Check out out how to update the Supervisors and Tanzu Kubernetes Grid clusters in your vSphere IaaS control plane environment. vSphere IaaS control plane supports rolling updates for Supervisors and Tanzu Kubernetes Grid clusters, and for the infrastructure supporting these clusters.

Note: You cannot transition Supervisors that use vSphere Update Manager to vSphere Lifecycle Manager. Transition from vSphere Update Manager to vSphere Lifecycle Manager. is only supported for clusters that do not have vSphere IaaS control plane enabled.

When you update your vSphere IaaS control plane environment, you update the Kubernetes version of your Supervisors and Tanzu Kubernetes Grid clusters along with the underlying infrastructure components and services. Therefore, the term update is used to describe this process instead of the term upgrade, which is a limited form of update that increments the software version.

Supervisors and Tanzu Kubernetes Grid clusters are built by using a common Kubernetes distribution core. Kubernetes versions for the Supervisor and Tanzu Kubernetes Grid clusters are delivered differently:

  • Supervisor Kubernetes releases are delivered with vCenter Server releases and contain opinionated Kubernetes versions. Every vCenter Server release (major, update, or patch releases) includes three versions of Kubernetes for the Supervisor. The most current Supervisor Kubernetes version and two previous versions. For more information on the supported Supervisor Kubernetes versions, see the VMware vSphere with Tanzu 8.0 Release Notes.

  • Tanzu Kubernetes Grid clusters are built by using Tanzu Kubernetes releases (TKrs). A TKr provides upstream aligned Kubernetes software distribution, signed, tested, and supported by VMware. TKrs are intended for Tanzu Kubernetes Grid clusters. TKrs are released independently from vCenter Server. A TKr is a combination of an operating system such as Photon or Ubuntu combined with Tanzu Kubernetes Grid core components necessary to provide pod functionality. A TKr includes components such as Antrea and Calico that you can deploy in Tanzu Kubernetes Grid clusters. For more information, see VMware Tanzu Kubernetes releases Release Notes.

You can only update the Kubernetes version of Supervisors and Tanzu Kubernetes Grid clusters sequentially due to the update policy of upstream Kubernetes. You cannot skip a minor version. For example, if a Supervisor is running 1.24, you cannot update straight to 1.26. The correct update path is, 1.24, 1.25, 1.26.

Support Policy for the Supervisor and Tanzu Kubernetes Grid Cluster Kubernetes Versions

Both Supervisor Kubernetes versions and TKrs implement an N-2 support policy for Kubernetes releases, similarly to the upstream Kubernetes support policy. This means that each Kubernetes release in vSphere IaaS control plane (Supervisor or TKr) is supported for a minimum of 12 months from the time it is released by VMware.

Note however, that the Supervisor and Tanzu Kubernetes Grid clusters must run compatible Kubernetes versions, see the Compatibility Matrix for TKr releases for more information and .

Upgrade Path Rules for vCenter Server

Because upstream Kubernetes requires a sequential upgrade, the upgrade path for vCenter Server when you run Supervisors depends on the included Kubernetes versions. You might need to update vCenter Server 3 times per year approximately and the Kubernetes versions of the Supervisors accordingly to run the supported Kubernetes versions.

Upgrading vCenter Server that has Supervisors running, is possible when either of these conditions is met:

  • Source and target vCenter Server releases have at least one overlapping version of Kubernetes packed in them.
  • The target vCenter Server version must contain the immediate next version of Kubernetes present in the source vCenter Server release.

If neither of these conditions is met, you cannot upgrade vCenter Server.

Table 1. Example vCenter Server Upgrade Scenarios
Examples Release Increments Supported Supervisor Kubernetes Versions in the vCenter Server Releases
Example 1

Source vCenter Server

 1.22 1.23 1.24 Upgrade is possible

Target vCenter Server

 1.24 1.25 1.26
Example 2

Source vCenter Server

 1.21 1.22 1.23 Upgrade is possible

Target vCenter Server

 1.24 1.25 1.26
Example 3

Source vCenter Server

 1.20 1.21 1.22 Upgrade is NOT possible

Target vCenter Server

 1.24 1.25 1.26
The above examples show when upgrading vCenter Server is possible or not depending on the Supervisor Kubernetes versions that the source and target vCenter Server systems contain.
  1. In the first example, the upgrade is possible because the source and target vCenter Server versions both contain Supervisor Kubernetes version 1.24.
  2. In the second example, the upgrade is still possible because the target vCenter Server version contains Supervisor Kubernetes version 1.24, which is the immediate next version.
  3. The last example shows a scenario, where upgrade is not possible because the source and target vCenter Server versions do not contain neither of an overlapping Supervisor Kubernetes version, nor the immediate next version.

Understating the vSphere Namespaces Version and Supervisor Versions

Each vCenter Server version comes with a new vSphere Namespaces version that contains one new Supervisor version and two previous supported versions. For example, vSphere Namespaces version 0.1.9, which is delivered with vCenter Server 8 Update 3 includes three Supervisor versions:
  • v1.26.8+vmware.wcp.1-vsc0.1.9-23708114
  • v1.27.5+vmware.wcp.1-vsc0.1.9-23708114
  • v1.28.3+vmware.wcp.1-vsc0.1.9-23708114
For more information on updating the Supervisor version, see Update the Supervisor.
Note: To use Tanzu Kubernetes Grid 3.0, you must update the Supervisor to one of the three supported versions included with vSphere Namespaces 0.1.9.

Rolling Updates of Supervisors and Tanzu Kubernetes Grid Clusters

vSphere IaaS control plane uses a rolling update model for Supervisors and Tanzu Kubernetes Grid clusters. The rolling update model ensures that there is minimal downtime for cluster workloads during the update process. Rolling updates include upgrading the Kubernetes software versions and the infrastructure and services supporting the Tanzu Kubernetes Grid clusters, such as virtual machine configurations and resources, vSphere Namespaces, and custom resources. For more information, see Understanding the Rolling Update Model for TKG Clusters on Supervisor.

For the update to succeed, your environment must meet several compatibility requirements. The system enforces precheck conditions to ensure that clusters are ready for updates, and supports rollback if cluster upgrade is not successful.

Updating the Supervisor

You can update the Kubernetes version that the Supervisor is running, such as from Kubernetes 1.23 to Kubernetes 1.24, and the infrastructure supporting the Supervisor and Tanzu Kubernetes Grid clusters. You might need to update the Supervisor Kubernetes versions 3 times per year to maintain pace with the Kubernetes release cadence. The following is the Supervisor Kubernetes version update sequence.

  1. Upgrade vCenter Server to according to the rules descried in Upgrade Path Rules for vCenter Server.
  2. Update the Supervisor Kubernetes version and infrastructure components. See Update the Supervisor

When you initiate an update of the Supervisor Kubernetes version the update is performed in the following order of operations:

  1. The system creates a new control plane VM and joins it to the existing Supervisor control plane. During this phase of the update, the vSphere inventory shows four control plane VMs as the system adds a new updated VM and then removes the older out-of-date VM.
  2. Objects are migrated from one of the old control plane VMs to the new one, and the old control plane VM is then removed. This process repeats one-by-one until all control plane VMs are updated.
  3. Once all the control plane VMs are updated, the worker nodes are updated in a similar rolling update fashion. The worker nodes are the ESXi hosts, and each spherelet process on each ESXi host is updated one-by-one.
You can choose between the following updates:
  • Update the Supervisor Kubernetes version only.
  • Update everything, including VMware versions and Kubernetes versions.

Updating Tanzu Kubernetes Grid Clusters

Updating your Tanzu Kubernetes Grid clusters depends on the Tanzu Kubernetes Grid service version that is running on the Supervisor as well as the TKr versions the clusters are running. For more information, see Installing and Upgrading the TKG Service and Updating TKG Service Clusters.

Updating all vSphere IaaS control plane Components

You use the update everything workflow to update all vSphere IaaS control plane components. This type of update is required when you are updating major releases, for example such as from NSX 3.X to 4 and from vSphere 7.x to 8.

Note: Before you upgrade to vCenter Server 8.0, make sure that the Kubernetes version of all Supervisors is of minimum 1.22 preferably the latest supported, and that the Tanzu Kubernetes release version of the Tanzu Kubernetes Grid clusters is of 1.22, preferably the latest supported.
This update workflow is infrequent depending on when there are new VMware product releases. This is the update everything sequence:
  1. Check the VMware Interoperability matrix https://interopmatrix.vmware.com/Interoperability for the vCenter Server and NSX to determine compatibility. vSphere IaaS control plane functionality is delivered by Workload Control Plane (WCP) software which ships with vCenter Server.
  2. Upgrade NSX, if compatible.
  3. Upgrade vCenter Server.
  4. Upgrade vSphere Distributed Switch.
  5. Upgrade ESXi hosts.
  6. Check compatibility of any provisioned Tanzu Kubernetes Grid clusters with the target Supervisor version.
  7. Update vSphere Namespaces (including the Supervisor Kubernetes version).
  8. Update Tanzu Kubernetes Grid clusters.

The diagram illustrates the general workflow for vSphere IaaS control plane updates

.The diagram shows the steps for vSphere with Tanzu updates.