output.
    4. Run bosh task TASK-NUMBER, replacing TASK-NUMBER with the task number you located in the previous step.

  5. Verify that the TKGI tile shows the target version. The Ops Manager Installation Dashboard page after upgrading the TKGI tile.

After the Upgrade

After you complete the upgrade to TKGI v1.14, complete the following verifications and upgrades:

  1. Upgrade the TKGI and Kubernetes CLIs
  2. Upgrade Kubernetes Clusters if Needed
  3. Verify TKGI Upgrade
  4. Upgrade NSX-T Data Center to v3.1
  5. (Optional) Upgrade to vSphere 7

Upgrade the TKGI and Kubernetes CLIs

Upgrade the TKGI and Kubernetes CLIs on any local machine where you run commands that interact with your upgraded version of TKGI.

To upgrade the CLIs, download and re-install the TKGI and Kubernetes CLI distributions that are provided with TKGI on Broadcom Support.

For more information about installing the CLIs, see the following topics:

Upgrade Kubernetes Clusters If Needed

If you upgraded TKGI with the Upgrade all clusters errand deactivated, the next step is to upgrade the Kubernetes clusters individually using the TKGI CLI.

  1. Log in to the TKGI environment using the TKGI CLI.

  2. Run the command tkgi clusters to list all Kubernetes clusters with their current versions and status:

    TKGI Version     Name              k8s Version  Plan Name  UUID                                  Status     Action
1.13.0  tkgi-cluster-1-small       1.22.2       small      0bea03c8-af47-48e8-b249-814c0bc407b9  succeeded  UPGRADE
1.13.0  tkgi-cluster-2-medium      1.22.2       medium     5d9f4501-70cb-460b-9d78-0afbc074cb8c  succeeded  UPGRADE
1.13.0  tkgi-cluster-3-large       1.22.2       large      b448117a-bb6f-49de-bc9b-452588bd44ef  succeeded  UPGRADE

  3. Upgrade each cluster one-by-one using the command tkgi upgrade-cluster CLUSTER-NAME.

    • You do not have to wait for each upgrade to complete before upgrading the next one.
    • The advantage of running each upgrade separately is that it makes troubleshooting easier. BOSH assigns a unique task ID to each cluster upgrade.

  4. When the cluster upgrades are complete, run the command tkgi clusters and verify that they list the target version:

    TKGI Version     Name              k8s Version  Plan Name  UUID                                  Status     Action
1.14.0  tkgi-cluster-1-small       1.23.4       small      0bea03c8-af47-48e8-b249-814c0bc407b9  succeeded  UPGRADE
1.14.0  tkgi-cluster-2-medium      1.23.4       medium     5d9f4501-70cb-460b-9d78-0afbc074cb8c  succeeded  UPGRADE
1.14.0  tkgi-cluster-3-large       1.23.4       large      b448117a-bb6f-49de-bc9b-452588bd44ef  succeeded  UPGRADE

Verify TKGI Upgrade

  1. To verify successful upgrade, create a test cluster:

    tkgi create-cluster tkgi-cluster-4-test --external-hostname tkgi-cluster-test --plan medium --num-nodes 3

    Note: Use only lowercase characters when naming your cluster if you manage your clusters with Tanzu Mission Control (TMC). Clusters with names that include an uppercase character cannot be attached to TMC.

  2. Run tkgi clusters to verify that the new cluster is created with the appropriate version of TKGI and Kubernetes:

    $ tkgi clusters
TKGI Version     Name              k8s Version  Plan Name  UUID                                  Status     Action
1.14.0  tkgi-cluster-4-test        1.23.4       medium     5d9f4501-70cb-460b-9d78-0afbc074cb8c  succeeded  CREATE
1.14.0  tkgi-cluster-1-small       1.23.4       small      0bea03c8-af47-48e8-b249-814c0bc407b9  succeeded  UPGRADE
1.14.0  tkgi-cluster-2-medium      1.23.4       medium     5d9f4501-70cb-460b-9d78-0afbc074cb8c  succeeded  UPGRADE
1.14.0  tkgi-cluster-3-large       1.23.4       large      b448117a-bb6f-49de-bc9b-452588bd44ef  succeeded  UPGRADE

Upgrade to vSphere 7

After upgrading TKGI and its Kubernetes clusters to v1.14, you can upgrade vSphere to v7. This upgrade includes upgrading the vCenter Server Appliance and each ESXi host, in that order.

  1. Upgrade vCenter. Refer to Upgrading the vCenter Server Appliance in the vCenter documentation.
  2. Upgrade each ESXi host, one at a time.
    1. Put the ESXi host into maintenance mode.
    2. Upgrade the ESXi host. Refer to Upgrading ESXi hosts in the vSphere documentation.
    3. Using the NSX-T Manager web interface for Transport Nodes, install the vSphere 7.0 VIBS onto the ESXi host.
    4. Using the NSX Manage web interface, verify that the ESXi host is in a “Success” state. If it is not, click the Resolve button.
    5. Remove the ESXi host from maintenance mode.
    6. Repeat the process for each ESXi host in your vCenter cluster that is part of your TKGI domain.

Troubleshoot the Upgrade

See Verifying Deployment Health for how to verify the health of your TKGI environment and gather information for troubleshooting cluster upgrades.

check-circle-line exclamation-circle-line close-line
Scroll to top icon