This topic describes how to upgrade management and workload clusters to Tanzu Kubernetes Grid v2.1 in an internet-restricted environment on vSphere and AWS.
NoteIn the TKG upgrade path, v2.1 immediately follows v1.6. TKG 2.0 is not a downloadable version, but instead refers to using the Tanzu CLI in TKG v1.6 with a Supervisor integrated within vSphere 8.
This procedure is required for both major v1.6.x to v2.1.x and patch v2.1.x to v2.1.y upgrades.
ImportantAll clusters use one-year client certificates and upgrading a cluster renews its certificate, so VMware recommends upgrading your clusters at least once a year.
If you deployed the previous version of Tanzu Kubernetes Grid in an Internet-restricted environment, do the following steps on a machine with an Internet connection.
Download and install the new version of the Tanzu CLI. See Download and Install the Tanzu CLI and Other Tools.
Perform the steps in Prepare to Upgrade Clusters on vSphere to deploy the new base OS image OVA files.
Perform the steps in Prepare an Internet-Restricted Environment to run the required scripts.
If you have an script files from a previous deployment, you must still regenerate the images-copy-list so that it includes the latest component versions, and then run download-images.sh on the new images-copy-list to save them to your local private Docker registry.
To upgrade an internet-restricted Tanzu Kubernetes Grid deployment on AWS to TKG v2.1.x, you must have:
Tanzu CLI v0.28.1 with compatible plugins and kubectl installed on both Linux machines. See Install the CLI and Other Tools.
tanzu version to check that you are running a v2.1 version of tanzu. Tanzu Kubernetes Grid v2.1.1 uses Tanzu CLI v0.28.1, based on Tanzu Framework v0.28.1.kubectl version to check that you are running the kubectl version listed in the Tanzu Kubernetes Grid downloads page for your v1.6.x version.tanzu plugin list to confirm v0.28.1 versions of the plugins management-cluster, cluster, login, kubernetes-release, package, and pinniped-auth.To work around a known issue with CAPA, set EXP_EXTERNAL_RESOURCE_GC=false in your local environment or in the management cluster configuration file.
From your internet-connected machine, use the isolated-cluster plugin to copy the container images used by TKG into your offline registry, following the steps starting with Step 1: Install the Isolated Cluster Plugin on the Online Machine in Prepare an Internet-Restricted Environment
To upgrade Tanzu Kubernetes Grid with a standalone management cluster, you must first upgrade all the management clusters in your deployment. You cannot upgrade workload clusters until you have upgraded their management clusters.
To upgrade the standalone management clusters in an internet-restricted AWS environment:
Set the following environment variables so the Tanzu CLI can access your private image registry and know which region and zone to deploy to. Find the access key settings in your ~/.aws/config file.
export TKG_CUSTOM_IMAGE_REPOSITORY=
export TKG_CUSTOM_IMAGE_REPOSITORY_CA_CERTIFICATE=
export AWS_REGION=
export AWS_NODE_AZ=
export AWS_ACCESS_KEY_ID=
export AWS_SECRET_ACCESS_KEY=
export AWS_SSH_KEY_NAME=
Follow the procedure in Upgrade Management Clusters.
To upgrade the workload clusters in an internet-restricted AWS environment, follow the procedure in Upgrade Workload Clusters.
You can now continue to use the Tanzu CLI to manage your clusters and run your applications with the new version of Kubernetes in your internet-restricted environment.
